some cleanups from the conversion of Pipes[] to a linked list. I also

removed most cases where a pnum is used and substituted a pipes_struct*.

in files.c I added a offset of 0x1000 to all file handles on the
wire. This makes it much less likely that bad parsing will give us the
wrong field.
(This used to be commit 8bc2627ff28d340db65bfa017daca2dc291d5ef7)

5 files changed, 114 insertions, 134 deletions

diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index 8f1cefbbb6..bc3ea880bf 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -28,6 +28,8 @@ extern int DEBUGLEVEL;
 
 #define VALID_FNUM(fnum)   (((fnum) >= 0) && ((fnum) < MAX_FNUMS))
 
+#define FILE_HANDLE_OFFSET 0x1000
+
 static struct bitmap *file_bmap;
 static struct bitmap *fd_bmap;
 
@@ -57,11 +59,6 @@ files_struct *file_new(void )
 	   than causing corruption */
 	if (first_file == 0) {
 		first_file = (getpid() ^ (int)time(NULL)) % MAX_FNUMS;
-		if (first_file == 0) first_file = 1;
-	}
-
-	if (first_file >= MAX_FNUMS) {
-		first_file = 1;
 	}
 
 	i = bitmap_find(file_bmap, first_file);
@@ -89,12 +86,14 @@ files_struct *file_new(void )
 	if (!fsp) return NULL;
 
 	memset(fsp, 0, sizeof(*fsp));
-	first_file = i+1;
-	fsp->fnum = i;
-	string_init(&fsp->fsp_name,"");
+
+	first_file = (i+1) % MAX_FNUMS;
 
 	bitmap_set(file_bmap, i);
 	files_used++;
+
+	fsp->fnum = i + FILE_HANDLE_OFFSET;
+	string_init(&fsp->fsp_name,"");
 	
 	/* hook into the front of the list */
 	if (!Files) {
@@ -245,8 +244,6 @@ files_struct *file_fsp(int fnum)
 {
 	files_struct *fsp;
 
-	if (!VALID_FNUM(fnum)) return NULL;
-	
 	for (fsp=Files;fsp;fsp=fsp->next) {
 		if (fsp->fnum == fnum) return fsp;
 	}
@@ -368,7 +365,7 @@ void file_free(files_struct *fsp)
 		fd_ptr_free(fsp->fd_ptr);
 	}
 
-	bitmap_clear(file_bmap, fsp->fnum);
+	bitmap_clear(file_bmap, fsp->fnum - FILE_HANDLE_OFFSET);
 	files_used--;
 
 	DEBUG(5,("freed files structure %d (%d used)\n",
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index be7fb8d8e3..1a6fb3366a 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -3398,7 +3398,7 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf,
 	/* Get the file handle and hence the file name. */
 	pnum = setup[1];
 	subcommand = setup[0];
-	get_rpc_pipe(pnum, &p);
+	p = get_rpc_pipe(pnum);
 
 	if (p != NULL)
 	{
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 9bfdddf704..31bfac25c8 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -364,32 +364,33 @@ static int map_share_mode( uint32 desired_access, uint32 share_access, uint32 fi
 static int nt_open_pipe(char *fname, connection_struct *conn,
 			char *inbuf, char *outbuf, int *ppnum)
 {
-  int pnum = -1;
-  uint16 vuid = SVAL(inbuf, smb_uid);
-  int i;
+	pipes_struct *p = NULL;
 
-  DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname));
+	uint16 vuid = SVAL(inbuf, smb_uid);
+	int i;
+
+	DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname));
     
-  /* See if it is one we want to handle. */
-  for( i = 0; known_nt_pipes[i]; i++ )
-    if( strequal(fname,known_nt_pipes[i]))
-      break;
+	/* See if it is one we want to handle. */
+	for( i = 0; known_nt_pipes[i]; i++ )
+		if( strequal(fname,known_nt_pipes[i]))
+			break;
     
-  if ( known_nt_pipes[i] == NULL )
-    return(ERROR(ERRSRV,ERRaccess));
+	if ( known_nt_pipes[i] == NULL )
+		return(ERROR(ERRSRV,ERRaccess));
     
-  /* Strip \\ off the name. */
-  fname++;
+	/* Strip \\ off the name. */
+	fname++;
     
-  DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname));
+	DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname));
 
-  pnum = open_rpc_pipe_hnd(fname, conn, vuid);
-  if (pnum < 0)
-    return(ERROR(ERRSRV,ERRnofids));
+	p = open_rpc_pipe_p(fname, conn, vuid);
+	if (!p)
+		return(ERROR(ERRSRV,ERRnofids));
 
-  *ppnum = pnum + PIPE_HANDLE_OFFSET; /* Mark file handle up into high
-					 range. */
-  return 0;
+	*ppnum = p->pnum;
+
+	return 0;
 }
 
 /****************************************************************************
@@ -1258,8 +1259,8 @@ static int call_nt_transact_ioctl(connection_struct *conn,
                                   int bufsize, 
                                   char **ppsetup, char **ppparams, char **ppdata)
 {
-  DEBUG(0,("call_nt_transact_ioctl: Currently not implemented.\n"));
-  return(ERROR(ERRSRV,ERRnosupport));
+	DEBUG(0,("call_nt_transact_ioctl: Currently not implemented.\n"));
+	return(ERROR(ERRSRV,ERRnosupport));
 }
    
 /****************************************************************************
diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c
index 9ec77c08ca..84e31894a3 100644
--- a/source3/smbd/pipes.c
+++ b/source3/smbd/pipes.c
@@ -32,22 +32,7 @@
 #define	PIPE		"\\PIPE\\"
 #define	PIPELEN		strlen(PIPE)
 
-#define REALLOC(ptr,size) Realloc(ptr,MAX((size),4*1024))
-
-/* look in server.c for some explanation of these variables */
-extern int Protocol;
 extern int DEBUGLEVEL;
-extern char magic_char;
-extern BOOL case_sensitive;
-extern pstring sesssetup_user;
-extern int Client;
-
-#define VALID_PNUM(pnum)   (((pnum) >= 0) && ((pnum) < MAX_OPEN_PIPES))
-#define OPEN_PNUM(pnum)    (VALID_PNUM(pnum) && Pipes[pnum].open)
-
-/* this macro should always be used to extract an pnum (smb_fid) from
-   a packet to ensure chaining works correctly */
-#define GETPNUM(buf,where) (chain_pnum!= -1?chain_pnum:SVAL(buf,where))
 
 extern struct pipe_id_info pipe_names[];
 
@@ -60,66 +45,63 @@ extern struct pipe_id_info pipe_names[];
 int reply_open_pipe_and_X(connection_struct *conn,
 			  char *inbuf,char *outbuf,int length,int bufsize)
 {
-  pstring fname;
-  uint16 vuid = SVAL(inbuf, smb_uid);
-  int pnum = -1;
-  int smb_ofun = SVAL(inbuf,smb_vwv8);
-  int size=0,fmode=0,mtime=0,rmode=0;
-  int i;
-
-  /* XXXX we need to handle passed times, sattr and flags */
-  pstrcpy(fname,smb_buf(inbuf));
-
-  /* If the name doesn't start \PIPE\ then this is directed */
-  /* at a mailslot or something we really, really don't understand, */
-  /* not just something we really don't understand. */
-  if ( strncmp(fname,PIPE,PIPELEN) != 0 )
-    return(ERROR(ERRSRV,ERRaccess));
-
-  DEBUG(4,("Opening pipe %s.\n", fname));
-
-  /* See if it is one we want to handle. */
-  for( i = 0; pipe_names[i].client_pipe ; i++ )
-    if( strequal(fname,pipe_names[i].client_pipe) )
-      break;
-
-  if (pipe_names[i].client_pipe == NULL)
-    return(ERROR(ERRSRV,ERRaccess));
-
-  /* Strip \PIPE\ off the name. */
-  pstrcpy(fname,smb_buf(inbuf) + PIPELEN);
-
-  /* Known pipes arrive with DIR attribs. Remove it so a regular file */
-  /* can be opened and add it in after the open. */
-  DEBUG(3,("Known pipe %s opening.\n",fname));
-  smb_ofun |= 0x10;		/* Add Create it not exists flag */
-
-  pnum = open_rpc_pipe_hnd(fname, conn, vuid);
-  if (pnum < 0) return(ERROR(ERRSRV,ERRnofids));
-
-  /* Prepare the reply */
-  set_message(outbuf,15,0,True);
-
-  /* Mark the opened file as an existing named pipe in message mode. */
-  SSVAL(outbuf,smb_vwv9,2);
-  SSVAL(outbuf,smb_vwv10,0xc700);
-
-  if (rmode == 2)
-  {
-    DEBUG(4,("Resetting open result to open from create.\n"));
-    rmode = 1;
-  }
-
-  SSVAL(outbuf,smb_vwv2, pnum + PIPE_HANDLE_OFFSET); /* mark file
-							handle up into
-							high range */
-  SSVAL(outbuf,smb_vwv3,fmode);
-  put_dos_date3(outbuf,smb_vwv4,mtime);
-  SIVAL(outbuf,smb_vwv6,size);
-  SSVAL(outbuf,smb_vwv8,rmode);
-  SSVAL(outbuf,smb_vwv11,0);
-
-  return chain_reply(inbuf,outbuf,length,bufsize);
+	pstring fname;
+	uint16 vuid = SVAL(inbuf, smb_uid);
+	pipes_struct *p;
+	int smb_ofun = SVAL(inbuf,smb_vwv8);
+	int size=0,fmode=0,mtime=0,rmode=0;
+	int i;
+
+	/* XXXX we need to handle passed times, sattr and flags */
+	pstrcpy(fname,smb_buf(inbuf));
+
+	/* If the name doesn't start \PIPE\ then this is directed */
+	/* at a mailslot or something we really, really don't understand, */
+	/* not just something we really don't understand. */
+	if ( strncmp(fname,PIPE,PIPELEN) != 0 )
+		return(ERROR(ERRSRV,ERRaccess));
+
+	DEBUG(4,("Opening pipe %s.\n", fname));
+
+	/* See if it is one we want to handle. */
+	for( i = 0; pipe_names[i].client_pipe ; i++ )
+		if( strequal(fname,pipe_names[i].client_pipe) )
+			break;
+
+	if (pipe_names[i].client_pipe == NULL)
+		return(ERROR(ERRSRV,ERRaccess));
+
+	/* Strip \PIPE\ off the name. */
+	pstrcpy(fname,smb_buf(inbuf) + PIPELEN);
+
+	/* Known pipes arrive with DIR attribs. Remove it so a regular file */
+	/* can be opened and add it in after the open. */
+	DEBUG(3,("Known pipe %s opening.\n",fname));
+	smb_ofun |= 0x10;		/* Add Create it not exists flag */
+
+	p = open_rpc_pipe_p(fname, conn, vuid);
+	if (!p) return(ERROR(ERRSRV,ERRnofids));
+
+	/* Prepare the reply */
+	set_message(outbuf,15,0,True);
+
+	/* Mark the opened file as an existing named pipe in message mode. */
+	SSVAL(outbuf,smb_vwv9,2);
+	SSVAL(outbuf,smb_vwv10,0xc700);
+
+	if (rmode == 2) {
+		DEBUG(4,("Resetting open result to open from create.\n"));
+		rmode = 1;
+	}
+
+	SSVAL(outbuf,smb_vwv2, p->pnum);
+	SSVAL(outbuf,smb_vwv3,fmode);
+	put_dos_date3(outbuf,smb_vwv4,mtime);
+	SIVAL(outbuf,smb_vwv6,size);
+	SSVAL(outbuf,smb_vwv8,rmode);
+	SSVAL(outbuf,smb_vwv11,0);
+
+	return chain_reply(inbuf,outbuf,length,bufsize);
 }
 
 
@@ -131,47 +113,47 @@ int reply_open_pipe_and_X(connection_struct *conn,
 ****************************************************************************/
 int reply_pipe_read_and_X(char *inbuf,char *outbuf,int length,int bufsize)
 {
-  int pnum = get_rpc_pipe_num(inbuf,smb_vwv2);
-  uint32 smb_offs = IVAL(inbuf,smb_vwv3);
-  int smb_maxcnt = SVAL(inbuf,smb_vwv5);
-  int smb_mincnt = SVAL(inbuf,smb_vwv6);
-  int nread = -1;
-  char *data;
-  BOOL ok = False;
+	pipes_struct *p = get_rpc_pipe_p(inbuf,smb_vwv2);
+	uint32 smb_offs = IVAL(inbuf,smb_vwv3);
+	int smb_maxcnt = SVAL(inbuf,smb_vwv5);
+	int smb_mincnt = SVAL(inbuf,smb_vwv6);
+	int nread = -1;
+	char *data;
+	BOOL ok = False;
 
-  set_message(outbuf,12,0,True);
-  data = smb_buf(outbuf);
+	set_message(outbuf,12,0,True);
+	data = smb_buf(outbuf);
 
-  nread = read_pipe(pnum, data, smb_offs, smb_maxcnt);
+	nread = read_pipe(p, data, smb_offs, smb_maxcnt);
 
-  ok = True;
+	ok = True;
   
-  if (nread < 0)
-    return(UNIXERROR(ERRDOS,ERRnoaccess));
+	if (nread < 0)
+		return(UNIXERROR(ERRDOS,ERRnoaccess));
   
-  SSVAL(outbuf,smb_vwv5,nread);
-  SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
-  SSVAL(smb_buf(outbuf),-2,nread);
+	SSVAL(outbuf,smb_vwv5,nread);
+	SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
+	SSVAL(smb_buf(outbuf),-2,nread);
   
-  DEBUG(3,("readX pnum=%04x min=%d max=%d nread=%d\n",
-	    pnum, smb_mincnt, smb_maxcnt, nread));
+	DEBUG(3,("readX pnum=%04x min=%d max=%d nread=%d\n",
+		 p->pnum, smb_mincnt, smb_maxcnt, nread));
 
-  set_chain_pnum(pnum);
+	set_chain_p(p);
 
-  return chain_reply(inbuf,outbuf,length,bufsize);
+	return chain_reply(inbuf,outbuf,length,bufsize);
 }
 /****************************************************************************
   reply to a close
 ****************************************************************************/
 int reply_pipe_close(connection_struct *conn, char *inbuf,char *outbuf)
 {
-  int pnum = get_rpc_pipe_num(inbuf,smb_vwv0);
-  int outsize = set_message(outbuf,0,0,True);
+	pipes_struct *p = get_rpc_pipe_p(inbuf,smb_vwv0);
+	int outsize = set_message(outbuf,0,0,True);
 
-  DEBUG(5,("reply_pipe_close: pnum:%x\n", pnum));
+	DEBUG(5,("reply_pipe_close: pnum:%x\n", p->pnum));
 
-  if (!close_rpc_pipe_hnd(pnum, conn)) return(ERROR(ERRDOS,ERRbadfid));
+	if (!close_rpc_pipe_hnd(p, conn)) return(ERROR(ERRDOS,ERRbadfid));
 
-  return(outsize);
+	return(outsize);
 }
 
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 1ae402b902..e6117000a4 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -4700,7 +4700,7 @@ int construct_reply(char *inbuf,char *outbuf,int size,int bufsize)
 
   chain_size = 0;
   chain_fsp = NULL;
-  reset_chain_pnum();
+  reset_chain_p();
 
   if (msg_type != 0)
     return(reply_special(inbuf,outbuf));