5 files changed, 114 insertions, 134 deletions
diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index 8f1cefbbb6..bc3ea880bf 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -28,6 +28,8 @@ extern int DEBUGLEVEL;
 
 #define VALID_FNUM(fnum)   (((fnum) >= 0) && ((fnum) < MAX_FNUMS))
 
+#define FILE_HANDLE_OFFSET 0x1000
+
 static struct bitmap *file_bmap;
 static struct bitmap *fd_bmap;
 
@@ -57,11 +59,6 @@ files_struct *file_new(void )
 	   than causing corruption */
 	if (first_file == 0) {
 		first_file = (getpid() ^ (int)time(NULL)) % MAX_FNUMS;
-		if (first_file == 0) first_file = 1;
-	}
-
-	if (first_file >= MAX_FNUMS) {
-		first_file = 1;
 	}
 
 	i = bitmap_find(file_bmap, first_file);
@@ -89,12 +86,14 @@ files_struct *file_new(void )
 	if (!fsp) return NULL;
 
 	memset(fsp, 0, sizeof(*fsp));
-	first_file = i+1;
-	fsp->fnum = i;
-	string_init(&fsp->fsp_name,"");
+
+	first_file = (i+1) % MAX_FNUMS;
 
 	bitmap_set(file_bmap, i);
 	files_used++;
+
+	fsp->fnum = i + FILE_HANDLE_OFFSET;
+	string_init(&fsp->fsp_name,"");
 	
 	/* hook into the front of the list */
 	if (!Files) {
@@ -245,8 +244,6 @@ files_struct *file_fsp(int fnum)
 {
 	files_struct *fsp;
 
-	if (!VALID_FNUM(fnum)) return NULL;
-	
 	for (fsp=Files;fsp;fsp=fsp->next) {
 		if (fsp->fnum == fnum) return fsp;
 	}
@@ -368,7 +365,7 @@ void file_free(files_struct *fsp)
 		fd_ptr_free(fsp->fd_ptr);
 	}
 
-	bitmap_clear(file_bmap, fsp->fnum);
+	bitmap_clear(file_bmap, fsp->fnum - FILE_HANDLE_OFFSET);
 	files_used--;
 
 	DEBUG(5,("freed files structure %d (%d used)\n",
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index be7fb8d8e3..1a6fb3366a 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -3398,7 +3398,7 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf,
 	/* Get the file handle and hence the file name. */
 	pnum = setup[1];
 	subcommand = setup[0];
-	get_rpc_pipe(pnum, &p);
+	p = get_rpc_pipe(pnum);
 
 	if (p != NULL)
 	{
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 9bfdddf704..31bfac25c8 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -364,32 +364,33 @@ static int map_share_mode( uint32 desired_access, uint32 share_access, uint32 fi
 static int nt_open_pipe(char *fname, connection_struct *conn,
 			char *inbuf, char *outbuf, int *ppnum)
 {
-  int pnum = -1;
-  uint16 vuid = SVAL(inbuf, smb_uid);
-  int i;
+	pipes_struct *p = NULL;
 
-  DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname));
+	uint16 vuid = SVAL(inbuf, smb_uid);
+	int i;
+
+	DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname));
     
-  /* See if it is one we want to handle. */
-  for( i = 0; known_nt_pipes[i]; i++ )
-    if( strequal(fname,known_nt_pipes[i]))
-      break;
+	/* See if it is one we want to handle. */
+	for( i = 0; known_nt_pipes[i]; i++ )
+		if( strequal(fname,known_nt_pipes[i]))
+			break;
     
-  if ( known_nt_pipes[i] == NULL )
-    return(ERROR(ERRSRV,ERRaccess));
+	if ( known_nt_pipes[i] == NULL )
+		return(ERROR(ERRSRV,ERRaccess));
     
-  /* Strip \\ off the name. */
-  fname++;
+	/* Strip \\ off the name. */
+	fname++;
     
-  DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname));
+	DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname));
 
-  pnum = open_rpc_pipe_hnd(fname, conn, vuid);
-  if (pnum < 0)
-    return(ERROR(ERRSRV,ERRnofids));
+	p = open_rpc_pipe_p(fname, conn, vuid);
+	if (!p)
+		return(ERROR(ERRSRV,ERRnofids));
 
-  *ppnum = pnum + PIPE_HANDLE_OFFSET; /* Mark file handle up into high
-					 range. */
-  return 0;
+	*ppnum = p->pnum;
+
+	return 0;
 }
 
 /****************************************************************************
@@ -1258,8 +1259,8 @@ static int call_nt_transact_ioctl(connection_struct *conn,
                                   int bufsize, 
                                   char **ppsetup, char **ppparams, char **ppdata)
 {
-  DEBUG(0,("call_nt_transact_ioctl: Currently not implemented.\n"));
-  return(ERROR(ERRSRV,ERRnosupport));
+	DEBUG(0,("call_nt_transact_ioctl: Currently not implemented.\n"));
+	return(ERROR(ERRSRV,ERRnosupport));
 }
    
 /****************************************************************************
diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c
index 9ec77c08ca..84e31894a3 100644
--- a/source3/smbd/pipes.c
+++ b/source3/smbd/pipes.c
@@ -32,22 +32,7 @@
 #define	PIPE		"\\PIPE\\"
 #define	PIPELEN		strlen(PIPE)
 
-#define REALLOC(ptr,size) Realloc(ptr,MAX((size),4*1024))
-
-/* look in server.c for some explanation of these variables */
-extern int Protocol;
 extern int DEBUGLEVEL;
-extern char magic_char;
-extern BOOL case_sensitive;
-extern pstring sesssetup_user;
-extern int Client;
-
-#define VALID_PNUM(pnum)   (((pnum) >= 0) && ((pnum) < MAX_OPEN_PIPES))
-#define OPEN_PNUM(pnum)    (VALID_PNUM(pnum) && Pipes[pnum].open)
-
-/* this macro should always be used to extract an pnum (smb_fid) from
-   a packet to ensure chaining works correctly */
-#define GETPNUM(buf,where) (chain_pnum!= -1?chain_pnum:SVAL(buf,where))
 
 extern struct pipe_id_info pipe_names[];
 
@@ -60,66 +45,63 @@ extern struct pipe_id_info pipe_names[];
 int reply_open_pipe_and_X(connection_struct *conn,
 			  char *inbuf,char *outbuf,int length,int bufsize)
 {
-  pstring fname;
-  uint16 vuid = SVAL(inbuf, smb_uid);
-  int pnum = -1;
-  int smb_ofun = SVAL(inbuf,smb_vwv8);
-  int size=0,fmode=0,mtime=0,rmode=0;
-  int i;
-
-  /* XXXX we need to handle passed times, sattr and flags */
-  pstrcpy(fname,smb_buf(inbuf));
-
-  /* If the name doesn't start \PIPE\ then this is directed */
-  /* at a mailslot or something we really, really don't understand, */
-  /* not just something we really don't understand. */
-  if ( strncmp(fname,PIPE,PIPELEN) != 0 )
-    return(ERROR(ERRSRV,ERRaccess));
-
-  DEBUG(4,("Opening pipe %s.\n", fname));
-
-  /* See if it is one we want to handle. */
-  for( i = 0; pipe_names[i].client_pipe ; i++ )
-    if( strequal(fname,pipe_names[i].client_pipe) )
-      break;
-
-  if (pipe_names[i].client_pipe == NULL)
-    return(ERROR(ERRSRV,ERRaccess));
-
-  /* Strip \PIPE\ off the name. */
-  pstrcpy(fname,smb_buf(inbuf) + PIPELEN);
-
-  /* Known pipes arrive with DIR attribs. Remove it so a regular file */
-  /* can be opened and add it in after the open. */
-  DEBUG(3,("Known pipe %s opening.\n",fname));
-  smb_ofun |= 0x10;		/* Add Create it not exists flag */
-
-  pnum = open_rpc_pipe_hnd(fname, conn, vuid);
-  if (pnum < 0) return(ERROR(ERRSRV,ERRnofids));
-
-  /* Prepare the reply */
-  set_message(outbuf,15,0,True);
-
-  /* Mark the opened file as an existing named pipe in message mode. */
-  SSVAL(outbuf,smb_vwv9,2);
-  SSVAL(outbuf,smb_vwv10,0xc700);
-
-  if (rmode == 2)
-  {
-    DEBUG(4,("Resetting open result to open from create.\n"));
-    rmode = 1;
-  }
-
-  SSVAL(outbuf,smb_vwv2, pnum + PIPE_HANDLE_OFFSET); /* mark file
-							handle up into
-							high range */
-  SSVAL(outbuf,smb_vwv3,fmode);
-  put_dos_date3(outbuf,smb_vwv4,mtime);
-  SIVAL(outbuf,smb_vwv6,size);
-  SSVAL(outbuf,smb_vwv8,rmode);
-  SSVAL(outbuf,smb_vwv11,0);
-
-  return chain_reply(inbuf,outbuf,length,bufsize);
+	pstring fname;
+	uint16 vuid = SVAL(inbuf, smb_uid);
+	pipes_struct *p;
+	int smb_ofun = SVAL(inbuf,smb_vwv8);
+	int size=0,fmode=0,mtime=0,rmode=0;
+	int i;
+
+	/* XXXX we need to handle passed times, sattr and flags */
+	pstrcpy(fname,smb_buf(inbuf));
+
+	/* If the name doesn't start \PIPE\ then this is directed */
+	/* at a mailslot or something we really, really don't understand, */
+	/* not just something we really don't understand. */
+	if ( strncmp(fname,PIPE,PIPELEN) != 0 )
+		return(ERROR(ERRSRV,ERRaccess));
+
+	DEBUG(4,("Opening pipe %s.\n", fname));
+
+	/* See if it is one we want to handle. */
+	for( i = 0; pipe_names[i].client_pipe ; i++ )
+		if( strequal(fname,pipe_names[i].client_pipe) )
+			break;
+
+	if (pipe_names[i].client_pipe == NULL)
+		return(ERROR(ERRSRV,ERRaccess));
+
+	/* Strip \PIPE\ off the name. */
+	pstrcpy(fname,smb_buf(inbuf) + PIPELEN);
+
+	/* Known pipes arrive with DIR attribs. Remove it so a regular file */
+	/* can be opened and add it in after the open. */
+	DEBUG(3,("Known pipe %s opening.\n",fname));
+	smb_ofun |= 0x10;		/* Add Create it not exists flag */
+
+	p = open_rpc_pipe_p(fname, conn, vuid);
+	if (!p) return(ERROR(ERRSRV,ERRnofids));
+
+	/* Prepare the reply */
+	set_message(outbuf,15,0,True);
+
+	/* Mark the opened file as an existing named pipe in message mode. */
+	SSVAL(outbuf,smb_vwv9,2);
+	SSVAL(outbuf,smb_vwv10,0xc700);
+
+	if (rmode == 2) {
+		DEBUG(4,("Resetting open result to open from create.\n"));
+		rmode = 1;
+	}
+
+	SSVAL(outbuf,smb_vwv2, p->pnum);
+	SSVAL(outbuf,smb_vwv3,fmode);
+	put_dos_date3(outbuf,smb_vwv4,mtime);
+	SIVAL(outbuf,smb_vwv6,size);
+	SSVAL(outbuf,smb_vwv8,rmode);
+	SSVAL(outbuf,smb_vwv11,0);
+
+	return chain_reply(inbuf,outbuf,length,bufsize);
 }
 
 
@@ -131,47 +113,47 @@ int reply_open_pipe_and_X(connection_struct *conn,
 ****************************************************************************/
 int reply_pipe_read_and_X(char *inbuf,char *outbuf,int length,int bufsize)
 {
-  int pnum = get_rpc_pipe_num(inbuf,smb_vwv2);
-  uint32 smb_offs = IVAL(inbuf,smb_vwv3);
-  int smb_maxcnt = SVAL(inbuf,smb_vwv5);
-  int smb_mincnt = SVAL(inbuf,smb_vwv6);
-  int nread = -1;
-  char *data;
-  BOOL ok = False;
+	pipes_struct *p = get_rpc_pipe_p(inbuf,smb_vwv2);
+	uint32 smb_offs = IVAL(inbuf,smb_vwv3);
+	int smb_maxcnt = SVAL(inbuf,smb_vwv5);
+	int smb_mincnt = SVAL(inbuf,smb_vwv6);
+	int nread = -1;
+	char *data;
+	BOOL ok = False;
 
-  set_message(outbuf,12,0,True);
-  data = smb_buf(outbuf);
+	set_message(outbuf,12,0,True);
+	data = smb_buf(outbuf);
 
-  nread = read_pipe(pnum, data, smb_offs, smb_maxcnt);
+	nread = read_pipe(p, data, smb_offs, smb_maxcnt);
 
-  ok = True;
+	ok = True;
   
-  if (nread < 0)
-    return(UNIXERROR(ERRDOS,ERRnoaccess));
+	if (nread < 0)
+		return(UNIXERROR(ERRDOS,ERRnoaccess));
   
-  SSVAL(outbuf,smb_vwv5,nread);
-  SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
-  SSVAL(smb_buf(outbuf),-2,nread);
+	SSVAL(outbuf,smb_vwv5,nread);
+	SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
+	SSVAL(smb_buf(outbuf),-2,nread);
   
-  DEBUG(3,("readX pnum=%04x min=%d max=%d nread=%d\n",
-	    pnum, smb_mincnt, smb_maxcnt, nread));
+	DEBUG(3,("readX pnum=%04x min=%d max=%d nread=%d\n",
+		 p->pnum, smb_mincnt, smb_maxcnt, nread));
 
-  set_chain_pnum(pnum);
+	set_chain_p(p);
 
-  return chain_reply(inbuf,outbuf,length,bufsize);
+	return chain_reply(inbuf,outbuf,length,bufsize);
 }
 /****************************************************************************
   reply to a close
 ****************************************************************************/
 int reply_pipe_close(connection_struct *conn, char *inbuf,char *outbuf)
 {
-  int pnum = get_rpc_pipe_num(inbuf,smb_vwv0);
-  int outsize = set_message(outbuf,0,0,True);
+	pipes_struct *p = get_rpc_pipe_p(inbuf,smb_vwv0);
+	int outsize = set_message(outbuf,0,0,True);
 
-  DEBUG(5,("reply_pipe_close: pnum:%x\n", pnum));
+	DEBUG(5,("reply_pipe_close: pnum:%x\n", p->pnum));
 
-  if (!close_rpc_pipe_hnd(pnum, conn)) return(ERROR(ERRDOS,ERRbadfid));
+	if (!close_rpc_pipe_hnd(p, conn)) return(ERROR(ERRDOS,ERRbadfid));
 
-  return(outsize);
+	return(outsize);
 }
 
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 1ae402b902..e6117000a4 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -4700,7 +4700,7 @@ int construct_reply(char *inbuf,char *outbuf,int size,int bufsize)
 
   chain_size = 0;
   chain_fsp = NULL;
-  reset_chain_pnum();
+  reset_chain_p();
 
   if (msg_type != 0)
     return(reply_special(inbuf,outbuf));