some cleanups from the conversion of Pipes[] to a linked list. I also

removed most cases where a pnum is used and substituted a pipes_struct*.

in files.c I added a offset of 0x1000 to all file handles on the
wire. This makes it much less likely that bad parsing will give us the
wrong field.
(This used to be commit 8bc2627ff28d340db65bfa017daca2dc291d5ef7)

11 files changed, 350 insertions, 373 deletions

diff --git a/source3/include/local.h b/source3/include/local.h
index af12f83551..1db1e9d4c1 100644
--- a/source3/include/local.h
+++ b/source3/include/local.h
@@ -45,9 +45,6 @@
    one time. */
 #define MAX_CONNECTIONS 127
 
-/* this must be larger than the sum of the open files and directories */
-#define PIPE_HANDLE_OFFSET 0x7000
-
 /* Default size of shared memory used for share mode locking */
 #ifndef SHMEM_SIZE
 #define SHMEM_SIZE (1024*1024)
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index 0b2648372b..ac411fa653 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -53,8 +53,10 @@ typedef struct
 
 } prs_struct;
 
-typedef struct
+typedef struct pipes_struct
 {
+	struct pipes_struct *next, *prev;
+	int pnum;
 	connection_struct *conn;
 	int uid;
 	BOOL open; /* open connection */
diff --git a/source3/include/proto.h b/source3/include/proto.h
index e52ffdcd7a..cda824c7d0 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -55,7 +55,6 @@ struct bitmap *bitmap_allocate(int n);
 void bitmap_free(struct bitmap *bm);
 BOOL bitmap_set(struct bitmap *bm, unsigned i);
 BOOL bitmap_clear(struct bitmap *bm, unsigned i);
-BOOL bitmap_query(struct bitmap *bm, unsigned i);
 int bitmap_find(struct bitmap *bm, unsigned ofs);
 
 /*The following definitions come from  lib/charcnv.c  */
@@ -1857,16 +1856,17 @@ BOOL api_netlog_rpc(pipes_struct *p, prs_struct *data);
 
 /*The following definitions come from  rpc_server/srv_pipe_hnd.c  */
 
-void reset_chain_pnum(void);
-void set_chain_pnum(int new_pnum);
+void reset_chain_p(void);
+void set_chain_p(pipes_struct *new_p);
 void init_rpc_pipe_hnd(void);
-int open_rpc_pipe_hnd(char *pipe_name, connection_struct *conn, uint16 vuid);
-int read_pipe(uint16 pnum, char *data, uint32 pos, int n);
-BOOL get_rpc_pipe(int pnum, pipes_struct **p);
-char *get_rpc_pipe_hnd_name(int pnum);
+pipes_struct *open_rpc_pipe_p(char *pipe_name, 
+				connection_struct *conn, uint16 vuid);
+int read_pipe(pipes_struct *p, char *data, uint32 pos, int n);
+char *get_rpc_pipe_hnd_name(pipes_struct *p);
 BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state);
-BOOL close_rpc_pipe_hnd(int pnum, connection_struct *conn);
-int get_rpc_pipe_num(char *buf, int where);
+BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn);
+pipes_struct *get_rpc_pipe_p(char *buf, int where);
+pipes_struct *get_rpc_pipe(int pnum);
 
 /*The following definitions come from  rpc_server/srv_reg.c  */
 
diff --git a/source3/lib/bitmap.c b/source3/lib/bitmap.c
index ab84a2a84e..ce677f7846 100644
--- a/source3/lib/bitmap.c
+++ b/source3/lib/bitmap.c
@@ -21,6 +21,8 @@
 
 #include "includes.h"
 
+extern int DEBUGLEVEL;
+
 /* these functions provide a simple way to allocate integers from a
    pool without repitition */
 
@@ -64,7 +66,11 @@ set a bit in a bitmap
 ****************************************************************************/
 BOOL bitmap_set(struct bitmap *bm, unsigned i)
 {
-	if (i >= bm->n) return False;
+	if (i >= bm->n) {
+		DEBUG(0,("Setting invalid bitmap entry %d (of %d)\n",
+		      i, bm->n));
+		return False;
+	}
 	bm->b[i/32] |= (1<<(i%32));
 	return True;
 }
@@ -74,7 +80,11 @@ clear a bit in a bitmap
 ****************************************************************************/
 BOOL bitmap_clear(struct bitmap *bm, unsigned i)
 {
-	if (i >= bm->n) return False;
+	if (i >= bm->n) {
+		DEBUG(0,("clearing invalid bitmap entry %d (of %d)\n",
+		      i, bm->n));
+		return False;
+	}
 	bm->b[i/32] &= ~(1<<(i%32));
 	return True;
 }
@@ -82,7 +92,7 @@ BOOL bitmap_clear(struct bitmap *bm, unsigned i)
 /****************************************************************************
 query a bit in a bitmap
 ****************************************************************************/
-BOOL bitmap_query(struct bitmap *bm, unsigned i)
+static BOOL bitmap_query(struct bitmap *bm, unsigned i)
 {
 	if (i >= bm->n) return False;
 	if (bm->b[i/32] & (1<<(i%32))) {
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index bd29578f0e..dfc4eeba5f 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -28,36 +28,34 @@
 #define	PIPE		"\\PIPE\\"
 #define	PIPELEN		strlen(PIPE)
 
+/* this must be larger than the sum of the open files and directories */
+#define PIPE_HANDLE_OFFSET 0x7000
+
 extern int DEBUGLEVEL;
-static int chain_pnum = -1;
+static pipes_struct *chain_p;
+static int pipes_open;
 
 #ifndef MAX_OPEN_PIPES
-#define MAX_OPEN_PIPES 50
+#define MAX_OPEN_PIPES 64
 #endif
 
-pipes_struct Pipes[MAX_OPEN_PIPES];
-
-#define P_OPEN(p) ((p)->open)
-#define P_OK(p,c) (P_OPEN(p) && (c)==((p)->conn))
-#define VALID_PNUM(pnum)   (((pnum) >= 0) && ((pnum) < MAX_OPEN_PIPES))
-#define OPEN_PNUM(pnum)    (VALID_PNUM(pnum) && P_OPEN(&(Pipes[pnum])))
-#define PNUM_OK(pnum,c) (OPEN_PNUM(pnum) && (c)==Pipes[pnum].cnum)
-
+static pipes_struct *Pipes;
+static struct bitmap *bmap;
 
 /****************************************************************************
   reset pipe chain handle number
 ****************************************************************************/
-void reset_chain_pnum(void)
+void reset_chain_p(void)
 {
-	chain_pnum = -1;
+	chain_p = NULL;
 }
 
 /****************************************************************************
   sets chain pipe-file handle
 ****************************************************************************/
-void set_chain_pnum(int new_pnum)
+void set_chain_p(pipes_struct *new_p)
 {
-	chain_pnum = new_pnum;
+	chain_p = new_p;
 }
 
 /****************************************************************************
@@ -65,71 +63,85 @@ void set_chain_pnum(int new_pnum)
 ****************************************************************************/
 void init_rpc_pipe_hnd(void)
 {
-	int i;
-	/* we start at 1 here for an obscure reason I can't now remember,
-	but I think is important :-) */
-	for (i = 1; i < MAX_OPEN_PIPES; i++)
-	{
-		Pipes[i].open = False;
-		Pipes[i].name[0] = 0;
-		Pipes[i].pipe_srv_name[0] = 0;
-
-		Pipes[i].rhdr.data  = NULL;
-		Pipes[i].rdata.data = NULL;
-		Pipes[i].rhdr.offset  = 0;
-		Pipes[i].rdata.offset = 0;
-
-		Pipes[i].file_offset     = 0;
-		Pipes[i].hdr_offsets     = 0;
-		Pipes[i].frag_len_left   = 0;
-		Pipes[i].next_frag_start = 0;
+	bmap = bitmap_allocate(MAX_OPEN_PIPES);
+	if (!bmap) {
+		exit_server("out of memory in init_rpc_pipe_hnd\n");
 	}
-
-	return;
 }
 
+
 /****************************************************************************
   find first available file slot
 ****************************************************************************/
-int open_rpc_pipe_hnd(char *pipe_name, connection_struct *conn, uint16 vuid)
+pipes_struct *open_rpc_pipe_p(char *pipe_name, 
+			      connection_struct *conn, uint16 vuid)
 {
 	int i;
-	/* we start at 1 here for an obscure reason I can't now remember,
-	but I think is important :-) */
-	for (i = 1; i < MAX_OPEN_PIPES; i++) {
-		if (!Pipes[i].open) break;
+	pipes_struct *p;
+	static int next_pipe;
+
+	/* not repeating pipe numbers makes it easier to track things in 
+	   log files and prevents client bugs where pipe numbers are reused
+	   over connection restarts */
+	if (next_pipe == 0) {
+		next_pipe = (getpid() ^ time(NULL)) % MAX_OPEN_PIPES;
 	}
 
-	if (i == MAX_OPEN_PIPES) {
-		DEBUG(1,("ERROR! Out of pipe structures\n"));
-		return(-1);
+	i = bitmap_find(bmap, next_pipe);
+
+	if (i == -1) {
+		DEBUG(0,("ERROR! Out of pipe structures\n"));
+		return NULL;
+	}
+
+	next_pipe = (i+1) % MAX_OPEN_PIPES;
+
+	p = (pipes_struct *)malloc(sizeof(*p));
+	if (!p) return NULL;
+
+	/* hook into the front of the list */
+	if (!Pipes) {
+		Pipes = p;
+	} else {
+		Pipes->prev = p;
+		p->next = Pipes;
+		Pipes = p;
 	}
 
-	Pipes[i].open = True;
-	Pipes[i].device_state = 0;
-	Pipes[i].conn = conn;
-	Pipes[i].uid  = vuid;
+	bitmap_set(bmap, i);
+	i += PIPE_HANDLE_OFFSET;
+
+	pipes_open++;
+
+	memset(p, 0, sizeof(*p));
+	p->pnum = i;
+
+	p->open = True;
+	p->device_state = 0;
+	p->conn = conn;
+	p->uid  = vuid;
 	
-	Pipes[i].rhdr.data  = NULL;
-	Pipes[i].rdata.data = NULL;
-	Pipes[i].rhdr.offset  = 0;
-	Pipes[i].rdata.offset = 0;
+	p->rhdr.data  = NULL;
+	p->rdata.data = NULL;
+	p->rhdr.offset  = 0;
+	p->rdata.offset = 0;
 	
-	Pipes[i].file_offset     = 0;
-	Pipes[i].hdr_offsets     = 0;
-	Pipes[i].frag_len_left   = 0;
-	Pipes[i].next_frag_start = 0;
+	p->file_offset     = 0;
+	p->hdr_offsets     = 0;
+	p->frag_len_left   = 0;
+	p->next_frag_start = 0;
 	
-	fstrcpy(Pipes[i].name, pipe_name);
+	fstrcpy(p->name, pipe_name);
 	
-	DEBUG(4,("Opened pipe %s with handle %x\n",
-		 pipe_name, i + PIPE_HANDLE_OFFSET));
+	DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
+		 pipe_name, i, pipes_open));
 	
-	set_chain_pnum(i);
+	set_chain_p(p);
 	
-	return(i);
+	return p;
 }
 
+
 /****************************************************************************
  reads data from a pipe.
 
@@ -141,157 +153,111 @@ int open_rpc_pipe_hnd(char *pipe_name, connection_struct *conn, uint16 vuid)
  have been prepared into arrays of headers + data stream sections.
 
  ****************************************************************************/
-int read_pipe(uint16 pnum, char *data, uint32 pos, int n)
+int read_pipe(pipes_struct *p, char *data, uint32 pos, int n)
 {
-	pipes_struct *p = &Pipes[pnum - PIPE_HANDLE_OFFSET];
-	DEBUG(6,("read_pipe: %x", pnum));
-
-	if (VALID_PNUM(pnum - PIPE_HANDLE_OFFSET))
-	{
-		DEBUG(6,("name: %s open: %s pos: %d len: %d",
-		          p->name,
-		          BOOLSTR(p->open),
-		          pos, n));
+	int num = 0;
+	int len = 0;
+	uint32 hdr_num = 0;
+	int data_hdr_pos;
+	int data_pos;
+
+	DEBUG(6,("read_pipe: %x", p->pnum));
+
+	DEBUG(6,("name: %s open: %s pos: %d len: %d",
+		 p->name,
+		 BOOLSTR(p->open),
+		 pos, n));
+
+	if (!p || !p->open) {
+		DEBUG(6,("pipe not open\n"));
+		return -1;		
 	}
 
-	if (OPEN_PNUM(pnum - PIPE_HANDLE_OFFSET))
-	{
-		int num = 0;
-		int len = 0;
-		uint32 hdr_num = 0;
-		int data_hdr_pos;
-		int data_pos;
-
-		DEBUG(6,("OK\n"));
-
-		if (p->rhdr.data == NULL || p->rhdr.data->data == NULL ||
-		    p->rhdr.data->data_used == 0)
-		{
-			return 0;
-		}
-
-		DEBUG(6,("read_pipe: p: %p file_offset: %d file_pos: %d\n",
-		          p, p->file_offset, n));
-		DEBUG(6,("read_pipe: frag_len_left: %d next_frag_start: %d\n",
-		          p->frag_len_left, p->next_frag_start));
-
-		/* the read request starts from where the SMBtrans2 left off. */
-		data_pos     = p->file_offset - p->hdr_offsets;
-		data_hdr_pos = p->file_offset;
-
-		len = mem_buf_len(p->rhdr.data);
-		num = len - (int)data_pos;
-
-		DEBUG(6,("read_pipe: len: %d num: %d n: %d\n", len, num, n));
 
-		if (num > n) num = n;
-		if (num <= 0)
-		{
-			DEBUG(5,("read_pipe: 0 or -ve data length\n"));
-			return 0;
-		}
-
-		if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST))
-		{
-			/* intermediate fragment - possibility of another header */
-
-			DEBUG(5,("read_pipe: frag_len: %d data_pos: %d data_hdr_pos: %d\n",
-			          p->hdr.frag_len, data_pos, data_hdr_pos));
-
-			if (data_hdr_pos == p->next_frag_start)
-			{
-				DEBUG(6,("read_pipe: next fragment header\n"));
-
-				/* this is subtracted from the total data bytes, later */
-				hdr_num = 0x18;
-
-				/* create and copy in a new header. */
-				create_rpc_reply(p, data_pos, p->rdata.offset);
-				mem_buf_copy(data, p->rhdr.data, 0, 0x18);
-
-				data += 0x18;
-				p->frag_len_left = p->hdr.frag_len;
-				p->next_frag_start += p->hdr.frag_len;
-				p->hdr_offsets += 0x18;
-
-				/*DEBUG(6,("read_pipe: hdr_offsets: %d\n", p->hdr_offsets));*/
-			}
-		}
-
-		if (num < hdr_num)
-		{
-			DEBUG(5,("read_pipe: warning - data read only part of a header\n"));
-		}
-
-		DEBUG(6,("read_pipe: adjusted data_pos: %d num-hdr_num: %d\n",
-				  data_pos, num - hdr_num));
-		mem_buf_copy(data, p->rhdr.data, data_pos, num - hdr_num);
-
-		data_pos += num;
-		data_hdr_pos += num;
-
-		if (hdr_num == 0x18 && num == 0x18)
-		{
-			DEBUG(6,("read_pipe: just header read\n"));
+	if (p->rhdr.data == NULL || p->rhdr.data->data == NULL ||
+	    p->rhdr.data->data_used == 0) {
+		return 0;
+	}
 
-			/* advance to the next fragment */
-			p->frag_len_left -= 0x18; 
-		}
-		else if (data_hdr_pos == p->next_frag_start)
-		{
-			DEBUG(6,("read_pipe: next fragment expected\n"));
-		}
+	DEBUG(6,("read_pipe: p: %p file_offset: %d file_pos: %d\n",
+		 p, p->file_offset, n));
+	DEBUG(6,("read_pipe: frag_len_left: %d next_frag_start: %d\n",
+		 p->frag_len_left, p->next_frag_start));
 
-		p->file_offset  += num;
+	/* the read request starts from where the SMBtrans2 left off. */
+	data_pos     = p->file_offset - p->hdr_offsets;
+	data_hdr_pos = p->file_offset;
 
-		return num;
+	len = mem_buf_len(p->rhdr.data);
+	num = len - (int)data_pos;
+	
+	DEBUG(6,("read_pipe: len: %d num: %d n: %d\n", len, num, n));
+	
+	if (num > n) num = n;
+	if (num <= 0) {
+		DEBUG(5,("read_pipe: 0 or -ve data length\n"));
+		return 0;
+	}
 
+	if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST)) {
+		/* intermediate fragment - possibility of another header */
+		
+		DEBUG(5,("read_pipe: frag_len: %d data_pos: %d data_hdr_pos: %d\n",
+			 p->hdr.frag_len, data_pos, data_hdr_pos));
+		
+		if (data_hdr_pos == p->next_frag_start)	{
+			DEBUG(6,("read_pipe: next fragment header\n"));
+
+			/* this is subtracted from the total data bytes, later */
+			hdr_num = 0x18;
+
+			/* create and copy in a new header. */
+			create_rpc_reply(p, data_pos, p->rdata.offset);
+			mem_buf_copy(data, p->rhdr.data, 0, 0x18);
+			
+			data += 0x18;
+			p->frag_len_left = p->hdr.frag_len;
+			p->next_frag_start += p->hdr.frag_len;
+			p->hdr_offsets += 0x18;
+		}			
+		
 	}
-	else
-	{
-		DEBUG(6,("NOT\n"));
-		return -1;
+	
+	if (num < hdr_num) {
+		DEBUG(5,("read_pipe: warning - data read only part of a header\n"));
 	}
-}
-
-/****************************************************************************
-  gets the name of a pipe
-****************************************************************************/
-BOOL get_rpc_pipe(int pnum, pipes_struct **p)
-{
-	DEBUG(6,("get_rpc_pipe: "));
 
-	/* mapping is PIPE_HANDLE_OFFSET up... */
+	DEBUG(6,("read_pipe: adjusted data_pos: %d num-hdr_num: %d\n",
+		 data_pos, num - hdr_num));
+	mem_buf_copy(data, p->rhdr.data, data_pos, num - hdr_num);
+	
+	data_pos += num;
+	data_hdr_pos += num;
+	
+	if (hdr_num == 0x18 && num == 0x18) {
+		DEBUG(6,("read_pipe: just header read\n"));
 
-	if (VALID_PNUM(pnum - PIPE_HANDLE_OFFSET))
-	{
-		DEBUG(6,("name: %s open: %s ",
-		          Pipes[pnum - PIPE_HANDLE_OFFSET].name,
-		          BOOLSTR(Pipes[pnum - PIPE_HANDLE_OFFSET].open)));
-	}
-	if (OPEN_PNUM(pnum - PIPE_HANDLE_OFFSET))
-	{
-		DEBUG(6,("OK\n"));
-		(*p) = &(Pipes[pnum - PIPE_HANDLE_OFFSET]);
-		return True;
-	}
-	else
-	{
-		DEBUG(6,("NOT\n"));
-		return False;
+		/* advance to the next fragment */
+		p->frag_len_left -= 0x18; 
+	} else if (data_hdr_pos == p->next_frag_start) {
+		DEBUG(6,("read_pipe: next fragment expected\n"));
 	}
+
+	p->file_offset  += num;
+	
+	return num;
 }
 
+
 /****************************************************************************
   gets the name of a pipe
 ****************************************************************************/
-char *get_rpc_pipe_hnd_name(int pnum)
+char *get_rpc_pipe_hnd_name(pipes_struct *p)
 {
-	pipes_struct *p = NULL;
-	get_rpc_pipe(pnum, &p);
-	return p != NULL ? p->name : NULL;
+	return p?p->name:NULL;
 }
 
+
 /****************************************************************************
   set device state on a pipe.  exactly what this is for is unknown...
 ****************************************************************************/
@@ -299,57 +265,79 @@ BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state)
 {
 	if (p == NULL) return False;
 
-	if (P_OPEN(p))
-	{
+	if (p->open) {
 		DEBUG(3,("%s Setting pipe device state=%x on pipe (name=%s)\n",
 		         timestring(), device_state, p->name));
 
 		p->device_state = device_state;
-   
+		
 		return True;
-	}
-	else
-	{
-		DEBUG(3,("%s Error setting pipe device state=%x (name=%s)\n",
-		          timestring(), device_state, p->name));
-		return False;
-	}
+	} 
+
+	DEBUG(3,("%s Error setting pipe device state=%x (name=%s)\n",
+		 timestring(), device_state, p->name));
+	return False;
 }
 
+
 /****************************************************************************
   close an rpc pipe
 ****************************************************************************/
-BOOL close_rpc_pipe_hnd(int pnum, connection_struct *conn)
+BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn)
 {
-	pipes_struct *p = NULL;
-	get_rpc_pipe(pnum, &p);
-	/* mapping is PIPE_HANDLE_OFFSET up... */
-
-	if (p != NULL && P_OK(p, conn)) {
-		DEBUG(3,("%s Closed pipe name %s pnum=%x\n",
-			 timestring(),Pipes[pnum-PIPE_HANDLE_OFFSET].name,
-			 pnum));
-  
-		p->open = False;
-		
-		p->rdata.offset = 0;
-		p->rhdr.offset = 0;
-		mem_buf_free(&(p->rdata.data));
-		mem_buf_free(&(p->rhdr .data));
-		
-		return True;
-	} else {
-		DEBUG(3,("%s Error closing pipe pnum=%x\n",
-			 timestring(),pnum));
+	if (!p) {
+		DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n"));
 		return False;
 	}
+
+	mem_buf_free(&(p->rdata.data));
+	mem_buf_free(&(p->rhdr .data));
+
+	bitmap_clear(bmap, p->pnum - PIPE_HANDLE_OFFSET);
+
+	pipes_open--;
+
+	DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n", 
+		 p->name, p->pnum, pipes_open));  
+
+	if (p == Pipes) {
+		Pipes = p->next;
+		if (Pipes) Pipes->prev = NULL;
+	} else {
+		p->prev->next = p->next;
+		if (p->next) p->next->prev = p->prev;
+	}
+
+	memset(p, 0, sizeof(*p));
+
+	free(p);
+	
+	return True;
 }
 
 /****************************************************************************
   close an rpc pipe
 ****************************************************************************/
-int get_rpc_pipe_num(char *buf, int where)
+pipes_struct *get_rpc_pipe_p(char *buf, int where)
 {
-	return (chain_pnum != -1 ? chain_pnum : SVAL(buf,where));
+	int pnum = SVAL(buf,where);
+
+	if (chain_p) return chain_p;
+
+	return get_rpc_pipe(pnum);
+}
+
+/****************************************************************************
+  close an rpc pipe
+****************************************************************************/
+pipes_struct *get_rpc_pipe(int pnum)
+{
+	pipes_struct *p;
+
+	for (p=Pipes;p;p=p->next) {
+		if (p->pnum == pnum) return p;
+	}
+
+	return NULL;
 }
 
diff --git a/source3/script/mkproto.awk b/source3/script/mkproto.awk
index 0b963cbc80..b998de2dcc 100644
--- a/source3/script/mkproto.awk
+++ b/source3/script/mkproto.awk
@@ -80,7 +80,7 @@ END {
   next;
 }
 
-!/^file_fd_struct|^files_struct|^connection_struct|^uid_t|^gid_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^struct|^BOOL|^void|^time|^smb_shm_offset_t|^shm_offset_t|^enum remote_arch_types|^FILE/ {
+!/^pipes_struct|^file_fd_struct|^files_struct|^connection_struct|^uid_t|^gid_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^struct|^BOOL|^void|^time|^smb_shm_offset_t|^shm_offset_t|^enum remote_arch_types|^FILE/ {
   next;
 }
 
diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index 8f1cefbbb6..bc3ea880bf 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -28,6 +28,8 @@ extern int DEBUGLEVEL;
 
 #define VALID_FNUM(fnum)   (((fnum) >= 0) && ((fnum) < MAX_FNUMS))
 
+#define FILE_HANDLE_OFFSET 0x1000
+
 static struct bitmap *file_bmap;
 static struct bitmap *fd_bmap;
 
@@ -57,11 +59,6 @@ files_struct *file_new(void )
 	   than causing corruption */
 	if (first_file == 0) {
 		first_file = (getpid() ^ (int)time(NULL)) % MAX_FNUMS;
-		if (first_file == 0) first_file = 1;
-	}
-
-	if (first_file >= MAX_FNUMS) {
-		first_file = 1;
 	}
 
 	i = bitmap_find(file_bmap, first_file);
@@ -89,12 +86,14 @@ files_struct *file_new(void )
 	if (!fsp) return NULL;
 
 	memset(fsp, 0, sizeof(*fsp));
-	first_file = i+1;
-	fsp->fnum = i;
-	string_init(&fsp->fsp_name,"");
+
+	first_file = (i+1) % MAX_FNUMS;
 
 	bitmap_set(file_bmap, i);
 	files_used++;
+
+	fsp->fnum = i + FILE_HANDLE_OFFSET;
+	string_init(&fsp->fsp_name,"");
 	
 	/* hook into the front of the list */
 	if (!Files) {
@@ -245,8 +244,6 @@ files_struct *file_fsp(int fnum)
 {
 	files_struct *fsp;
 
-	if (!VALID_FNUM(fnum)) return NULL;
-	
 	for (fsp=Files;fsp;fsp=fsp->next) {
 		if (fsp->fnum == fnum) return fsp;
 	}
@@ -368,7 +365,7 @@ void file_free(files_struct *fsp)
 		fd_ptr_free(fsp->fd_ptr);
 	}
 
-	bitmap_clear(file_bmap, fsp->fnum);
+	bitmap_clear(file_bmap, fsp->fnum - FILE_HANDLE_OFFSET);
 	files_used--;
 
 	DEBUG(5,("freed files structure %d (%d used)\n",
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index be7fb8d8e3..1a6fb3366a 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -3398,7 +3398,7 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf,
 	/* Get the file handle and hence the file name. */
 	pnum = setup[1];
 	subcommand = setup[0];
-	get_rpc_pipe(pnum, &p);
+	p = get_rpc_pipe(pnum);
 
 	if (p != NULL)
 	{
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 9bfdddf704..31bfac25c8 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -364,32 +364,33 @@ static int map_share_mode( uint32 desired_access, uint32 share_access, uint32 fi
 static int nt_open_pipe(char *fname, connection_struct *conn,
 			char *inbuf, char *outbuf, int *ppnum)
 {
-  int pnum = -1;
-  uint16 vuid = SVAL(inbuf, smb_uid);
-  int i;
+	pipes_struct *p = NULL;
 
-  DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname));
+	uint16 vuid = SVAL(inbuf, smb_uid);
+	int i;
+
+	DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname));
     
-  /* See if it is one we want to handle. */
-  for( i = 0; known_nt_pipes[i]; i++ )
-    if( strequal(fname,known_nt_pipes[i]))
-      break;
+	/* See if it is one we want to handle. */
+	for( i = 0; known_nt_pipes[i]; i++ )
+		if( strequal(fname,known_nt_pipes[i]))
+			break;
     
-  if ( known_nt_pipes[i] == NULL )
-    return(ERROR(ERRSRV,ERRaccess));
+	if ( known_nt_pipes[i] == NULL )
+		return(ERROR(ERRSRV,ERRaccess));
     
-  /* Strip \\ off the name. */
-  fname++;
+	/* Strip \\ off the name. */
+	fname++;
     
-  DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname));
+	DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname));
 
-  pnum = open_rpc_pipe_hnd(fname, conn, vuid);
-  if (pnum < 0)
-    return(ERROR(ERRSRV,ERRnofids));
+	p = open_rpc_pipe_p(fname, conn, vuid);
+	if (!p)
+		return(ERROR(ERRSRV,ERRnofids));
 
-  *ppnum = pnum + PIPE_HANDLE_OFFSET; /* Mark file handle up into high
-					 range. */
-  return 0;
+	*ppnum = p->pnum;
+
+	return 0;
 }
 
 /****************************************************************************
@@ -1258,8 +1259,8 @@ static int call_nt_transact_ioctl(connection_struct *conn,
                                   int bufsize, 
                                   char **ppsetup, char **ppparams, char **ppdata)
 {
-  DEBUG(0,("call_nt_transact_ioctl: Currently not implemented.\n"));
-  return(ERROR(ERRSRV,ERRnosupport));
+	DEBUG(0,("call_nt_transact_ioctl: Currently not implemented.\n"));
+	return(ERROR(ERRSRV,ERRnosupport));
 }
    
 /****************************************************************************
diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c
index 9ec77c08ca..84e31894a3 100644
--- a/source3/smbd/pipes.c
+++ b/source3/smbd/pipes.c
@@ -32,22 +32,7 @@
 #define	PIPE		"\\PIPE\\"
 #define	PIPELEN		strlen(PIPE)
 
-#define REALLOC(ptr,size) Realloc(ptr,MAX((size),4*1024))
-
-/* look in server.c for some explanation of these variables */
-extern int Protocol;
 extern int DEBUGLEVEL;
-extern char magic_char;
-extern BOOL case_sensitive;
-extern pstring sesssetup_user;
-extern int Client;
-
-#define VALID_PNUM(pnum)   (((pnum) >= 0) && ((pnum) < MAX_OPEN_PIPES))
-#define OPEN_PNUM(pnum)    (VALID_PNUM(pnum) && Pipes[pnum].open)
-
-/* this macro should always be used to extract an pnum (smb_fid) from
-   a packet to ensure chaining works correctly */
-#define GETPNUM(buf,where) (chain_pnum!= -1?chain_pnum:SVAL(buf,where))
 
 extern struct pipe_id_info pipe_names[];
 
@@ -60,66 +45,63 @@ extern struct pipe_id_info pipe_names[];
 int reply_open_pipe_and_X(connection_struct *conn,
 			  char *inbuf,char *outbuf,int length,int bufsize)
 {
-  pstring fname;
-  uint16 vuid = SVAL(inbuf, smb_uid);
-  int pnum = -1;
-  int smb_ofun = SVAL(inbuf,smb_vwv8);
-  int size=0,fmode=0,mtime=0,rmode=0;
-  int i;
-
-  /* XXXX we need to handle passed times, sattr and flags */
-  pstrcpy(fname,smb_buf(inbuf));
-
-  /* If the name doesn't start \PIPE\ then this is directed */
-  /* at a mailslot or something we really, really don't understand, */
-  /* not just something we really don't understand. */
-  if ( strncmp(fname,PIPE,PIPELEN) != 0 )
-    return(ERROR(ERRSRV,ERRaccess));
-
-  DEBUG(4,("Opening pipe %s.\n", fname));
-
-  /* See if it is one we want to handle. */
-  for( i = 0; pipe_names[i].client_pipe ; i++ )
-    if( strequal(fname,pipe_names[i].client_pipe) )
-      break;
-
-  if (pipe_names[i].client_pipe == NULL)
-    return(ERROR(ERRSRV,ERRaccess));
-
-  /* Strip \PIPE\ off the name. */
-  pstrcpy(fname,smb_buf(inbuf) + PIPELEN);
-
-  /* Known pipes arrive with DIR attribs. Remove it so a regular file */
-  /* can be opened and add it in after the open. */
-  DEBUG(3,("Known pipe %s opening.\n",fname));
-  smb_ofun |= 0x10;		/* Add Create it not exists flag */
-
-  pnum = open_rpc_pipe_hnd(fname, conn, vuid);
-  if (pnum < 0) return(ERROR(ERRSRV,ERRnofids));
-
-  /* Prepare the reply */
-  set_message(outbuf,15,0,True);
-
-  /* Mark the opened file as an existing named pipe in message mode. */
-  SSVAL(outbuf,smb_vwv9,2);
-  SSVAL(outbuf,smb_vwv10,0xc700);
-
-  if (rmode == 2)
-  {
-    DEBUG(4,("Resetting open result to open from create.\n"));
-    rmode = 1;
-  }
-
-  SSVAL(outbuf,smb_vwv2, pnum + PIPE_HANDLE_OFFSET); /* mark file
-							handle up into
-							high range */
-  SSVAL(outbuf,smb_vwv3,fmode);
-  put_dos_date3(outbuf,smb_vwv4,mtime);
-  SIVAL(outbuf,smb_vwv6,size);
-  SSVAL(outbuf,smb_vwv8,rmode);
-  SSVAL(outbuf,smb_vwv11,0);
-
-  return chain_reply(inbuf,outbuf,length,bufsize);
+	pstring fname;
+	uint16 vuid = SVAL(inbuf, smb_uid);
+	pipes_struct *p;
+	int smb_ofun = SVAL(inbuf,smb_vwv8);
+	int size=0,fmode=0,mtime=0,rmode=0;
+	int i;
+
+	/* XXXX we need to handle passed times, sattr and flags */
+	pstrcpy(fname,smb_buf(inbuf));
+
+	/* If the name doesn't start \PIPE\ then this is directed */
+	/* at a mailslot or something we really, really don't understand, */
+	/* not just something we really don't understand. */
+	if ( strncmp(fname,PIPE,PIPELEN) != 0 )
+		return(ERROR(ERRSRV,ERRaccess));
+
+	DEBUG(4,("Opening pipe %s.\n", fname));
+
+	/* See if it is one we want to handle. */
+	for( i = 0; pipe_names[i].client_pipe ; i++ )
+		if( strequal(fname,pipe_names[i].client_pipe) )
+			break;
+
+	if (pipe_names[i].client_pipe == NULL)
+		return(ERROR(ERRSRV,ERRaccess));
+
+	/* Strip \PIPE\ off the name. */
+	pstrcpy(fname,smb_buf(inbuf) + PIPELEN);
+
+	/* Known pipes arrive with DIR attribs. Remove it so a regular file */
+	/* can be opened and add it in after the open. */
+	DEBUG(3,("Known pipe %s opening.\n",fname));
+	smb_ofun |= 0x10;		/* Add Create it not exists flag */
+
+	p = open_rpc_pipe_p(fname, conn, vuid);
+	if (!p) return(ERROR(ERRSRV,ERRnofids));
+
+	/* Prepare the reply */
+	set_message(outbuf,15,0,True);
+
+	/* Mark the opened file as an existing named pipe in message mode. */
+	SSVAL(outbuf,smb_vwv9,2);
+	SSVAL(outbuf,smb_vwv10,0xc700);
+
+	if (rmode == 2) {
+		DEBUG(4,("Resetting open result to open from create.\n"));
+		rmode = 1;
+	}
+
+	SSVAL(outbuf,smb_vwv2, p->pnum);
+	SSVAL(outbuf,smb_vwv3,fmode);
+	put_dos_date3(outbuf,smb_vwv4,mtime);
+	SIVAL(outbuf,smb_vwv6,size);
+	SSVAL(outbuf,smb_vwv8,rmode);
+	SSVAL(outbuf,smb_vwv11,0);
+
+	return chain_reply(inbuf,outbuf,length,bufsize);
 }
 
 
@@ -131,47 +113,47 @@ int reply_open_pipe_and_X(connection_struct *conn,
 ****************************************************************************/
 int reply_pipe_read_and_X(char *inbuf,char *outbuf,int length,int bufsize)
 {
-  int pnum = get_rpc_pipe_num(inbuf,smb_vwv2);
-  uint32 smb_offs = IVAL(inbuf,smb_vwv3);
-  int smb_maxcnt = SVAL(inbuf,smb_vwv5);
-  int smb_mincnt = SVAL(inbuf,smb_vwv6);
-  int nread = -1;
-  char *data;
-  BOOL ok = False;
+	pipes_struct *p = get_rpc_pipe_p(inbuf,smb_vwv2);
+	uint32 smb_offs = IVAL(inbuf,smb_vwv3);
+	int smb_maxcnt = SVAL(inbuf,smb_vwv5);
+	int smb_mincnt = SVAL(inbuf,smb_vwv6);
+	int nread = -1;
+	char *data;
+	BOOL ok = False;
 
-  set_message(outbuf,12,0,True);
-  data = smb_buf(outbuf);
+	set_message(outbuf,12,0,True);
+	data = smb_buf(outbuf);
 
-  nread = read_pipe(pnum, data, smb_offs, smb_maxcnt);
+	nread = read_pipe(p, data, smb_offs, smb_maxcnt);
 
-  ok = True;
+	ok = True;
   
-  if (nread < 0)
-    return(UNIXERROR(ERRDOS,ERRnoaccess));
+	if (nread < 0)
+		return(UNIXERROR(ERRDOS,ERRnoaccess));
   
-  SSVAL(outbuf,smb_vwv5,nread);
-  SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
-  SSVAL(smb_buf(outbuf),-2,nread);
+	SSVAL(outbuf,smb_vwv5,nread);
+	SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
+	SSVAL(smb_buf(outbuf),-2,nread);
   
-  DEBUG(3,("readX pnum=%04x min=%d max=%d nread=%d\n",
-	    pnum, smb_mincnt, smb_maxcnt, nread));
+	DEBUG(3,("readX pnum=%04x min=%d max=%d nread=%d\n",
+		 p->pnum, smb_mincnt, smb_maxcnt, nread));
 
-  set_chain_pnum(pnum);
+	set_chain_p(p);
 
-  return chain_reply(inbuf,outbuf,length,bufsize);
+	return chain_reply(inbuf,outbuf,length,bufsize);
 }
 /****************************************************************************
   reply to a close
 ****************************************************************************/
 int reply_pipe_close(connection_struct *conn, char *inbuf,char *outbuf)
 {
-  int pnum = get_rpc_pipe_num(inbuf,smb_vwv0);
-  int outsize = set_message(outbuf,0,0,True);
+	pipes_struct *p = get_rpc_pipe_p(inbuf,smb_vwv0);
+	int outsize = set_message(outbuf,0,0,True);
 
-  DEBUG(5,("reply_pipe_close: pnum:%x\n", pnum));
+	DEBUG(5,("reply_pipe_close: pnum:%x\n", p->pnum));
 
-  if (!close_rpc_pipe_hnd(pnum, conn)) return(ERROR(ERRDOS,ERRbadfid));
+	if (!close_rpc_pipe_hnd(p, conn)) return(ERROR(ERRDOS,ERRbadfid));
 
-  return(outsize);
+	return(outsize);
 }
 
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 1ae402b902..e6117000a4 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -4700,7 +4700,7 @@ int construct_reply(char *inbuf,char *outbuf,int size,int bufsize)
 
   chain_size = 0;
   chain_fsp = NULL;
-  reset_chain_pnum();
+  reset_chain_p();
 
   if (msg_type != 0)
     return(reply_special(inbuf,outbuf));