diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/ntdomain.h | 58 | ||||
-rw-r--r-- | source3/include/proto.h | 14 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe_hnd.c | 303 | ||||
-rw-r--r-- | source3/smbd/connection.c | 106 | ||||
-rw-r--r-- | source3/smbd/pipes.c | 26 | ||||
-rw-r--r-- | source3/smbd/process.c | 1 | ||||
-rw-r--r-- | source3/smbd/service.c | 7 | ||||
-rw-r--r-- | source3/winbindd/winbindd_proto.h | 2 |
8 files changed, 3 insertions, 514 deletions
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index 60bbf500bc..e6c97c69dc 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -287,64 +287,6 @@ typedef struct pipes_struct { } pipes_struct; -typedef struct smb_np_struct { - struct smb_np_struct *next, *prev; - int pnum; - connection_struct *conn; - uint16 vuid; /* points to the unauthenticated user that opened this pipe. */ - bool open; /* open connection */ - uint16 device_state; - uint16 priority; - char *name; - - /* When replying to an SMBtrans, this is the maximum amount of - data that can be sent in the initial reply. */ - int max_trans_reply; - - /* - * NamedPipe state information. - */ - struct pipes_struct *np_state; - - /* - * NamedPipe functions, to be called to perform - * Named Pipe transactions on request from an - * SMB client. - */ - - /* call to create a named pipe connection. - * returns: state information representing the connection. - * is stored in np_state, above. - */ - struct pipes_struct *(*namedpipe_create)( - TALLOC_CTX *mem_ctx, - const char *pipe_name, - const char *client_address, - struct auth_serversupplied_info *server_info, - uint16_t vuid); - - /* call to perform a write namedpipe operation - */ - ssize_t (*namedpipe_write)(struct pipes_struct *p, - char *data, size_t n); - - /* call to perform a read namedpipe operation. - * - * NOTE: the only reason that the pipe_outstanding - * argument is here is because samba does not use - * the namedpipe_transact function yet: instead, - * it performs the same as what namedpipe_transact - * does - a write, followed by a read. - * - * when samba is modified to use namedpipe_transact, - * the pipe_outstanding argument may be removed. - */ - ssize_t (*namedpipe_read)(struct pipes_struct *p, - char *data, size_t max_len, - bool *pipe_outstanding); - -} smb_np_struct; - struct api_struct { const char *name; uint8 opnum; diff --git a/source3/include/proto.h b/source3/include/proto.h index a3e78d751d..cb0446889c 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -8692,19 +8692,7 @@ bool api_pipe_request(pipes_struct *p); pipes_struct *get_first_internal_pipe(void); pipes_struct *get_next_internal_pipe(pipes_struct *p); void set_pipe_handle_offset(int max_open_files); -void reset_chain_p(void); void init_rpc_pipe_hnd(void); -smb_np_struct *open_rpc_pipe_p(const char *pipe_name, - connection_struct *conn, uint16 vuid); -ssize_t write_to_pipe(smb_np_struct *p, char *data, size_t n); -ssize_t read_from_pipe(smb_np_struct *p, char *data, size_t n, - bool *is_data_outstanding); -bool wait_rpc_pipe_hnd_state(smb_np_struct *p, uint16 priority); -bool set_rpc_pipe_hnd_state(smb_np_struct *p, uint16 device_state); -bool close_rpc_pipe_hnd(smb_np_struct *p); -void pipe_close_conn(connection_struct *conn); -smb_np_struct *get_rpc_pipe_p(uint16 pnum); -smb_np_struct *get_rpc_pipe(int pnum); struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx, const char *pipe_name, const char *client_address, @@ -9414,8 +9402,6 @@ int count_all_current_connections(void); bool claim_connection(connection_struct *conn, const char *name, uint32 msg_flags); bool register_message_flags(bool doreg, uint32 msg_flags); -bool store_pipe_opendb( smb_np_struct *p ); -bool delete_pipe_opendb( smb_np_struct *p ); /* The following definitions come from smbd/dfree.c */ diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 632514dffe..1711565c0d 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -24,7 +24,6 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV -static smb_np_struct *chain_p; static int pipes_open; /* @@ -44,7 +43,6 @@ static int pipes_open; #endif static int current_spoolss_pipes_open; -static smb_np_struct *Pipes; static pipes_struct *InternalPipes; static struct bitmap *bmap; @@ -91,15 +89,6 @@ void set_pipe_handle_offset(int max_open_files) } /**************************************************************************** - Reset pipe chain handle number. -****************************************************************************/ - -void reset_chain_p(void) -{ - chain_p = NULL; -} - -/**************************************************************************** Initialise pipe handle states. ****************************************************************************/ @@ -142,120 +131,6 @@ static bool pipe_init_outgoing_data(pipes_struct *p) } /**************************************************************************** - Find first available pipe slot. -****************************************************************************/ - -smb_np_struct *open_rpc_pipe_p(const char *pipe_name, - connection_struct *conn, uint16 vuid) -{ - int i; - smb_np_struct *p, *p_it; - static int next_pipe; - bool is_spoolss_pipe = False; - - DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n", - pipe_name, pipes_open)); - - if (strstr(pipe_name, "spoolss")) { - is_spoolss_pipe = True; - } - - if (is_spoolss_pipe && current_spoolss_pipes_open >= MAX_OPEN_SPOOLSS_PIPES) { - DEBUG(10,("open_rpc_pipe_p: spooler bug workaround. Denying open on pipe %s\n", - pipe_name )); - return NULL; - } - - /* not repeating pipe numbers makes it easier to track things in - log files and prevents client bugs where pipe numbers are reused - over connection restarts */ - - if (next_pipe == 0) { - next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES; - } - - i = bitmap_find(bmap, next_pipe); - - if (i == -1) { - DEBUG(0,("ERROR! Out of pipe structures\n")); - return NULL; - } - - next_pipe = (i+1) % MAX_OPEN_PIPES; - - for (p = Pipes; p; p = p->next) { - DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum)); - } - - p = talloc(NULL, smb_np_struct); - if (!p) { - DEBUG(0,("ERROR! no memory for smb_np_struct!\n")); - return NULL; - } - - ZERO_STRUCTP(p); - - p->name = talloc_strdup(p, pipe_name); - if (p->name == NULL) { - TALLOC_FREE(p); - DEBUG(0,("ERROR! no memory for pipe name!\n")); - return NULL; - } - - /* add a dso mechanism instead of this, here */ - - p->namedpipe_create = make_internal_rpc_pipe_p; - p->namedpipe_read = read_from_internal_pipe; - p->namedpipe_write = write_to_internal_pipe; - - p->np_state = p->namedpipe_create(NULL, pipe_name, - conn->client_address, - conn->server_info, vuid); - - if (p->np_state == NULL) { - DEBUG(0,("open_rpc_pipe_p: make_internal_rpc_pipe_p failed.\n")); - TALLOC_FREE(p); - return NULL; - } - - DLIST_ADD(Pipes, p); - - /* - * Initialize the incoming RPC data buffer with one PDU worth of memory. - * We cheat here and say we're marshalling, as we intend to add incoming - * data directly into the prs_struct and we want it to auto grow. We will - * change the type to UNMARSALLING before processing the stream. - */ - - bitmap_set(bmap, i); - i += pipe_handle_offset; - - pipes_open++; - - p->pnum = i; - - p->open = True; - p->device_state = 0; - p->priority = 0; - p->conn = conn; - p->vuid = vuid; - - p->max_trans_reply = 0; - - DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n", - pipe_name, i, pipes_open)); - - chain_p = p; - - /* Iterate over p_it as a temp variable, to display all open pipes */ - for (p_it = Pipes; p_it; p_it = p_it->next) { - DEBUG(5,("open pipes: name %s pnum=%x\n", p_it->name, p_it->pnum)); - } - - return chain_p; -} - -/**************************************************************************** Make an internal namedpipes structure ****************************************************************************/ @@ -902,22 +777,6 @@ incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned } /**************************************************************************** - Accepts incoming data on an rpc pipe. -****************************************************************************/ - -ssize_t write_to_pipe(smb_np_struct *p, char *data, size_t n) -{ - DEBUG(6,("write_to_pipe: %x", p->pnum)); - - DEBUG(6,(" name: %s open: %s len: %d\n", - p->name, BOOLSTR(p->open), (int)n)); - - dump_data(50, (uint8 *)data, n); - - return p->namedpipe_write(p->np_state, data, n); -} - -/**************************************************************************** Accepts incoming data on an internal rpc pipe. ****************************************************************************/ @@ -956,30 +815,6 @@ ssize_t write_to_internal_pipe(struct pipes_struct *p, char *data, size_t n) have been prepared into arrays of headers + data stream sections. ****************************************************************************/ -ssize_t read_from_pipe(smb_np_struct *p, char *data, size_t n, - bool *is_data_outstanding) -{ - if (!p || !p->open) { - DEBUG(0,("read_from_pipe: pipe not open\n")); - return -1; - } - - DEBUG(6,("read_from_pipe: %x", p->pnum)); - - return p->namedpipe_read(p->np_state, data, n, is_data_outstanding); -} - -/**************************************************************************** - Replies to a request to read data from a pipe. - - Headers are interspersed with the data at PDU intervals. By the time - this function is called, the start of the data could possibly have been - read by an SMBtrans (file_offset != 0). - - Calling create_rpc_reply() here is a hack. The data should already - have been prepared into arrays of headers + data stream sections. -****************************************************************************/ - ssize_t read_from_internal_pipe(struct pipes_struct *p, char *data, size_t n, bool *is_data_outstanding) { @@ -1071,106 +906,6 @@ returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, } /**************************************************************************** - Wait device state on a pipe. Exactly what this is for is unknown... -****************************************************************************/ - -bool wait_rpc_pipe_hnd_state(smb_np_struct *p, uint16 priority) -{ - if (p == NULL) { - return False; - } - - if (p->open) { - DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n", - priority, p->name)); - - p->priority = priority; - - return True; - } - - DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n", - priority, p->name)); - return False; -} - - -/**************************************************************************** - Set device state on a pipe. Exactly what this is for is unknown... -****************************************************************************/ - -bool set_rpc_pipe_hnd_state(smb_np_struct *p, uint16 device_state) -{ - if (p == NULL) { - return False; - } - - if (p->open) { - DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n", - device_state, p->name)); - - p->device_state = device_state; - - return True; - } - - DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n", - device_state, p->name)); - return False; -} - - -/**************************************************************************** - Close an rpc pipe. -****************************************************************************/ - -bool close_rpc_pipe_hnd(smb_np_struct *p) -{ - if (!p) { - DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n")); - return False; - } - - TALLOC_FREE(p->np_state); - - bitmap_clear(bmap, p->pnum - pipe_handle_offset); - - pipes_open--; - - DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n", - p->name, p->pnum, pipes_open)); - - DLIST_REMOVE(Pipes, p); - - /* TODO: Remove from pipe open db */ - - if ( !delete_pipe_opendb( p ) ) { - DEBUG(3,("close_rpc_pipe_hnd: failed to delete %s " - "pipe from open db.\n", p->name)); - } - - TALLOC_FREE(p); - - return True; -} - -/**************************************************************************** - Close all pipes on a connection. -****************************************************************************/ - -void pipe_close_conn(connection_struct *conn) -{ - smb_np_struct *p, *next; - - for (p=Pipes;p;p=next) { - next = p->next; - if (p->conn == conn) { - close_rpc_pipe_hnd(p); - } - } -} - -/**************************************************************************** Close an rpc pipe. ****************************************************************************/ @@ -1209,44 +944,6 @@ static int close_internal_rpc_pipe_hnd(struct pipes_struct *p) return True; } -/**************************************************************************** - Find an rpc pipe given a pipe handle in a buffer and an offset. -****************************************************************************/ - -smb_np_struct *get_rpc_pipe_p(uint16 pnum) -{ - if (chain_p) { - return chain_p; - } - - return get_rpc_pipe(pnum); -} - -/**************************************************************************** - Find an rpc pipe given a pipe handle. -****************************************************************************/ - -smb_np_struct *get_rpc_pipe(int pnum) -{ - smb_np_struct *p; - - DEBUG(4,("search for pipe pnum=%x\n", pnum)); - - for (p=Pipes;p;p=p->next) { - DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n", - p->name, p->pnum, pipes_open)); - } - - for (p=Pipes;p;p=p->next) { - if (p->pnum == pnum) { - chain_p = p; - return p; - } - } - - return NULL; -} - bool fsp_is_np(struct files_struct *fsp) { return ((fsp != NULL) diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c index fd83f77725..3b72a9505a 100644 --- a/source3/smbd/connection.c +++ b/source3/smbd/connection.c @@ -224,109 +224,3 @@ bool register_message_flags(bool doreg, uint32 msg_flags) return True; } - -/********************************************************************* -*********************************************************************/ - -static TDB_DATA* make_pipe_rec_key( struct pipe_open_rec *prec ) -{ - TDB_DATA *kbuf = NULL; - fstring key_string; - - if ( !prec ) - return NULL; - - if ( (kbuf = TALLOC_P(prec, TDB_DATA)) == NULL ) { - return NULL; - } - - snprintf( key_string, sizeof(key_string), "%s/%d/%d", - prec->name, procid_to_pid(&prec->pid), prec->pnum ); - - *kbuf = string_term_tdb_data(talloc_strdup(prec, key_string)); - if (kbuf->dptr == NULL ) - return NULL; - - return kbuf; -} - -/********************************************************************* -*********************************************************************/ - -static void fill_pipe_open_rec( struct pipe_open_rec *prec, smb_np_struct *p ) -{ - prec->pid = pid_to_procid(sys_getpid()); - prec->pnum = p->pnum; - prec->uid = geteuid(); - fstrcpy( prec->name, p->name ); - - return; -} - -/********************************************************************* -*********************************************************************/ - -bool store_pipe_opendb( smb_np_struct *p ) -{ - struct db_record *dbrec; - struct pipe_open_rec *prec; - TDB_DATA *key; - TDB_DATA data; - bool ret = False; - - if ( (prec = TALLOC_P( talloc_tos(), struct pipe_open_rec)) == NULL ) { - DEBUG(0,("store_pipe_opendb: talloc failed!\n")); - return False; - } - - fill_pipe_open_rec( prec, p ); - if ( (key = make_pipe_rec_key( prec )) == NULL ) { - goto done; - } - - data.dptr = (uint8 *)prec; - data.dsize = sizeof(struct pipe_open_rec); - - if (!(dbrec = connections_fetch_record(prec, *key))) { - DEBUG(0, ("connections_fetch_record failed\n")); - goto done; - } - - ret = NT_STATUS_IS_OK(dbrec->store(dbrec, data, TDB_REPLACE)); - -done: - TALLOC_FREE( prec ); - return ret; -} - -/********************************************************************* -*********************************************************************/ - -bool delete_pipe_opendb( smb_np_struct *p ) -{ - struct db_record *dbrec; - struct pipe_open_rec *prec; - TDB_DATA *key; - bool ret = False; - - if ( (prec = TALLOC_P( talloc_tos(), struct pipe_open_rec)) == NULL ) { - DEBUG(0,("store_pipe_opendb: talloc failed!\n")); - return False; - } - - fill_pipe_open_rec( prec, p ); - if ( (key = make_pipe_rec_key( prec )) == NULL ) { - goto done; - } - - if (!(dbrec = connections_fetch_record(prec, *key))) { - DEBUG(0, ("connections_fetch_record failed\n")); - goto done; - } - - ret = NT_STATUS_IS_OK(dbrec->delete_rec(dbrec)); - -done: - TALLOC_FREE( prec ); - return ret; -} diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index 16d8ed1c11..af363689c9 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -312,29 +312,3 @@ void reply_pipe_read_and_X(struct smb_request *req) chain_reply(req); } - -/**************************************************************************** - Reply to a close. -****************************************************************************/ - -void reply_pipe_close(connection_struct *conn, struct smb_request *req) -{ - smb_np_struct *p = get_rpc_pipe_p(SVAL(req->inbuf,smb_vwv0)); - - if (!p) { - reply_doserror(req, ERRDOS, ERRbadfid); - return; - } - - DEBUG(5,("reply_pipe_close: pnum:%x\n", p->pnum)); - - if (!close_rpc_pipe_hnd(p)) { - reply_doserror(req, ERRDOS, ERRbadfid); - return; - } - - /* TODO: REMOVE PIPE FROM DB */ - - reply_outbuf(req, 0, 0); - return; -} diff --git a/source3/smbd/process.c b/source3/smbd/process.c index be45d7ad7c..ba3b45d522 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1487,7 +1487,6 @@ static void construct_reply(char *inbuf, int size, size_t unread_bytes, bool enc struct smb_request *req; chain_size = 0; - reset_chain_p(); if (!(req = talloc(talloc_tos(), struct smb_request))) { smb_panic("could not allocate smb_request"); diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 0b851f1e48..05197021a3 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -1296,10 +1296,9 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password, void close_cnum(connection_struct *conn, uint16 vuid) { - if (IS_IPC(conn)) { - pipe_close_conn(conn); - } else { - file_close_conn(conn); + file_close_conn(conn); + + if (!IS_IPC(conn)) { dptr_closecnum(conn); } diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 3836c46e36..95ccf30cfe 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -48,8 +48,6 @@ int count_all_current_connections(void); bool claim_connection(connection_struct *conn, const char *name, uint32 msg_flags); bool register_message_flags(bool doreg, uint32 msg_flags); -bool store_pipe_opendb( smb_np_struct *p ); -bool delete_pipe_opendb( smb_np_struct *p ); /* The following definitions come from winbindd/winbindd.c */ |