From fdeea341ed1bae670382e45eb731db1b5838ad21 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 11 Mar 1998 21:11:04 +0000 Subject: "For I have laboured mightily on Luke's code, and hath broken all I saw" - the book of Jeremy, chapter 1 :-). So here is the mega-merge of the NTDOM branch server code. It doesn't include the new client side pieces, we'll look at that later. This should give the same functionality, server wise, as the NTDOM branch does, only merged into the main branch. Any fixes to domain controler functionality should be added to the main branch, not the NTDOM branch. This code compiles without warnings on gcc2.8, but will need further testing before we are sure all the working functionality of the NTDOM server branch has been correctly carried over. I hereby declare the server side of the NTDOM branch dead (and all who sail in her :-). Jeremy. (This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7) --- source3/rpc_server/srv_pipe_hnd.c | 315 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 315 insertions(+) create mode 100644 source3/rpc_server/srv_pipe_hnd.c (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c new file mode 100644 index 0000000000..e4893fee89 --- /dev/null +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -0,0 +1,315 @@ + +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1997, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + + +#include "includes.h" + + +#define PIPE "\\PIPE\\" +#define PIPELEN strlen(PIPE) + +extern int DEBUGLEVEL; +static int chain_pnum = -1; + +#ifndef MAX_OPEN_PIPES +#define MAX_OPEN_PIPES 50 +#endif + +#define PIPE_HANDLE_OFFSET 0x800 + +pipes_struct Pipes[MAX_OPEN_PIPES]; + +#define P_OPEN(p) ((p)->open) +#define P_OK(p,c) (P_OPEN(p) && (c)==((p)->cnum)) +#define VALID_PNUM(pnum) (((pnum) >= 0) && ((pnum) < MAX_OPEN_PIPES)) +#define OPEN_PNUM(pnum) (VALID_PNUM(pnum) && P_OPEN(&(Pipes[pnum]))) +#define PNUM_OK(pnum,c) (OPEN_PNUM(pnum) && (c)==Pipes[pnum].cnum) + + +/**************************************************************************** + reset pipe chain handle number +****************************************************************************/ +void reset_chain_pnum(void) +{ + chain_pnum = -1; +} + +/**************************************************************************** + sets chain pipe-file handle +****************************************************************************/ +void set_chain_pnum(int new_pnum) +{ + chain_pnum = new_pnum; +} + +/**************************************************************************** + initialise pipe handle states... +****************************************************************************/ +void init_rpc_pipe_hnd(void) +{ + int i; + /* we start at 1 here for an obscure reason I can't now remember, + but I think is important :-) */ + for (i = 1; i < MAX_OPEN_PIPES; i++) + { + Pipes[i].open = False; + Pipes[i].name[0] = 0; + Pipes[i].pipe_srv_name[0] = 0; + + Pipes[i].rhdr.data = NULL; + Pipes[i].rdata.data = NULL; + Pipes[i].rhdr.offset = 0; + Pipes[i].rdata.offset = 0; + + Pipes[i].max_rdata_len = 0; + Pipes[i].hdr_offsets = 0; + } + + return; +} + +/**************************************************************************** + find first available file slot +****************************************************************************/ +int open_rpc_pipe_hnd(char *pipe_name, int cnum, uint16 vuid) +{ + int i; + /* we start at 1 here for an obscure reason I can't now remember, + but I think is important :-) */ + for (i = 1; i < MAX_OPEN_PIPES; i++) + { + if (!Pipes[i].open) + { + Pipes[i].open = True; + Pipes[i].device_state = 0; + Pipes[i].cnum = cnum; + Pipes[i].uid = vuid; + + Pipes[i].rhdr.data = NULL; + Pipes[i].rdata.data = NULL; + Pipes[i].rhdr.offset = 0; + Pipes[i].rdata.offset = 0; + + Pipes[i].max_rdata_len = 0; + Pipes[i].hdr_offsets = 0; + + fstrcpy(Pipes[i].name, pipe_name); + + DEBUG(4,("Opened pipe %s with handle %x\n", + pipe_name, i + PIPE_HANDLE_OFFSET)); + + set_chain_pnum(i); + + return(i); + } + } + + DEBUG(1,("ERROR! Out of pipe structures - perhaps increase MAX_OPEN_PIPES?\n")); + + return(-1); +} + +/**************************************************************************** + reads data from a pipe. + + headers are interspersed with the data at regular intervals. by the time + this function is called, the start of the data could possibly have been + read by an SMBtrans (max_rdata_len != 0). + + calling create_rpc_request() here is a fudge. the data should already + have been prepared into arrays of headers + data stream sections. + + ****************************************************************************/ +int read_pipe(uint16 pnum, char *data, uint32 pos, int n) +{ + int data_pos = pos; + pipes_struct *p = &Pipes[pnum - PIPE_HANDLE_OFFSET]; + DEBUG(6,("read_pipe: %x", pnum)); + + if (VALID_PNUM(pnum - PIPE_HANDLE_OFFSET)) + { + DEBUG(6,("name: %s cnum: %d open: %s data_pos: %lx len: %lx", + p->name, + p->cnum, + BOOLSTR(p->open), + data_pos, n)); + } + + if (OPEN_PNUM(pnum - PIPE_HANDLE_OFFSET)) + { + int num; + int len; + uint32 rpc_frag_pos; + + DEBUG(6,("OK\n")); + + if (p->rhdr.data == NULL || p->rhdr.data->data == NULL || + p->rhdr.data->data_used == 0) + { + return 0; + } + + /* the read request starts from where the SMBtrans2 left off. */ + data_pos += p->max_rdata_len; + + /* headers accumulate an offset */ + data_pos -= p->hdr_offsets; + + len = mem_buf_len(p->rhdr.data); + num = len - (int)data_pos; + + if (num > n) num = n; + + if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST)) + { + rpc_frag_pos = data_pos % p->hdr.frag_len; + + if (rpc_frag_pos == 0) + { + /* create and copy in a new header. */ + create_rpc_reply(p, data_pos, p->rdata.offset); + mem_buf_copy(data, p->rhdr.data, 0, 0x18); + + /* make room in data stream for header */ + p->hdr_offsets += 0x18; + } + } + + if (num > 0) + { + mem_buf_copy(data, p->rhdr.data, data_pos, num); + return num; + } + + return 0; + + } + else + { + DEBUG(6,("NOT\n")); + return -1; + } +} + +/**************************************************************************** + gets the name of a pipe +****************************************************************************/ +BOOL get_rpc_pipe(int pnum, pipes_struct **p) +{ + DEBUG(6,("get_rpc_pipe: ")); + + /* mapping is PIPE_HANDLE_OFFSET up... */ + + if (VALID_PNUM(pnum - PIPE_HANDLE_OFFSET)) + { + DEBUG(6,("name: %s cnum: %d open: %s ", + Pipes[pnum - PIPE_HANDLE_OFFSET].name, + Pipes[pnum - PIPE_HANDLE_OFFSET].cnum, + BOOLSTR(Pipes[pnum - PIPE_HANDLE_OFFSET].open))); + } + if (OPEN_PNUM(pnum - PIPE_HANDLE_OFFSET)) + { + DEBUG(6,("OK\n")); + (*p) = &(Pipes[pnum - PIPE_HANDLE_OFFSET]); + return True; + } + else + { + DEBUG(6,("NOT\n")); + return False; + } +} + +/**************************************************************************** + gets the name of a pipe +****************************************************************************/ +char *get_rpc_pipe_hnd_name(int pnum) +{ + pipes_struct *p = NULL; + get_rpc_pipe(pnum, &p); + return p != NULL ? p->name : NULL; +} + +/**************************************************************************** + set device state on a pipe. exactly what this is for is unknown... +****************************************************************************/ +BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state) +{ + if (p == NULL) return False; + + if (P_OPEN(p)) + { + DEBUG(3,("%s Setting pipe device state=%x on pipe (name=%s cnum=%d)\n", + timestring(), device_state, p->name, p->cnum)); + + p->device_state = device_state; + + return True; + } + else + { + DEBUG(3,("%s Error setting pipe device state=%x (name=%s cnum=%d)\n", + timestring(), device_state, p->name, p->cnum)); + return False; + } +} + +/**************************************************************************** + close an rpc pipe +****************************************************************************/ +BOOL close_rpc_pipe_hnd(int pnum, int cnum) +{ + pipes_struct *p = NULL; + get_rpc_pipe(pnum, &p); + /* mapping is PIPE_HANDLE_OFFSET up... */ + + if (p != NULL && P_OK(p, cnum)) + { + DEBUG(3,("%s Closed pipe name %s pnum=%x cnum=%d\n", + timestring(),Pipes[pnum-PIPE_HANDLE_OFFSET].name, pnum,cnum)); + + p->open = False; + + p->rdata.offset = 0; + p->rhdr.offset = 0; + mem_buf_free(&(p->rdata.data)); + mem_buf_free(&(p->rhdr .data)); + + return True; + } + else + { + DEBUG(3,("%s Error closing pipe pnum=%x cnum=%d\n", + timestring(),pnum, cnum)); + return False; + } +} + +/**************************************************************************** + close an rpc pipe +****************************************************************************/ +int get_rpc_pipe_num(char *buf, int where) +{ + return (chain_pnum != -1 ? chain_pnum : SVAL(buf,where)); +} + -- cgit From e300c0346ff92035ff9568b55b34469193e29769 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 10 Apr 1998 18:21:16 +0000 Subject: includes.h: Moved HPUX undefine of SEMMSL to where it actually does something. ipc.c: Added Luke's debug statement. locking_slow.c: Added FTRUNCATE_NEEDS_ROOT code for broken systems that need it (not sure what these are yet). membuffer.c ntdomain.h proto.h lib/rpc/include/rpc_dce.h lib/rpc/include/rpc_srvsvc.h lib/rpc/parse/parse_prs.c lib/rpc/parse/parse_rpc.c lib/rpc/server/srv_pipe_hnd.c lib/rpc/server/srv_util.c: Re-merge of Luke's NTDOM changes 'cos he's a lazy git with carpel tunnel syndrome :-). Jeremy. (This used to be commit 52e3966fbcf7b5fbdbc7cbe9ac0b453ab5bf3217) --- source3/rpc_server/srv_pipe_hnd.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index e4893fee89..a371e48bfd 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -157,9 +157,10 @@ int read_pipe(uint16 pnum, char *data, uint32 pos, int n) if (OPEN_PNUM(pnum - PIPE_HANDLE_OFFSET)) { - int num; - int len; - uint32 rpc_frag_pos; + int num = 0; + int len = 0; + uint32 hdr_num = 0; + uint32 rpc_frag_pos = 0; DEBUG(6,("OK\n")); @@ -169,9 +170,14 @@ int read_pipe(uint16 pnum, char *data, uint32 pos, int n) return 0; } + DEBUG(6,("read_pipe: p: %p max_rdata_len: %d data_pos: %d num: %d\n", + p, p->max_rdata_len, data_pos, num)); + /* the read request starts from where the SMBtrans2 left off. */ data_pos += p->max_rdata_len; + rpc_frag_pos = data_pos % p->hdr.frag_len; + /* headers accumulate an offset */ data_pos -= p->hdr_offsets; @@ -182,22 +188,32 @@ int read_pipe(uint16 pnum, char *data, uint32 pos, int n) if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST)) { - rpc_frag_pos = data_pos % p->hdr.frag_len; + DEBUG(5,("read_pipe: hdr_offsets: %d rpc_frag_pos: %d frag_len: %d\n", + p->hdr_offsets, rpc_frag_pos, p->hdr.frag_len)); if (rpc_frag_pos == 0) { + /* this is subtracted from the total data bytes, later */ + hdr_num = 0x18; + /* create and copy in a new header. */ create_rpc_reply(p, data_pos, p->rdata.offset); mem_buf_copy(data, p->rhdr.data, 0, 0x18); /* make room in data stream for header */ p->hdr_offsets += 0x18; + data += 0x18; + + DEBUG(6,("read_pipe: hdr_offsets: %d\n", p->hdr_offsets)); } } if (num > 0) { - mem_buf_copy(data, p->rhdr.data, data_pos, num); + DEBUG(6,("read_pipe: adjusted data_pos: %d num: %d\n", + data_pos, num - hdr_num)); + mem_buf_copy(data, p->rhdr.data, data_pos, num - hdr_num); + return num; } -- cgit From 76d3bc36a5ce13d2a7bd08f9c18b2cfd0ab0210f Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 21 Apr 1998 02:36:37 +0000 Subject: put server-side long dce/rpc code in main branch. (This used to be commit 2e1a08b28c1c0c9ea988a09067cd149926f25c69) --- source3/rpc_server/srv_pipe_hnd.c | 89 +++++++++++++++++++++++++++------------ 1 file changed, 61 insertions(+), 28 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index a371e48bfd..7ab2b3aec6 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -81,8 +81,10 @@ void init_rpc_pipe_hnd(void) Pipes[i].rhdr.offset = 0; Pipes[i].rdata.offset = 0; - Pipes[i].max_rdata_len = 0; - Pipes[i].hdr_offsets = 0; + Pipes[i].file_offset = 0; + Pipes[i].hdr_offsets = 0; + Pipes[i].frag_len_left = 0; + Pipes[i].next_frag_start = 0; } return; @@ -110,8 +112,10 @@ int open_rpc_pipe_hnd(char *pipe_name, int cnum, uint16 vuid) Pipes[i].rhdr.offset = 0; Pipes[i].rdata.offset = 0; - Pipes[i].max_rdata_len = 0; - Pipes[i].hdr_offsets = 0; + Pipes[i].file_offset = 0; + Pipes[i].hdr_offsets = 0; + Pipes[i].frag_len_left = 0; + Pipes[i].next_frag_start = 0; fstrcpy(Pipes[i].name, pipe_name); @@ -134,7 +138,7 @@ int open_rpc_pipe_hnd(char *pipe_name, int cnum, uint16 vuid) headers are interspersed with the data at regular intervals. by the time this function is called, the start of the data could possibly have been - read by an SMBtrans (max_rdata_len != 0). + read by an SMBtrans (file_offset != 0). calling create_rpc_request() here is a fudge. the data should already have been prepared into arrays of headers + data stream sections. @@ -142,13 +146,14 @@ int open_rpc_pipe_hnd(char *pipe_name, int cnum, uint16 vuid) ****************************************************************************/ int read_pipe(uint16 pnum, char *data, uint32 pos, int n) { - int data_pos = pos; + int data_hdr_pos; + int data_pos; pipes_struct *p = &Pipes[pnum - PIPE_HANDLE_OFFSET]; DEBUG(6,("read_pipe: %x", pnum)); if (VALID_PNUM(pnum - PIPE_HANDLE_OFFSET)) { - DEBUG(6,("name: %s cnum: %d open: %s data_pos: %lx len: %lx", + DEBUG(6,("name: %s cnum: %d open: %s data_pos: %d len: %d", p->name, p->cnum, BOOLSTR(p->open), @@ -160,7 +165,6 @@ int read_pipe(uint16 pnum, char *data, uint32 pos, int n) int num = 0; int len = 0; uint32 hdr_num = 0; - uint32 rpc_frag_pos = 0; DEBUG(6,("OK\n")); @@ -170,29 +174,38 @@ int read_pipe(uint16 pnum, char *data, uint32 pos, int n) return 0; } - DEBUG(6,("read_pipe: p: %p max_rdata_len: %d data_pos: %d num: %d\n", - p, p->max_rdata_len, data_pos, num)); + DEBUG(6,("read_pipe: p: %p file_offset: %d file_pos: %d\n", + p, p->file_offset, n)); + DEBUG(6,("read_pipe: frag_len_left: %d next_frag_start: %d\n", + p->frag_len_left, p->next_frag_start)); /* the read request starts from where the SMBtrans2 left off. */ - data_pos += p->max_rdata_len; - - rpc_frag_pos = data_pos % p->hdr.frag_len; - - /* headers accumulate an offset */ - data_pos -= p->hdr_offsets; + data_pos = p->file_offset - p->hdr_offsets; + data_hdr_pos = p->file_offset; len = mem_buf_len(p->rhdr.data); num = len - (int)data_pos; + DEBUG(6,("read_pipe: len: %d num: %d n: %d\n", len, num, n)); + if (num > n) num = n; + if (num <= 0) + { + DEBUG(5,("read_pipe: 0 or -ve data length\n")); + return 0; + } if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST)) { - DEBUG(5,("read_pipe: hdr_offsets: %d rpc_frag_pos: %d frag_len: %d\n", - p->hdr_offsets, rpc_frag_pos, p->hdr.frag_len)); + /* intermediate fragment - possibility of another header */ + + DEBUG(5,("read_pipe: frag_len: %d data_pos: %d data_hdr_pos: %d\n", + p->hdr.frag_len, data_pos, data_hdr_pos)); - if (rpc_frag_pos == 0) + if (data_hdr_pos == p->next_frag_start) { + DEBUG(6,("read_pipe: next fragment header\n")); + /* this is subtracted from the total data bytes, later */ hdr_num = 0x18; @@ -200,24 +213,44 @@ int read_pipe(uint16 pnum, char *data, uint32 pos, int n) create_rpc_reply(p, data_pos, p->rdata.offset); mem_buf_copy(data, p->rhdr.data, 0, 0x18); - /* make room in data stream for header */ - p->hdr_offsets += 0x18; data += 0x18; + p->frag_len_left = p->hdr.frag_len; + p->next_frag_start += p->hdr.frag_len; + p->hdr_offsets += 0x18; - DEBUG(6,("read_pipe: hdr_offsets: %d\n", p->hdr_offsets)); + /*DEBUG(6,("read_pipe: hdr_offsets: %d\n", p->hdr_offsets));*/ } } - if (num > 0) + if (num < hdr_num) { - DEBUG(6,("read_pipe: adjusted data_pos: %d num: %d\n", - data_pos, num - hdr_num)); - mem_buf_copy(data, p->rhdr.data, data_pos, num - hdr_num); + DEBUG(5,("read_pipe: warning - data read only part of a header\n")); + } + + DEBUG(6,("read_pipe: adjusted data_pos: %d num-hdr_num: %d\n", + data_pos, num - hdr_num)); + mem_buf_copy(data, p->rhdr.data, data_pos, num - hdr_num); + + data_pos += num; + data_hdr_pos += num; + + if (hdr_num == 0x18 && num == 0x18) + { + DEBUG(6,("read_pipe: just header read\n")); - return num; + /* advance to the next fragment */ + p->frag_len_left -= 0x18; } + else if (data_hdr_pos == p->next_frag_start) + { + DEBUG(6,("read_pipe: next fragment expected\n")); + + /* advance to the next fragment */ + } + + p->file_offset += num; - return 0; + return num; } else -- cgit From 9189005f7f884123d29c8f27db73687b68c80bb9 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 24 Apr 1998 21:01:08 +0000 Subject: ABOUT time. dce/rpc long packet format now works, server-side. turns out that [it can be deduced that] microsoft ignores the SMBreadX offset, and goes by the SMBreadX length only. this makes for a lot simpler code, in both client and server. (This used to be commit a8b641c027c8cce179455ac1f6fd0322a8ab017d) --- source3/rpc_server/srv_pipe_hnd.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 7ab2b3aec6..95aa46fd9a 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -244,8 +244,6 @@ int read_pipe(uint16 pnum, char *data, uint32 pos, int n) else if (data_hdr_pos == p->next_frag_start) { DEBUG(6,("read_pipe: next fragment expected\n")); - - /* advance to the next fragment */ } p->file_offset += num; -- cgit From 4ff2a51c1571c38412ea0a890eb0ab6d57085a78 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 6 May 1998 12:11:35 +0000 Subject: compiler warning for unimportant uninitialised variable (This used to be commit 81bf26309248b63cc7e167170a8b384c11126ded) --- source3/rpc_server/srv_pipe_hnd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 95aa46fd9a..8abfb54c8f 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -146,18 +146,16 @@ int open_rpc_pipe_hnd(char *pipe_name, int cnum, uint16 vuid) ****************************************************************************/ int read_pipe(uint16 pnum, char *data, uint32 pos, int n) { - int data_hdr_pos; - int data_pos; pipes_struct *p = &Pipes[pnum - PIPE_HANDLE_OFFSET]; DEBUG(6,("read_pipe: %x", pnum)); if (VALID_PNUM(pnum - PIPE_HANDLE_OFFSET)) { - DEBUG(6,("name: %s cnum: %d open: %s data_pos: %d len: %d", + DEBUG(6,("name: %s cnum: %d open: %s pos: %d len: %d", p->name, p->cnum, BOOLSTR(p->open), - data_pos, n)); + pos, n)); } if (OPEN_PNUM(pnum - PIPE_HANDLE_OFFSET)) @@ -165,6 +163,8 @@ int read_pipe(uint16 pnum, char *data, uint32 pos, int n) int num = 0; int len = 0; uint32 hdr_num = 0; + int data_hdr_pos; + int data_pos; DEBUG(6,("OK\n")); -- cgit From b9623ab59e813131b1ed3f51616a46e719d59c21 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 14 Aug 1998 17:38:29 +0000 Subject: this is the bug change to using connection_struct* instead of cnum. Connections[] is now a local array in server.c I might have broken something with this change. In particular the oplock code is suspect and some .dll files aren't being oplocked when I expected them to be. I'll look at it after I've got some sleep. (This used to be commit c7ee025ead4a85b6fa44a832047b878451845fb6) --- source3/rpc_server/srv_pipe_hnd.c | 117 ++++++++++++++++++-------------------- 1 file changed, 56 insertions(+), 61 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 8abfb54c8f..d792a16426 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -40,7 +40,7 @@ static int chain_pnum = -1; pipes_struct Pipes[MAX_OPEN_PIPES]; #define P_OPEN(p) ((p)->open) -#define P_OK(p,c) (P_OPEN(p) && (c)==((p)->cnum)) +#define P_OK(p,c) (P_OPEN(p) && (c)==((p)->conn)) #define VALID_PNUM(pnum) (((pnum) >= 0) && ((pnum) < MAX_OPEN_PIPES)) #define OPEN_PNUM(pnum) (VALID_PNUM(pnum) && P_OPEN(&(Pipes[pnum]))) #define PNUM_OK(pnum,c) (OPEN_PNUM(pnum) && (c)==Pipes[pnum].cnum) @@ -93,44 +93,43 @@ void init_rpc_pipe_hnd(void) /**************************************************************************** find first available file slot ****************************************************************************/ -int open_rpc_pipe_hnd(char *pipe_name, int cnum, uint16 vuid) +int open_rpc_pipe_hnd(char *pipe_name, connection_struct *conn, uint16 vuid) { int i; /* we start at 1 here for an obscure reason I can't now remember, but I think is important :-) */ - for (i = 1; i < MAX_OPEN_PIPES; i++) - { - if (!Pipes[i].open) - { - Pipes[i].open = True; - Pipes[i].device_state = 0; - Pipes[i].cnum = cnum; - Pipes[i].uid = vuid; - - Pipes[i].rhdr.data = NULL; - Pipes[i].rdata.data = NULL; - Pipes[i].rhdr.offset = 0; - Pipes[i].rdata.offset = 0; - - Pipes[i].file_offset = 0; - Pipes[i].hdr_offsets = 0; - Pipes[i].frag_len_left = 0; - Pipes[i].next_frag_start = 0; - - fstrcpy(Pipes[i].name, pipe_name); - - DEBUG(4,("Opened pipe %s with handle %x\n", - pipe_name, i + PIPE_HANDLE_OFFSET)); - - set_chain_pnum(i); - - return(i); - } + for (i = 1; i < MAX_OPEN_PIPES; i++) { + if (!Pipes[i].open) break; } - DEBUG(1,("ERROR! Out of pipe structures - perhaps increase MAX_OPEN_PIPES?\n")); + if (i == MAX_OPEN_PIPES) { + DEBUG(1,("ERROR! Out of pipe structures\n")); + return(-1); + } - return(-1); + Pipes[i].open = True; + Pipes[i].device_state = 0; + Pipes[i].conn = conn; + Pipes[i].uid = vuid; + + Pipes[i].rhdr.data = NULL; + Pipes[i].rdata.data = NULL; + Pipes[i].rhdr.offset = 0; + Pipes[i].rdata.offset = 0; + + Pipes[i].file_offset = 0; + Pipes[i].hdr_offsets = 0; + Pipes[i].frag_len_left = 0; + Pipes[i].next_frag_start = 0; + + fstrcpy(Pipes[i].name, pipe_name); + + DEBUG(4,("Opened pipe %s with handle %x\n", + pipe_name, i + PIPE_HANDLE_OFFSET)); + + set_chain_pnum(i); + + return(i); } /**************************************************************************** @@ -151,9 +150,8 @@ int read_pipe(uint16 pnum, char *data, uint32 pos, int n) if (VALID_PNUM(pnum - PIPE_HANDLE_OFFSET)) { - DEBUG(6,("name: %s cnum: %d open: %s pos: %d len: %d", + DEBUG(6,("name: %s open: %s pos: %d len: %d", p->name, - p->cnum, BOOLSTR(p->open), pos, n)); } @@ -269,9 +267,8 @@ BOOL get_rpc_pipe(int pnum, pipes_struct **p) if (VALID_PNUM(pnum - PIPE_HANDLE_OFFSET)) { - DEBUG(6,("name: %s cnum: %d open: %s ", + DEBUG(6,("name: %s open: %s ", Pipes[pnum - PIPE_HANDLE_OFFSET].name, - Pipes[pnum - PIPE_HANDLE_OFFSET].cnum, BOOLSTR(Pipes[pnum - PIPE_HANDLE_OFFSET].open))); } if (OPEN_PNUM(pnum - PIPE_HANDLE_OFFSET)) @@ -306,8 +303,8 @@ BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state) if (P_OPEN(p)) { - DEBUG(3,("%s Setting pipe device state=%x on pipe (name=%s cnum=%d)\n", - timestring(), device_state, p->name, p->cnum)); + DEBUG(3,("%s Setting pipe device state=%x on pipe (name=%s)\n", + timestring(), device_state, p->name)); p->device_state = device_state; @@ -315,8 +312,8 @@ BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state) } else { - DEBUG(3,("%s Error setting pipe device state=%x (name=%s cnum=%d)\n", - timestring(), device_state, p->name, p->cnum)); + DEBUG(3,("%s Error setting pipe device state=%x (name=%s)\n", + timestring(), device_state, p->name)); return False; } } @@ -324,32 +321,30 @@ BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state) /**************************************************************************** close an rpc pipe ****************************************************************************/ -BOOL close_rpc_pipe_hnd(int pnum, int cnum) +BOOL close_rpc_pipe_hnd(int pnum, connection_struct *conn) { pipes_struct *p = NULL; get_rpc_pipe(pnum, &p); - /* mapping is PIPE_HANDLE_OFFSET up... */ + /* mapping is PIPE_HANDLE_OFFSET up... */ - if (p != NULL && P_OK(p, cnum)) - { - DEBUG(3,("%s Closed pipe name %s pnum=%x cnum=%d\n", - timestring(),Pipes[pnum-PIPE_HANDLE_OFFSET].name, pnum,cnum)); + if (p != NULL && P_OK(p, conn)) { + DEBUG(3,("%s Closed pipe name %s pnum=%x\n", + timestring(),Pipes[pnum-PIPE_HANDLE_OFFSET].name, + pnum)); - p->open = False; - - p->rdata.offset = 0; - p->rhdr.offset = 0; - mem_buf_free(&(p->rdata.data)); - mem_buf_free(&(p->rhdr .data)); - - return True; - } - else - { - DEBUG(3,("%s Error closing pipe pnum=%x cnum=%d\n", - timestring(),pnum, cnum)); - return False; - } + p->open = False; + + p->rdata.offset = 0; + p->rhdr.offset = 0; + mem_buf_free(&(p->rdata.data)); + mem_buf_free(&(p->rhdr .data)); + + return True; + } else { + DEBUG(3,("%s Error closing pipe pnum=%x\n", + timestring(),pnum)); + return False; + } } /**************************************************************************** -- cgit From 127655cc888ac40332d4e8e5b94aab03f5120aae Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 15 Aug 1998 07:27:34 +0000 Subject: this checkin gets rid of the global Files[] array and makes it local in files.c it should now be faily easy to expand the default MAX_OPEN_FILES to many thousands. (This used to be commit b088c804f98908eb02f05ab2f2e8a61691a0a582) --- source3/rpc_server/srv_pipe_hnd.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index d792a16426..bd29578f0e 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -35,8 +35,6 @@ static int chain_pnum = -1; #define MAX_OPEN_PIPES 50 #endif -#define PIPE_HANDLE_OFFSET 0x800 - pipes_struct Pipes[MAX_OPEN_PIPES]; #define P_OPEN(p) ((p)->open) -- cgit From f2d538a105a61ce6d2852700fc328e15ac158827 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 17 Aug 1998 03:06:20 +0000 Subject: some cleanups from the conversion of Pipes[] to a linked list. I also removed most cases where a pnum is used and substituted a pipes_struct*. in files.c I added a offset of 0x1000 to all file handles on the wire. This makes it much less likely that bad parsing will give us the wrong field. (This used to be commit 8bc2627ff28d340db65bfa017daca2dc291d5ef7) --- source3/rpc_server/srv_pipe_hnd.c | 432 ++++++++++++++++++-------------------- 1 file changed, 210 insertions(+), 222 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index bd29578f0e..dfc4eeba5f 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -28,36 +28,34 @@ #define PIPE "\\PIPE\\" #define PIPELEN strlen(PIPE) +/* this must be larger than the sum of the open files and directories */ +#define PIPE_HANDLE_OFFSET 0x7000 + extern int DEBUGLEVEL; -static int chain_pnum = -1; +static pipes_struct *chain_p; +static int pipes_open; #ifndef MAX_OPEN_PIPES -#define MAX_OPEN_PIPES 50 +#define MAX_OPEN_PIPES 64 #endif -pipes_struct Pipes[MAX_OPEN_PIPES]; - -#define P_OPEN(p) ((p)->open) -#define P_OK(p,c) (P_OPEN(p) && (c)==((p)->conn)) -#define VALID_PNUM(pnum) (((pnum) >= 0) && ((pnum) < MAX_OPEN_PIPES)) -#define OPEN_PNUM(pnum) (VALID_PNUM(pnum) && P_OPEN(&(Pipes[pnum]))) -#define PNUM_OK(pnum,c) (OPEN_PNUM(pnum) && (c)==Pipes[pnum].cnum) - +static pipes_struct *Pipes; +static struct bitmap *bmap; /**************************************************************************** reset pipe chain handle number ****************************************************************************/ -void reset_chain_pnum(void) +void reset_chain_p(void) { - chain_pnum = -1; + chain_p = NULL; } /**************************************************************************** sets chain pipe-file handle ****************************************************************************/ -void set_chain_pnum(int new_pnum) +void set_chain_p(pipes_struct *new_p) { - chain_pnum = new_pnum; + chain_p = new_p; } /**************************************************************************** @@ -65,71 +63,85 @@ void set_chain_pnum(int new_pnum) ****************************************************************************/ void init_rpc_pipe_hnd(void) { - int i; - /* we start at 1 here for an obscure reason I can't now remember, - but I think is important :-) */ - for (i = 1; i < MAX_OPEN_PIPES; i++) - { - Pipes[i].open = False; - Pipes[i].name[0] = 0; - Pipes[i].pipe_srv_name[0] = 0; - - Pipes[i].rhdr.data = NULL; - Pipes[i].rdata.data = NULL; - Pipes[i].rhdr.offset = 0; - Pipes[i].rdata.offset = 0; - - Pipes[i].file_offset = 0; - Pipes[i].hdr_offsets = 0; - Pipes[i].frag_len_left = 0; - Pipes[i].next_frag_start = 0; + bmap = bitmap_allocate(MAX_OPEN_PIPES); + if (!bmap) { + exit_server("out of memory in init_rpc_pipe_hnd\n"); } - - return; } + /**************************************************************************** find first available file slot ****************************************************************************/ -int open_rpc_pipe_hnd(char *pipe_name, connection_struct *conn, uint16 vuid) +pipes_struct *open_rpc_pipe_p(char *pipe_name, + connection_struct *conn, uint16 vuid) { int i; - /* we start at 1 here for an obscure reason I can't now remember, - but I think is important :-) */ - for (i = 1; i < MAX_OPEN_PIPES; i++) { - if (!Pipes[i].open) break; + pipes_struct *p; + static int next_pipe; + + /* not repeating pipe numbers makes it easier to track things in + log files and prevents client bugs where pipe numbers are reused + over connection restarts */ + if (next_pipe == 0) { + next_pipe = (getpid() ^ time(NULL)) % MAX_OPEN_PIPES; } - if (i == MAX_OPEN_PIPES) { - DEBUG(1,("ERROR! Out of pipe structures\n")); - return(-1); + i = bitmap_find(bmap, next_pipe); + + if (i == -1) { + DEBUG(0,("ERROR! Out of pipe structures\n")); + return NULL; + } + + next_pipe = (i+1) % MAX_OPEN_PIPES; + + p = (pipes_struct *)malloc(sizeof(*p)); + if (!p) return NULL; + + /* hook into the front of the list */ + if (!Pipes) { + Pipes = p; + } else { + Pipes->prev = p; + p->next = Pipes; + Pipes = p; } - Pipes[i].open = True; - Pipes[i].device_state = 0; - Pipes[i].conn = conn; - Pipes[i].uid = vuid; + bitmap_set(bmap, i); + i += PIPE_HANDLE_OFFSET; + + pipes_open++; + + memset(p, 0, sizeof(*p)); + p->pnum = i; + + p->open = True; + p->device_state = 0; + p->conn = conn; + p->uid = vuid; - Pipes[i].rhdr.data = NULL; - Pipes[i].rdata.data = NULL; - Pipes[i].rhdr.offset = 0; - Pipes[i].rdata.offset = 0; + p->rhdr.data = NULL; + p->rdata.data = NULL; + p->rhdr.offset = 0; + p->rdata.offset = 0; - Pipes[i].file_offset = 0; - Pipes[i].hdr_offsets = 0; - Pipes[i].frag_len_left = 0; - Pipes[i].next_frag_start = 0; + p->file_offset = 0; + p->hdr_offsets = 0; + p->frag_len_left = 0; + p->next_frag_start = 0; - fstrcpy(Pipes[i].name, pipe_name); + fstrcpy(p->name, pipe_name); - DEBUG(4,("Opened pipe %s with handle %x\n", - pipe_name, i + PIPE_HANDLE_OFFSET)); + DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n", + pipe_name, i, pipes_open)); - set_chain_pnum(i); + set_chain_p(p); - return(i); + return p; } + /**************************************************************************** reads data from a pipe. @@ -141,157 +153,111 @@ int open_rpc_pipe_hnd(char *pipe_name, connection_struct *conn, uint16 vuid) have been prepared into arrays of headers + data stream sections. ****************************************************************************/ -int read_pipe(uint16 pnum, char *data, uint32 pos, int n) +int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) { - pipes_struct *p = &Pipes[pnum - PIPE_HANDLE_OFFSET]; - DEBUG(6,("read_pipe: %x", pnum)); - - if (VALID_PNUM(pnum - PIPE_HANDLE_OFFSET)) - { - DEBUG(6,("name: %s open: %s pos: %d len: %d", - p->name, - BOOLSTR(p->open), - pos, n)); + int num = 0; + int len = 0; + uint32 hdr_num = 0; + int data_hdr_pos; + int data_pos; + + DEBUG(6,("read_pipe: %x", p->pnum)); + + DEBUG(6,("name: %s open: %s pos: %d len: %d", + p->name, + BOOLSTR(p->open), + pos, n)); + + if (!p || !p->open) { + DEBUG(6,("pipe not open\n")); + return -1; } - if (OPEN_PNUM(pnum - PIPE_HANDLE_OFFSET)) - { - int num = 0; - int len = 0; - uint32 hdr_num = 0; - int data_hdr_pos; - int data_pos; - - DEBUG(6,("OK\n")); - - if (p->rhdr.data == NULL || p->rhdr.data->data == NULL || - p->rhdr.data->data_used == 0) - { - return 0; - } - - DEBUG(6,("read_pipe: p: %p file_offset: %d file_pos: %d\n", - p, p->file_offset, n)); - DEBUG(6,("read_pipe: frag_len_left: %d next_frag_start: %d\n", - p->frag_len_left, p->next_frag_start)); - - /* the read request starts from where the SMBtrans2 left off. */ - data_pos = p->file_offset - p->hdr_offsets; - data_hdr_pos = p->file_offset; - - len = mem_buf_len(p->rhdr.data); - num = len - (int)data_pos; - - DEBUG(6,("read_pipe: len: %d num: %d n: %d\n", len, num, n)); - if (num > n) num = n; - if (num <= 0) - { - DEBUG(5,("read_pipe: 0 or -ve data length\n")); - return 0; - } - - if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST)) - { - /* intermediate fragment - possibility of another header */ - - DEBUG(5,("read_pipe: frag_len: %d data_pos: %d data_hdr_pos: %d\n", - p->hdr.frag_len, data_pos, data_hdr_pos)); - - if (data_hdr_pos == p->next_frag_start) - { - DEBUG(6,("read_pipe: next fragment header\n")); - - /* this is subtracted from the total data bytes, later */ - hdr_num = 0x18; - - /* create and copy in a new header. */ - create_rpc_reply(p, data_pos, p->rdata.offset); - mem_buf_copy(data, p->rhdr.data, 0, 0x18); - - data += 0x18; - p->frag_len_left = p->hdr.frag_len; - p->next_frag_start += p->hdr.frag_len; - p->hdr_offsets += 0x18; - - /*DEBUG(6,("read_pipe: hdr_offsets: %d\n", p->hdr_offsets));*/ - } - } - - if (num < hdr_num) - { - DEBUG(5,("read_pipe: warning - data read only part of a header\n")); - } - - DEBUG(6,("read_pipe: adjusted data_pos: %d num-hdr_num: %d\n", - data_pos, num - hdr_num)); - mem_buf_copy(data, p->rhdr.data, data_pos, num - hdr_num); - - data_pos += num; - data_hdr_pos += num; - - if (hdr_num == 0x18 && num == 0x18) - { - DEBUG(6,("read_pipe: just header read\n")); + if (p->rhdr.data == NULL || p->rhdr.data->data == NULL || + p->rhdr.data->data_used == 0) { + return 0; + } - /* advance to the next fragment */ - p->frag_len_left -= 0x18; - } - else if (data_hdr_pos == p->next_frag_start) - { - DEBUG(6,("read_pipe: next fragment expected\n")); - } + DEBUG(6,("read_pipe: p: %p file_offset: %d file_pos: %d\n", + p, p->file_offset, n)); + DEBUG(6,("read_pipe: frag_len_left: %d next_frag_start: %d\n", + p->frag_len_left, p->next_frag_start)); - p->file_offset += num; + /* the read request starts from where the SMBtrans2 left off. */ + data_pos = p->file_offset - p->hdr_offsets; + data_hdr_pos = p->file_offset; - return num; + len = mem_buf_len(p->rhdr.data); + num = len - (int)data_pos; + + DEBUG(6,("read_pipe: len: %d num: %d n: %d\n", len, num, n)); + + if (num > n) num = n; + if (num <= 0) { + DEBUG(5,("read_pipe: 0 or -ve data length\n")); + return 0; + } + if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST)) { + /* intermediate fragment - possibility of another header */ + + DEBUG(5,("read_pipe: frag_len: %d data_pos: %d data_hdr_pos: %d\n", + p->hdr.frag_len, data_pos, data_hdr_pos)); + + if (data_hdr_pos == p->next_frag_start) { + DEBUG(6,("read_pipe: next fragment header\n")); + + /* this is subtracted from the total data bytes, later */ + hdr_num = 0x18; + + /* create and copy in a new header. */ + create_rpc_reply(p, data_pos, p->rdata.offset); + mem_buf_copy(data, p->rhdr.data, 0, 0x18); + + data += 0x18; + p->frag_len_left = p->hdr.frag_len; + p->next_frag_start += p->hdr.frag_len; + p->hdr_offsets += 0x18; + } + } - else - { - DEBUG(6,("NOT\n")); - return -1; + + if (num < hdr_num) { + DEBUG(5,("read_pipe: warning - data read only part of a header\n")); } -} - -/**************************************************************************** - gets the name of a pipe -****************************************************************************/ -BOOL get_rpc_pipe(int pnum, pipes_struct **p) -{ - DEBUG(6,("get_rpc_pipe: ")); - /* mapping is PIPE_HANDLE_OFFSET up... */ + DEBUG(6,("read_pipe: adjusted data_pos: %d num-hdr_num: %d\n", + data_pos, num - hdr_num)); + mem_buf_copy(data, p->rhdr.data, data_pos, num - hdr_num); + + data_pos += num; + data_hdr_pos += num; + + if (hdr_num == 0x18 && num == 0x18) { + DEBUG(6,("read_pipe: just header read\n")); - if (VALID_PNUM(pnum - PIPE_HANDLE_OFFSET)) - { - DEBUG(6,("name: %s open: %s ", - Pipes[pnum - PIPE_HANDLE_OFFSET].name, - BOOLSTR(Pipes[pnum - PIPE_HANDLE_OFFSET].open))); - } - if (OPEN_PNUM(pnum - PIPE_HANDLE_OFFSET)) - { - DEBUG(6,("OK\n")); - (*p) = &(Pipes[pnum - PIPE_HANDLE_OFFSET]); - return True; - } - else - { - DEBUG(6,("NOT\n")); - return False; + /* advance to the next fragment */ + p->frag_len_left -= 0x18; + } else if (data_hdr_pos == p->next_frag_start) { + DEBUG(6,("read_pipe: next fragment expected\n")); } + + p->file_offset += num; + + return num; } + /**************************************************************************** gets the name of a pipe ****************************************************************************/ -char *get_rpc_pipe_hnd_name(int pnum) +char *get_rpc_pipe_hnd_name(pipes_struct *p) { - pipes_struct *p = NULL; - get_rpc_pipe(pnum, &p); - return p != NULL ? p->name : NULL; + return p?p->name:NULL; } + /**************************************************************************** set device state on a pipe. exactly what this is for is unknown... ****************************************************************************/ @@ -299,57 +265,79 @@ BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state) { if (p == NULL) return False; - if (P_OPEN(p)) - { + if (p->open) { DEBUG(3,("%s Setting pipe device state=%x on pipe (name=%s)\n", timestring(), device_state, p->name)); p->device_state = device_state; - + return True; - } - else - { - DEBUG(3,("%s Error setting pipe device state=%x (name=%s)\n", - timestring(), device_state, p->name)); - return False; - } + } + + DEBUG(3,("%s Error setting pipe device state=%x (name=%s)\n", + timestring(), device_state, p->name)); + return False; } + /**************************************************************************** close an rpc pipe ****************************************************************************/ -BOOL close_rpc_pipe_hnd(int pnum, connection_struct *conn) +BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) { - pipes_struct *p = NULL; - get_rpc_pipe(pnum, &p); - /* mapping is PIPE_HANDLE_OFFSET up... */ - - if (p != NULL && P_OK(p, conn)) { - DEBUG(3,("%s Closed pipe name %s pnum=%x\n", - timestring(),Pipes[pnum-PIPE_HANDLE_OFFSET].name, - pnum)); - - p->open = False; - - p->rdata.offset = 0; - p->rhdr.offset = 0; - mem_buf_free(&(p->rdata.data)); - mem_buf_free(&(p->rhdr .data)); - - return True; - } else { - DEBUG(3,("%s Error closing pipe pnum=%x\n", - timestring(),pnum)); + if (!p) { + DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n")); return False; } + + mem_buf_free(&(p->rdata.data)); + mem_buf_free(&(p->rhdr .data)); + + bitmap_clear(bmap, p->pnum - PIPE_HANDLE_OFFSET); + + pipes_open--; + + DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n", + p->name, p->pnum, pipes_open)); + + if (p == Pipes) { + Pipes = p->next; + if (Pipes) Pipes->prev = NULL; + } else { + p->prev->next = p->next; + if (p->next) p->next->prev = p->prev; + } + + memset(p, 0, sizeof(*p)); + + free(p); + + return True; } /**************************************************************************** close an rpc pipe ****************************************************************************/ -int get_rpc_pipe_num(char *buf, int where) +pipes_struct *get_rpc_pipe_p(char *buf, int where) { - return (chain_pnum != -1 ? chain_pnum : SVAL(buf,where)); + int pnum = SVAL(buf,where); + + if (chain_p) return chain_p; + + return get_rpc_pipe(pnum); +} + +/**************************************************************************** + close an rpc pipe +****************************************************************************/ +pipes_struct *get_rpc_pipe(int pnum) +{ + pipes_struct *p; + + for (p=Pipes;p;p=p->next) { + if (p->pnum == pnum) return p; + } + + return NULL; } -- cgit From 8978aae69699ccab76fdf95037948b1cc7e7c286 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 17 Aug 1998 03:52:05 +0000 Subject: much cleaner chain pointer handling for both files and pipes. the chain pointer is now stored as a static and is set whenever a handle is created or extracted. This also makes the code less error prone. (This used to be commit 068a862982bea726e8d7b1b4065d510b9840a272) --- source3/rpc_server/srv_pipe_hnd.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index dfc4eeba5f..368bf013a0 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -50,14 +50,6 @@ void reset_chain_p(void) chain_p = NULL; } -/**************************************************************************** - sets chain pipe-file handle -****************************************************************************/ -void set_chain_p(pipes_struct *new_p) -{ - chain_p = new_p; -} - /**************************************************************************** initialise pipe handle states... ****************************************************************************/ @@ -136,7 +128,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n", pipe_name, i, pipes_open)); - set_chain_p(p); + chain_p = p; return p; } @@ -335,7 +327,10 @@ pipes_struct *get_rpc_pipe(int pnum) pipes_struct *p; for (p=Pipes;p;p=p->next) { - if (p->pnum == pnum) return p; + if (p->pnum == pnum) { + chain_p = p; + return p; + } } return NULL; -- cgit From 72ed7049d88e5296ebec362189e62a384385ad34 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 17 Aug 1998 06:47:53 +0000 Subject: added some optimisation for the case where the number of open files is very large. files.c now promotes a files_struct to the top of the list if it is used when it is more than 10 elements from the top. also moved common linked list code for the 5 sets of linked lists that I've created over the past few days into dlinklist.h (I've explained to Chris why I didn't use the ubiqx code) (This used to be commit 1eb9ae2996b5a243a147f485e7e353d54f820852) --- source3/rpc_server/srv_pipe_hnd.c | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 368bf013a0..b030ee0e90 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -91,14 +91,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p = (pipes_struct *)malloc(sizeof(*p)); if (!p) return NULL; - /* hook into the front of the list */ - if (!Pipes) { - Pipes = p; - } else { - Pipes->prev = p; - p->next = Pipes; - Pipes = p; - } + DLIST_ADD(Pipes, p); bitmap_set(bmap, i); i += PIPE_HANDLE_OFFSET; @@ -292,13 +285,7 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n", p->name, p->pnum, pipes_open)); - if (p == Pipes) { - Pipes = p->next; - if (Pipes) Pipes->prev = NULL; - } else { - p->prev->next = p->next; - if (p->next) p->next->prev = p->prev; - } + DLIST_REMOVE(Pipes, p); memset(p, 0, sizeof(*p)); -- cgit From e9ea36e4d2270bd7d32da12ef6d6e2299641582d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 5 Sep 1998 05:07:05 +0000 Subject: tridge the destroyer returns! prompted by the interpret_security() dead code that Jean-Francois pointed out I added a make target "finddead" that finds potentially dead (ie. unused) code. It spat out 304 function names ... I went through these are deleted many of them, making others static (finddead also reports functions that are used only in the local file). in doing this I have almost certainly deleted some useful code. I may have even prevented compilation with some compile options. I apologise. I decided it was better to get rid of this code now and add back the one or two functions that are needed than to keep all this baggage. So, if I have done a bit too much "destroying" then let me know. Keep the swearing to a minimum :) One bit I didn't do is the ubibt code. Chris, can you look at that? Heaps of unused functions there. Can they be made static? (This used to be commit 2204475c87f3024ea8fd1fbd7385b2def617a46f) --- source3/rpc_server/srv_pipe_hnd.c | 9 --------- 1 file changed, 9 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index b030ee0e90..54b9ce1539 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -234,15 +234,6 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) } -/**************************************************************************** - gets the name of a pipe -****************************************************************************/ -char *get_rpc_pipe_hnd_name(pipes_struct *p) -{ - return p?p->name:NULL; -} - - /**************************************************************************** set device state on a pipe. exactly what this is for is unknown... ****************************************************************************/ -- cgit From f6044c87c021342d68d614d59bc8dacd32d223b9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 5 Sep 1998 13:24:20 +0000 Subject: some cleanups to use ZERO_STRUCT() and friends (This used to be commit 7b154dc4313324dfad6cf0117b8ce246bf12bf16) --- source3/rpc_server/srv_pipe_hnd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 54b9ce1539..3b743188a3 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -98,7 +98,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, pipes_open++; - memset(p, 0, sizeof(*p)); + ZERO_STRUCTP(p); p->pnum = i; p->open = True; @@ -278,7 +278,7 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) DLIST_REMOVE(Pipes, p); - memset(p, 0, sizeof(*p)); + ZERO_STRUCTP(p); free(p); -- cgit From 500a474aae49bd1cc8e75481a3b3cd6e79720d89 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 23 Sep 1998 21:49:09 +0000 Subject: nttrans.c: winreg was missing from the list of pipes. advise using the array already defined in... rpc_parse/parse_rpc.c's pipe_names[], but writing code to strip "\PIPE\" from the front when making the check. one location to update when adding new pipes, not two. srv_pipe_hnd.c: moved the ZERO_STRUCT(p) macro to _before_ the DLIST_ADD(Pipes, p) macro. dlinklist.h: added { }s around the code inserted by DLIST_ADD and DLIST_REMOVE macros (This used to be commit 29201d4b9b52652c7a992d0f6b677a09b4c33912) --- source3/rpc_server/srv_pipe_hnd.c | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 3b743188a3..cf7fc9334e 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -72,6 +72,9 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, pipes_struct *p; static int next_pipe; + DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n", + pipe_name, pipes_open)); + /* not repeating pipe numbers makes it easier to track things in log files and prevents client bugs where pipe numbers are reused over connection restarts */ @@ -88,9 +91,15 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, next_pipe = (i+1) % MAX_OPEN_PIPES; + for (p = Pipes; p; p = p->next) + { + DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum)); + } + p = (pipes_struct *)malloc(sizeof(*p)); if (!p) return NULL; + ZERO_STRUCTP(p); DLIST_ADD(Pipes, p); bitmap_set(bmap, i); @@ -98,7 +107,6 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, pipes_open++; - ZERO_STRUCTP(p); p->pnum = i; p->open = True; @@ -123,7 +131,13 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, chain_p = p; - return p; + /* OVERWRITE p as a temp variable, to display all open pipes */ + for (p = Pipes; p; p = p->next) + { + DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum)); + } + + return chain_p; } @@ -304,8 +318,18 @@ pipes_struct *get_rpc_pipe(int pnum) { pipes_struct *p; - for (p=Pipes;p;p=p->next) { - if (p->pnum == pnum) { + DEBUG(4,("search for pipe pnum=%x\n", pnum)); + + for (p=Pipes;p;p=p->next) + { + DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n", + p->name, p->pnum, pipes_open)); + } + + for (p=Pipes;p;p=p->next) + { + if (p->pnum == pnum) + { chain_p = p; return p; } -- cgit From 9066025a8a4afe1f7f559c455d86fc023792ed17 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 29 Sep 1998 20:24:17 +0000 Subject: Got very strict about the differences and uses of uid_t, gid_t and vuid. Added sys_getgroups() to get around the int * return problem. Set correct datatypes for all uid, gid and vuid variables. Jeremy. (This used to be commit e570db46fc3a78e499523fd342e9a34cebb18998) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index cf7fc9334e..301510730b 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -112,7 +112,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p->open = True; p->device_state = 0; p->conn = conn; - p->uid = vuid; + p->vuid = vuid; p->rhdr.data = NULL; p->rdata.data = NULL; -- cgit From 5b4d94e20fdb5888da1b71a7b6a30ebede6cb06a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 30 Sep 1998 01:49:24 +0000 Subject: (Finally) implemented "max open files" as a global smb.conf parameter. Sets up the files array correctly - limited by the smb.conf parameter and by the max fd's per process as found by getrlimit(). Jeremy. (This used to be commit eca24bd24352c688cdf48c1ef14adb8ac353468f) --- source3/rpc_server/srv_pipe_hnd.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 301510730b..cb1ec963d9 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -28,9 +28,6 @@ #define PIPE "\\PIPE\\" #define PIPELEN strlen(PIPE) -/* this must be larger than the sum of the open files and directories */ -#define PIPE_HANDLE_OFFSET 0x7000 - extern int DEBUGLEVEL; static pipes_struct *chain_p; static int pipes_open; @@ -42,6 +39,21 @@ static int pipes_open; static pipes_struct *Pipes; static struct bitmap *bmap; +/* this must be larger than the sum of the open files and directories */ +static int pipe_handle_offset; + +/**************************************************************************** + Set the pipe_handle_offset. Called from smbd/files.c +****************************************************************************/ + +void set_pipe_handle_offset(int max_open_files) +{ + if(max_open_files < 0x7000) + pipe_handle_offset = 0x7000; + else + pipe_handle_offset = max_open_files + 10; /* For safety. :-) */ +} + /**************************************************************************** reset pipe chain handle number ****************************************************************************/ @@ -103,7 +115,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, DLIST_ADD(Pipes, p); bitmap_set(bmap, i); - i += PIPE_HANDLE_OFFSET; + i += pipe_handle_offset; pipes_open++; @@ -283,7 +295,7 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) mem_buf_free(&(p->rdata.data)); mem_buf_free(&(p->rhdr .data)); - bitmap_clear(bmap, p->pnum - PIPE_HANDLE_OFFSET); + bitmap_clear(bmap, p->pnum - pipe_handle_offset); pipes_open--; -- cgit From 2fef8f2e87f61043e3f1a2cf7d1f2a4ff9f119ff Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 7 Oct 1998 15:22:49 +0000 Subject: dce/rpc (This used to be commit 34afa638f6f7bb145ec094510ac58f7a22dfc3aa) --- source3/rpc_server/srv_pipe_hnd.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index cb1ec963d9..e898a8606f 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -153,6 +153,20 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, } +/**************************************************************************** + writes data to a pipe. + ****************************************************************************/ +int write_pipe(pipes_struct *p, char *data, int n) +{ + DEBUG(6,("write_pipe: %x", p->pnum)); + + DEBUG(6,("name: %s open: %s len: %d", + p->name, BOOLSTR(p->open), n)); + + return -1; +} + + /**************************************************************************** reads data from a pipe. -- cgit From 48b31ae44fb2a1961bd738b0b3e7a986259168a2 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 7 Oct 1998 21:42:24 +0000 Subject: dce/rpc (This used to be commit 6677b888bdb45df00646eb7cc13005b9465ff971) --- source3/rpc_server/srv_pipe_hnd.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index e898a8606f..31ca1a7c20 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -155,15 +155,33 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, /**************************************************************************** writes data to a pipe. + + SERIOUSLY ALPHA CODE! ****************************************************************************/ int write_pipe(pipes_struct *p, char *data, int n) { + prs_struct pd; + struct mem_buf data_buf; + DEBUG(6,("write_pipe: %x", p->pnum)); DEBUG(6,("name: %s open: %s len: %d", p->name, BOOLSTR(p->open), n)); - return -1; + dump_data(50, data, n); + + /* fake up a data buffer from the write_pipe data parameters */ + mem_create(&data_buf, data, n, 0, False); + data_buf.offset.start = 0; + data_buf.offset.end = n; + + /* fake up a parsing structure */ + pd.data = &data_buf; + pd.align = 4; + pd.io = True; + pd.offset = 0; + + return rpc_command(p, &pd) ? n : -1; } -- cgit From 6909350ed9b87875ee40191b2e636c6049749195 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 8 Oct 1998 23:57:46 +0000 Subject: dce/rpc (This used to be commit 62fdeef1b79c5c4c9bf0e860881651711bb80b9a) --- source3/rpc_server/srv_pipe_hnd.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 31ca1a7c20..4d5fd3865e 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -211,14 +211,16 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) BOOLSTR(p->open), pos, n)); - if (!p || !p->open) { + if (!p || !p->open) + { DEBUG(6,("pipe not open\n")); return -1; } if (p->rhdr.data == NULL || p->rhdr.data->data == NULL || - p->rhdr.data->data_used == 0) { + p->rhdr.data->data_used == 0) + { return 0; } @@ -237,18 +239,21 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) DEBUG(6,("read_pipe: len: %d num: %d n: %d\n", len, num, n)); if (num > n) num = n; - if (num <= 0) { + if (num <= 0) + { DEBUG(5,("read_pipe: 0 or -ve data length\n")); return 0; } - if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST)) { + if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST)) + { /* intermediate fragment - possibility of another header */ DEBUG(5,("read_pipe: frag_len: %d data_pos: %d data_hdr_pos: %d\n", p->hdr.frag_len, data_pos, data_hdr_pos)); - if (data_hdr_pos == p->next_frag_start) { + if (data_hdr_pos == p->next_frag_start) + { DEBUG(6,("read_pipe: next fragment header\n")); /* this is subtracted from the total data bytes, later */ @@ -263,10 +268,10 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) p->next_frag_start += p->hdr.frag_len; p->hdr_offsets += 0x18; } - } - if (num < hdr_num) { + if (num < hdr_num) + { DEBUG(5,("read_pipe: warning - data read only part of a header\n")); } @@ -277,12 +282,15 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) data_pos += num; data_hdr_pos += num; - if (hdr_num == 0x18 && num == 0x18) { + if (hdr_num == 0x18 && num == 0x18) + { DEBUG(6,("read_pipe: just header read\n")); /* advance to the next fragment */ p->frag_len_left -= 0x18; - } else if (data_hdr_pos == p->next_frag_start) { + } + else if (data_hdr_pos == p->next_frag_start) + { DEBUG(6,("read_pipe: next fragment expected\n")); } -- cgit From a42afcdcc7ab9aa9ed193ae36d3dbb10843447f0 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 15 Oct 1998 05:47:29 +0000 Subject: bug-fixing against: AS/U: it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack response, when they should be set in a (small) packet. they also, in the bind/ack do not set a secondary address string at all, so we can't check against that... Win95: client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState" and has slightly different pipe-naming (\PIPE\LANMAN is joined by \PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN and \PIPE\). Win95-USRMGR.EXE: added LsaOpenPolicy (renamed existing to LsaOpenPolicy2). added SamrConnect (renamed existing to SamrConnect2). (This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655) --- source3/rpc_server/srv_pipe_hnd.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 4d5fd3865e..b1aede6166 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -123,6 +123,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p->open = True; p->device_state = 0; + p->priority = 0; p->conn = conn; p->vuid = vuid; @@ -300,6 +301,29 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) } +/**************************************************************************** + wait device state on a pipe. exactly what this is for is unknown... +****************************************************************************/ +BOOL wait_rpc_pipe_hnd_state(pipes_struct *p, uint16 priority) +{ + if (p == NULL) return False; + + if (p->open) + { + DEBUG(3,("%s Setting pipe wait state priority=%x on pipe (name=%s)\n", + timestring(), priority, p->name)); + + p->priority = priority; + + return True; + } + + DEBUG(3,("%s Error setting pipe wait state priority=%x (name=%s)\n", + timestring(), priority, p->name)); + return False; +} + + /**************************************************************************** set device state on a pipe. exactly what this is for is unknown... ****************************************************************************/ -- cgit From d4a82ea26d5b9501f210a5c441b1ac09c256a187 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 16 Oct 1998 20:07:02 +0000 Subject: rpc client mods (ntlmssp flags) (This used to be commit 16256f86bf451535c7955b8f51a9b88fc33a8e4d) --- source3/rpc_server/srv_pipe_hnd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index b1aede6166..27e156943c 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -159,7 +159,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, SERIOUSLY ALPHA CODE! ****************************************************************************/ -int write_pipe(pipes_struct *p, char *data, int n) +ssize_t write_pipe(pipes_struct *p, char *data, size_t n) { prs_struct pd; struct mem_buf data_buf; @@ -182,7 +182,7 @@ int write_pipe(pipes_struct *p, char *data, int n) pd.io = True; pd.offset = 0; - return rpc_command(p, &pd) ? n : -1; + return rpc_command(p, &pd) ? ((ssize_t)n) : -1; } -- cgit From a785f8d2c90f3db579c781ca5f722cb5b695fcb4 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 16 Oct 1998 23:40:59 +0000 Subject: dce/rpc (This used to be commit 29434f496c18e816d864060d68f357aea6ef5de8) --- source3/rpc_server/srv_pipe_hnd.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 27e156943c..d5c99b89c4 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -137,6 +137,9 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p->frag_len_left = 0; p->next_frag_start = 0; + p->ntlmssp_validated = False; + p->ntlmssp_auth = False; + fstrcpy(p->name, pipe_name); DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n", -- cgit From 1ebeb54932de01323356e8201d465656b8723d46 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 20 Oct 1998 18:27:49 +0000 Subject: some quite important bug-fixes i missed because i transferred the wrong smb.tgz file from my portable. particularly the call to mem_data followed by a realloc of that data in cli_pipe.c's rpc_read() function. smbd responses now use p->rdata_i which is a faked-up pointer into p->rdata's response data. rdata can be very long; rdata_i is limited to point to no more than max_tsize - 0x18 in length. this will make it an almost trivial task to add the encrypted rpc headers after rdata_i, and mem_buf_copy will cope admirably with rhdr chained to rdata_i chained to auth_verifier etc etc... (This used to be commit 05a297e3a98c14360782af4ad0d851638fb5da9a) --- source3/rpc_server/srv_pipe_hnd.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index d5c99b89c4..54ecbf707e 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -3,8 +3,8 @@ * Unix SMB/Netbios implementation. * Version 1.9. * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1997, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Andrew Tridgell 1992-1998, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -175,7 +175,7 @@ ssize_t write_pipe(pipes_struct *p, char *data, size_t n) dump_data(50, data, n); /* fake up a data buffer from the write_pipe data parameters */ - mem_create(&data_buf, data, n, 0, False); + mem_create(&data_buf, data, 0, n, 0, False); data_buf.offset.start = 0; data_buf.offset.end = n; @@ -196,7 +196,7 @@ ssize_t write_pipe(pipes_struct *p, char *data, size_t n) this function is called, the start of the data could possibly have been read by an SMBtrans (file_offset != 0). - calling create_rpc_request() here is a fudge. the data should already + calling create_rpc_reply() here is a fudge. the data should already have been prepared into arrays of headers + data stream sections. ****************************************************************************/ @@ -268,8 +268,6 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) mem_buf_copy(data, p->rhdr.data, 0, 0x18); data += 0x18; - p->frag_len_left = p->hdr.frag_len; - p->next_frag_start += p->hdr.frag_len; p->hdr_offsets += 0x18; } } -- cgit From fe609d810e145d5491968fee5d691d6eee41e152 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 3 Feb 1999 00:48:27 +0000 Subject: multiple dce/rpc PDUs failed to work after ntlmssp update was added. (This used to be commit f082f07e764c04b75b6880f852b80faec86f1b1c) --- source3/rpc_server/srv_pipe_hnd.c | 54 +++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 31 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 54ecbf707e..e29e1ee8db 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -133,8 +133,8 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p->rdata.offset = 0; p->file_offset = 0; + p->prev_pdu_file_offset = 0; p->hdr_offsets = 0; - p->frag_len_left = 0; p->next_frag_start = 0; p->ntlmssp_validated = False; @@ -230,24 +230,12 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) DEBUG(6,("read_pipe: p: %p file_offset: %d file_pos: %d\n", p, p->file_offset, n)); - DEBUG(6,("read_pipe: frag_len_left: %d next_frag_start: %d\n", - p->frag_len_left, p->next_frag_start)); + DEBUG(6,("read_pipe: next_frag_start: %d\n", + p->next_frag_start)); /* the read request starts from where the SMBtrans2 left off. */ - data_pos = p->file_offset - p->hdr_offsets; - data_hdr_pos = p->file_offset; - - len = mem_buf_len(p->rhdr.data); - num = len - (int)data_pos; - - DEBUG(6,("read_pipe: len: %d num: %d n: %d\n", len, num, n)); - - if (num > n) num = n; - if (num <= 0) - { - DEBUG(5,("read_pipe: 0 or -ve data length\n")); - return 0; - } + data_hdr_pos = p->file_offset - p->prev_pdu_file_offset; + data_pos = data_hdr_pos - p->hdr_offsets; if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST)) { @@ -256,48 +244,52 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) DEBUG(5,("read_pipe: frag_len: %d data_pos: %d data_hdr_pos: %d\n", p->hdr.frag_len, data_pos, data_hdr_pos)); - if (data_hdr_pos == p->next_frag_start) + if (data_hdr_pos == 0) { DEBUG(6,("read_pipe: next fragment header\n")); /* this is subtracted from the total data bytes, later */ hdr_num = 0x18; + p->hdr_offsets += 0x18; /* create and copy in a new header. */ - create_rpc_reply(p, data_pos, p->rdata.offset); - mem_buf_copy(data, p->rhdr.data, 0, 0x18); - - data += 0x18; - p->hdr_offsets += 0x18; + create_rpc_reply(p, p->file_offset - p->hdr_offsets, p->rdata.offset); } } + len = mem_buf_len(p->rhdr.data); + num = len - (int)data_pos; + + DEBUG(6,("read_pipe: len: %d num: %d n: %d\n", len, num, n)); + + if (num > n) num = n; + if (num <= 0) + { + DEBUG(5,("read_pipe: 0 or -ve data length\n")); + return 0; + } + if (num < hdr_num) { DEBUG(5,("read_pipe: warning - data read only part of a header\n")); } - DEBUG(6,("read_pipe: adjusted data_pos: %d num-hdr_num: %d\n", - data_pos, num - hdr_num)); - mem_buf_copy(data, p->rhdr.data, data_pos, num - hdr_num); + mem_buf_copy(data, p->rhdr.data, data_pos, num); data_pos += num; data_hdr_pos += num; + p->file_offset += num; if (hdr_num == 0x18 && num == 0x18) { DEBUG(6,("read_pipe: just header read\n")); - - /* advance to the next fragment */ - p->frag_len_left -= 0x18; } else if (data_hdr_pos == p->next_frag_start) { DEBUG(6,("read_pipe: next fragment expected\n")); + p->prev_pdu_file_offset = p->file_offset; } - p->file_offset += num; - return num; } -- cgit From f61fc8923d4eceab8c82ff9c49745f9c6bed44e7 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 3 Feb 1999 01:58:52 +0000 Subject: corrections to get data stream for 2nd and subsequent pdus copied from right place (forgot to subtract 0x18 header bytes) (This used to be commit 5b9a7278da4a25ea217f914c8daae31238fa5cfe) --- source3/rpc_server/srv_pipe_hnd.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index e29e1ee8db..ca5dde18d2 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -135,7 +135,6 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p->file_offset = 0; p->prev_pdu_file_offset = 0; p->hdr_offsets = 0; - p->next_frag_start = 0; p->ntlmssp_validated = False; p->ntlmssp_auth = False; @@ -203,10 +202,11 @@ ssize_t write_pipe(pipes_struct *p, char *data, size_t n) int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) { int num = 0; - int len = 0; + int pdu_len = 0; uint32 hdr_num = 0; - int data_hdr_pos; - int data_pos; + int pdu_data_sent; /* amount of current pdu already sent */ + int data_pos; /* entire rpc data sent - no headers, no auth verifiers */ + int this_pdu_data_pos; DEBUG(6,("read_pipe: %x", p->pnum)); @@ -230,37 +230,37 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) DEBUG(6,("read_pipe: p: %p file_offset: %d file_pos: %d\n", p, p->file_offset, n)); - DEBUG(6,("read_pipe: next_frag_start: %d\n", - p->next_frag_start)); /* the read request starts from where the SMBtrans2 left off. */ - data_hdr_pos = p->file_offset - p->prev_pdu_file_offset; - data_pos = data_hdr_pos - p->hdr_offsets; + data_pos = p->file_offset - p->hdr_offsets; + this_pdu_data_pos = data_pos - p->prev_pdu_file_offset; + pdu_data_sent = p->file_offset - p->prev_pdu_file_offset; if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST)) { /* intermediate fragment - possibility of another header */ - DEBUG(5,("read_pipe: frag_len: %d data_pos: %d data_hdr_pos: %d\n", - p->hdr.frag_len, data_pos, data_hdr_pos)); + DEBUG(5,("read_pipe: frag_len: %d data_pos: %d pdu_data_sent: %d\n", + p->hdr.frag_len, data_pos, pdu_data_sent)); - if (data_hdr_pos == 0) + if (pdu_data_sent == 0) { DEBUG(6,("read_pipe: next fragment header\n")); /* this is subtracted from the total data bytes, later */ hdr_num = 0x18; p->hdr_offsets += 0x18; + data_pos -= 0x18; /* create and copy in a new header. */ - create_rpc_reply(p, p->file_offset - p->hdr_offsets, p->rdata.offset); + create_rpc_reply(p, data_pos, p->rdata.offset); } } - len = mem_buf_len(p->rhdr.data); - num = len - (int)data_pos; + pdu_len = mem_buf_len(p->rhdr.data); + num = pdu_len - (int)this_pdu_data_pos; - DEBUG(6,("read_pipe: len: %d num: %d n: %d\n", len, num, n)); + DEBUG(6,("read_pipe: pdu_len: %d num: %d n: %d\n", pdu_len, num, n)); if (num > n) num = n; if (num <= 0) @@ -274,17 +274,17 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) DEBUG(5,("read_pipe: warning - data read only part of a header\n")); } - mem_buf_copy(data, p->rhdr.data, data_pos, num); + mem_buf_copy(data, p->rhdr.data, pdu_data_sent, num); - data_pos += num; - data_hdr_pos += num; p->file_offset += num; + pdu_data_sent += num; if (hdr_num == 0x18 && num == 0x18) { DEBUG(6,("read_pipe: just header read\n")); } - else if (data_hdr_pos == p->next_frag_start) + + if (pdu_data_sent == p->hdr.frag_len) { DEBUG(6,("read_pipe: next fragment expected\n")); p->prev_pdu_file_offset = p->file_offset; -- cgit From 96983a13bac8276590024b37149b7bf3e80477dd Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 9 Feb 1999 21:42:39 +0000 Subject: when multiple independent large rpc calls come in on the same pipe, prev_pdu_file_offset was not being re-initialised to zero. (This used to be commit fcaa1214412f5a417a648d4da5c4332f75f59f57) --- source3/rpc_server/srv_pipe_hnd.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index ca5dde18d2..27aa79381c 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -208,11 +208,8 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) int data_pos; /* entire rpc data sent - no headers, no auth verifiers */ int this_pdu_data_pos; - DEBUG(6,("read_pipe: %x", p->pnum)); - - DEBUG(6,("name: %s open: %s pos: %d len: %d", - p->name, - BOOLSTR(p->open), + DEBUG(6,("read_pipe: %x name: %s open: %s pos: %d len: %d", + p->pnum, p->name, BOOLSTR(p->open), pos, n)); if (!p || !p->open) -- cgit From a4bc522a7292f3bb87740e87df8449ba0ea6be10 Mon Sep 17 00:00:00 2001 From: Matthew Chapman Date: Sun, 21 Mar 1999 13:01:31 +0000 Subject: The line: this_pdu_data_pos = data_pos - p->prev_pdu_file_offset; is correct for first two PDU's only, after that it results in extra garbage after each fragment and hence "Protocol Error" messages from NT4 SP4. Changed to: this_pdu_data_pos = (pdu_data_sent == 0) ? 0 : (pdu_data_sent - 0x18); (This used to be commit b9e8a3ef3a25a81c4bb125bdd4f4d8334a578c85) --- source3/rpc_server/srv_pipe_hnd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 27aa79381c..531fcf6add 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -230,8 +230,8 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) /* the read request starts from where the SMBtrans2 left off. */ data_pos = p->file_offset - p->hdr_offsets; - this_pdu_data_pos = data_pos - p->prev_pdu_file_offset; pdu_data_sent = p->file_offset - p->prev_pdu_file_offset; + this_pdu_data_pos = (pdu_data_sent == 0) ? 0 : (pdu_data_sent - 0x18); if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST)) { @@ -255,7 +255,7 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) } pdu_len = mem_buf_len(p->rhdr.data); - num = pdu_len - (int)this_pdu_data_pos; + num = pdu_len - this_pdu_data_pos; DEBUG(6,("read_pipe: pdu_len: %d num: %d n: %d\n", pdu_len, num, n)); -- cgit From 43a460075a39148060d4193fcb9c62bfa4acc737 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 25 Mar 1999 13:54:31 +0000 Subject: SAM database "set user info". ---------------------------- - removed DOM_RID4 - removed SAMR_UNKNOWN_32 - added SAMR_SET_USERINFO (opcode 0x32) - added level 0x1 to SAMR_QUERY_DOM_INFO (needed for create user) - fixed pwdb_gethexpwd() it was failing on XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - added mod_sam21pwd_entry() - preparing to call mod_sam21pwd_entry() - added "user session key" to user_struct.dc. this is md4(nt#) and is needed to decode user's clear-text passwords in SAMR_SET_USERINFO. - split code out in chgpasswd.c to decode 516 byte password buffers. (This used to be commit 2e58ed742435befe419aa366c4052019fede8c23) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 531fcf6add..4361c0772e 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -140,7 +140,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p->ntlmssp_auth = False; fstrcpy(p->name, pipe_name); - + DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n", pipe_name, i, pipes_open)); -- cgit From 003f7364fd54ccdd190d447e275b70b0f76e95f7 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 15 Oct 1999 20:00:30 +0000 Subject: adding error checking in parsing code (This used to be commit 4c98d71ebd3f1cdaef664d46c998c864af34632a) --- source3/rpc_server/srv_pipe_hnd.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 4361c0772e..bd712a1702 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -182,6 +182,7 @@ ssize_t write_pipe(pipes_struct *p, char *data, size_t n) pd.data = &data_buf; pd.align = 4; pd.io = True; + pd.error = False; pd.offset = 0; return rpc_command(p, &pd) ? ((ssize_t)n) : -1; -- cgit From a0ba234cf9b40adf6b5390e4e67730163a42883f Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 6 Dec 1999 00:44:32 +0000 Subject: the first independent msrpc daemon - lsarpcd. one horrible cut / paste job from smbd, plus a code split of shared components between the two. the job is not _yet_ complete, as i need to be able to do a become_user() call for security reasons. i picked lsarpcd first because you don't _need_ security on it (microsoft botched so badly on this one, it's not real. at least they fixed this in nt5 with restrictanonymous=0x2). fixing this involves sending the current smb and unix credentials down the unix pipe so that the daemon it eventually goes to can pick them up at the other end. i can't believe this all worked!!! (This used to be commit 2245b0c6d13c7c5886e81f9137b05df883598c26) --- source3/rpc_server/srv_pipe_hnd.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index bd712a1702..a7e451e6da 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -83,6 +83,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, int i; pipes_struct *p; static int next_pipe; + struct msrpc_state *m = NULL; DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n", pipe_name, pipes_open)); @@ -108,6 +109,16 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum)); } + if (strequal(pipe_name, "lsarpc")) + { + m = msrpc_use_add(pipe_name, NULL, False); + if (m == NULL) + { + DEBUG(5,("open pipes: msrpc redirect failed\n")); + return NULL; + } + } + p = (pipes_struct *)malloc(sizeof(*p)); if (!p) return NULL; @@ -120,6 +131,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, pipes_open++; p->pnum = i; + p->m = m; p->open = True; p->device_state = 0; @@ -359,6 +371,19 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) DLIST_REMOVE(Pipes, p); + if (p->m != NULL) + { + DEBUG(4,("closed msrpc redirect: ")); + if (msrpc_use_del(p->m->pipe_name, &p->m->usr, False, NULL)) + { + DEBUG(4,("OK\n")); + } + else + { + DEBUG(4,("FAILED\n")); + } + } + ZERO_STRUCTP(p); free(p); -- cgit From 0ce128e3550794d4dbbd1def00e87c020f72c992 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sun, 12 Dec 1999 01:25:49 +0000 Subject: delineation between smb and msrpc more marked. smbd now constructs pdus, and then feeds them over either a "local" function call or a "remote" function call to an msrpc service. the "remote" msrpc daemon, on the other side of a unix socket, then calls the same "local" function that smbd would, if the msrpc service were being run from inside smbd. this allows a transition from local msrpc services (inside the same smbd process) to remote (over a unix socket). removed reference to pipes_struct in msrpc services. all msrpc processing functions take rpcsrv_struct which is a structure containing state info for the msrpc functions to decode and create pdus. created become_vuser() which does everything not related to connection_struct that become_user() does. removed, as best i could, connection_struct dependencies from the nt spoolss printing code. todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific info on a per-connection basis, and if the connection dies then so does the info, and that's a fairly serious problem. had to put pretty much everything that is in user_struct into parse_creds.c to feed unix user info over to the msrpc daemons. why? because it's expensive to do unix password/group database lookups, and it's definitely expensive to do nt user profile lookups, not to mention pretty difficult and if you did either of these it would introduce a complication / unnecessary interdependency. so, send uid/gid/num_groups/gid_t* + SID+num_rids+domain_group_rids* + unix username + nt username + nt domain + user session key etc. this is the MINIMUM info identified so far that's actually implemented. missing bits include the called and calling netbios names etc. (basically, anything that can be loaded into standard_sub() and standard_sub_basic()...) (This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d) --- source3/rpc_server/srv_pipe_hnd.c | 111 +++++++++++++++++++++++++------------- 1 file changed, 73 insertions(+), 38 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index a7e451e6da..8a28674d3d 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -84,14 +84,40 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, pipes_struct *p; static int next_pipe; struct msrpc_state *m = NULL; + struct rpcsrv_struct *l = NULL; + user_struct *vuser = get_valid_user_struct(vuid); + struct user_creds usr; + + ZERO_STRUCT(usr); DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n", pipe_name, pipes_open)); + if (vuser == NULL) + { + DEBUG(4,("invalid vuid %d\n", vuid)); + return NULL; + } + + /* set up unix credentials from the smb side, to feed over the pipe */ + make_creds_unix(&usr.uxc, vuser->name, vuser->requested_name, + vuser->real_name, vuser->guest); + usr.ptr_uxc = 1; + make_creds_unix_sec(&usr.uxs, vuser->uid, vuser->gid, + vuser->n_groups, vuser->groups); + usr.ptr_uxs = 1; + + /* set up nt credentials from the smb side, to feed over the pipe */ + /* lkclXXXX todo! + make_creds_nt(&usr.ntc); + make_creds_nt_sec(&usr.nts); + */ + /* not repeating pipe numbers makes it easier to track things in log files and prevents client bugs where pipe numbers are reused over connection restarts */ - if (next_pipe == 0) { + if (next_pipe == 0) + { next_pipe = (getpid() ^ time(NULL)) % MAX_OPEN_PIPES; } @@ -111,13 +137,33 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, if (strequal(pipe_name, "lsarpc")) { - m = msrpc_use_add(pipe_name, NULL, False); + m = msrpc_use_add(pipe_name, &usr, False); if (m == NULL) { DEBUG(5,("open pipes: msrpc redirect failed\n")); return NULL; } } + else + { + l = malloc(sizeof(*l)); + if (l == NULL) + { + DEBUG(5,("open pipes: local msrpc malloc failed\n")); + return NULL; + } + ZERO_STRUCTP(l); + l->rhdr.data = NULL; + l->rdata.data = NULL; + l->rhdr.offset = 0; + l->rdata.offset = 0; + + l->ntlmssp_validated = False; + l->ntlmssp_auth = False; + + memcpy(l->user_sess_key, vuser->user_sess_key, + sizeof(l->user_sess_key)); + } p = (pipes_struct *)malloc(sizeof(*p)); if (!p) return NULL; @@ -132,6 +178,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p->pnum = i; p->m = m; + p->l = l; p->open = True; p->device_state = 0; @@ -139,20 +186,15 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p->conn = conn; p->vuid = vuid; - p->rhdr.data = NULL; - p->rdata.data = NULL; - p->rhdr.offset = 0; - p->rdata.offset = 0; - p->file_offset = 0; p->prev_pdu_file_offset = 0; p->hdr_offsets = 0; - p->ntlmssp_validated = False; - p->ntlmssp_auth = False; - fstrcpy(p->name, pipe_name); + prs_init(&p->smb_pdu, 0, 4, 0, True); + prs_init(&p->rsmb_pdu, 0, 4, 0, False); + DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n", pipe_name, i, pipes_open)); @@ -175,29 +217,13 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, ****************************************************************************/ ssize_t write_pipe(pipes_struct *p, char *data, size_t n) { - prs_struct pd; - struct mem_buf data_buf; - DEBUG(6,("write_pipe: %x", p->pnum)); - DEBUG(6,("name: %s open: %s len: %d", p->name, BOOLSTR(p->open), n)); dump_data(50, data, n); - /* fake up a data buffer from the write_pipe data parameters */ - mem_create(&data_buf, data, 0, n, 0, False); - data_buf.offset.start = 0; - data_buf.offset.end = n; - - /* fake up a parsing structure */ - pd.data = &data_buf; - pd.align = 4; - pd.io = True; - pd.error = False; - pd.offset = 0; - - return rpc_command(p, &pd) ? ((ssize_t)n) : -1; + return rpc_to_smb(p, data, n) ? ((ssize_t)n) : -1; } @@ -232,8 +258,8 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) } - if (p->rhdr.data == NULL || p->rhdr.data->data == NULL || - p->rhdr.data->data_used == 0) + if (p->rsmb_pdu.data == NULL || p->rsmb_pdu.data->data == NULL || + p->rsmb_pdu.data->data_used == 0) { return 0; } @@ -246,12 +272,12 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) pdu_data_sent = p->file_offset - p->prev_pdu_file_offset; this_pdu_data_pos = (pdu_data_sent == 0) ? 0 : (pdu_data_sent - 0x18); - if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST)) + if (!IS_BITS_SET_ALL(p->l->hdr.flags, RPC_FLG_LAST)) { /* intermediate fragment - possibility of another header */ DEBUG(5,("read_pipe: frag_len: %d data_pos: %d pdu_data_sent: %d\n", - p->hdr.frag_len, data_pos, pdu_data_sent)); + p->l->hdr.frag_len, data_pos, pdu_data_sent)); if (pdu_data_sent == 0) { @@ -263,11 +289,11 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) data_pos -= 0x18; /* create and copy in a new header. */ - create_rpc_reply(p, data_pos, p->rdata.offset); + create_rpc_reply(p->l, data_pos); } } - pdu_len = mem_buf_len(p->rhdr.data); + pdu_len = mem_buf_len(p->rsmb_pdu.data); num = pdu_len - this_pdu_data_pos; DEBUG(6,("read_pipe: pdu_len: %d num: %d n: %d\n", pdu_len, num, n)); @@ -284,7 +310,7 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) DEBUG(5,("read_pipe: warning - data read only part of a header\n")); } - mem_buf_copy(data, p->rhdr.data, pdu_data_sent, num); + mem_buf_copy(data, p->rsmb_pdu.data, pdu_data_sent, num); p->file_offset += num; pdu_data_sent += num; @@ -294,7 +320,7 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) DEBUG(6,("read_pipe: just header read\n")); } - if (pdu_data_sent == p->hdr.frag_len) + if (pdu_data_sent == p->l->hdr.frag_len) { DEBUG(6,("read_pipe: next fragment expected\n")); p->prev_pdu_file_offset = p->file_offset; @@ -359,8 +385,8 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) return False; } - mem_buf_free(&(p->rdata.data)); - mem_buf_free(&(p->rhdr .data)); + mem_buf_free(&(p->smb_pdu .data)); + mem_buf_free(&(p->rsmb_pdu.data)); bitmap_clear(bmap, p->pnum - pipe_handle_offset); @@ -384,8 +410,17 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) } } - ZERO_STRUCTP(p); + if (p->l != NULL) + { + DEBUG(4,("closed msrpc local: OK\n")); + + mem_free_data(p->l->rdata .data); + rpcsrv_free_temp(p->l); + free(p->l); + } + + ZERO_STRUCTP(p); free(p); return True; -- cgit From 4f8a24522c683761c6f2ee23dba56f6c7913377b Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sun, 12 Dec 1999 20:03:42 +0000 Subject: final part of "first" phase converting over to msrpc daemon architecture. done a minimal amout of clean-up in the Makefile, removing unnecessary modules from the link stage. this is not complete, yet, and will involve some changes, for example to smbd, to remove dependencies on the password database API that shouldn't be there. for example, smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa API. this first implementation has minor problems with not reinstantiating the same services as the caller. the "homes" service is a good example. (This used to be commit caa50525220b0d0250fa139367593c2de2c12135) --- source3/rpc_server/srv_pipe_hnd.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 8a28674d3d..f8bde1bf9b 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -135,14 +135,13 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum)); } - if (strequal(pipe_name, "lsarpc")) + m = msrpc_use_add(pipe_name, &usr, False); + if (m == NULL) { - m = msrpc_use_add(pipe_name, &usr, False); - if (m == NULL) - { - DEBUG(5,("open pipes: msrpc redirect failed\n")); - return NULL; - } + DEBUG(5,("open pipes: msrpc redirect failed\n")); + return NULL; + } +#if 0 } else { @@ -164,6 +163,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, memcpy(l->user_sess_key, vuser->user_sess_key, sizeof(l->user_sess_key)); } +#endif p = (pipes_struct *)malloc(sizeof(*p)); if (!p) return NULL; -- cgit From 3db52feb1f3b2c07ce0b06ad4a7099fa6efe3fc7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 13 Dec 1999 13:27:58 +0000 Subject: first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154) --- source3/rpc_server/srv_pipe_hnd.c | 371 +++++++++++++++++--------------------- 1 file changed, 162 insertions(+), 209 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index f8bde1bf9b..b21b768a6e 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -5,6 +5,7 @@ * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-1998, * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, + * Copyright (C) Jeremy Allison 1999. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -55,7 +56,7 @@ void set_pipe_handle_offset(int max_open_files) } /**************************************************************************** - reset pipe chain handle number + Reset pipe chain handle number. ****************************************************************************/ void reset_chain_p(void) { @@ -63,63 +64,64 @@ void reset_chain_p(void) } /**************************************************************************** - initialise pipe handle states... + Initialise pipe handle states. ****************************************************************************/ + void init_rpc_pipe_hnd(void) { bmap = bitmap_allocate(MAX_OPEN_PIPES); - if (!bmap) { + if (!bmap) exit_server("out of memory in init_rpc_pipe_hnd\n"); - } } +/**************************************************************************** + Initialise an outgoing packet. +****************************************************************************/ + +BOOL pipe_init_outgoing_data( pipes_struct *p) +{ + + memset(p->current_pdu, '\0', sizeof(p->current_pdu)); + + /* Free any memory in the current return data buffer. */ + prs_mem_free(&p->rdata); + + /* + * Initialize the outgoing RPC data buffer. + * we will use this as the raw data area for replying to rpc requests. + */ + if(!prs_init(&p->rdata, 1024, 4, MARSHALL)) { + DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n")); + return False; + } + + /* Reset the offset counters. */ + p->data_sent_length = 0; + p->current_pdu_len = 0; + p->current_pdu_sent = 0; + + return True; +} /**************************************************************************** - find first available file slot + Find first available pipe slot. ****************************************************************************/ + pipes_struct *open_rpc_pipe_p(char *pipe_name, connection_struct *conn, uint16 vuid) { int i; pipes_struct *p; static int next_pipe; - struct msrpc_state *m = NULL; - struct rpcsrv_struct *l = NULL; - user_struct *vuser = get_valid_user_struct(vuid); - struct user_creds usr; - - ZERO_STRUCT(usr); DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n", pipe_name, pipes_open)); - if (vuser == NULL) - { - DEBUG(4,("invalid vuid %d\n", vuid)); - return NULL; - } - - /* set up unix credentials from the smb side, to feed over the pipe */ - make_creds_unix(&usr.uxc, vuser->name, vuser->requested_name, - vuser->real_name, vuser->guest); - usr.ptr_uxc = 1; - make_creds_unix_sec(&usr.uxs, vuser->uid, vuser->gid, - vuser->n_groups, vuser->groups); - usr.ptr_uxs = 1; - - /* set up nt credentials from the smb side, to feed over the pipe */ - /* lkclXXXX todo! - make_creds_nt(&usr.ntc); - make_creds_nt_sec(&usr.nts); - */ - /* not repeating pipe numbers makes it easier to track things in log files and prevents client bugs where pipe numbers are reused over connection restarts */ if (next_pipe == 0) - { next_pipe = (getpid() ^ time(NULL)) % MAX_OPEN_PIPES; - } i = bitmap_find(bmap, next_pipe); @@ -131,44 +133,19 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, next_pipe = (i+1) % MAX_OPEN_PIPES; for (p = Pipes; p; p = p->next) - { DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum)); - } - - m = msrpc_use_add(pipe_name, &usr, False); - if (m == NULL) - { - DEBUG(5,("open pipes: msrpc redirect failed\n")); - return NULL; - } -#if 0 - } - else - { - l = malloc(sizeof(*l)); - if (l == NULL) - { - DEBUG(5,("open pipes: local msrpc malloc failed\n")); - return NULL; - } - ZERO_STRUCTP(l); - l->rhdr.data = NULL; - l->rdata.data = NULL; - l->rhdr.offset = 0; - l->rdata.offset = 0; - - l->ntlmssp_validated = False; - l->ntlmssp_auth = False; - - memcpy(l->user_sess_key, vuser->user_sess_key, - sizeof(l->user_sess_key)); - } -#endif p = (pipes_struct *)malloc(sizeof(*p)); - if (!p) return NULL; + if (!p) + return NULL; ZERO_STRUCTP(p); + + /* + * Initialize the RPC and PDU data buffers with no memory. + */ + prs_init(&p->rdata, 0, 4, MARSHALL); + DLIST_ADD(Pipes, p); bitmap_set(bmap, i); @@ -177,24 +154,28 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, pipes_open++; p->pnum = i; - p->m = m; - p->l = l; p->open = True; p->device_state = 0; p->priority = 0; p->conn = conn; p->vuid = vuid; + + p->max_trans_reply = 0; - p->file_offset = 0; - p->prev_pdu_file_offset = 0; - p->hdr_offsets = 0; - - fstrcpy(p->name, pipe_name); + p->ntlmssp_chal_flags = 0; + p->ntlmssp_auth_validated = False; + p->ntlmssp_auth_requested = False; - prs_init(&p->smb_pdu, 0, 4, 0, True); - prs_init(&p->rsmb_pdu, 0, 4, 0, False); + p->current_pdu_len = 0; + p->current_pdu_sent = 0; + p->data_sent_length = 0; + p->uid = (uid_t)-1; + p->gid = (gid_t)-1; + + fstrcpy(p->name, pipe_name); + DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n", pipe_name, i, pipes_open)); @@ -202,182 +183,179 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, /* OVERWRITE p as a temp variable, to display all open pipes */ for (p = Pipes; p; p = p->next) - { DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum)); - } return chain_p; } /**************************************************************************** - writes data to a pipe. + Accepts incoming data on an rpc pipe. - SERIOUSLY ALPHA CODE! + This code is probably incorrect at the moment. The problem is + that the rpc request shouldn't really be executed until all the + data needed for it is received. This currently assumes that each + SMBwrite or SMBwriteX contains all the data needed for an rpc + request. JRA. ****************************************************************************/ -ssize_t write_pipe(pipes_struct *p, char *data, size_t n) + +ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n) { DEBUG(6,("write_pipe: %x", p->pnum)); + DEBUG(6,("name: %s open: %s len: %d", - p->name, BOOLSTR(p->open), n)); + p->name, BOOLSTR(p->open), (int)n)); dump_data(50, data, n); - return rpc_to_smb(p, data, n) ? ((ssize_t)n) : -1; + return rpc_command(p, data, (int)n) ? ((ssize_t)n) : -1; } /**************************************************************************** - reads data from a pipe. + Replyies to a request to read data from a pipe. - headers are interspersed with the data at regular intervals. by the time + Headers are interspersed with the data at PDU intervals. By the time this function is called, the start of the data could possibly have been read by an SMBtrans (file_offset != 0). - calling create_rpc_reply() here is a fudge. the data should already + Calling create_rpc_reply() here is a hack. The data should already have been prepared into arrays of headers + data stream sections. ****************************************************************************/ -int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) + +int read_from_pipe(pipes_struct *p, char *data, int n) { - int num = 0; - int pdu_len = 0; - uint32 hdr_num = 0; - int pdu_data_sent; /* amount of current pdu already sent */ - int data_pos; /* entire rpc data sent - no headers, no auth verifiers */ - int this_pdu_data_pos; - - DEBUG(6,("read_pipe: %x name: %s open: %s pos: %d len: %d", - p->pnum, p->name, BOOLSTR(p->open), - pos, n)); - - if (!p || !p->open) - { - DEBUG(6,("pipe not open\n")); + uint32 pdu_remaining = 0; + int data_returned = 0; + + if (!p || !p->open) { + DEBUG(0,("read_from_pipe: pipe not open\n")); return -1; } + DEBUG(6,("read_from_pipe: %x", p->pnum)); - if (p->rsmb_pdu.data == NULL || p->rsmb_pdu.data->data == NULL || - p->rsmb_pdu.data->data_used == 0) - { - return 0; + DEBUG(6,("name: %s len: %d\n", p->name, n)); + + /* + * We cannot return more than one PDU length per + * read request. + */ + + if(n > MAX_PDU_FRAG_LEN) { + DEBUG(0,("read_from_pipe: loo large read (%d) requested on pipe %s. We can \ +only service %d sized reads.\n", n, p->name, MAX_PDU_FRAG_LEN )); + return -1; } - DEBUG(6,("read_pipe: p: %p file_offset: %d file_pos: %d\n", - p, p->file_offset, n)); + /* + * Determine if there is still data to send in the + * pipe PDU buffer. Always send this first. Never + * send more than is left in the current PDU. The + * client should send a new read request for a new + * PDU. + */ - /* the read request starts from where the SMBtrans2 left off. */ - data_pos = p->file_offset - p->hdr_offsets; - pdu_data_sent = p->file_offset - p->prev_pdu_file_offset; - this_pdu_data_pos = (pdu_data_sent == 0) ? 0 : (pdu_data_sent - 0x18); + if((pdu_remaining = p->current_pdu_len - p->current_pdu_sent) > 0) { + data_returned = MIN(n, pdu_remaining); - if (!IS_BITS_SET_ALL(p->l->hdr.flags, RPC_FLG_LAST)) - { - /* intermediate fragment - possibility of another header */ - - DEBUG(5,("read_pipe: frag_len: %d data_pos: %d pdu_data_sent: %d\n", - p->l->hdr.frag_len, data_pos, pdu_data_sent)); - - if (pdu_data_sent == 0) - { - DEBUG(6,("read_pipe: next fragment header\n")); - - /* this is subtracted from the total data bytes, later */ - hdr_num = 0x18; - p->hdr_offsets += 0x18; - data_pos -= 0x18; - - /* create and copy in a new header. */ - create_rpc_reply(p->l, data_pos); - } - } - - pdu_len = mem_buf_len(p->rsmb_pdu.data); - num = pdu_len - this_pdu_data_pos; - - DEBUG(6,("read_pipe: pdu_len: %d num: %d n: %d\n", pdu_len, num, n)); - - if (num > n) num = n; - if (num <= 0) - { - DEBUG(5,("read_pipe: 0 or -ve data length\n")); - return 0; - } + DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \ +returning %d bytes.\n", p->name, (unsigned int)p->current_pdu_len, + (unsigned int)p->current_pdu_sent, (int)data_returned)); - if (num < hdr_num) - { - DEBUG(5,("read_pipe: warning - data read only part of a header\n")); + memcpy( data, &p->current_pdu[p->current_pdu_sent], (size_t)data_returned); + p->current_pdu_sent += (uint32)data_returned; + return data_returned; } - mem_buf_copy(data, p->rsmb_pdu.data, pdu_data_sent, num); - - p->file_offset += num; - pdu_data_sent += num; - - if (hdr_num == 0x18 && num == 0x18) - { - DEBUG(6,("read_pipe: just header read\n")); + /* + * At this point p->current_pdu_len == p->current_pdu_sent (which + * may of course be zero if this is the first return fragment. + */ + + DEBUG(10,("read_from_pipe: %s: data_sent_length = %u, prs_offset(&p->rdata) = %u.\n", + p->name, (unsigned int)p->data_sent_length, (unsigned int)prs_offset(&p->rdata) )); + + if(p->data_sent_length >= prs_offset(&p->rdata)) { + /* + * We have sent all possible data. Return 0. + */ + return 0; } - if (pdu_data_sent == p->l->hdr.frag_len) - { - DEBUG(6,("read_pipe: next fragment expected\n")); - p->prev_pdu_file_offset = p->file_offset; + /* + * We need to create a new PDU from the data left in p->rdata. + * Create the header/data/footers. This also sets up the fields + * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length + * and stores the outgoing PDU in p->current_pdu. + */ + + if(!create_next_pdu(p)) { + DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", + p->name)); + return -1; } - return num; -} + data_returned = MIN(n, p->current_pdu_len); + memcpy( data, p->current_pdu, (size_t)data_returned); + p->current_pdu_sent += (uint32)data_returned; + return data_returned; +} /**************************************************************************** - wait device state on a pipe. exactly what this is for is unknown... + Wait device state on a pipe. Exactly what this is for is unknown... ****************************************************************************/ + BOOL wait_rpc_pipe_hnd_state(pipes_struct *p, uint16 priority) { - if (p == NULL) return False; + if (p == NULL) + return False; - if (p->open) - { - DEBUG(3,("%s Setting pipe wait state priority=%x on pipe (name=%s)\n", - timestring(), priority, p->name)); + if (p->open) { + DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n", + priority, p->name)); p->priority = priority; return True; } - DEBUG(3,("%s Error setting pipe wait state priority=%x (name=%s)\n", - timestring(), priority, p->name)); + DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n", + priority, p->name)); return False; } /**************************************************************************** - set device state on a pipe. exactly what this is for is unknown... + Set device state on a pipe. Exactly what this is for is unknown... ****************************************************************************/ + BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state) { - if (p == NULL) return False; + if (p == NULL) + return False; if (p->open) { - DEBUG(3,("%s Setting pipe device state=%x on pipe (name=%s)\n", - timestring(), device_state, p->name)); + DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n", + device_state, p->name)); p->device_state = device_state; return True; } - DEBUG(3,("%s Error setting pipe device state=%x (name=%s)\n", - timestring(), device_state, p->name)); + DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n", + device_state, p->name)); return False; } /**************************************************************************** - close an rpc pipe + Close an rpc pipe. ****************************************************************************/ + BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) { if (!p) { @@ -385,8 +363,7 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) return False; } - mem_buf_free(&(p->smb_pdu .data)); - mem_buf_free(&(p->rsmb_pdu.data)); + prs_mem_free(&p->rdata); bitmap_clear(bmap, p->pnum - pipe_handle_offset); @@ -397,50 +374,31 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) DLIST_REMOVE(Pipes, p); - if (p->m != NULL) - { - DEBUG(4,("closed msrpc redirect: ")); - if (msrpc_use_del(p->m->pipe_name, &p->m->usr, False, NULL)) - { - DEBUG(4,("OK\n")); - } - else - { - DEBUG(4,("FAILED\n")); - } - } - - if (p->l != NULL) - { - DEBUG(4,("closed msrpc local: OK\n")); - - mem_free_data(p->l->rdata .data); - rpcsrv_free_temp(p->l); - - free(p->l); - } - ZERO_STRUCTP(p); + free(p); return True; } /**************************************************************************** - close an rpc pipe + Find an rpc pipe given a pipe handle in a buffer and an offset. ****************************************************************************/ + pipes_struct *get_rpc_pipe_p(char *buf, int where) { int pnum = SVAL(buf,where); - if (chain_p) return chain_p; + if (chain_p) + return chain_p; return get_rpc_pipe(pnum); } /**************************************************************************** - close an rpc pipe + Find an rpc pipe given a pipe handle. ****************************************************************************/ + pipes_struct *get_rpc_pipe(int pnum) { pipes_struct *p; @@ -448,15 +406,11 @@ pipes_struct *get_rpc_pipe(int pnum) DEBUG(4,("search for pipe pnum=%x\n", pnum)); for (p=Pipes;p;p=p->next) - { DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n", p->name, p->pnum, pipes_open)); - } - for (p=Pipes;p;p=p->next) - { - if (p->pnum == pnum) - { + for (p=Pipes;p;p=p->next) { + if (p->pnum == pnum) { chain_p = p; return p; } @@ -464,4 +418,3 @@ pipes_struct *get_rpc_pipe(int pnum) return NULL; } - -- cgit From fbd17c8dafeefac788f4bc1c41045726825f513f Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 3 Jan 2000 19:19:48 +0000 Subject: simple mods to add msrpc pipe redirection. default behaviour: fall back to using internal msrpc code in smbd. (This used to be commit 8976e26d46cb991710bc77463f7f928ac00dd4d8) --- source3/rpc_server/srv_pipe_hnd.c | 51 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index b21b768a6e..46beba6316 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -113,10 +113,44 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, int i; pipes_struct *p; static int next_pipe; + struct msrpc_state *m = NULL; + user_struct *vuser = get_valid_user_struct(vuid); + struct user_creds usr; + + ZERO_STRUCT(usr); DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n", pipe_name, pipes_open)); + if (vuser == NULL) + { + DEBUG(4,("invalid vuid %d\n", vuid)); + return NULL; + } + + /* set up unix credentials from the smb side, to feed over the pipe */ + make_creds_unix(&usr.uxc, vuser->name, vuser->requested_name, + vuser->real_name, vuser->guest); + usr.ptr_uxc = 1; + make_creds_unix_sec(&usr.uxs, vuser->uid, vuser->gid, + vuser->n_groups, vuser->groups); + usr.ptr_uxs = 1; + + /* set up nt credentials from the smb side, to feed over the pipe */ + /* lkclXXXX todo! + make_creds_nt(&usr.ntc); + make_creds_nt_sec(&usr.nts); + */ + + become_root(False); /* to connect to pipe */ + m = msrpc_use_add(pipe_name, &usr, False); + unbecome_root(False); + + if (m == NULL) + { + DEBUG(10,("open pipes: msrpc redirect failed - go local.\n")); + } + /* not repeating pipe numbers makes it easier to track things in log files and prevents client bugs where pipe numbers are reused over connection restarts */ @@ -160,6 +194,8 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p->priority = 0; p->conn = conn; p->vuid = vuid; + + p->m = m; p->max_trans_reply = 0; @@ -201,7 +237,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n) { - DEBUG(6,("write_pipe: %x", p->pnum)); + DEBUG(6,("write_to_pipe: %x", p->pnum)); DEBUG(6,("name: %s open: %s len: %d", p->name, BOOLSTR(p->open), (int)n)); @@ -372,6 +408,19 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n", p->name, p->pnum, pipes_open)); + if (p->m != NULL) + { + DEBUG(4,("closed msrpc redirect: ")); + if (msrpc_use_del(p->m->pipe_name, &p->m->usr, False, NULL)) + { + DEBUG(4,("OK\n")); + } + else + { + DEBUG(4,("FAILED\n")); + } + } + DLIST_REMOVE(Pipes, p); ZERO_STRUCTP(p); -- cgit From 8433aa437990357a327dbed19afc8033a1ed9be4 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 11 Jan 2000 02:00:31 +0000 Subject: modified smbd/msrpc credential transfer system. user session key is *missing* from samba cvs main, therefore it is set to all zeros. this will cause, amongst other things, administrator-changing-user-passwords, and setting up new accounts, to fail, as the user's password can only be decoded with the session key (in this case, the administrator's usr sess key). it's never a perfect world, is it? (This used to be commit 3362fcdfa492cfd1d9d4ec35ef2108192302b984) --- source3/rpc_server/srv_pipe_hnd.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 46beba6316..736d1435d1 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -136,6 +136,16 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, vuser->n_groups, vuser->groups); usr.ptr_uxs = 1; + usr.ptr_ssk = 1; + DEBUG(0,("user session key not available (yet).\n")); + DEBUG(0,("password-change operations may fail.\n")); + +#if USER_SESSION_KEY_DEFINED_IN_VUSER_STRUCT + memcpy(usr.usr_sess_key, vuser->usr_sess_key, sizeof(usr.usr_sess_key)); +#else + memset(usr.usr_sess_key, 0, sizeof(usr.usr_sess_key)); +#endif + /* set up nt credentials from the smb side, to feed over the pipe */ /* lkclXXXX todo! make_creds_nt(&usr.ntc); -- cgit From d91bfabc5df7226cc1b0da231e18fd16c8807a25 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 21 Jan 2000 02:33:21 +0000 Subject: made cvs main up-to-date with samba_tng, with addition of process id to msrpc loop-back interface. (This used to be commit adbf97c0a93149e17496b002ecc8ecdb3f360ed5) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 736d1435d1..b8e7c1946a 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -153,7 +153,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, */ become_root(False); /* to connect to pipe */ - m = msrpc_use_add(pipe_name, &usr, False); + m = msrpc_use_add(pipe_name, getpid(), &usr, False); unbecome_root(False); if (m == NULL) -- cgit From 9db96b7646aa36aa5b4ff309419235fe20bef78a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 23 Feb 2000 02:02:33 +0000 Subject: lib/system.c: Fixed gcc warnings. nmbd/nmbd_processlogon.c: Use "True" and "False" instead of 1 and 0. Others - preparing for multiple pdu write code. Jeremy. (This used to be commit 9f879ec396230deba34fbe5e82d8a65f92137c54) --- source3/rpc_server/srv_pipe_hnd.c | 46 +++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 23 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index b8e7c1946a..32a804d5d5 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -78,27 +78,27 @@ void init_rpc_pipe_hnd(void) Initialise an outgoing packet. ****************************************************************************/ -BOOL pipe_init_outgoing_data( pipes_struct *p) +BOOL pipe_init_outgoing_data(output_data *out_data) { - memset(p->current_pdu, '\0', sizeof(p->current_pdu)); + memset(out_data->current_pdu, '\0', sizeof(out_data->current_pdu)); /* Free any memory in the current return data buffer. */ - prs_mem_free(&p->rdata); + prs_mem_free(&out_data->rdata); /* * Initialize the outgoing RPC data buffer. * we will use this as the raw data area for replying to rpc requests. */ - if(!prs_init(&p->rdata, 1024, 4, MARSHALL)) { + if(!prs_init(&out_data->rdata, 1024, 4, MARSHALL)) { DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n")); return False; } /* Reset the offset counters. */ - p->data_sent_length = 0; - p->current_pdu_len = 0; - p->current_pdu_sent = 0; + out_data->data_sent_length = 0; + out_data->current_pdu_len = 0; + out_data->current_pdu_sent = 0; return True; } @@ -188,7 +188,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, /* * Initialize the RPC and PDU data buffers with no memory. */ - prs_init(&p->rdata, 0, 4, MARSHALL); + prs_init(&p->out_data.rdata, 0, 4, MARSHALL); DLIST_ADD(Pipes, p); @@ -213,9 +213,9 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p->ntlmssp_auth_validated = False; p->ntlmssp_auth_requested = False; - p->current_pdu_len = 0; - p->current_pdu_sent = 0; - p->data_sent_length = 0; + p->out_data.current_pdu_len = 0; + p->out_data.current_pdu_sent = 0; + p->out_data.data_sent_length = 0; p->uid = (uid_t)-1; p->gid = (gid_t)-1; @@ -303,15 +303,15 @@ only service %d sized reads.\n", n, p->name, MAX_PDU_FRAG_LEN )); * PDU. */ - if((pdu_remaining = p->current_pdu_len - p->current_pdu_sent) > 0) { + if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) { data_returned = MIN(n, pdu_remaining); DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \ -returning %d bytes.\n", p->name, (unsigned int)p->current_pdu_len, - (unsigned int)p->current_pdu_sent, (int)data_returned)); +returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, + (unsigned int)p->out_data.current_pdu_sent, (int)data_returned)); - memcpy( data, &p->current_pdu[p->current_pdu_sent], (size_t)data_returned); - p->current_pdu_sent += (uint32)data_returned; + memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned); + p->out_data.current_pdu_sent += (uint32)data_returned; return data_returned; } @@ -320,10 +320,10 @@ returning %d bytes.\n", p->name, (unsigned int)p->current_pdu_len, * may of course be zero if this is the first return fragment. */ - DEBUG(10,("read_from_pipe: %s: data_sent_length = %u, prs_offset(&p->rdata) = %u.\n", - p->name, (unsigned int)p->data_sent_length, (unsigned int)prs_offset(&p->rdata) )); + DEBUG(10,("read_from_pipe: %s: data_sent_length = %u, prs_offset(&p->out_data.rdata) = %u.\n", + p->name, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) )); - if(p->data_sent_length >= prs_offset(&p->rdata)) { + if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) { /* * We have sent all possible data. Return 0. */ @@ -343,10 +343,10 @@ returning %d bytes.\n", p->name, (unsigned int)p->current_pdu_len, return -1; } - data_returned = MIN(n, p->current_pdu_len); + data_returned = MIN(n, p->out_data.current_pdu_len); - memcpy( data, p->current_pdu, (size_t)data_returned); - p->current_pdu_sent += (uint32)data_returned; + memcpy( data, p->out_data.current_pdu, (size_t)data_returned); + p->out_data.current_pdu_sent += (uint32)data_returned; return data_returned; } @@ -409,7 +409,7 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) return False; } - prs_mem_free(&p->rdata); + prs_mem_free(&p->out_data.rdata); bitmap_clear(bmap, p->pnum - pipe_handle_offset); -- cgit From 6bb92a6d38db41a11e80c4369623d137763f0f52 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 9 Mar 2000 21:45:16 +0000 Subject: Big update moving the multi-pdu support from 2.0.x into HEAD for JF and the printer functions. Also tidied up some header includes and got the order right so you can now do a : make proto make clean make Jeremy. (This used to be commit 833cd9fba92e4ad5297b235d108dd2be8c17079b) --- source3/rpc_server/srv_pipe_hnd.c | 539 +++++++++++++++++++++++++++++++++----- 1 file changed, 477 insertions(+), 62 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 32a804d5d5..c63390c35f 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1,4 +1,3 @@ - /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -78,67 +77,61 @@ void init_rpc_pipe_hnd(void) Initialise an outgoing packet. ****************************************************************************/ -BOOL pipe_init_outgoing_data(output_data *out_data) +BOOL pipe_init_outgoing_data(output_data *o_data) { - memset(out_data->current_pdu, '\0', sizeof(out_data->current_pdu)); + memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu)); /* Free any memory in the current return data buffer. */ - prs_mem_free(&out_data->rdata); + prs_mem_free(&o_data->rdata); /* * Initialize the outgoing RPC data buffer. * we will use this as the raw data area for replying to rpc requests. */ - if(!prs_init(&out_data->rdata, 1024, 4, MARSHALL)) { + if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, 4, MARSHALL)) { DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n")); return False; } /* Reset the offset counters. */ - out_data->data_sent_length = 0; - out_data->current_pdu_len = 0; - out_data->current_pdu_sent = 0; + o_data->data_sent_length = 0; + o_data->current_pdu_len = 0; + o_data->current_pdu_sent = 0; return True; } /**************************************************************************** - Find first available pipe slot. + HACK !!! Attempt to find a remote process to communicate RPC's with. ****************************************************************************/ -pipes_struct *open_rpc_pipe_p(char *pipe_name, - connection_struct *conn, uint16 vuid) +static void attempt_remote_rpc_connect(pipes_struct *p) { - int i; - pipes_struct *p; - static int next_pipe; - struct msrpc_state *m = NULL; - user_struct *vuser = get_valid_user_struct(vuid); struct user_creds usr; + struct msrpc_state *m; + user_struct *vuser = get_valid_user_struct(p->vuid); - ZERO_STRUCT(usr); + p->m = NULL; - DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n", - pipe_name, pipes_open)); - - if (vuser == NULL) - { - DEBUG(4,("invalid vuid %d\n", vuid)); - return NULL; + if (vuser == NULL) { + DEBUG(4,("attempt_remote_rpc_connect: invalid vuid %d\n", (int)p->vuid)); + return; } + ZERO_STRUCT(usr); + /* set up unix credentials from the smb side, to feed over the pipe */ make_creds_unix(&usr.uxc, vuser->name, vuser->requested_name, - vuser->real_name, vuser->guest); + vuser->real_name, vuser->guest); usr.ptr_uxc = 1; make_creds_unix_sec(&usr.uxs, vuser->uid, vuser->gid, - vuser->n_groups, vuser->groups); + vuser->n_groups, vuser->groups); usr.ptr_uxs = 1; usr.ptr_ssk = 1; - DEBUG(0,("user session key not available (yet).\n")); - DEBUG(0,("password-change operations may fail.\n")); + DEBUG(10,("user session key not available (yet).\n")); + DEBUG(10,("password-change operations may fail.\n")); #if USER_SESSION_KEY_DEFINED_IN_VUSER_STRUCT memcpy(usr.usr_sess_key, vuser->usr_sess_key, sizeof(usr.usr_sess_key)); @@ -153,14 +146,28 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, */ become_root(False); /* to connect to pipe */ - m = msrpc_use_add(pipe_name, getpid(), &usr, False); + p->m = msrpc_use_add(p->name, getpid(), &usr, False); unbecome_root(False); - if (m == NULL) - { - DEBUG(10,("open pipes: msrpc redirect failed - go local.\n")); - } + if (p->m == NULL) + DEBUG(10,("attempt_remote_rpc_connect: msrpc redirect failed - using local implementation.\n")); +} + +/**************************************************************************** + Find first available pipe slot. +****************************************************************************/ + +pipes_struct *open_rpc_pipe_p(char *pipe_name, + connection_struct *conn, uint16 vuid) +{ + int i; + pipes_struct *p; + static int next_pipe; + + DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n", + pipe_name, pipes_open)); + /* not repeating pipe numbers makes it easier to track things in log files and prevents client bugs where pipe numbers are reused over connection restarts */ @@ -180,18 +187,26 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum)); p = (pipes_struct *)malloc(sizeof(*p)); + if (!p) return NULL; ZERO_STRUCTP(p); - /* - * Initialize the RPC and PDU data buffers with no memory. - */ - prs_init(&p->out_data.rdata, 0, 4, MARSHALL); - DLIST_ADD(Pipes, p); + /* + * Initialize the incoming RPC data buffer with one PDU worth of memory. + * We cheat here and say we're marshalling, as we intend to add incoming + * data directly into the prs_struct and we want it to auto grow. We will + * change the type to UNMARSALLING before processing the stream. + */ + + if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, 4, MARSHALL)) { + DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n")); + return NULL; + } + bitmap_set(bmap, i); i += pipe_handle_offset; @@ -204,8 +219,6 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p->priority = 0; p->conn = conn; p->vuid = vuid; - - p->m = m; p->max_trans_reply = 0; @@ -213,15 +226,40 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p->ntlmssp_auth_validated = False; p->ntlmssp_auth_requested = False; + p->pipe_bound = False; + p->fault_state = False; + + /* + * Initialize the incoming RPC struct. + */ + + p->in_data.pdu_needed_len = 0; + p->in_data.pdu_received_len = 0; + + /* + * Initialize the outgoing RPC struct. + */ + p->out_data.current_pdu_len = 0; p->out_data.current_pdu_sent = 0; p->out_data.data_sent_length = 0; + /* + * Initialize the outgoing RPC data buffer with no memory. + */ + prs_init(&p->out_data.rdata, 0, 4, MARSHALL); + p->uid = (uid_t)-1; p->gid = (gid_t)-1; fstrcpy(p->name, pipe_name); + /* + * HACK !!! For Luke - attempt to connect to RPC redirect process. + */ + + attempt_remote_rpc_connect(p); + DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n", pipe_name, i, pipes_open)); @@ -234,27 +272,408 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, return chain_p; } +/**************************************************************************** + Sets the fault state on incoming packets. +****************************************************************************/ + +static void set_incoming_fault(pipes_struct *p) +{ + prs_mem_free(&p->in_data.data); + p->in_data.pdu_needed_len = 0; + p->in_data.pdu_received_len = 0; + p->fault_state = True; + DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : pnum = 0x%x\n", + p->name, p->pnum )); +} /**************************************************************************** - Accepts incoming data on an rpc pipe. + Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer. +****************************************************************************/ - This code is probably incorrect at the moment. The problem is - that the rpc request shouldn't really be executed until all the - data needed for it is received. This currently assumes that each - SMBwrite or SMBwriteX contains all the data needed for an rpc - request. JRA. - ****************************************************************************/ +static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy) +{ + size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len); + + DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n", + (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr, + (unsigned int)p->in_data.pdu_received_len )); + + memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr); + p->in_data.pdu_received_len += len_needed_to_complete_hdr; + + return (ssize_t)len_needed_to_complete_hdr; +} + +/**************************************************************************** + Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu. +****************************************************************************/ + +static ssize_t unmarshall_rpc_header(pipes_struct *p) +{ + /* + * Unmarshall the header to determine the needed length. + */ + + prs_struct rpc_in; + + if(p->in_data.pdu_received_len != RPC_HEADER_LEN) { + DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n")); + set_incoming_fault(p); + return -1; + } + + prs_init( &rpc_in, 0, 4, UNMARSHALL); + prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0], + p->in_data.pdu_received_len, False); + + /* + * Unmarshall the header as this will tell us how much + * data we need to read to get the complete pdu. + */ + + if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) { + DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n")); + set_incoming_fault(p); + return -1; + } + + /* + * Validate the RPC header. + */ + + if(p->hdr.major != 5 && p->hdr.minor != 0) { + DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n")); + set_incoming_fault(p); + return -1; + } + + /* + * If there is no data in the incoming buffer and it's a requst pdu then + * ensure that the FIRST flag is set. If not then we have + * a stream missmatch. + */ + + if((p->hdr.pkt_type == RPC_REQUEST) && (prs_offset(&p->in_data.data) == 0) && !(p->hdr.flags & RPC_FLG_FIRST)) { + DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n")); + set_incoming_fault(p); + return -1; + } + + /* + * Ensure that the pdu length is sane. + */ + + if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) { + DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n")); + set_incoming_fault(p); + return -1; + } + + DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type, + (unsigned int)p->hdr.flags )); + + /* + * Adjust for the header we just ate. + */ + p->in_data.pdu_received_len = 0; + p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN; + + /* + * Null the data we just ate. + */ + + memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN); + + return 0; /* No extra data processed. */ +} + +/**************************************************************************** + Processes a request pdu. This will do auth processing if needed, and + appends the data into the complete stream if the LAST flag is not set. +****************************************************************************/ + +static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p) +{ + BOOL auth_verify = IS_BITS_SET_ALL(p->ntlmssp_chal_flags, NTLMSSP_NEGOTIATE_SIGN); + size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN - + (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len; + + if(!p->pipe_bound) { + DEBUG(0,("process_request_pdu: rpc request with no bind.\n")); + set_incoming_fault(p); + return False; + } + + /* + * Check if we need to do authentication processing. + * This is only done on requests, not binds. + */ + + /* + * Read the RPC request header. + */ + + if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) { + DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n")); + set_incoming_fault(p); + return False; + } + + if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) { + DEBUG(0,("process_request_pdu: failed to do auth processing.\n")); + set_incoming_fault(p); + return False; + } + + if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) { + + /* + * Authentication _was_ requested and it already failed. + */ + + DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \ +authentication failed. Denying the request.\n", p->name)); + set_incoming_fault(p); + return False; + } + + /* + * Check the data length doesn't go over the 1Mb limit. + */ + + if(prs_data_size(&p->in_data.data) + data_len > 1024*1024) { + DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n", + (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len )); + set_incoming_fault(p); + return False; + } + + /* + * Append the data portion into the buffer and return. + */ + + { + char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p); + + if(!prs_append_data(&p->in_data.data, data_from, data_len)) { + DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n", + (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) )); + set_incoming_fault(p); + return False; + } + + } + + if(p->hdr.flags & RPC_FLG_LAST) { + BOOL ret; + /* + * Ok - we finally have a complete RPC stream. + * Call the rpc command to process it. + */ + + /* + * Set the parse offset to the start of the data and set the + * prs_struct to UNMARSHALL. + */ + + prs_set_offset(&p->in_data.data, 0); + prs_switch_type(&p->in_data.data, UNMARSHALL); + + /* + * Process the complete data stream here. + */ + + ret = api_pipe_request(p); + + /* + * We have consumed the whole data stream. Set back to + * marshalling and set the offset back to the start of + * the buffer to re-use it (we could also do a prs_mem_free() + * and then re_init on the next start of PDU. Not sure which + * is best here.... JRA. + */ + + prs_switch_type(&p->in_data.data, MARSHALL); + prs_set_offset(&p->in_data.data, 0); + return ret; + } + + return True; +} + +/**************************************************************************** + Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has + already been parsed and stored in p->hdr. +****************************************************************************/ + +static ssize_t process_complete_pdu(pipes_struct *p) +{ + prs_struct rpc_in; + size_t data_len = p->in_data.pdu_received_len; + char *data_p = (char *)&p->in_data.current_in_pdu[0]; + BOOL reply = False; + + if(p->fault_state) { + DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n", + p->name )); + set_incoming_fault(p); + setup_fault_pdu(p); + return (ssize_t)data_len; + } + + prs_init( &rpc_in, 0, 4, UNMARSHALL); + prs_give_memory( &rpc_in, data_p, (uint32)data_len, False); + + DEBUG(10,("process_complete_pdu: processing packet type %u\n", + (unsigned int)p->hdr.pkt_type )); + + switch (p->hdr.pkt_type) { + case RPC_BIND: + case RPC_ALTCONT: + /* + * We assume that a pipe bind is only in one pdu. + */ + reply = api_pipe_bind_req(p, &rpc_in); + break; + case RPC_BINDRESP: + /* + * We assume that a pipe bind_resp is only in one pdu. + */ + reply = api_pipe_bind_auth_resp(p, &rpc_in); + break; + case RPC_REQUEST: + reply = process_request_pdu(p, &rpc_in); + break; + default: + DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type )); + break; + } + + if (!reply) { + DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name)); + set_incoming_fault(p); + setup_fault_pdu(p); + } else { + /* + * Reset the lengths. We're ready for a new pdu. + */ + p->in_data.pdu_needed_len = 0; + p->in_data.pdu_received_len = 0; + } + + return (ssize_t)data_len; +} + +/**************************************************************************** + Accepts incoming data on an rpc pipe. Processes the data in pdu sized units. +****************************************************************************/ + +static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n) +{ + size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len); + + DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n", + (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len, + (unsigned int)n )); + + if(data_to_copy == 0) { + /* + * This is an error - data is being received and there is no + * space in the PDU. Free the received data and go into the fault state. + */ + DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \ +incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n )); + set_incoming_fault(p); + return -1; + } + + /* + * If we have no data already, wait until we get at least a RPC_HEADER_LEN + * number of bytes before we can do anything. + */ + + if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) { + /* + * Always return here. If we have more data then the RPC_HEADER + * will be processed the next time around the loop. + */ + return fill_rpc_header(p, data, data_to_copy); + } + + /* + * At this point we know we have at least an RPC_HEADER_LEN amount of data + * stored in current_in_pdu. + */ + + /* + * If pdu_needed_len is zero this is a new pdu. + * Unmarshall the header so we know how much more + * data we need, then loop again. + */ + + if(p->in_data.pdu_needed_len == 0) + return unmarshall_rpc_header(p); + + /* + * Ok - at this point we have a valid RPC_HEADER in p->hdr. + * Keep reading until we have a full pdu. + */ + + data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len); + + /* + * Copy as much of the data as we need into the current_in_pdu buffer. + */ + + memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy); + p->in_data.pdu_received_len += data_to_copy; + + /* + * Do we have a complete PDU ? + */ + + if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len) + return process_complete_pdu(p); + + DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n", + (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len )); + + return (ssize_t)data_to_copy; + +} + +/**************************************************************************** + Accepts incoming data on an rpc pipe. +****************************************************************************/ ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n) { + size_t data_left = n; + DEBUG(6,("write_to_pipe: %x", p->pnum)); - DEBUG(6,("name: %s open: %s len: %d", + DEBUG(6,(" name: %s open: %s len: %d\n", p->name, BOOLSTR(p->open), (int)n)); dump_data(50, data, n); - return rpc_command(p, data, (int)n) ? ((ssize_t)n) : -1; + while(data_left) { + ssize_t data_used; + + DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left )); + + data_used = process_incoming_data(p, data, data_left); + + DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used )); + + if(data_used < 0) + return -1; + + data_left -= data_used; + data += data_used; + } + + return n; } @@ -282,7 +701,7 @@ int read_from_pipe(pipes_struct *p, char *data, int n) DEBUG(6,("read_from_pipe: %x", p->pnum)); - DEBUG(6,("name: %s len: %d\n", p->name, n)); + DEBUG(6,(" name: %s len: %d\n", p->name, n)); /* * We cannot return more than one PDU length per @@ -320,8 +739,9 @@ returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, * may of course be zero if this is the first return fragment. */ - DEBUG(10,("read_from_pipe: %s: data_sent_length = %u, prs_offset(&p->out_data.rdata) = %u.\n", - p->name, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) )); + DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \ += %u, prs_offset(&p->out_data.rdata) = %u.\n", + p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) )); if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) { /* @@ -415,22 +835,17 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) pipes_open--; - DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n", - p->name, p->pnum, pipes_open)); - - if (p->m != NULL) - { - DEBUG(4,("closed msrpc redirect: ")); + if (p->m != NULL) { + DEBUG(4,("close_rpc_pipe_hnd: closing msrpc redirect: ")); if (msrpc_use_del(p->m->pipe_name, &p->m->usr, False, NULL)) - { DEBUG(4,("OK\n")); - } else - { DEBUG(4,("FAILED\n")); - } } + DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n", + p->name, p->pnum, pipes_open)); + DLIST_REMOVE(Pipes, p); ZERO_STRUCTP(p); -- cgit From 115d98e639b94fdd0773bfb9516af14d857c59d2 Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Fri, 10 Mar 2000 17:06:12 +0000 Subject: removed unused variable J.F. (This used to be commit e2557ae5515ce30d0341ef7785cc4380266d4c94) --- source3/rpc_server/srv_pipe_hnd.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index c63390c35f..4c71433c2a 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -109,7 +109,6 @@ BOOL pipe_init_outgoing_data(output_data *o_data) static void attempt_remote_rpc_connect(pipes_struct *p) { struct user_creds usr; - struct msrpc_state *m; user_struct *vuser = get_valid_user_struct(p->vuid); p->m = NULL; -- cgit From 5e22394654eba2ed5d01e81b165a044a59dd65ab Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 10 Mar 2000 19:50:03 +0000 Subject: Fixups for compiles with gcc flags -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual Partially implemented rpc daemon redirect (needs more work). Jeremy. (This used to be commit a462191698fa589ceac4afd14c652adf699eccad) --- source3/rpc_server/srv_pipe_hnd.c | 148 +++++++++++++++++++++++++++++--------- 1 file changed, 115 insertions(+), 33 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 4c71433c2a..fdee90e8ae 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -77,8 +77,12 @@ void init_rpc_pipe_hnd(void) Initialise an outgoing packet. ****************************************************************************/ -BOOL pipe_init_outgoing_data(output_data *o_data) +static BOOL pipe_init_outgoing_data(output_data *o_data, uint32 len) { + /* Reset the offset counters. */ + o_data->data_sent_length = 0; + o_data->current_pdu_len = 0; + o_data->current_pdu_sent = 0; memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu)); @@ -89,21 +93,16 @@ BOOL pipe_init_outgoing_data(output_data *o_data) * Initialize the outgoing RPC data buffer. * we will use this as the raw data area for replying to rpc requests. */ - if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, 4, MARSHALL)) { + if(!prs_init(&o_data->rdata, len, 4, MARSHALL)) { DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n")); return False; } - /* Reset the offset counters. */ - o_data->data_sent_length = 0; - o_data->current_pdu_len = 0; - o_data->current_pdu_sent = 0; - return True; } /**************************************************************************** - HACK !!! Attempt to find a remote process to communicate RPC's with. + Attempt to find a remote process to communicate RPC's with. ****************************************************************************/ static void attempt_remote_rpc_connect(pipes_struct *p) @@ -254,7 +253,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, fstrcpy(p->name, pipe_name); /* - * HACK !!! For Luke - attempt to connect to RPC redirect process. + * For Luke - attempt to connect to RPC redirect process. */ attempt_remote_rpc_connect(p); @@ -464,7 +463,7 @@ authentication failed. Denying the request.\n", p->name)); } if(p->hdr.flags & RPC_FLG_LAST) { - BOOL ret; + BOOL ret = False; /* * Ok - we finally have a complete RPC stream. * Call the rpc command to process it. @@ -482,7 +481,8 @@ authentication failed. Denying the request.\n", p->name)); * Process the complete data stream here. */ - ret = api_pipe_request(p); + if(pipe_init_outgoing_data(&p->out_data, MAX_PDU_FRAG_LEN)) + ret = api_pipe_request(p); /* * We have consumed the whole data stream. Set back to @@ -532,13 +532,15 @@ static ssize_t process_complete_pdu(pipes_struct *p) /* * We assume that a pipe bind is only in one pdu. */ - reply = api_pipe_bind_req(p, &rpc_in); + if(pipe_init_outgoing_data(&p->out_data, MAX_PDU_FRAG_LEN)) + reply = api_pipe_bind_req(p, &rpc_in); break; case RPC_BINDRESP: /* * We assume that a pipe bind_resp is only in one pdu. */ - reply = api_pipe_bind_auth_resp(p, &rpc_in); + if(pipe_init_outgoing_data(&p->out_data, MAX_PDU_FRAG_LEN)) + reply = api_pipe_bind_auth_resp(p, &rpc_in); break; case RPC_REQUEST: reply = process_request_pdu(p, &rpc_in); @@ -661,7 +663,14 @@ ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n) DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left )); - data_used = process_incoming_data(p, data, data_left); + /* + * Deal with the redirect to the remote RPC daemon. + */ + + if(p->m) + data_used = write(p->m->fd, data, data_left); + else + data_used = process_incoming_data(p, data, data_left); DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used )); @@ -675,9 +684,72 @@ ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n) return n; } +/**************************************************************************** + Gets data from a remote TNG daemon. Gets data from the remote daemon into + the outgoing prs_struct. + + NB. Note to Luke : This code will be broken until Luke implements a length + field before reply data... + +****************************************************************************/ + +static BOOL read_from_remote(pipes_struct *p) +{ + uint32 data_len; + uint32 data_len_left; + + if(prs_offset(&p->out_data.rdata) == 0) { + + ssize_t len = 0; + + /* + * Read all the reply data as a stream of pre-created + * PDU's from the remote deamon into the rdata struct. + */ + + /* + * Create the response data buffer. + */ + + if(!pipe_init_outgoing_data(&p->out_data, 65536)) { + DEBUG(0,("read_from_remote: failed to create outgoing buffer.\n")); + return False; + } + + /* Read from remote here. */ + if((len = read_with_timeout(p->m->fd, prs_data_p(&p->out_data.rdata), 1, 65536, 10000)) < 0) { + DEBUG(0,("read_from_remote: failed to read from external daemon.\n")); + prs_mem_free(&p->out_data.rdata); + return False; + } + + /* Set the length we got. */ + prs_set_offset(&p->out_data.rdata, (uint32)len); + } + + /* + * The amount we send is the minimum of the available + * space and the amount left to send. + */ + + data_len_left = prs_offset(&p->out_data.rdata) - p->out_data.data_sent_length; + + /* + * Ensure there really is data left to send. + */ + + if(!data_len_left) { + DEBUG(0,("read_from_remote: no data left to send !\n")); + return False; + } + + data_len = MIN(data_len_left, MAX_PDU_FRAG_LEN); + + return False; /* Notfinished... */ +} /**************************************************************************** - Replyies to a request to read data from a pipe. + Replies to a request to read data from a pipe. Headers are interspersed with the data at PDU intervals. By the time this function is called, the start of the data could possibly have been @@ -685,13 +757,12 @@ ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n) Calling create_rpc_reply() here is a hack. The data should already have been prepared into arrays of headers + data stream sections. +****************************************************************************/ - ****************************************************************************/ - -int read_from_pipe(pipes_struct *p, char *data, int n) +ssize_t read_from_pipe(pipes_struct *p, char *data, size_t n) { uint32 pdu_remaining = 0; - int data_returned = 0; + ssize_t data_returned = 0; if (!p || !p->open) { DEBUG(0,("read_from_pipe: pipe not open\n")); @@ -700,7 +771,7 @@ int read_from_pipe(pipes_struct *p, char *data, int n) DEBUG(6,("read_from_pipe: %x", p->pnum)); - DEBUG(6,(" name: %s len: %d\n", p->name, n)); + DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n)); /* * We cannot return more than one PDU length per @@ -708,8 +779,8 @@ int read_from_pipe(pipes_struct *p, char *data, int n) */ if(n > MAX_PDU_FRAG_LEN) { - DEBUG(0,("read_from_pipe: loo large read (%d) requested on pipe %s. We can \ -only service %d sized reads.\n", n, p->name, MAX_PDU_FRAG_LEN )); + DEBUG(0,("read_from_pipe: loo large read (%u) requested on pipe %s. We can \ +only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN )); return -1; } @@ -722,7 +793,7 @@ only service %d sized reads.\n", n, p->name, MAX_PDU_FRAG_LEN )); */ if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) { - data_returned = MIN(n, pdu_remaining); + data_returned = (ssize_t)MIN(n, pdu_remaining); DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \ returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, @@ -749,17 +820,28 @@ returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, return 0; } - /* - * We need to create a new PDU from the data left in p->rdata. - * Create the header/data/footers. This also sets up the fields - * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length - * and stores the outgoing PDU in p->current_pdu. - */ + if(p->m) { + /* + * Remote to the RPC daemon. + */ + if(!read_from_remote(p)) { + DEBUG(0,("read_from_pipe: %s: read_from_remote failed.\n", p->name )); + return -1; + } - if(!create_next_pdu(p)) { - DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", - p->name)); - return -1; + } else { + + /* + * We need to create a new PDU from the data left in p->rdata. + * Create the header/data/footers. This also sets up the fields + * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length + * and stores the outgoing PDU in p->current_pdu. + */ + + if(!create_next_pdu(p)) { + DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name)); + return -1; + } } data_returned = MIN(n, p->out_data.current_pdu_len); -- cgit From 15bb28ccd2aeb712c2d874912adc465d83809d60 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 31 Mar 2000 20:44:55 +0000 Subject: IRIX include fixes. Jeremy. (This used to be commit 3a39acd3535647b0f28f51eea29573d5cb1eb9be) --- source3/rpc_server/srv_pipe_hnd.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index fdee90e8ae..88b3dfbe80 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -252,11 +252,16 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, fstrcpy(p->name, pipe_name); +#if 0 + + Comment out until memory leak fixed. JRA. + /* * For Luke - attempt to connect to RPC redirect process. */ attempt_remote_rpc_connect(p); +#endif DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n", pipe_name, i, pipes_open)); -- cgit From 9e3f457db01aaa97d05b40b265d6659597a03392 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 23 Apr 2000 07:38:18 +0000 Subject: fixed a prs memory leak (weren't freeing input buffer) (This used to be commit be7186b0dd2779fc9f98b4c9f77874ef3ded37d6) --- source3/rpc_server/srv_pipe_hnd.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 88b3dfbe80..2d11c5eda5 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -916,6 +916,7 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) } prs_mem_free(&p->out_data.rdata); + prs_mem_free(&p->in_data.data); bitmap_clear(bmap, p->pnum - pipe_handle_offset); -- cgit From 693ffb8466ada58ecc59fde754ba79fc6f51528d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 2 May 2000 02:23:41 +0000 Subject: Added sys_fork() and sys_getpid() functions to stop the overhead of doing a system call every time we want to just get our pid. Jeremy. (This used to be commit 148628b616b5c29ba6340d65fc3ddbcabba6e67a) --- source3/rpc_server/srv_pipe_hnd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 2d11c5eda5..7110342383 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -144,7 +144,7 @@ static void attempt_remote_rpc_connect(pipes_struct *p) */ become_root(False); /* to connect to pipe */ - p->m = msrpc_use_add(p->name, getpid(), &usr, False); + p->m = msrpc_use_add(p->name, sys_getpid(), &usr, False); unbecome_root(False); if (p->m == NULL) @@ -170,7 +170,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, log files and prevents client bugs where pipe numbers are reused over connection restarts */ if (next_pipe == 0) - next_pipe = (getpid() ^ time(NULL)) % MAX_OPEN_PIPES; + next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES; i = bitmap_find(bmap, next_pipe); -- cgit From 32d5416b6a777a7874fec8518ec44e750560d882 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 2 May 2000 13:55:42 +0000 Subject: split the username in the vuser structure into a separate userdom_struct. As the name implies this also contains a domain (unused at the moment). This will be important shortly, as operation in appliance mode needs the domain to be always carried with the username. (This used to be commit ee8546342d5be90e730372b985710d764564b124) --- source3/rpc_server/srv_pipe_hnd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 7110342383..35fb0423a5 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -120,8 +120,8 @@ static void attempt_remote_rpc_connect(pipes_struct *p) ZERO_STRUCT(usr); /* set up unix credentials from the smb side, to feed over the pipe */ - make_creds_unix(&usr.uxc, vuser->name, vuser->requested_name, - vuser->real_name, vuser->guest); + make_creds_unix(&usr.uxc, vuser->user.unix_name, vuser->user.smb_name, + vuser->user.real_name, vuser->guest); usr.ptr_uxc = 1; make_creds_unix_sec(&usr.uxs, vuser->uid, vuser->gid, vuser->n_groups, vuser->groups); -- cgit From f3a861e04e33901c89408a9c89ebaa81fc606f97 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 4 May 2000 07:59:34 +0000 Subject: - use full_name instead of real_name - got rid of guest map code in lpq parser (This used to be commit 8e53f781d3cf6a7007764916a0d8e8f1abea1f66) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 35fb0423a5..56b76d92be 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -121,7 +121,7 @@ static void attempt_remote_rpc_connect(pipes_struct *p) /* set up unix credentials from the smb side, to feed over the pipe */ make_creds_unix(&usr.uxc, vuser->user.unix_name, vuser->user.smb_name, - vuser->user.real_name, vuser->guest); + vuser->user.full_name, vuser->guest); usr.ptr_uxc = 1; make_creds_unix_sec(&usr.uxs, vuser->uid, vuser->gid, vuser->n_groups, vuser->groups); -- cgit From 045469493c2870cb1d63c964b18afc5e2210dcd5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 4 May 2000 21:57:28 +0000 Subject: rpc_server/srv_lsa.c: Bring into sync with 2.0.x. rpc_server/srv_pipe_hnd.c: Bring into sync with 2.0.x. smbd/blocking.c: Improve blocking debug reporting. utils/torture.c: Added check for NT locking bug. Jeremy. (This used to be commit e8ff6d3fb5537c39611a5784bf7216ae812acd27) --- source3/rpc_server/srv_pipe_hnd.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 56b76d92be..17ed35addd 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -77,7 +77,7 @@ void init_rpc_pipe_hnd(void) Initialise an outgoing packet. ****************************************************************************/ -static BOOL pipe_init_outgoing_data(output_data *o_data, uint32 len) +static BOOL pipe_init_outgoing_data(output_data *o_data) { /* Reset the offset counters. */ o_data->data_sent_length = 0; @@ -93,7 +93,7 @@ static BOOL pipe_init_outgoing_data(output_data *o_data, uint32 len) * Initialize the outgoing RPC data buffer. * we will use this as the raw data area for replying to rpc requests. */ - if(!prs_init(&o_data->rdata, len, 4, MARSHALL)) { + if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, 4, MARSHALL)) { DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n")); return False; } @@ -486,7 +486,7 @@ authentication failed. Denying the request.\n", p->name)); * Process the complete data stream here. */ - if(pipe_init_outgoing_data(&p->out_data, MAX_PDU_FRAG_LEN)) + if(pipe_init_outgoing_data(&p->out_data)) ret = api_pipe_request(p); /* @@ -537,14 +537,14 @@ static ssize_t process_complete_pdu(pipes_struct *p) /* * We assume that a pipe bind is only in one pdu. */ - if(pipe_init_outgoing_data(&p->out_data, MAX_PDU_FRAG_LEN)) + if(pipe_init_outgoing_data(&p->out_data)) reply = api_pipe_bind_req(p, &rpc_in); break; case RPC_BINDRESP: /* * We assume that a pipe bind_resp is only in one pdu. */ - if(pipe_init_outgoing_data(&p->out_data, MAX_PDU_FRAG_LEN)) + if(pipe_init_outgoing_data(&p->out_data)) reply = api_pipe_bind_auth_resp(p, &rpc_in); break; case RPC_REQUEST: @@ -716,7 +716,7 @@ static BOOL read_from_remote(pipes_struct *p) * Create the response data buffer. */ - if(!pipe_init_outgoing_data(&p->out_data, 65536)) { + if(!pipe_init_outgoing_data(&p->out_data)) { DEBUG(0,("read_from_remote: failed to create outgoing buffer.\n")); return False; } -- cgit From 49a0e6d5989656c1b3c9c063a20308ca4ee5d73b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 10 May 2000 10:41:59 +0000 Subject: more merging voodoo this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic - this isn't permanent, it should go after another few merge steps have been done (This used to be commit 92109d7b3c06f240452d39f669ecb8c9c86ab610) --- source3/rpc_server/srv_pipe_hnd.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 17ed35addd..f19aed1886 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1,3 +1,4 @@ +#define OLD_NTDOMAIN 1 /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -979,3 +980,5 @@ pipes_struct *get_rpc_pipe(int pnum) return NULL; } + +#undef OLD_NTDOMAIN -- cgit From 819c15449882a0c08689a4565bf0b31f756f05bd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 17 May 2000 19:17:16 +0000 Subject: Fixed bug I introduced last night (sorry). Now truncate incoming prs_struct buffer size to exact size of incoming data to prevent read overruns into slop space. Jeremy. (This used to be commit aa1a4f46da9584240cd6cee6fb652aa73e77015c) --- source3/rpc_server/srv_pipe_hnd.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index f19aed1886..a349da839a 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -475,6 +475,13 @@ authentication failed. Denying the request.\n", p->name)); * Call the rpc command to process it. */ + /* + * Ensure the internal prs buffer size is *exactly* the same + * size as the current offset. + */ + + prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)); + /* * Set the parse offset to the start of the data and set the * prs_struct to UNMARSHALL. -- cgit From f3c44fba111392a7680e489330f3f69aedbff13d Mon Sep 17 00:00:00 2001 From: Shirish Kalele Date: Fri, 26 May 2000 22:37:08 +0000 Subject: Fixed memory leak in RPC parsing code. Problem in prs_set_buffer_size() was Realloc returns a NULL when newsize is zero (equivalent to a free()). We were returning a failure here without resetting the buffer_size or the data_p pointer in the prs_struct. And we weren't checking for a failure from prs_set_buffer_size(). So realloc's to zero size were not reflected in the prs_struct: memory leak. (This used to be commit 590d9ece8449b1feecfe1aa13e61bcd8fea4e5bf) --- source3/rpc_server/srv_pipe_hnd.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index a349da839a..e01ecf82a2 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -480,7 +480,12 @@ authentication failed. Denying the request.\n", p->name)); * size as the current offset. */ - prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)); + if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data))) + { + DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n")); + set_incoming_fault(p); + return False; + } /* * Set the parse offset to the start of the data and set the -- cgit From 218653764f55b5fe16ffbda93d415a1495460956 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 23 Jun 2000 05:53:18 +0000 Subject: Removed save directory argument to become_root() calls. Probably most of this stuff doesn't need to be done as root anyway. (This used to be commit c3cad0ff6482784f95fd54ba51ee5be2354bb95d) --- source3/rpc_server/srv_pipe_hnd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index e01ecf82a2..b11c76b75d 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -144,9 +144,9 @@ static void attempt_remote_rpc_connect(pipes_struct *p) make_creds_nt_sec(&usr.nts); */ - become_root(False); /* to connect to pipe */ + become_root(); /* to connect to pipe */ p->m = msrpc_use_add(p->name, sys_getpid(), &usr, False); - unbecome_root(False); + unbecome_root(); if (p->m == NULL) DEBUG(10,("attempt_remote_rpc_connect: msrpc redirect failed - using local implementation.\n")); -- cgit From f048209484b10ed397c55864ca9ee29789f4e372 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 3 Jul 2000 06:52:31 +0000 Subject: Some more sec_ctx changes. Modified some fields in the pipe_struct structure so authenticated pipe users can have their unix groups set when become_authenticated_pipe_user() is called. (This used to be commit 55c9bf124dc661df43bfe582ef14b1297aeaf0fa) --- source3/rpc_server/srv_pipe_hnd.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index b11c76b75d..faba41b925 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -106,6 +106,8 @@ static BOOL pipe_init_outgoing_data(output_data *o_data) Attempt to find a remote process to communicate RPC's with. ****************************************************************************/ +#if 0 + static void attempt_remote_rpc_connect(pipes_struct *p) { struct user_creds usr; @@ -152,6 +154,8 @@ static void attempt_remote_rpc_connect(pipes_struct *p) DEBUG(10,("attempt_remote_rpc_connect: msrpc redirect failed - using local implementation.\n")); } +#endif + /**************************************************************************** Find first available pipe slot. ****************************************************************************/ @@ -248,8 +252,10 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, */ prs_init(&p->out_data.rdata, 0, 4, MARSHALL); - p->uid = (uid_t)-1; - p->gid = (gid_t)-1; + ZERO_STRUCT(p->pipe_user); + + p->pipe_user.uid = (uid_t)-1; + p->pipe_user.gid = (gid_t)-1; fstrcpy(p->name, pipe_name); -- cgit From 5ec1642809d9de83da8c88c65d6595c6eb0270f5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 27 Jul 2000 00:47:19 +0000 Subject: Ok - this is a *BIG* change - but it fixes the problems with static strings in the RPC code. This change was prompted by trying to save a long (>256) character comment in the printer properties page. The new system associates a TALLOC_CTX with the pipe struct, and frees the pool on return of a complete PDU. A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx code, and is freed in the main loop. This code works with insure, and seems to be free of memory leaks and crashes (so far) but there are probably the occasional problem with code that uses UNISTRxx structs on the stack and expects them to contain storage without doing a init_unistrXX(). This means that rpcclient will probably be horribly broken. A TALLOC_CTX also needed associating with the struct cli_state also, to make the prs_xx code there work. The main interface change is the addition of a TALLOC_CTX to the prs_init calls - used for dynamic allocation in the prs_XXX calls. Now this is in place it should make dynamic allocation of all RPC memory on unmarshall *much* easier to fix. Jeremy. (This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4) --- source3/rpc_server/srv_pipe_hnd.c | 210 +++++++++----------------------------- 1 file changed, 46 insertions(+), 164 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index faba41b925..e51bc5ae4d 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -78,8 +78,10 @@ void init_rpc_pipe_hnd(void) Initialise an outgoing packet. ****************************************************************************/ -static BOOL pipe_init_outgoing_data(output_data *o_data) +static BOOL pipe_init_outgoing_data(pipes_struct *p) { + output_data *o_data = &p->out_data; + /* Reset the offset counters. */ o_data->data_sent_length = 0; o_data->current_pdu_len = 0; @@ -94,7 +96,7 @@ static BOOL pipe_init_outgoing_data(output_data *o_data) * Initialize the outgoing RPC data buffer. * we will use this as the raw data area for replying to rpc requests. */ - if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, 4, MARSHALL)) { + if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, 4, p->mem_ctx, MARSHALL)) { DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n")); return False; } @@ -102,60 +104,6 @@ static BOOL pipe_init_outgoing_data(output_data *o_data) return True; } -/**************************************************************************** - Attempt to find a remote process to communicate RPC's with. -****************************************************************************/ - -#if 0 - -static void attempt_remote_rpc_connect(pipes_struct *p) -{ - struct user_creds usr; - user_struct *vuser = get_valid_user_struct(p->vuid); - - p->m = NULL; - - if (vuser == NULL) { - DEBUG(4,("attempt_remote_rpc_connect: invalid vuid %d\n", (int)p->vuid)); - return; - } - - ZERO_STRUCT(usr); - - /* set up unix credentials from the smb side, to feed over the pipe */ - make_creds_unix(&usr.uxc, vuser->user.unix_name, vuser->user.smb_name, - vuser->user.full_name, vuser->guest); - usr.ptr_uxc = 1; - make_creds_unix_sec(&usr.uxs, vuser->uid, vuser->gid, - vuser->n_groups, vuser->groups); - usr.ptr_uxs = 1; - - usr.ptr_ssk = 1; - DEBUG(10,("user session key not available (yet).\n")); - DEBUG(10,("password-change operations may fail.\n")); - -#if USER_SESSION_KEY_DEFINED_IN_VUSER_STRUCT - memcpy(usr.usr_sess_key, vuser->usr_sess_key, sizeof(usr.usr_sess_key)); -#else - memset(usr.usr_sess_key, 0, sizeof(usr.usr_sess_key)); -#endif - - /* set up nt credentials from the smb side, to feed over the pipe */ - /* lkclXXXX todo! - make_creds_nt(&usr.ntc); - make_creds_nt_sec(&usr.nts); - */ - - become_root(); /* to connect to pipe */ - p->m = msrpc_use_add(p->name, sys_getpid(), &usr, False); - unbecome_root(); - - if (p->m == NULL) - DEBUG(10,("attempt_remote_rpc_connect: msrpc redirect failed - using local implementation.\n")); -} - -#endif - /**************************************************************************** Find first available pipe slot. ****************************************************************************/ @@ -196,6 +144,12 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, ZERO_STRUCTP(p); + if ((p->mem_ctx = talloc_init()) == NULL) { + DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n")); + free(p); + return NULL; + } + DLIST_ADD(Pipes, p); /* @@ -205,7 +159,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, * change the type to UNMARSALLING before processing the stream. */ - if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, 4, MARSHALL)) { + if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, 4, p->mem_ctx, MARSHALL)) { DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n")); return NULL; } @@ -250,7 +204,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, /* * Initialize the outgoing RPC data buffer with no memory. */ - prs_init(&p->out_data.rdata, 0, 4, MARSHALL); + prs_init(&p->out_data.rdata, 0, 4, p->mem_ctx, MARSHALL); ZERO_STRUCT(p->pipe_user); @@ -332,7 +286,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) return -1; } - prs_init( &rpc_in, 0, 4, UNMARSHALL); + prs_init( &rpc_in, 0, 4, p->mem_ctx, UNMARSHALL); prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0], p->in_data.pdu_received_len, False); @@ -344,6 +298,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) { DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n")); set_incoming_fault(p); + prs_mem_free(&rpc_in); return -1; } @@ -354,6 +309,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) if(p->hdr.major != 5 && p->hdr.minor != 0) { DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n")); set_incoming_fault(p); + prs_mem_free(&rpc_in); return -1; } @@ -366,6 +322,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) if((p->hdr.pkt_type == RPC_REQUEST) && (prs_offset(&p->in_data.data) == 0) && !(p->hdr.flags & RPC_FLG_FIRST)) { DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n")); set_incoming_fault(p); + prs_mem_free(&rpc_in); return -1; } @@ -376,6 +333,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) { DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n")); set_incoming_fault(p); + prs_mem_free(&rpc_in); return -1; } @@ -394,6 +352,8 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN); + prs_mem_free(&rpc_in); + return 0; /* No extra data processed. */ } @@ -505,7 +465,7 @@ authentication failed. Denying the request.\n", p->name)); * Process the complete data stream here. */ - if(pipe_init_outgoing_data(&p->out_data)) + if(pipe_init_outgoing_data(p)) ret = api_pipe_request(p); /* @@ -536,6 +496,14 @@ static ssize_t process_complete_pdu(pipes_struct *p) char *data_p = (char *)&p->in_data.current_in_pdu[0]; BOOL reply = False; + if (p->mem_ctx) { + talloc_destroy_pool(p->mem_ctx); + } else { + p->mem_ctx = talloc_init(); + if (p->mem_ctx == NULL) + p->fault_state = True; + } + if(p->fault_state) { DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n", p->name )); @@ -544,7 +512,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) return (ssize_t)data_len; } - prs_init( &rpc_in, 0, 4, UNMARSHALL); + prs_init( &rpc_in, 0, 4, p->mem_ctx, UNMARSHALL); prs_give_memory( &rpc_in, data_p, (uint32)data_len, False); DEBUG(10,("process_complete_pdu: processing packet type %u\n", @@ -556,14 +524,14 @@ static ssize_t process_complete_pdu(pipes_struct *p) /* * We assume that a pipe bind is only in one pdu. */ - if(pipe_init_outgoing_data(&p->out_data)) + if(pipe_init_outgoing_data(p)) reply = api_pipe_bind_req(p, &rpc_in); break; case RPC_BINDRESP: /* * We assume that a pipe bind_resp is only in one pdu. */ - if(pipe_init_outgoing_data(&p->out_data)) + if(pipe_init_outgoing_data(p)) reply = api_pipe_bind_auth_resp(p, &rpc_in); break; case RPC_REQUEST: @@ -578,6 +546,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name)); set_incoming_fault(p); setup_fault_pdu(p); + prs_mem_free(&rpc_in); } else { /* * Reset the lengths. We're ready for a new pdu. @@ -586,6 +555,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) p->in_data.pdu_received_len = 0; } + prs_mem_free(&rpc_in); return (ssize_t)data_len; } @@ -687,14 +657,7 @@ ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n) DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left )); - /* - * Deal with the redirect to the remote RPC daemon. - */ - - if(p->m) - data_used = write(p->m->fd, data, data_left); - else - data_used = process_incoming_data(p, data, data_left); + data_used = process_incoming_data(p, data, data_left); DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used )); @@ -708,70 +671,6 @@ ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n) return n; } -/**************************************************************************** - Gets data from a remote TNG daemon. Gets data from the remote daemon into - the outgoing prs_struct. - - NB. Note to Luke : This code will be broken until Luke implements a length - field before reply data... - -****************************************************************************/ - -static BOOL read_from_remote(pipes_struct *p) -{ - uint32 data_len; - uint32 data_len_left; - - if(prs_offset(&p->out_data.rdata) == 0) { - - ssize_t len = 0; - - /* - * Read all the reply data as a stream of pre-created - * PDU's from the remote deamon into the rdata struct. - */ - - /* - * Create the response data buffer. - */ - - if(!pipe_init_outgoing_data(&p->out_data)) { - DEBUG(0,("read_from_remote: failed to create outgoing buffer.\n")); - return False; - } - - /* Read from remote here. */ - if((len = read_with_timeout(p->m->fd, prs_data_p(&p->out_data.rdata), 1, 65536, 10000)) < 0) { - DEBUG(0,("read_from_remote: failed to read from external daemon.\n")); - prs_mem_free(&p->out_data.rdata); - return False; - } - - /* Set the length we got. */ - prs_set_offset(&p->out_data.rdata, (uint32)len); - } - - /* - * The amount we send is the minimum of the available - * space and the amount left to send. - */ - - data_len_left = prs_offset(&p->out_data.rdata) - p->out_data.data_sent_length; - - /* - * Ensure there really is data left to send. - */ - - if(!data_len_left) { - DEBUG(0,("read_from_remote: no data left to send !\n")); - return False; - } - - data_len = MIN(data_len_left, MAX_PDU_FRAG_LEN); - - return False; /* Notfinished... */ -} - /**************************************************************************** Replies to a request to read data from a pipe. @@ -844,28 +743,16 @@ returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, return 0; } - if(p->m) { - /* - * Remote to the RPC daemon. - */ - if(!read_from_remote(p)) { - DEBUG(0,("read_from_pipe: %s: read_from_remote failed.\n", p->name )); - return -1; - } - - } else { - - /* - * We need to create a new PDU from the data left in p->rdata. - * Create the header/data/footers. This also sets up the fields - * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length - * and stores the outgoing PDU in p->current_pdu. - */ + /* + * We need to create a new PDU from the data left in p->rdata. + * Create the header/data/footers. This also sets up the fields + * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length + * and stores the outgoing PDU in p->current_pdu. + */ - if(!create_next_pdu(p)) { - DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name)); - return -1; - } + if(!create_next_pdu(p)) { + DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name)); + return -1; } data_returned = MIN(n, p->out_data.current_pdu_len); @@ -937,18 +824,13 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) prs_mem_free(&p->out_data.rdata); prs_mem_free(&p->in_data.data); + if (p->mem_ctx) + talloc_destroy(p->mem_ctx); + bitmap_clear(bmap, p->pnum - pipe_handle_offset); pipes_open--; - if (p->m != NULL) { - DEBUG(4,("close_rpc_pipe_hnd: closing msrpc redirect: ")); - if (msrpc_use_del(p->m->pipe_name, &p->m->usr, False, NULL)) - DEBUG(4,("OK\n")); - else - DEBUG(4,("FAILED\n")); - } - DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n", p->name, p->pnum, pipes_open)); -- cgit From 7f36df301e28dc8ca0e5bfadc109d6e907d9ba2b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 1 Aug 2000 18:32:34 +0000 Subject: Tidyup removing many of the 0xC0000000 | NT_STATUS_XXX stuff (only need NT_STATUS_XXX). Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more obscure way. Jeremy. (This used to be commit c55bcec817f47d6162466b193d533c877194124a) --- source3/rpc_server/srv_pipe_hnd.c | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index e51bc5ae4d..e6aeb26d63 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -213,17 +213,6 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, fstrcpy(p->name, pipe_name); -#if 0 - - Comment out until memory leak fixed. JRA. - - /* - * For Luke - attempt to connect to RPC redirect process. - */ - - attempt_remote_rpc_connect(p); -#endif - DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n", pipe_name, i, pipes_open)); @@ -364,7 +353,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p) { - BOOL auth_verify = IS_BITS_SET_ALL(p->ntlmssp_chal_flags, NTLMSSP_NEGOTIATE_SIGN); + BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0); size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN - (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len; -- cgit From 06e4f11acd3aedd6c8e4adf365932a01eca902b8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 4 Aug 2000 00:59:09 +0000 Subject: Fixed up the user/group contexts when using authenticated pipes. Added a become_root()/unbecome_root() (push/pop security context) around the initgroups() call to ensure it would succeed. Hmmm - I wonder if this call being done as non-root might explain any "group access" bugs we've had in the past.... Jeremy. (This used to be commit 06a65972e872f37d88b84f22ea714feebd38f6c0) --- source3/rpc_server/srv_pipe_hnd.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index e6aeb26d63..b8ee235185 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -825,6 +825,9 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) DLIST_REMOVE(Pipes, p); + delete_nt_token(&p->pipe_user.nt_user_token); + safe_free(p->pipe_user.groups); + ZERO_STRUCTP(p); free(p); -- cgit From 5265ce7837a185977f71bcb39a41b57492e24964 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 27 Feb 2001 19:22:02 +0000 Subject: Added total memory allocated counter to talloc, so we can tell if a talloc pool is getting bloated. Also added a talloc_zero function to return zeroed memory. Added debug in rpc_server/srv_pipe_hnd.c so we know when a talloc pool is being freed. Syncup with srv_pipe_hnd.c from 2.2 so we are freeing memory at the same time. Jeremy. (This used to be commit d3a56c6042acf037bbd53de88d7636a5803ead20) --- source3/rpc_server/srv_pipe_hnd.c | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index b8ee235185..3b60c78ade 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -485,14 +485,6 @@ static ssize_t process_complete_pdu(pipes_struct *p) char *data_p = (char *)&p->in_data.current_in_pdu[0]; BOOL reply = False; - if (p->mem_ctx) { - talloc_destroy_pool(p->mem_ctx); - } else { - p->mem_ctx = talloc_init(); - if (p->mem_ctx == NULL) - p->fault_state = True; - } - if(p->fault_state) { DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n", p->name )); @@ -713,7 +705,7 @@ returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned); p->out_data.current_pdu_sent += (uint32)data_returned; - return data_returned; + goto out; } /* @@ -727,9 +719,10 @@ returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) { /* - * We have sent all possible data. Return 0. + * We have sent all possible data, return 0. */ - return 0; + data_returned = 0; + goto out; } /* @@ -748,6 +741,26 @@ returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, memcpy( data, p->out_data.current_pdu, (size_t)data_returned); p->out_data.current_pdu_sent += (uint32)data_returned; + + out: + + if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) { + /* + * We have copied all possible data into the current_pdu. This RPC is finished. + * Reset the talloc context to free any allocated data from this RPC. + */ + + if (p->mem_ctx) { + DEBUG(3,("read_from_pipe: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) )); + talloc_destroy_pool(p->mem_ctx); + } else { + p->mem_ctx = talloc_init(); + if (p->mem_ctx == NULL) + p->fault_state = True; + } + + } + return data_returned; } @@ -872,5 +885,4 @@ pipes_struct *get_rpc_pipe(int pnum) return NULL; } - #undef OLD_NTDOMAIN -- cgit From 93169a1f34f180f8a469a25532792f23e55e6966 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 3 Mar 2001 05:27:26 +0000 Subject: Roll back to using malloc/realloc on some of spoolss in head. I'm having problems with talloc_realloc in the 2.2 branch and I want a stable reference. The only problem is this breaks the clean auto-generated code in *one* call in srv_spoolss.c (the rfnpcnex call). Jeremy. (This used to be commit 57a9340cbafa40f3a41e6c676c6f2477855fd799) --- source3/rpc_server/srv_pipe_hnd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 3b60c78ade..eb369f22b4 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -397,10 +397,10 @@ authentication failed. Denying the request.\n", p->name)); } /* - * Check the data length doesn't go over the 1Mb limit. + * Check the data length doesn't go over the 10Mb limit. */ - if(prs_data_size(&p->in_data.data) + data_len > 1024*1024) { + if(prs_data_size(&p->in_data.data) + data_len > 10*1024*1024) { DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n", (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len )); set_incoming_fault(p); -- cgit From 00ab9021b0cc5fe2667d383eb9cc2973072cdaaa Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 9 Mar 2001 23:48:58 +0000 Subject: Serious (and I *mean* serious) attempt to fix little/bigendian RPC issues. We were reading the endainness in the RPC header and then never propagating it to the internal parse_structs used to parse the data. Also removed the "align" argument to prs_init as it was *always* set to 4, and if needed can be set differently on a case by case basis. Now ready for AS/U testing when Herb gets it set up :-). Jeremy. (This used to be commit 0cd37c831d79a12a10e479bf4fa89ffe64c1292a) --- source3/rpc_server/srv_pipe_hnd.c | 62 +++++++++++++++++++++++++++++++-------- 1 file changed, 49 insertions(+), 13 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index eb369f22b4..5545071913 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -96,7 +96,7 @@ static BOOL pipe_init_outgoing_data(pipes_struct *p) * Initialize the outgoing RPC data buffer. * we will use this as the raw data area for replying to rpc requests. */ - if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, 4, p->mem_ctx, MARSHALL)) { + if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) { DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n")); return False; } @@ -159,7 +159,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, * change the type to UNMARSALLING before processing the stream. */ - if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, 4, p->mem_ctx, MARSHALL)) { + if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) { DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n")); return NULL; } @@ -185,6 +185,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p->pipe_bound = False; p->fault_state = False; + p->endian = RPC_LITTLE_ENDIAN; /* * Initialize the incoming RPC struct. @@ -204,7 +205,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, /* * Initialize the outgoing RPC data buffer with no memory. */ - prs_init(&p->out_data.rdata, 0, 4, p->mem_ctx, MARSHALL); + prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL); ZERO_STRUCT(p->pipe_user); @@ -275,13 +276,16 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) return -1; } - prs_init( &rpc_in, 0, 4, p->mem_ctx, UNMARSHALL); + prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL); + prs_set_endian_data( &rpc_in, p->endian); + prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0], p->in_data.pdu_received_len, False); /* * Unmarshall the header as this will tell us how much * data we need to read to get the complete pdu. + * This also sets the endian flag in rpc_in. */ if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) { @@ -303,16 +307,45 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) } /* - * If there is no data in the incoming buffer and it's a requst pdu then - * ensure that the FIRST flag is set. If not then we have - * a stream missmatch. + * If there's not data in the incoming buffer and it's a + * request PDU this should be the start of a new RPC. */ - if((p->hdr.pkt_type == RPC_REQUEST) && (prs_offset(&p->in_data.data) == 0) && !(p->hdr.flags & RPC_FLG_FIRST)) { - DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n")); - set_incoming_fault(p); - prs_mem_free(&rpc_in); - return -1; + if((p->hdr.pkt_type == RPC_REQUEST) && (prs_offset(&p->in_data.data) == 0)) { + + if (!(p->hdr.flags & RPC_FLG_FIRST)) { + /* + * Ensure that the FIRST flag is set. If not then we have + * a stream missmatch. + */ + + DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n")); + set_incoming_fault(p); + prs_mem_free(&rpc_in); + return -1; + } + + /* + * If this is the first PDU then set the endianness + * flag in the pipe. We will need this when parsing all + * data in this RPC. + */ + + p->endian = rpc_in.bigendian_data; + + } else { + + /* + * If this is *NOT* the first PDU then check the endianness + * flag in the pipe is the same as that in the PDU. + */ + + if (p->endian != rpc_in.bigendian_data) { + DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag different in next PDU !\n")); + set_incoming_fault(p); + prs_mem_free(&rpc_in); + return -1; + } } /* @@ -493,7 +526,10 @@ static ssize_t process_complete_pdu(pipes_struct *p) return (ssize_t)data_len; } - prs_init( &rpc_in, 0, 4, p->mem_ctx, UNMARSHALL); + prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL); + /* Ensure we're using the corrent endianness. */ + prs_set_endian_data( &rpc_in, p->endian); + prs_give_memory( &rpc_in, data_p, (uint32)data_len, False); DEBUG(10,("process_complete_pdu: processing packet type %u\n", -- cgit From da3053048c3d224a20d6383ac6682d31059cd46c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sun, 11 Mar 2001 00:32:10 +0000 Subject: Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMR RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549) --- source3/rpc_server/srv_pipe_hnd.c | 61 ++++++++++++++++++++++++++------------- 1 file changed, 41 insertions(+), 20 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 5545071913..cd072122f3 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1,4 +1,3 @@ -#define OLD_NTDOMAIN 1 /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -40,6 +39,20 @@ static int pipes_open; static pipes_struct *Pipes; static struct bitmap *bmap; +/**************************************************************************** + Pipe iterator functions. +****************************************************************************/ + +pipes_struct *get_first_pipe(void) +{ + return Pipes; +} + +pipes_struct *get_next_pipe(pipes_struct *p) +{ + return p->next; +} + /* this must be larger than the sum of the open files and directories */ static int pipe_handle_offset; @@ -135,7 +148,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, next_pipe = (i+1) % MAX_OPEN_PIPES; for (p = Pipes; p; p = p->next) - DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum)); + DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum)); p = (pipes_struct *)malloc(sizeof(*p)); @@ -150,6 +163,8 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, return NULL; } + init_pipe_handles(p); + DLIST_ADD(Pipes, p); /* @@ -379,6 +394,23 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) return 0; /* No extra data processed. */ } +/**************************************************************************** + Call this to free any talloc'ed memory. Do this before and after processing + a complete PDU. +****************************************************************************/ + +void free_pipe_context(pipes_struct *p) +{ + if (p->mem_ctx) { + DEBUG(3,("free_pipe_context: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) )); + talloc_destroy_pool(p->mem_ctx); + } else { + p->mem_ctx = talloc_init(); + if (p->mem_ctx == NULL) + p->fault_state = True; + } +} + /**************************************************************************** Processes a request pdu. This will do auth processing if needed, and appends the data into the complete stream if the LAST flag is not set. @@ -487,9 +519,13 @@ authentication failed. Denying the request.\n", p->name)); * Process the complete data stream here. */ + free_pipe_context(p); + if(pipe_init_outgoing_data(p)) ret = api_pipe_request(p); + free_pipe_context(p); + /* * We have consumed the whole data stream. Set back to * marshalling and set the offset back to the start of @@ -780,23 +816,6 @@ returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, out: - if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) { - /* - * We have copied all possible data into the current_pdu. This RPC is finished. - * Reset the talloc context to free any allocated data from this RPC. - */ - - if (p->mem_ctx) { - DEBUG(3,("read_from_pipe: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) )); - talloc_destroy_pool(p->mem_ctx); - } else { - p->mem_ctx = talloc_init(); - if (p->mem_ctx == NULL) - p->fault_state = True; - } - - } - return data_returned; } @@ -865,6 +884,9 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) if (p->mem_ctx) talloc_destroy(p->mem_ctx); + /* Free the handles database. */ + close_policy_by_pipe(p); + bitmap_clear(bmap, p->pnum - pipe_handle_offset); pipes_open--; @@ -921,4 +943,3 @@ pipes_struct *get_rpc_pipe(int pnum) return NULL; } -#undef OLD_NTDOMAIN -- cgit From b2bc2bfaf056bdafd14513a0a6d1daef3d327ffc Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sun, 11 Mar 2001 04:33:05 +0000 Subject: Ensure we're checking for the "FIRST" flag in other types of PDU than "REQUEST" (ie. BIND, BINDRESP and ALTERCONTEXT) - if we don't do this then we don't set the endianness flag correctly for these PDU's. Herb - this should fix the bug you reported to me today. Jeremy. (This used to be commit dde795154cdc33cb8d6f0dfe9ae2712f7f8be3a7) --- source3/rpc_server/srv_pipe_hnd.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index cd072122f3..8846761316 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -322,11 +322,10 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) } /* - * If there's not data in the incoming buffer and it's a - * request PDU this should be the start of a new RPC. + * If there's not data in the incoming buffer this should be the start of a new RPC. */ - if((p->hdr.pkt_type == RPC_REQUEST) && (prs_offset(&p->in_data.data) == 0)) { + if(prs_offset(&p->in_data.data) == 0) { if (!(p->hdr.flags & RPC_FLG_FIRST)) { /* @@ -348,6 +347,9 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) p->endian = rpc_in.bigendian_data; + DEBUG(5,("unmarshall_rpc_header: using %sendian RPC\n", + p->endian == RPC_LITTLE_ENDIAN ? "little-" : "big-" )); + } else { /* @@ -356,7 +358,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) */ if (p->endian != rpc_in.bigendian_data) { - DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag different in next PDU !\n")); + DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag (%d) different in next PDU !\n", (int)p->endian)); set_incoming_fault(p); prs_mem_free(&rpc_in); return -1; -- cgit From 7c99297ea1c090c8c3ecd9c9669a36dab0bfdc36 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 12 Mar 2001 16:43:01 +0000 Subject: Looks like AS/U doesn't set the FIRST flag in a BIND packet. Jeremy. (This used to be commit a8df5e04b5bc22aa4324e3b1b5dd78bf0e1c566f) --- source3/rpc_server/srv_pipe_hnd.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 8846761316..3049c3adb9 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -327,7 +327,11 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) if(prs_offset(&p->in_data.data) == 0) { - if (!(p->hdr.flags & RPC_FLG_FIRST)) { + /* + * AS/U doesn't set FIRST flag in a BIND packet it seems. + */ + + if ((p->hdr.pkt_type == RPC_REQUEST) && !(p->hdr.flags & RPC_FLG_FIRST)) { /* * Ensure that the FIRST flag is set. If not then we have * a stream missmatch. -- cgit From 5107a7a96acf1949f5ae0cdc49e9c84570f3482a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 12 Mar 2001 20:19:31 +0000 Subject: Ok - we're now sending back policy handles to bigendian AS/U correctly. Jeremy. (This used to be commit 67e09aea47b73e5a72aae638a58b56f2ef67f8af) --- source3/rpc_server/srv_pipe_hnd.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 3049c3adb9..ed1f9d36db 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -569,8 +569,14 @@ static ssize_t process_complete_pdu(pipes_struct *p) } prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL); - /* Ensure we're using the corrent endianness. */ + + /* + * Ensure we're using the corrent endianness for both the + * RPC header flags and the raw data we will be reading from. + */ + prs_set_endian_data( &rpc_in, p->endian); + prs_set_endian_data( &p->in_data.data, p->endian); prs_give_memory( &rpc_in, data_p, (uint32)data_len, False); @@ -601,6 +607,9 @@ static ssize_t process_complete_pdu(pipes_struct *p) break; } + /* Reset to little endian. Probably don't need this but it won't hurt. */ + prs_set_endian_data( &p->in_data.data, RPC_LITTLE_ENDIAN); + if (!reply) { DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name)); set_incoming_fault(p); -- cgit From e532d96a26055d23450bfb3e9c28e0179ee9f2d2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 13 Mar 2001 20:18:45 +0000 Subject: Move to a handle database per pipe name, not per pipe. Jeremy. (This used to be commit a24b248a77ccac364832ff7d4df083d437caf9ed) --- source3/rpc_server/srv_pipe_hnd.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index ed1f9d36db..893bc8cb88 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -163,7 +163,13 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, return NULL; } - init_pipe_handles(p); + if (!init_pipe_handle_list(p, pipe_name)) { + DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n")); + talloc_destroy(p->mem_ctx); + free(p); + return NULL; + } + DLIST_ADD(Pipes, p); -- cgit From c912d04389e9bd38ac4e5ef8b29fae1faaf86e7b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 18 May 2001 01:30:21 +0000 Subject: Fix the W2KSP2 joining a Samba domain problem. Jeremy. (This used to be commit 6bbcab5e48f91a80d4ebcbd2bee38f2e0a8bff78) --- source3/rpc_server/srv_pipe_hnd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 893bc8cb88..f91df7c4ef 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -570,7 +570,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n", p->name )); set_incoming_fault(p); - setup_fault_pdu(p); + setup_fault_pdu(p, 0x1c010002); return (ssize_t)data_len; } @@ -619,7 +619,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) if (!reply) { DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name)); set_incoming_fault(p); - setup_fault_pdu(p); + setup_fault_pdu(p, 0x1c010002); prs_mem_free(&rpc_in); } else { /* -- cgit From fd0f3dfd3ce44cf37b60dca550c8b4022f23cbd8 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 19 Jun 2001 06:52:45 +0000 Subject: Fixed typo in debug message. (This used to be commit d05577c33237a092bbc7ca21e68f3cef06b4ab3b) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index f91df7c4ef..baa02beb65 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -776,7 +776,7 @@ ssize_t read_from_pipe(pipes_struct *p, char *data, size_t n) */ if(n > MAX_PDU_FRAG_LEN) { - DEBUG(0,("read_from_pipe: loo large read (%u) requested on pipe %s. We can \ + DEBUG(0,("read_from_pipe: too large read (%u) requested on pipe %s. We can \ only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN )); return -1; } -- cgit From b5a5fe44cc06efc32504178eee546c647b08b595 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 23 Aug 2001 18:05:44 +0000 Subject: Fix for filers sending -1 for the maximum read request length on the LSA pipe. (This used to be commit 95307a5d3881803e57639431da967ee3872aacc4) --- source3/rpc_server/srv_pipe_hnd.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index baa02beb65..cdcdb82923 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -775,10 +775,14 @@ ssize_t read_from_pipe(pipes_struct *p, char *data, size_t n) * read request. */ + /* This condition should result in the connection being closed. + Netapp filers seem to set it to 0xffff which results in domain + authentications failing. Just ignore it so things work. */ + if(n > MAX_PDU_FRAG_LEN) { - DEBUG(0,("read_from_pipe: too large read (%u) requested on pipe %s. We can \ -only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN )); - return -1; + DEBUG(5,("read_from_pipe: too large read (%u) requested on " + "pipe %s. We can only service %d sized reads.\n", + (unsigned int)n, p->name, MAX_PDU_FRAG_LEN )); } /* -- cgit From d309035c3eac3393252031218525923871d5860c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sun, 26 Aug 2001 20:05:33 +0000 Subject: Spaces -> Tabs. Jeremy. (This used to be commit 5b665122f5a785f858f75c0a3c181ae193e2c503) --- source3/rpc_server/srv_pipe_hnd.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index cdcdb82923..3c8e44d84e 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -775,14 +775,15 @@ ssize_t read_from_pipe(pipes_struct *p, char *data, size_t n) * read request. */ - /* This condition should result in the connection being closed. - Netapp filers seem to set it to 0xffff which results in domain - authentications failing. Just ignore it so things work. */ + /* + * This condition should result in the connection being closed. + * Netapp filers seem to set it to 0xffff which results in domain + * authentications failing. Just ignore it so things work. + */ if(n > MAX_PDU_FRAG_LEN) { - DEBUG(5,("read_from_pipe: too large read (%u) requested on " - "pipe %s. We can only service %d sized reads.\n", - (unsigned int)n, p->name, MAX_PDU_FRAG_LEN )); + DEBUG(5,("read_from_pipe: too large read (%u) requested on \ +pipe %s. We can only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN )); } /* -- cgit From b031af348c7dcc8c74bf49945211c466b8eca079 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 27 Aug 2001 19:46:22 +0000 Subject: converted another bunch of stuff to NTSTATUS (This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e) --- source3/rpc_server/srv_pipe_hnd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 3c8e44d84e..0111733bb0 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -570,7 +570,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n", p->name )); set_incoming_fault(p); - setup_fault_pdu(p, 0x1c010002); + setup_fault_pdu(p, NT_STATUS(0x1c010002)); return (ssize_t)data_len; } @@ -619,7 +619,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) if (!reply) { DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name)); set_incoming_fault(p); - setup_fault_pdu(p, 0x1c010002); + setup_fault_pdu(p, NT_STATUS(0x1c010002)); prs_mem_free(&rpc_in); } else { /* -- cgit From 87945989c0383bd012be7ab8bc5920b6d03fa105 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 17 Sep 2001 10:26:23 +0000 Subject: move to SAFE_FREE() (This used to be commit 5ceecc7bef71b455ba7c4efd9928e2433dccc961) --- source3/rpc_server/srv_pipe_hnd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 0111733bb0..082d3a1263 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -159,14 +159,14 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, if ((p->mem_ctx = talloc_init()) == NULL) { DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n")); - free(p); + SAFE_FREE(p); return NULL; } if (!init_pipe_handle_list(p, pipe_name)) { DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n")); talloc_destroy(p->mem_ctx); - free(p); + SAFE_FREE(p); return NULL; } @@ -923,11 +923,11 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) DLIST_REMOVE(Pipes, p); delete_nt_token(&p->pipe_user.nt_user_token); - safe_free(p->pipe_user.groups); + SAFE_FREE(p->pipe_user.groups); ZERO_STRUCTP(p); - free(p); + SAFE_FREE(p); return True; } -- cgit From dc1fc3ee8ec2199bc73bb5d7ec711c6800f61d65 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 2 Oct 2001 04:29:50 +0000 Subject: Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header. (This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e) --- source3/rpc_server/srv_pipe_hnd.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 082d3a1263..10d0c3bcb8 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -21,14 +21,11 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ - #include "includes.h" - #define PIPE "\\PIPE\\" #define PIPELEN strlen(PIPE) -extern int DEBUGLEVEL; static pipes_struct *chain_p; static int pipes_open; -- cgit From d04824639dbc2864d2c9ad901a4b26e97c442c82 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 27 Oct 2001 07:16:48 +0000 Subject: Raise simultaneous open pipes from 64 to 1024 for large print server environments. Jeremy. (This used to be commit e5f8147d02b57198f684c6686dfa497c6732ff44) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 10d0c3bcb8..a47553dcd1 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -30,7 +30,7 @@ static pipes_struct *chain_p; static int pipes_open; #ifndef MAX_OPEN_PIPES -#define MAX_OPEN_PIPES 64 +#define MAX_OPEN_PIPES 1024 #endif static pipes_struct *Pipes; -- cgit From d876260d885ad991526544756609ea38e4867028 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 5 Nov 2001 00:02:38 +0000 Subject: Don't put a \n on the end of the arg to exit_server() (This used to be commit dfb8566220c3e90ca2b757ea124f53aed103269e) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index a47553dcd1..ddc8f3cd2d 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -81,7 +81,7 @@ void init_rpc_pipe_hnd(void) { bmap = bitmap_allocate(MAX_OPEN_PIPES); if (!bmap) - exit_server("out of memory in init_rpc_pipe_hnd\n"); + exit_server("out of memory in init_rpc_pipe_hnd"); } /**************************************************************************** -- cgit From 198612deda878fd5f33b1475154179ecac4645fd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 5 Nov 2001 07:42:55 +0000 Subject: Changed MAX_OPEN_PIPES to 2048. Jeremy. (This used to be commit 591d217ed49b6beca4a87f6b89a81f0c913003dc) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index ddc8f3cd2d..cc6415cce7 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -30,7 +30,7 @@ static pipes_struct *chain_p; static int pipes_open; #ifndef MAX_OPEN_PIPES -#define MAX_OPEN_PIPES 1024 +#define MAX_OPEN_PIPES 2048 #endif static pipes_struct *Pipes; -- cgit From bb6af711b8f9a525b74198abbe7f1c37014ca6f7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 20 Jan 2002 02:40:05 +0000 Subject: This is the current patch from Luke Leighton to add a degree of seperation betwen reading/writing the raw NamedPipe SMB packets and the matching operations inside smbd's RPC components. This patch is designed for no change in behaviour, and my tests hold that to be true. This patch does however allow for the future loadable modules interface to specify function pointers in replacement of the fixed state. The pipes_struct has been split into two peices, with smb_np_struct taking the information that should be generic to where the data ends up. Some other minor changes are made: we get another small helper function in util_sock.c and some of the original code has better failure debugs and variable use. (As per on-list comments). Andrew Bartlett (This used to be commit 8ef13cabdddf58b741886782297fb64b2fb7e489) --- source3/rpc_server/srv_pipe_hnd.c | 264 ++++++++++++++++++++++++++++++-------- 1 file changed, 207 insertions(+), 57 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index cc6415cce7..a98bcdc6bb 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -26,26 +26,58 @@ #define PIPE "\\PIPE\\" #define PIPELEN strlen(PIPE) -static pipes_struct *chain_p; +static smb_np_struct *chain_p; static int pipes_open; #ifndef MAX_OPEN_PIPES #define MAX_OPEN_PIPES 2048 #endif -static pipes_struct *Pipes; +static smb_np_struct *Pipes; +static pipes_struct *InternalPipes; static struct bitmap *bmap; +/* TODO + * the following prototypes are declared here to avoid + * code being moved about too much for a patch to be + * disrupted / less obvious. + * + * these functions, and associated functions that they + * call, should be moved behind a .so module-loading + * system _anyway_. so that's the next step... + */ + +static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n, + BOOL *is_data_outstanding); +static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n); +static BOOL close_internal_rpc_pipe_hnd(void *np_conn); +static void *make_internal_rpc_pipe_p(char *pipe_name, + connection_struct *conn, uint16 vuid); + /**************************************************************************** Pipe iterator functions. ****************************************************************************/ -pipes_struct *get_first_pipe(void) +smb_np_struct *get_first_pipe(void) { return Pipes; } -pipes_struct *get_next_pipe(pipes_struct *p) +smb_np_struct *get_next_pipe(smb_np_struct *p) +{ + return p->next; +} + +/**************************************************************************** + Internal Pipe iterator functions. +****************************************************************************/ + +pipes_struct *get_first_internal_pipe(void) +{ + return InternalPipes; +} + +pipes_struct *get_next_internal_pipe(pipes_struct *p) { return p->next; } @@ -118,11 +150,11 @@ static BOOL pipe_init_outgoing_data(pipes_struct *p) Find first available pipe slot. ****************************************************************************/ -pipes_struct *open_rpc_pipe_p(char *pipe_name, +smb_np_struct *open_rpc_pipe_p(char *pipe_name, connection_struct *conn, uint16 vuid) { int i; - pipes_struct *p; + smb_np_struct *p, *p_it; static int next_pipe; DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n", @@ -147,22 +179,28 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, for (p = Pipes; p; p = p->next) DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum)); - p = (pipes_struct *)malloc(sizeof(*p)); + p = (smb_np_struct *)malloc(sizeof(*p)); if (!p) + { + DEBUG(0,("ERROR! no memory for pipes_struct!\n")); return NULL; + } ZERO_STRUCTP(p); - if ((p->mem_ctx = talloc_init()) == NULL) { - DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n")); - SAFE_FREE(p); - return NULL; - } + /* add a dso mechanism instead of this, here */ - if (!init_pipe_handle_list(p, pipe_name)) { - DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n")); - talloc_destroy(p->mem_ctx); + p->namedpipe_create = make_internal_rpc_pipe_p; + p->namedpipe_read = read_from_internal_pipe; + p->namedpipe_write = write_to_internal_pipe; + p->namedpipe_close = close_internal_rpc_pipe_hnd; + + p->np_state = p->namedpipe_create(pipe_name, conn, vuid); + + if (p->np_state == NULL) { + + DEBUG(0,("open_rpc_pipe_p: make_internal_rpc_pipe_p failed.\n")); SAFE_FREE(p); return NULL; } @@ -177,11 +215,6 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, * change the type to UNMARSALLING before processing the stream. */ - if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) { - DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n")); - return NULL; - } - bitmap_set(bmap, i); i += pipe_handle_offset; @@ -197,6 +230,71 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p->max_trans_reply = 0; + fstrcpy(p->name, pipe_name); + + DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n", + pipe_name, i, pipes_open)); + + chain_p = p; + + /* Iterate over p_it as a temp variable, to display all open pipes */ + for (p_it = Pipes; p_it; p_it = p_it->next) + DEBUG(5,("open pipes: name %s pnum=%x\n", p_it->name, p_it->pnum)); + + return chain_p; +} + +/**************************************************************************** + * make an internal namedpipes structure +****************************************************************************/ + +static void *make_internal_rpc_pipe_p(char *pipe_name, + connection_struct *conn, uint16 vuid) +{ + pipes_struct *p; + + DEBUG(4,("Create pipe requested %s\n", pipe_name)); + + p = (pipes_struct *)malloc(sizeof(*p)); + + if (!p) + { + DEBUG(0,("ERROR! no memory for pipes_struct!\n")); + return NULL; + } + + ZERO_STRUCTP(p); + + if ((p->mem_ctx = talloc_init()) == NULL) { + DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n")); + SAFE_FREE(p); + return NULL; + } + + if (!init_pipe_handle_list(p, pipe_name)) { + DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n")); + talloc_destroy(p->mem_ctx); + SAFE_FREE(p); + return NULL; + } + + /* + * Initialize the incoming RPC data buffer with one PDU worth of memory. + * We cheat here and say we're marshalling, as we intend to add incoming + * data directly into the prs_struct and we want it to auto grow. We will + * change the type to UNMARSALLING before processing the stream. + */ + + if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) { + DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n")); + return NULL; + } + + DLIST_ADD(InternalPipes, p); + + p->conn = conn; + p->vuid = vuid; + p->ntlmssp_chal_flags = 0; p->ntlmssp_auth_validated = False; p->ntlmssp_auth_requested = False; @@ -205,6 +303,11 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p->fault_state = False; p->endian = RPC_LITTLE_ENDIAN; + ZERO_STRUCT(p->pipe_user); + + p->pipe_user.uid = (uid_t)-1; + p->pipe_user.gid = (gid_t)-1; + /* * Initialize the incoming RPC struct. */ @@ -225,23 +328,12 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, */ prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL); - ZERO_STRUCT(p->pipe_user); - - p->pipe_user.uid = (uid_t)-1; - p->pipe_user.gid = (gid_t)-1; - fstrcpy(p->name, pipe_name); - DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n", - pipe_name, i, pipes_open)); - - chain_p = p; - - /* OVERWRITE p as a temp variable, to display all open pipes */ - for (p = Pipes; p; p = p->next) - DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum)); + DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n", + pipe_name, pipes_open)); - return chain_p; + return (void*)p; } /**************************************************************************** @@ -254,8 +346,8 @@ static void set_incoming_fault(pipes_struct *p) p->in_data.pdu_needed_len = 0; p->in_data.pdu_received_len = 0; p->fault_state = True; - DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : pnum = 0x%x\n", - p->name, p->pnum )); + DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : vuid = 0x%x\n", + p->name, p->vuid )); } /**************************************************************************** @@ -712,10 +804,8 @@ incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned Accepts incoming data on an rpc pipe. ****************************************************************************/ -ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n) +ssize_t write_to_pipe(smb_np_struct *p, char *data, size_t n) { - size_t data_left = n; - DEBUG(6,("write_to_pipe: %x", p->pnum)); DEBUG(6,(" name: %s open: %s len: %d\n", @@ -723,6 +813,18 @@ ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n) dump_data(50, data, n); + return p->namedpipe_write(p->np_state, data, n); +} + +/**************************************************************************** + Accepts incoming data on an internal rpc pipe. +****************************************************************************/ + +static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n) +{ + pipes_struct *p = (pipes_struct*)np_conn; + size_t data_left = n; + while(data_left) { ssize_t data_used; @@ -753,11 +855,9 @@ ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n) have been prepared into arrays of headers + data stream sections. ****************************************************************************/ -ssize_t read_from_pipe(pipes_struct *p, char *data, size_t n) +ssize_t read_from_pipe(smb_np_struct *p, char *data, size_t n, + BOOL *is_data_outstanding) { - uint32 pdu_remaining = 0; - ssize_t data_returned = 0; - if (!p || !p->open) { DEBUG(0,("read_from_pipe: pipe not open\n")); return -1; @@ -765,6 +865,32 @@ ssize_t read_from_pipe(pipes_struct *p, char *data, size_t n) DEBUG(6,("read_from_pipe: %x", p->pnum)); + return p->namedpipe_read(p->np_state, data, n, is_data_outstanding); +} + +/**************************************************************************** + Replies to a request to read data from a pipe. + + Headers are interspersed with the data at PDU intervals. By the time + this function is called, the start of the data could possibly have been + read by an SMBtrans (file_offset != 0). + + Calling create_rpc_reply() here is a hack. The data should already + have been prepared into arrays of headers + data stream sections. +****************************************************************************/ + +static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n, + BOOL *is_data_outstanding) +{ + pipes_struct *p = (pipes_struct*)np_conn; + uint32 pdu_remaining = 0; + ssize_t data_returned = 0; + + if (!p) { + DEBUG(0,("read_from_pipe: pipe not open\n")); + return -1; + } + DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n)); /* @@ -839,6 +965,7 @@ returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, out: + (*is_data_outstanding) = p->out_data.current_pdu_len > n; return data_returned; } @@ -846,7 +973,7 @@ returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, Wait device state on a pipe. Exactly what this is for is unknown... ****************************************************************************/ -BOOL wait_rpc_pipe_hnd_state(pipes_struct *p, uint16 priority) +BOOL wait_rpc_pipe_hnd_state(smb_np_struct *p, uint16 priority) { if (p == NULL) return False; @@ -870,7 +997,7 @@ BOOL wait_rpc_pipe_hnd_state(pipes_struct *p, uint16 priority) Set device state on a pipe. Exactly what this is for is unknown... ****************************************************************************/ -BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state) +BOOL set_rpc_pipe_hnd_state(smb_np_struct *p, uint16 device_state) { if (p == NULL) return False; @@ -894,21 +1021,14 @@ BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state) Close an rpc pipe. ****************************************************************************/ -BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) +BOOL close_rpc_pipe_hnd(smb_np_struct *p) { if (!p) { DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n")); return False; } - prs_mem_free(&p->out_data.rdata); - prs_mem_free(&p->in_data.data); - - if (p->mem_ctx) - talloc_destroy(p->mem_ctx); - - /* Free the handles database. */ - close_policy_by_pipe(p); + p->namedpipe_close(p->np_state); bitmap_clear(bmap, p->pnum - pipe_handle_offset); @@ -919,9 +1039,39 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) DLIST_REMOVE(Pipes, p); + ZERO_STRUCTP(p); + + SAFE_FREE(p); + + return True; +} + +/**************************************************************************** + Close an rpc pipe. +****************************************************************************/ + +static BOOL close_internal_rpc_pipe_hnd(void *np_conn) +{ + pipes_struct *p = (pipes_struct *)np_conn; + if (!p) { + DEBUG(0,("Invalid pipe in close_internal_rpc_pipe_hnd\n")); + return False; + } + + prs_mem_free(&p->out_data.rdata); + prs_mem_free(&p->in_data.data); + + if (p->mem_ctx) + talloc_destroy(p->mem_ctx); + + /* Free the handles database. */ + close_policy_by_pipe(p); + delete_nt_token(&p->pipe_user.nt_user_token); SAFE_FREE(p->pipe_user.groups); + DLIST_REMOVE(InternalPipes, p); + ZERO_STRUCTP(p); SAFE_FREE(p); @@ -933,7 +1083,7 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) Find an rpc pipe given a pipe handle in a buffer and an offset. ****************************************************************************/ -pipes_struct *get_rpc_pipe_p(char *buf, int where) +smb_np_struct *get_rpc_pipe_p(char *buf, int where) { int pnum = SVAL(buf,where); @@ -947,9 +1097,9 @@ pipes_struct *get_rpc_pipe_p(char *buf, int where) Find an rpc pipe given a pipe handle. ****************************************************************************/ -pipes_struct *get_rpc_pipe(int pnum) +smb_np_struct *get_rpc_pipe(int pnum) { - pipes_struct *p; + smb_np_struct *p; DEBUG(4,("search for pipe pnum=%x\n", pnum)); -- cgit From 32101155d4a0c80faf392f56a6baa7b91847dd99 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 20 Jan 2002 13:26:31 +0000 Subject: Kill off another ugly wart from the side of the passdb subsystem. This time its the pdb_getsampwuid() function - which was only being used by the SAMR rpc subsystem to gain a 'user session key'. This 'user session key' is actually generated at login time, and the other changes here simply move that data around. This also means that (when I check some details) we will be able to use the user session key, even when we are not actually the DC, becouse its one of the components of the info3 struct returned on logon. Andrew Bartlett (This used to be commit 799ac01fe08a338e4e94289f5d6767ebf905c1fa) --- source3/rpc_server/srv_pipe_hnd.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index a98bcdc6bb..1b3d66bf49 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -252,9 +252,15 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, connection_struct *conn, uint16 vuid) { pipes_struct *p; + user_struct *vuser = get_valid_user_struct(vuid); DEBUG(4,("Create pipe requested %s\n", pipe_name)); + if (!vuser && vuid != UID_FIELD_INVALID) { + DEBUG(0,("ERROR! vuid %d did not map to a valid vuser struct!\n", vuid)); + return NULL; + } + p = (pipes_struct *)malloc(sizeof(*p)); if (!p) @@ -308,6 +314,11 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, p->pipe_user.uid = (uid_t)-1; p->pipe_user.gid = (gid_t)-1; + /* Store the session key */ + if (vuser) { + memcpy(p->session_key, vuser->session_key, sizeof(p->session_key)); + } + /* * Initialize the incoming RPC struct. */ -- cgit From e24937d9a20649f73305ecd1a27fdde8c2be59b4 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 22 Jan 2002 18:19:00 +0000 Subject: merge from appliance_head (This used to be commit 38d2d26af9ef4d90dcb57fa940267f7136876191) --- source3/rpc_server/srv_pipe_hnd.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 1b3d66bf49..a0afa0e548 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -574,10 +574,13 @@ authentication failed. Denying the request.\n", p->name)); } /* - * Check the data length doesn't go over the 10Mb limit. + * Check the data length doesn't go over the 15Mb limit. + * increased after observing a bug in the Windows NT 4.0 SP6a + * spoolsv.exe when the response to a GETPRINTERDRIVER2 RPC + * will not fit in the initial buffer of size 0x1068 --jerry 22/01/2002 */ - if(prs_data_size(&p->in_data.data) + data_len > 10*1024*1024) { + if(prs_data_size(&p->in_data.data) + data_len > 15*1024*1024) { DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n", (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len )); set_incoming_fault(p); -- cgit From cd68afe31256ad60748b34f7318a180cfc2127cc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 30 Jan 2002 06:08:46 +0000 Subject: Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa) --- source3/rpc_server/srv_pipe_hnd.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index a0afa0e548..07dc2210c1 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1,6 +1,5 @@ /* - * Unix SMB/Netbios implementation. - * Version 1.9. + * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-1998, * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, -- cgit From 7dbaaa09643db9e4f7eb129a9d38816e17e3b80c Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 8 Feb 2002 21:51:40 +0000 Subject: merge from APPLIANCE_HEAD (This used to be commit e734c1971d2841b2cfe37414fe4893f4a66b22a9) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 07dc2210c1..44dd5fac65 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -579,7 +579,7 @@ authentication failed. Denying the request.\n", p->name)); * will not fit in the initial buffer of size 0x1068 --jerry 22/01/2002 */ - if(prs_data_size(&p->in_data.data) + data_len > 15*1024*1024) { + if(prs_offset(&p->in_data.data) + data_len > 15*1024*1024) { DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n", (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len )); set_incoming_fault(p); -- cgit From e90b65284812aaa5ff9e9935ce9bbad7791cbbcd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Jul 2002 10:35:28 +0000 Subject: updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce) --- source3/rpc_server/srv_pipe_hnd.c | 50 ++++++++++++++++++++++++++++++++------- 1 file changed, 42 insertions(+), 8 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 44dd5fac65..cc6e4b95f9 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -22,6 +22,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + #define PIPE "\\PIPE\\" #define PIPELEN strlen(PIPE) @@ -32,6 +35,23 @@ static int pipes_open; #define MAX_OPEN_PIPES 2048 #endif +/* + * Sometimes I can't decide if I hate Windows printer driver + * writers more than I hate the Windows spooler service driver + * writers. This gets around a combination of bugs in the spooler + * and the HP 8500 PCL driver that causes a spooler spin. JRA. + * + * bumped up from 20 -> 64 after viewing traffic from WordPerfect + * 2002 running on NT 4.- SP6 + * bumped up from 64 -> 256 after viewing traffic from con2prt + * for lots of printers on a WinNT 4.x SP6 box. + */ + +#ifndef MAX_OPEN_SPOOLSS_PIPES +#define MAX_OPEN_SPOOLSS_PIPES 256 +#endif +static int current_spoolss_pipes_open; + static smb_np_struct *Pipes; static pipes_struct *InternalPipes; static struct bitmap *bmap; @@ -99,6 +119,7 @@ void set_pipe_handle_offset(int max_open_files) /**************************************************************************** Reset pipe chain handle number. ****************************************************************************/ + void reset_chain_p(void) { chain_p = NULL; @@ -155,11 +176,20 @@ smb_np_struct *open_rpc_pipe_p(char *pipe_name, int i; smb_np_struct *p, *p_it; static int next_pipe; + BOOL is_spoolss_pipe = False; DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n", pipe_name, pipes_open)); - + if (strstr(pipe_name, "spoolss")) + is_spoolss_pipe = True; + + if (is_spoolss_pipe && current_spoolss_pipes_open >= MAX_OPEN_SPOOLSS_PIPES) { + DEBUG(10,("open_rpc_pipe_p: spooler bug workaround. Denying open on pipe %s\n", + pipe_name )); + return NULL; + } + /* not repeating pipe numbers makes it easier to track things in log files and prevents client bugs where pipe numbers are reused over connection restarts */ @@ -180,8 +210,7 @@ smb_np_struct *open_rpc_pipe_p(char *pipe_name, p = (smb_np_struct *)malloc(sizeof(*p)); - if (!p) - { + if (!p) { DEBUG(0,("ERROR! no memory for pipes_struct!\n")); return NULL; } @@ -198,13 +227,11 @@ smb_np_struct *open_rpc_pipe_p(char *pipe_name, p->np_state = p->namedpipe_create(pipe_name, conn, vuid); if (p->np_state == NULL) { - DEBUG(0,("open_rpc_pipe_p: make_internal_rpc_pipe_p failed.\n")); SAFE_FREE(p); return NULL; } - DLIST_ADD(Pipes, p); /* @@ -244,7 +271,7 @@ smb_np_struct *open_rpc_pipe_p(char *pipe_name, } /**************************************************************************** - * make an internal namedpipes structure + Make an internal namedpipes structure ****************************************************************************/ static void *make_internal_rpc_pipe_p(char *pipe_name, @@ -298,6 +325,10 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, DLIST_ADD(InternalPipes, p); p->conn = conn; + + /* Ensure the connection isn't idled whilst this pipe is open. */ + p->conn->num_files_open++; + p->vuid = vuid; p->ntlmssp_chal_flags = 0; @@ -313,9 +344,10 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, p->pipe_user.uid = (uid_t)-1; p->pipe_user.gid = (gid_t)-1; - /* Store the session key */ + /* Store the session key and NT_TOKEN */ if (vuser) { memcpy(p->session_key, vuser->session_key, sizeof(p->session_key)); + p->pipe_user.nt_user_token = dup_nt_token(vuser->nt_user_token); } /* @@ -1055,7 +1087,7 @@ BOOL close_rpc_pipe_hnd(smb_np_struct *p) ZERO_STRUCTP(p); SAFE_FREE(p); - + return True; } @@ -1085,6 +1117,8 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn) DLIST_REMOVE(InternalPipes, p); + p->conn->num_files_open--; + ZERO_STRUCTP(p); SAFE_FREE(p); -- cgit From 83219da3028a0341a9c7b2db38738ca30288686b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 22 Oct 2002 22:17:29 +0000 Subject: Fix for systems that allow more than 65536 open files per process. Jeremy. (This used to be commit 947a56ce00e552e8b8d2ed64435eabde6225f044) --- source3/rpc_server/srv_pipe_hnd.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index cc6e4b95f9..1695419687 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -31,10 +31,6 @@ static smb_np_struct *chain_p; static int pipes_open; -#ifndef MAX_OPEN_PIPES -#define MAX_OPEN_PIPES 2048 -#endif - /* * Sometimes I can't decide if I hate Windows printer driver * writers more than I hate the Windows spooler service driver -- cgit From ef8bd7c4f7ae8192ea05db070962ecf0ff3615f3 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 20 Dec 2002 20:21:31 +0000 Subject: Forward port the change to talloc_init() to make all talloc contexts named. Ensure we can query them. Jeremy. (This used to be commit 09a218a9f6fb0bd922940467bf8500eb4f1bcf84) --- source3/rpc_server/srv_pipe_hnd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 1695419687..6cdb6836eb 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -293,7 +293,7 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, ZERO_STRUCTP(p); - if ((p->mem_ctx = talloc_init()) == NULL) { + if ((p->mem_ctx = talloc_init("pipe %s %p", pipe_name, p)) == NULL) { DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n")); SAFE_FREE(p); return NULL; @@ -544,7 +544,7 @@ void free_pipe_context(pipes_struct *p) DEBUG(3,("free_pipe_context: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) )); talloc_destroy_pool(p->mem_ctx); } else { - p->mem_ctx = talloc_init(); + p->mem_ctx = talloc_init("pipe %s %p", p->name, p); if (p->mem_ctx == NULL) p->fault_state = True; } -- cgit From 8fc1f1aead6db996a6d96efdc5f81779afc9c8d2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 14 Feb 2003 22:55:46 +0000 Subject: Ensure that only parse_prs.c access internal members of the prs_struct. Needed to move to disk based i/o later. Jeremy. (This used to be commit a823fee5b41a5b6cd4ef05aa1f85f7725bd272a5) --- source3/rpc_server/srv_pipe_hnd.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 6cdb6836eb..8cb81b9c6d 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -618,16 +618,11 @@ authentication failed. Denying the request.\n", p->name)); * Append the data portion into the buffer and return. */ - { - char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p); - - if(!prs_append_data(&p->in_data.data, data_from, data_len)) { - DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n", - (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) )); - set_incoming_fault(p); - return False; - } - + if(!prs_append_some_prs_data(&p->in_data.data, rpc_in_p, prs_offset(rpc_in_p), data_len)) { + DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n", + (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) )); + set_incoming_fault(p); + return False; } if(p->hdr.flags & RPC_FLG_LAST) { -- cgit From b4d0f208fb936382c7b313bd94c180b5cb708cea Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 6 Apr 2003 07:04:09 +0000 Subject: Merge the TNG netlogon schannel from HEAD. No more XP requiresignorseal anymore! Thanks again to Luke :-) Volker (This used to be commit 6b2b55901d66cab0c0c0c90bd0585c870be6e468) --- source3/rpc_server/srv_pipe_hnd.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 8cb81b9c6d..125f603771 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -594,11 +594,18 @@ static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p) * Authentication _was_ requested and it already failed. */ - DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \ -authentication failed. Denying the request.\n", p->name)); + DEBUG(0,("process_request_pdu: RPC request received on pipe %s " + "where authentication failed. Denying the request.\n", + p->name)); set_incoming_fault(p); - return False; - } + return False; + } + + if (p->netsec_auth_validated && !api_pipe_netsec_process(p, rpc_in_p)) { + DEBUG(0,("process_request_pdu: failed to do schannel processing.\n")); + set_incoming_fault(p); + return False; + } /* * Check the data length doesn't go over the 15Mb limit. -- cgit From 11777e6a3085a996ab2c5fa3db34d8834401c24e Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 14 Aug 2003 21:14:28 +0000 Subject: Attempt at fixing bug #283. There however is no solution. There is a workaround documented in the bug report. This patch does: * add server support for the LSA_DS UUID on the lsarpc pipe * store a list of context_ids/api_structs in the pipe_struct so that we don't have to lookup the function table for a pipe. We just match the context_id. Note that a dce/rpc alter_context does not destroy the previous context so it is possible to have multiple bindings active on the same pipe. Observed from standalone win2k sp4 client. * added server code for DsROleGetPrimaryDOmainInfo() but disabled it since it causes problems enumerating users and groups from a 2ksp4 domain member in a Samba domain. (This used to be commit 96bc2abfcb0dd0912696fad76e43cb217b33e061) --- source3/rpc_server/srv_pipe_hnd.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 125f603771..55def97673 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1106,6 +1106,8 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn) if (p->mem_ctx) talloc_destroy(p->mem_ctx); + + free_pipe_rpc_context( p->contexts ); /* Free the handles database. */ close_policy_by_pipe(p); -- cgit From fbb8f131c2336e921677f41e9fb8bce7406f3336 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 3 Nov 2003 14:34:25 +0000 Subject: Fix more 64-bit printf warnings. (This used to be commit 23443e3aa079710221557e18158d0ddb8ff48a36) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 55def97673..9297278764 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -541,7 +541,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) void free_pipe_context(pipes_struct *p) { if (p->mem_ctx) { - DEBUG(3,("free_pipe_context: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) )); + DEBUG(3,("free_pipe_context: destroying talloc pool of size %lu\n", talloc_pool_size((unsigned long)p->mem_ctx) )); talloc_destroy_pool(p->mem_ctx); } else { p->mem_ctx = talloc_init("pipe %s %p", p->name, p); -- cgit From cedc6341183fe6f0a64fc694e4475efa6c2c528e Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 4 Nov 2003 19:53:37 +0000 Subject: Fix typo in debug statement. (This used to be commit 66e5043553939be2b124bec8581f08b01fdf9c1e) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 9297278764..57e45d477f 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -541,7 +541,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) void free_pipe_context(pipes_struct *p) { if (p->mem_ctx) { - DEBUG(3,("free_pipe_context: destroying talloc pool of size %lu\n", talloc_pool_size((unsigned long)p->mem_ctx) )); + DEBUG(3,("free_pipe_context: destroying talloc pool of size %lu\n", (unsigned long)talloc_pool_size(p->mem_ctx) )); talloc_destroy_pool(p->mem_ctx); } else { p->mem_ctx = talloc_init("pipe %s %p", p->name, p); -- cgit From fcbfc7ad0669009957c65fa61bb20df75a9701b4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 22 Nov 2003 13:19:38 +0000 Subject: Changes all over the shop, but all towards: - NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 57e45d477f..a9fd9ec652 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -342,7 +342,7 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, /* Store the session key and NT_TOKEN */ if (vuser) { - memcpy(p->session_key, vuser->session_key, sizeof(p->session_key)); + p->session_key = data_blob(vuser->session_key.data, vuser->session_key.length); p->pipe_user.nt_user_token = dup_nt_token(vuser->nt_user_token); } -- cgit From 16194fbc5a296aae9d7b4cb03512f22dffe48158 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 4 Dec 2003 20:20:59 +0000 Subject: fix process_incoming_data() to return the number of bytes handled this call whether we have a complete pdu or not; fixes bug with multiple pdu request rpc's broken over SMBwriteX calls each (This used to be commit ff06f3ca8e597d093b8a76b5cfabfa6009f4b591) --- source3/rpc_server/srv_pipe_hnd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index a9fd9ec652..514c22d471 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -772,6 +772,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n) { size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len); + size_t old_pdu_received_len = p->in_data.pdu_received_len; DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len, @@ -831,10 +832,11 @@ incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned /* * Do we have a complete PDU ? + * (return the nym of bytes handled in the call) */ if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len) - return process_complete_pdu(p); + return process_complete_pdu(p) - old_pdu_received_len; DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len )); -- cgit From 35016d020182f8c1e282271b722ed23df6d2660e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 15 Apr 2004 15:59:59 +0000 Subject: r238: Fix memleak (This used to be commit fe7daa3b8a080a9e39ff055177b54f476fce2c32) --- source3/rpc_server/srv_pipe_hnd.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 514c22d471..44fec78c50 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1114,6 +1114,9 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn) /* Free the handles database. */ close_policy_by_pipe(p); + if (p->session_key.data != NULL) + data_blob_free(&p->session_key); + delete_nt_token(&p->pipe_user.nt_user_token); SAFE_FREE(p->pipe_user.groups); -- cgit From 8c0db1bbc469932694ed877eebecffa3d1948abd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 19 May 2004 21:49:58 +0000 Subject: r786: Memory leak fixes in (mostly) error code paths from kawasa_r@itg.hitachi.co.jp. A couple of mem leak fixes in mainline code paths though :-). Jeremy. (This used to be commit 4695cc95fe576b6da0d0cb0686f208fc306b2646) --- source3/rpc_server/srv_pipe_hnd.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 44fec78c50..ccf571a0e2 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1118,6 +1118,7 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn) data_blob_free(&p->session_key); delete_nt_token(&p->pipe_user.nt_user_token); + data_blob_free(&p->session_key); SAFE_FREE(p->pipe_user.groups); DLIST_REMOVE(InternalPipes, p); -- cgit From 5f9af6df053f6608fba9a9c17a4945189de38a58 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 5 Jul 2004 09:46:38 +0000 Subject: r1338: A netlogon schannel failure is a normal event with XP clients. They cache the netlogon session key and try to reconnect using that key. This fails with a restarted smbd, we expect another serverauth2. XP falls back immediately. Make the corresponding messages a debug level 3, not 0 to not flood log.smbd. Volker (This used to be commit 4fda68a62fec6c1e95d5176bc5d06bd49da6f358) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index ccf571a0e2..7f7a3025a9 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -602,7 +602,7 @@ static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p) } if (p->netsec_auth_validated && !api_pipe_netsec_process(p, rpc_in_p)) { - DEBUG(0,("process_request_pdu: failed to do schannel processing.\n")); + DEBUG(3,("process_request_pdu: failed to do schannel processing.\n")); set_incoming_fault(p); return False; } -- cgit From d4ac326d46faab010eeeb24c893ab13bbbf0337e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 8 Jul 2004 21:01:30 +0000 Subject: r1412: Fix password history list in tdbsam. Fix some memory leaks. Add my (C) to a header file that was at least 50% mine :-). Jeremy. (This used to be commit 8ee6060977ec8e65082f3ad09e1e1ccf5b4672ed) --- source3/rpc_server/srv_pipe_hnd.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 7f7a3025a9..c0e6bf8f5e 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1114,9 +1114,6 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn) /* Free the handles database. */ close_policy_by_pipe(p); - if (p->session_key.data != NULL) - data_blob_free(&p->session_key); - delete_nt_token(&p->pipe_user.nt_user_token); data_blob_free(&p->session_key); SAFE_FREE(p->pipe_user.groups); -- cgit From cd87b3b972b39003def69671d8a3c6aaf51afd50 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 9 Jul 2004 00:13:55 +0000 Subject: r1414: Memory leak fixes found by valgrind whilst checking the password history code. Error code paths were not freeing up some memory. Jeremy. (This used to be commit 7c4666e56c2c281e023c6483459cb9e8d4787d36) --- source3/rpc_server/srv_pipe_hnd.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index c0e6bf8f5e..562b55b8f7 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1091,6 +1091,22 @@ BOOL close_rpc_pipe_hnd(smb_np_struct *p) return True; } +/**************************************************************************** + Close all pipes on a connection. +****************************************************************************/ + +void pipe_close_conn(connection_struct *conn) +{ + smb_np_struct *p, *next; + + for (p=Pipes;p;p=next) { + next = p->next; + if (p->conn == conn) { + close_rpc_pipe_hnd(p); + } + } +} + /**************************************************************************** Close an rpc pipe. ****************************************************************************/ -- cgit From acf9d61421faa6c0055d57fdee7db300dc5431aa Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Dec 2004 18:25:53 +0000 Subject: r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a) --- source3/rpc_server/srv_pipe_hnd.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 562b55b8f7..8720a4df68 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -204,8 +204,7 @@ smb_np_struct *open_rpc_pipe_p(char *pipe_name, for (p = Pipes; p; p = p->next) DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum)); - p = (smb_np_struct *)malloc(sizeof(*p)); - + p = SMB_MALLOC_P(smb_np_struct); if (!p) { DEBUG(0,("ERROR! no memory for pipes_struct!\n")); return NULL; @@ -283,10 +282,9 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, return NULL; } - p = (pipes_struct *)malloc(sizeof(*p)); + p = SMB_MALLOC_P(pipes_struct); - if (!p) - { + if (!p) { DEBUG(0,("ERROR! no memory for pipes_struct!\n")); return NULL; } -- cgit From 7b9d6ac23e1a7d8136fffd2e3977b09a815da65a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 3 May 2005 07:33:49 +0000 Subject: r6595: This is Volkers new-talloc patch. Just got the go-ahead from Volker to commit. Woo Hoo ! Jeremy. (This used to be commit 316df944a456f150944761dab34add5e8c4ab699) --- source3/rpc_server/srv_pipe_hnd.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 8720a4df68..83b78f8d2f 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -536,11 +536,12 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) a complete PDU. ****************************************************************************/ -void free_pipe_context(pipes_struct *p) +static void free_pipe_context(pipes_struct *p) { if (p->mem_ctx) { - DEBUG(3,("free_pipe_context: destroying talloc pool of size %lu\n", (unsigned long)talloc_pool_size(p->mem_ctx) )); - talloc_destroy_pool(p->mem_ctx); + DEBUG(3,("free_pipe_context: destroying talloc pool of size " + "%llu\n", talloc_total_size(p->mem_ctx) )); + talloc_free_children(p->mem_ctx); } else { p->mem_ctx = talloc_init("pipe %s %p", p->name, p); if (p->mem_ctx == NULL) -- cgit From 54abd2aa66069e6baf7769c496f46d9dba18db39 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 30 Sep 2005 17:13:37 +0000 Subject: r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3) --- source3/rpc_server/srv_pipe_hnd.c | 217 +++++++++++++++++++++----------------- 1 file changed, 120 insertions(+), 97 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 83b78f8d2f..205223190b 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -2,8 +2,8 @@ * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-1998, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, - * Copyright (C) Jeremy Allison 1999. + * Largely re-written : 2005 + * Copyright (C) Jeremy Allison 1998 - 2005 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -106,10 +106,11 @@ static int pipe_handle_offset; void set_pipe_handle_offset(int max_open_files) { - if(max_open_files < 0x7000) - pipe_handle_offset = 0x7000; - else - pipe_handle_offset = max_open_files + 10; /* For safety. :-) */ + if(max_open_files < 0x7000) { + pipe_handle_offset = 0x7000; + } else { + pipe_handle_offset = max_open_files + 10; /* For safety. :-) */ + } } /**************************************************************************** @@ -128,8 +129,9 @@ void reset_chain_p(void) void init_rpc_pipe_hnd(void) { bmap = bitmap_allocate(MAX_OPEN_PIPES); - if (!bmap) + if (!bmap) { exit_server("out of memory in init_rpc_pipe_hnd"); + } } /**************************************************************************** @@ -154,7 +156,7 @@ static BOOL pipe_init_outgoing_data(pipes_struct *p) * Initialize the outgoing RPC data buffer. * we will use this as the raw data area for replying to rpc requests. */ - if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) { + if(!prs_init(&o_data->rdata, RPC_MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) { DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n")); return False; } @@ -177,8 +179,9 @@ smb_np_struct *open_rpc_pipe_p(char *pipe_name, DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n", pipe_name, pipes_open)); - if (strstr(pipe_name, "spoolss")) + if (strstr(pipe_name, "spoolss")) { is_spoolss_pipe = True; + } if (is_spoolss_pipe && current_spoolss_pipes_open >= MAX_OPEN_SPOOLSS_PIPES) { DEBUG(10,("open_rpc_pipe_p: spooler bug workaround. Denying open on pipe %s\n", @@ -189,8 +192,10 @@ smb_np_struct *open_rpc_pipe_p(char *pipe_name, /* not repeating pipe numbers makes it easier to track things in log files and prevents client bugs where pipe numbers are reused over connection restarts */ - if (next_pipe == 0) + + if (next_pipe == 0) { next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES; + } i = bitmap_find(bmap, next_pipe); @@ -201,8 +206,9 @@ smb_np_struct *open_rpc_pipe_p(char *pipe_name, next_pipe = (i+1) % MAX_OPEN_PIPES; - for (p = Pipes; p; p = p->next) + for (p = Pipes; p; p = p->next) { DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum)); + } p = SMB_MALLOC_P(smb_np_struct); if (!p) { @@ -259,8 +265,9 @@ smb_np_struct *open_rpc_pipe_p(char *pipe_name, chain_p = p; /* Iterate over p_it as a temp variable, to display all open pipes */ - for (p_it = Pipes; p_it; p_it = p_it->next) + for (p_it = Pipes; p_it; p_it = p_it->next) { DEBUG(5,("open pipes: name %s pnum=%x\n", p_it->name, p_it->pnum)); + } return chain_p; } @@ -297,9 +304,17 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, return NULL; } + if ((p->pipe_state_mem_ctx = talloc_init("pipe_state %s %p", pipe_name, p)) == NULL) { + DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n")); + talloc_destroy(p->mem_ctx); + SAFE_FREE(p); + return NULL; + } + if (!init_pipe_handle_list(p, pipe_name)) { DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n")); talloc_destroy(p->mem_ctx); + talloc_destroy(p->pipe_state_mem_ctx); SAFE_FREE(p); return NULL; } @@ -311,8 +326,10 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, * change the type to UNMARSALLING before processing the stream. */ - if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) { + if(!prs_init(&p->in_data.data, RPC_MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) { DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n")); + talloc_destroy(p->mem_ctx); + talloc_destroy(p->pipe_state_mem_ctx); return NULL; } @@ -325,12 +342,6 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, p->vuid = vuid; - p->ntlmssp_chal_flags = 0; - p->ntlmssp_auth_validated = False; - p->ntlmssp_auth_requested = False; - - p->pipe_bound = False; - p->fault_state = False; p->endian = RPC_LITTLE_ENDIAN; ZERO_STRUCT(p->pipe_user); @@ -344,21 +355,6 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, p->pipe_user.nt_user_token = dup_nt_token(vuser->nt_user_token); } - /* - * Initialize the incoming RPC struct. - */ - - p->in_data.pdu_needed_len = 0; - p->in_data.pdu_received_len = 0; - - /* - * Initialize the outgoing RPC struct. - */ - - p->out_data.current_pdu_len = 0; - p->out_data.current_pdu_sent = 0; - p->out_data.data_sent_length = 0; - /* * Initialize the outgoing RPC data buffer with no memory. */ @@ -504,7 +500,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) * Ensure that the pdu length is sane. */ - if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) { + if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > RPC_MAX_PDU_FRAG_LEN)) { DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n")); set_incoming_fault(p); prs_mem_free(&rpc_in); @@ -514,18 +510,8 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type, (unsigned int)p->hdr.flags )); - /* - * Adjust for the header we just ate. - */ - p->in_data.pdu_received_len = 0; p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN; - /* - * Null the data we just ate. - */ - - memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN); - prs_mem_free(&rpc_in); return 0; /* No extra data processed. */ @@ -540,12 +526,13 @@ static void free_pipe_context(pipes_struct *p) { if (p->mem_ctx) { DEBUG(3,("free_pipe_context: destroying talloc pool of size " - "%llu\n", talloc_total_size(p->mem_ctx) )); + "%lu\n", (unsigned long)talloc_total_size(p->mem_ctx) )); talloc_free_children(p->mem_ctx); } else { p->mem_ctx = talloc_init("pipe %s %p", p->name, p); - if (p->mem_ctx == NULL) + if (p->mem_ctx == NULL) { p->fault_state = True; + } } } @@ -556,9 +543,9 @@ static void free_pipe_context(pipes_struct *p) static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p) { - BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0); + uint32 ss_padding_len = 0; size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN - - (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len; + (p->hdr.auth_len ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len; if(!p->pipe_bound) { DEBUG(0,("process_request_pdu: rpc request with no bind.\n")); @@ -581,29 +568,40 @@ static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p) return False; } - if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) { - DEBUG(0,("process_request_pdu: failed to do auth processing.\n")); - set_incoming_fault(p); - return False; - } + switch(p->auth.auth_type) { + case PIPE_AUTH_TYPE_NONE: + break; - if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) { + case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: + case PIPE_AUTH_TYPE_NTLMSSP: + { + NTSTATUS status; + if(!api_pipe_ntlmssp_auth_process(p, rpc_in_p, &ss_padding_len, &status)) { + DEBUG(0,("process_request_pdu: failed to do auth processing.\n")); + DEBUG(0,("process_request_pdu: error was %s.\n", nt_errstr(status) )); + set_incoming_fault(p); + return False; + } + break; + } - /* - * Authentication _was_ requested and it already failed. - */ + case PIPE_AUTH_TYPE_SCHANNEL: + if (!api_pipe_schannel_process(p, rpc_in_p, &ss_padding_len)) { + DEBUG(3,("process_request_pdu: failed to do schannel processing.\n")); + set_incoming_fault(p); + return False; + } + break; - DEBUG(0,("process_request_pdu: RPC request received on pipe %s " - "where authentication failed. Denying the request.\n", - p->name)); - set_incoming_fault(p); - return False; + default: + DEBUG(0,("process_request_pdu: unknown auth type %u set.\n", (unsigned int)p->auth.auth_type )); + set_incoming_fault(p); + return False; } - if (p->netsec_auth_validated && !api_pipe_netsec_process(p, rpc_in_p)) { - DEBUG(3,("process_request_pdu: failed to do schannel processing.\n")); - set_incoming_fault(p); - return False; + /* Now we've done the sign/seal we can remove any padding data. */ + if (data_len > ss_padding_len) { + data_len -= ss_padding_len; } /* @@ -643,8 +641,7 @@ static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p) * size as the current offset. */ - if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data))) - { + if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data))) { DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n")); set_incoming_fault(p); return False; @@ -664,8 +661,9 @@ static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p) free_pipe_context(p); - if(pipe_init_outgoing_data(p)) + if(pipe_init_outgoing_data(p)) { ret = api_pipe_request(p); + } free_pipe_context(p); @@ -690,11 +688,11 @@ static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p) already been parsed and stored in p->hdr. ****************************************************************************/ -static ssize_t process_complete_pdu(pipes_struct *p) +static void process_complete_pdu(pipes_struct *p) { prs_struct rpc_in; - size_t data_len = p->in_data.pdu_received_len; - char *data_p = (char *)&p->in_data.current_in_pdu[0]; + size_t data_len = p->in_data.pdu_received_len - RPC_HEADER_LEN; + char *data_p = (char *)&p->in_data.current_in_pdu[RPC_HEADER_LEN]; BOOL reply = False; if(p->fault_state) { @@ -702,7 +700,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) p->name )); set_incoming_fault(p); setup_fault_pdu(p, NT_STATUS(0x1c010002)); - return (ssize_t)data_len; + return; } prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL); @@ -722,19 +720,28 @@ static ssize_t process_complete_pdu(pipes_struct *p) switch (p->hdr.pkt_type) { case RPC_BIND: - case RPC_ALTCONT: /* * We assume that a pipe bind is only in one pdu. */ - if(pipe_init_outgoing_data(p)) + if(pipe_init_outgoing_data(p)) { reply = api_pipe_bind_req(p, &rpc_in); + } + break; + case RPC_ALTCONT: + /* + * We assume that a pipe bind is only in one pdu. + */ + if(pipe_init_outgoing_data(p)) { + reply = api_pipe_alter_context(p, &rpc_in); + } break; - case RPC_BINDRESP: + case RPC_AUTH3: /* - * We assume that a pipe bind_resp is only in one pdu. + * The third packet in an NTLMSSP auth exchange. */ - if(pipe_init_outgoing_data(p)) - reply = api_pipe_bind_auth_resp(p, &rpc_in); + if(pipe_init_outgoing_data(p)) { + reply = api_pipe_bind_auth3(p, &rpc_in); + } break; case RPC_REQUEST: reply = process_request_pdu(p, &rpc_in); @@ -761,7 +768,6 @@ static ssize_t process_complete_pdu(pipes_struct *p) } prs_mem_free(&rpc_in); - return (ssize_t)data_len; } /**************************************************************************** @@ -770,8 +776,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n) { - size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len); - size_t old_pdu_received_len = p->in_data.pdu_received_len; + size_t data_to_copy = MIN(n, RPC_MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len); DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len, @@ -812,8 +817,9 @@ incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned * data we need, then loop again. */ - if(p->in_data.pdu_needed_len == 0) + if(p->in_data.pdu_needed_len == 0) { return unmarshall_rpc_header(p); + } /* * Ok - at this point we have a valid RPC_HEADER in p->hdr. @@ -824,24 +830,27 @@ incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned /* * Copy as much of the data as we need into the current_in_pdu buffer. + * pdu_needed_len becomes zero when we have a complete pdu. */ memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy); p->in_data.pdu_received_len += data_to_copy; + p->in_data.pdu_needed_len -= data_to_copy; /* * Do we have a complete PDU ? - * (return the nym of bytes handled in the call) + * (return the number of bytes handled in the call) */ - if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len) - return process_complete_pdu(p) - old_pdu_received_len; + if(p->in_data.pdu_needed_len == 0) { + process_complete_pdu(p); + return data_to_copy; + } DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len )); return (ssize_t)data_to_copy; - } /**************************************************************************** @@ -878,8 +887,9 @@ static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n) DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used )); - if(data_used < 0) + if(data_used < 0) { return -1; + } data_left -= data_used; data += data_used; @@ -948,9 +958,9 @@ static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n, * authentications failing. Just ignore it so things work. */ - if(n > MAX_PDU_FRAG_LEN) { + if(n > RPC_MAX_PDU_FRAG_LEN) { DEBUG(5,("read_from_pipe: too large read (%u) requested on \ -pipe %s. We can only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN )); +pipe %s. We can only service %d sized reads.\n", (unsigned int)n, p->name, RPC_MAX_PDU_FRAG_LEN )); } /* @@ -1019,8 +1029,9 @@ returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, BOOL wait_rpc_pipe_hnd_state(smb_np_struct *p, uint16 priority) { - if (p == NULL) + if (p == NULL) { return False; + } if (p->open) { DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n", @@ -1043,8 +1054,9 @@ BOOL wait_rpc_pipe_hnd_state(smb_np_struct *p, uint16 priority) BOOL set_rpc_pipe_hnd_state(smb_np_struct *p, uint16 device_state) { - if (p == NULL) + if (p == NULL) { return False; + } if (p->open) { DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n", @@ -1121,9 +1133,18 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn) prs_mem_free(&p->out_data.rdata); prs_mem_free(&p->in_data.data); - if (p->mem_ctx) + if (p->auth.auth_data_free_func) { + (*p->auth.auth_data_free_func)(&p->auth); + } + + if (p->mem_ctx) { talloc_destroy(p->mem_ctx); - + } + + if (p->pipe_state_mem_ctx) { + talloc_destroy(p->pipe_state_mem_ctx); + } + free_pipe_rpc_context( p->contexts ); /* Free the handles database. */ @@ -1152,8 +1173,9 @@ smb_np_struct *get_rpc_pipe_p(char *buf, int where) { int pnum = SVAL(buf,where); - if (chain_p) + if (chain_p) { return chain_p; + } return get_rpc_pipe(pnum); } @@ -1168,9 +1190,10 @@ smb_np_struct *get_rpc_pipe(int pnum) DEBUG(4,("search for pipe pnum=%x\n", pnum)); - for (p=Pipes;p;p=p->next) + for (p=Pipes;p;p=p->next) { DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n", p->name, p->pnum, pipes_open)); + } for (p=Pipes;p;p=p->next) { if (p->pnum == pnum) { -- cgit From 90b1ca259706e7ae31c0ce7384a9e448a771f1b7 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 25 Oct 2005 12:49:24 +0000 Subject: r11292: Missed merge from Samba 2.2 many years ago.... Don't count open pipes in the num_files_open on a connection. conn_idle_all() handles this by looking for open rpc handles If there are no open handles, we can close the IPC$ share. (This used to be commit 747fba4dbf06c42495c430cd78c1cded3445f821) --- source3/rpc_server/srv_pipe_hnd.c | 5 ----- 1 file changed, 5 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 205223190b..6077faed16 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -337,9 +337,6 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, p->conn = conn; - /* Ensure the connection isn't idled whilst this pipe is open. */ - p->conn->num_files_open++; - p->vuid = vuid; p->endian = RPC_LITTLE_ENDIAN; @@ -1156,8 +1153,6 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn) DLIST_REMOVE(InternalPipes, p); - p->conn->num_files_open--; - ZERO_STRUCTP(p); SAFE_FREE(p); -- cgit From 05fafb83968a31907d996d37b91bdd9b72998701 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 29 Nov 2005 02:10:52 +0000 Subject: r11950: If we got a connection oriented cancel pdu we would spin processing it. Fix that, and also add in comments for all possible CL and CO PDU types. Make sure we process them correctly. Jeremy. (This used to be commit 672113a627aa9060795871bc2ea3a02e696d7d7d) --- source3/rpc_server/srv_pipe_hnd.c | 81 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 78 insertions(+), 3 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 6077faed16..5fb84115cc 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -716,6 +716,32 @@ static void process_complete_pdu(pipes_struct *p) (unsigned int)p->hdr.pkt_type )); switch (p->hdr.pkt_type) { + case RPC_REQUEST: + reply = process_request_pdu(p, &rpc_in); + break; + + case RPC_PING: /* CL request - ignore... */ + DEBUG(0,("process_complete_pdu: Error. Connectionless packet type %u received on pipe %s.\n", + (unsigned int)p->hdr.pkt_type, p->name)); + break; + + case RPC_RESPONSE: /* No responses here. */ + DEBUG(0,("process_complete_pdu: Error. RPC_RESPONSE received from client on pipe %s.\n", + p->name )); + break; + + case RPC_FAULT: + case RPC_WORKING: /* CL request - reply to a ping when a call in process. */ + case RPC_NOCALL: /* CL - server reply to a ping call. */ + case RPC_REJECT: + case RPC_ACK: + case RPC_CL_CANCEL: + case RPC_FACK: + case RPC_CANCEL_ACK: + DEBUG(0,("process_complete_pdu: Error. Connectionless packet type %u received on pipe %s.\n", + (unsigned int)p->hdr.pkt_type, p->name)); + break; + case RPC_BIND: /* * We assume that a pipe bind is only in one pdu. @@ -724,6 +750,14 @@ static void process_complete_pdu(pipes_struct *p) reply = api_pipe_bind_req(p, &rpc_in); } break; + + case RPC_BINDACK: + case RPC_BINDNACK: + DEBUG(0,("process_complete_pdu: Error. RPC_BINDACK/RPC_BINDNACK packet type %u received on pipe %s.\n", + (unsigned int)p->hdr.pkt_type, p->name)); + break; + + case RPC_ALTCONT: /* * We assume that a pipe bind is only in one pdu. @@ -732,6 +766,12 @@ static void process_complete_pdu(pipes_struct *p) reply = api_pipe_alter_context(p, &rpc_in); } break; + + case RPC_ALTCONTRESP: + DEBUG(0,("process_complete_pdu: Error. RPC_ALTCONTRESP on pipe %s: Should only be server -> client.\n", + p->name)); + break; + case RPC_AUTH3: /* * The third packet in an NTLMSSP auth exchange. @@ -740,9 +780,38 @@ static void process_complete_pdu(pipes_struct *p) reply = api_pipe_bind_auth3(p, &rpc_in); } break; - case RPC_REQUEST: - reply = process_request_pdu(p, &rpc_in); + + case RPC_SHUTDOWN: + DEBUG(0,("process_complete_pdu: Error. RPC_SHUTDOWN on pipe %s: Should only be server -> client.\n", + p->name)); + break; + + case RPC_CO_CANCEL: + /* For now just free all client data and continue processing. */ + DEBUG(3,("process_complete_pdu: RPC_ORPHANED. Abandoning rpc call.\n")); + /* As we never do asynchronous RPC serving, we can never cancel a + call (as far as I know). If we ever did we'd have to send a cancel_ack + reply. For now, just free all client data and continue processing. */ + reply = True; break; +#if 0 + /* Enable this if we're doing async rpc. */ + /* We must check the call-id matches the outstanding callid. */ + if(pipe_init_outgoing_data(p)) { + /* Send a cancel_ack PDU reply. */ + /* We should probably check the auth-verifier here. */ + reply = setup_cancel_ack_reply(p, &rpc_in); + } + break; +#endif + + case RPC_ORPHANED: + /* We should probably check the auth-verifier here. + For now just free all client data and continue processing. */ + DEBUG(3,("process_complete_pdu: RPC_ORPHANED. Abandoning rpc call.\n")); + reply = True; + break; + default: DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type )); break; @@ -815,7 +884,13 @@ incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned */ if(p->in_data.pdu_needed_len == 0) { - return unmarshall_rpc_header(p); + ssize_t rret = unmarshall_rpc_header(p); + if (rret == -1 || p->in_data.pdu_needed_len > 0) { + return rret; + } + /* If rret == 0 and pdu_needed_len == 0 here we have a PDU that consists + of an RPC_HEADER only. This is a RPC_SHUTDOWN, RPC_CO_CANCEL or RPC_ORPHANED + pdu type. Deal with this in process_complete_pdu(). */ } /* -- cgit From d14af63e6ab600eb3ac705f2f425c860e927553a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 2 Feb 2006 20:44:50 +0000 Subject: r13293: Rather a big patch I'm afraid, but this should fix bug #3347 by saving the UNIX token used to set a delete on close flag, and using it when doing the delete. libsmbsharemodes.so still needs updating to cope with this change. Samba4 torture tests to follow. Jeremy. (This used to be commit 23f16cbc2e8cde97c486831e26bcafd4ab4a9654) --- source3/rpc_server/srv_pipe_hnd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 5fb84115cc..37d3ef64c0 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -343,8 +343,8 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, ZERO_STRUCT(p->pipe_user); - p->pipe_user.uid = (uid_t)-1; - p->pipe_user.gid = (gid_t)-1; + p->pipe_user.ut.uid = (uid_t)-1; + p->pipe_user.ut.gid = (gid_t)-1; /* Store the session key and NT_TOKEN */ if (vuser) { @@ -1224,7 +1224,7 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn) delete_nt_token(&p->pipe_user.nt_user_token); data_blob_free(&p->session_key); - SAFE_FREE(p->pipe_user.groups); + SAFE_FREE(p->pipe_user.ut.groups); DLIST_REMOVE(InternalPipes, p); -- cgit From 0af1500fc0bafe61019f1b2ab1d9e1d369221240 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 3 Feb 2006 22:19:41 +0000 Subject: r13316: Let the carnage begin.... Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f) --- source3/rpc_server/srv_pipe_hnd.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 37d3ef64c0..86a04e7ccb 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -349,7 +349,8 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, /* Store the session key and NT_TOKEN */ if (vuser) { p->session_key = data_blob(vuser->session_key.data, vuser->session_key.length); - p->pipe_user.nt_user_token = dup_nt_token(vuser->nt_user_token); + p->pipe_user.nt_user_token = dup_nt_token( + NULL, vuser->nt_user_token); } /* @@ -1222,7 +1223,7 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn) /* Free the handles database. */ close_policy_by_pipe(p); - delete_nt_token(&p->pipe_user.nt_user_token); + talloc_free(p->pipe_user.nt_user_token); data_blob_free(&p->session_key); SAFE_FREE(p->pipe_user.ut.groups); -- cgit From fb5362c069b5b6548478b2217a0519c56d856705 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 20 Feb 2006 17:59:58 +0000 Subject: r13571: Replace all calls to talloc_free() with thye TALLOC_FREE() macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 86a04e7ccb..f7467f2cf0 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1223,7 +1223,7 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn) /* Free the handles database. */ close_policy_by_pipe(p); - talloc_free(p->pipe_user.nt_user_token); + TALLOC_FREE(p->pipe_user.nt_user_token); data_blob_free(&p->session_key); SAFE_FREE(p->pipe_user.ut.groups); -- cgit From 77709e58add9d716d70941908258bcd2f83e17fa Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 8 Mar 2006 07:30:37 +0000 Subject: r14031: Coverity bug CID #110. Free all resources correctly on pipe initialization failure. Jeremy. (This used to be commit daa919a94b3d81401654004bc0f32c45451203c1) --- source3/rpc_server/srv_pipe_hnd.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index f7467f2cf0..0d07db2be3 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -330,6 +330,8 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n")); talloc_destroy(p->mem_ctx); talloc_destroy(p->pipe_state_mem_ctx); + close_policy_by_pipe(p); + SAFE_FREE(p); return NULL; } -- cgit From 1d5ab8fd05123dd46e64a6249db2928c89aec2f2 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 21 Mar 2006 00:04:05 +0000 Subject: r14597: Merge DCERPC_FAULT constants from Samba 4. Guenther (This used to be commit 3f195f8248c88ec8bf8ceb195575ce6bb49d7fc4) --- source3/rpc_server/srv_pipe_hnd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 0d07db2be3..9cc8b72546 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -699,7 +699,7 @@ static void process_complete_pdu(pipes_struct *p) DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n", p->name )); set_incoming_fault(p); - setup_fault_pdu(p, NT_STATUS(0x1c010002)); + setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR)); return; } @@ -826,7 +826,7 @@ static void process_complete_pdu(pipes_struct *p) if (!reply) { DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name)); set_incoming_fault(p); - setup_fault_pdu(p, NT_STATUS(0x1c010002)); + setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR)); prs_mem_free(&rpc_in); } else { /* -- cgit From fbdcf2663b56007a438ac4f0d8d82436b1bfe688 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 11 Jul 2006 18:01:26 +0000 Subject: r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8) --- source3/rpc_server/srv_pipe_hnd.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 9cc8b72546..8aa5bb3e6d 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -351,8 +351,6 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, /* Store the session key and NT_TOKEN */ if (vuser) { p->session_key = data_blob(vuser->session_key.data, vuser->session_key.length); - p->pipe_user.nt_user_token = dup_nt_token( - NULL, vuser->nt_user_token); } /* @@ -1169,6 +1167,13 @@ BOOL close_rpc_pipe_hnd(smb_np_struct *p) p->name, p->pnum, pipes_open)); DLIST_REMOVE(Pipes, p); + + /* TODO: Remove from pipe open db */ + + if ( !delete_pipe_opendb( p ) ) { + DEBUG(3,("close_rpc_pipe_hnd: failed to delete %s " + "pipe from open db.\n", p->name)); + } ZERO_STRUCTP(p); -- cgit From 56ba44766854ed7cda265bdaf85913f2a1008282 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 28 Mar 2007 13:34:59 +0000 Subject: r22001: change prototype of dump_data(), so that it takes unsigned char * now, which matches what samba4 has. also fix all the callers to prevent compiler warnings metze (This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 8aa5bb3e6d..d65696668e 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -937,7 +937,7 @@ ssize_t write_to_pipe(smb_np_struct *p, char *data, size_t n) DEBUG(6,(" name: %s open: %s len: %d\n", p->name, BOOLSTR(p->open), (int)n)); - dump_data(50, data, n); + dump_data(50, (uint8 *)data, n); return p->namedpipe_write(p->np_state, data, n); } -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index d65696668e..fc90256232 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -7,7 +7,7 @@ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, -- cgit From 153cfb9c83534b09f15cc16205d7adb19b394928 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 05:23:25 +0000 Subject: r23801: The FSF has moved around a lot. This fixes their Mass Ave address. (This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227) --- source3/rpc_server/srv_pipe_hnd.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index fc90256232..c4c028fd4b 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -16,8 +16,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * along with this program; if not, see . */ #include "includes.h" -- cgit From ece86db24cd82b086de69e9681de4fb1f391cc2e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 22 Jul 2007 13:51:39 +0000 Subject: r23991: Some const (This used to be commit 804be77e4695eb923048948dbc6e223967fdef94) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index c4c028fd4b..52518fc714 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1246,7 +1246,7 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn) Find an rpc pipe given a pipe handle in a buffer and an offset. ****************************************************************************/ -smb_np_struct *get_rpc_pipe_p(char *buf, int where) +smb_np_struct *get_rpc_pipe_p(const char *buf, int where) { int pnum = SVAL(buf,where); -- cgit From bfbd75653581ab21ce3f26b006c00389b7939bd7 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 31 Jul 2007 13:14:07 +0000 Subject: r24106: Pass fnum instead of buf/offset into get_rpc_pipe_p (This used to be commit eb353412c60fc21a31530d9678505470ffbf11ce) --- source3/rpc_server/srv_pipe_hnd.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 52518fc714..5dd28af8ab 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1246,10 +1246,8 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn) Find an rpc pipe given a pipe handle in a buffer and an offset. ****************************************************************************/ -smb_np_struct *get_rpc_pipe_p(const char *buf, int where) +smb_np_struct *get_rpc_pipe_p(uint16 pnum) { - int pnum = SVAL(buf,where); - if (chain_p) { return chain_p; } -- cgit From fe6644fb5a6097d5e16e2c7667fb49dee1fa94ae Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 8 Sep 2007 05:35:10 +0000 Subject: r25023: Coverity #455. Not actually a bug, but this clarifies the code a lot. Jeremy. (This used to be commit 5ba12eefbed209a8a6b474da479efd190f91638e) --- source3/rpc_server/srv_pipe_hnd.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 5dd28af8ab..fac3df453a 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1033,6 +1033,7 @@ static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n, if(n > RPC_MAX_PDU_FRAG_LEN) { DEBUG(5,("read_from_pipe: too large read (%u) requested on \ pipe %s. We can only service %d sized reads.\n", (unsigned int)n, p->name, RPC_MAX_PDU_FRAG_LEN )); + n = RPC_MAX_PDU_FRAG_LEN; } /* -- cgit From d5c9d87946263b5f3e3c072aa99e8ac6a6c728b9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 12 Sep 2007 23:50:21 +0000 Subject: r25118: More pstring elimination. Jeremy. (This used to be commit 7632f8fb4003657591778d2b55f546d1737859d1) --- source3/rpc_server/srv_pipe_hnd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index fac3df453a..0dd3ee82a7 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -65,7 +65,7 @@ static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n, BOOL *is_data_outstanding); static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n); static BOOL close_internal_rpc_pipe_hnd(void *np_conn); -static void *make_internal_rpc_pipe_p(char *pipe_name, +static void *make_internal_rpc_pipe_p(const char *pipe_name, connection_struct *conn, uint16 vuid); /**************************************************************************** @@ -167,7 +167,7 @@ static BOOL pipe_init_outgoing_data(pipes_struct *p) Find first available pipe slot. ****************************************************************************/ -smb_np_struct *open_rpc_pipe_p(char *pipe_name, +smb_np_struct *open_rpc_pipe_p(const char *pipe_name, connection_struct *conn, uint16 vuid) { int i; @@ -275,7 +275,7 @@ smb_np_struct *open_rpc_pipe_p(char *pipe_name, Make an internal namedpipes structure ****************************************************************************/ -static void *make_internal_rpc_pipe_p(char *pipe_name, +static void *make_internal_rpc_pipe_p(const char *pipe_name, connection_struct *conn, uint16 vuid) { pipes_struct *p; -- cgit From e5a951325a6cac8567af3a66de6d2df577508ae4 Mon Sep 17 00:00:00 2001 From: "Gerald (Jerry) Carter" Date: Wed, 10 Oct 2007 15:34:30 -0500 Subject: [GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch. (This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab) --- source3/rpc_server/srv_pipe_hnd.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 0dd3ee82a7..91814979c5 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -350,6 +350,8 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name, /* Store the session key and NT_TOKEN */ if (vuser) { p->session_key = data_blob(vuser->session_key.data, vuser->session_key.length); + p->pipe_user.nt_user_token = dup_nt_token( + NULL, vuser->nt_user_token); } /* -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/rpc_server/srv_pipe_hnd.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 91814979c5..c3197c3f0d 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -62,9 +62,9 @@ static struct bitmap *bmap; */ static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n, - BOOL *is_data_outstanding); + bool *is_data_outstanding); static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n); -static BOOL close_internal_rpc_pipe_hnd(void *np_conn); +static bool close_internal_rpc_pipe_hnd(void *np_conn); static void *make_internal_rpc_pipe_p(const char *pipe_name, connection_struct *conn, uint16 vuid); @@ -137,7 +137,7 @@ void init_rpc_pipe_hnd(void) Initialise an outgoing packet. ****************************************************************************/ -static BOOL pipe_init_outgoing_data(pipes_struct *p) +static bool pipe_init_outgoing_data(pipes_struct *p) { output_data *o_data = &p->out_data; @@ -173,7 +173,7 @@ smb_np_struct *open_rpc_pipe_p(const char *pipe_name, int i; smb_np_struct *p, *p_it; static int next_pipe; - BOOL is_spoolss_pipe = False; + bool is_spoolss_pipe = False; DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n", pipe_name, pipes_open)); @@ -540,7 +540,7 @@ static void free_pipe_context(pipes_struct *p) appends the data into the complete stream if the LAST flag is not set. ****************************************************************************/ -static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p) +static bool process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p) { uint32 ss_padding_len = 0; size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN - @@ -629,7 +629,7 @@ static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p) } if(p->hdr.flags & RPC_FLG_LAST) { - BOOL ret = False; + bool ret = False; /* * Ok - we finally have a complete RPC stream. * Call the rpc command to process it. @@ -692,7 +692,7 @@ static void process_complete_pdu(pipes_struct *p) prs_struct rpc_in; size_t data_len = p->in_data.pdu_received_len - RPC_HEADER_LEN; char *data_p = (char *)&p->in_data.current_in_pdu[RPC_HEADER_LEN]; - BOOL reply = False; + bool reply = False; if(p->fault_state) { DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n", @@ -984,7 +984,7 @@ static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n) ****************************************************************************/ ssize_t read_from_pipe(smb_np_struct *p, char *data, size_t n, - BOOL *is_data_outstanding) + bool *is_data_outstanding) { if (!p || !p->open) { DEBUG(0,("read_from_pipe: pipe not open\n")); @@ -1008,7 +1008,7 @@ ssize_t read_from_pipe(smb_np_struct *p, char *data, size_t n, ****************************************************************************/ static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n, - BOOL *is_data_outstanding) + bool *is_data_outstanding) { pipes_struct *p = (pipes_struct*)np_conn; uint32 pdu_remaining = 0; @@ -1102,7 +1102,7 @@ returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, Wait device state on a pipe. Exactly what this is for is unknown... ****************************************************************************/ -BOOL wait_rpc_pipe_hnd_state(smb_np_struct *p, uint16 priority) +bool wait_rpc_pipe_hnd_state(smb_np_struct *p, uint16 priority) { if (p == NULL) { return False; @@ -1127,7 +1127,7 @@ BOOL wait_rpc_pipe_hnd_state(smb_np_struct *p, uint16 priority) Set device state on a pipe. Exactly what this is for is unknown... ****************************************************************************/ -BOOL set_rpc_pipe_hnd_state(smb_np_struct *p, uint16 device_state) +bool set_rpc_pipe_hnd_state(smb_np_struct *p, uint16 device_state) { if (p == NULL) { return False; @@ -1152,7 +1152,7 @@ BOOL set_rpc_pipe_hnd_state(smb_np_struct *p, uint16 device_state) Close an rpc pipe. ****************************************************************************/ -BOOL close_rpc_pipe_hnd(smb_np_struct *p) +bool close_rpc_pipe_hnd(smb_np_struct *p) { if (!p) { DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n")); @@ -1204,7 +1204,7 @@ void pipe_close_conn(connection_struct *conn) Close an rpc pipe. ****************************************************************************/ -static BOOL close_internal_rpc_pipe_hnd(void *np_conn) +static bool close_internal_rpc_pipe_hnd(void *np_conn) { pipes_struct *p = (pipes_struct *)np_conn; if (!p) { -- cgit From a9b6deaa05942e4ffbfa3ee32a6ab65b866cc66d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 16 Dec 2007 12:57:06 +0100 Subject: Remove unused code (This used to be commit fcd45ad6fb8d89bf6106fbed101060dbe422661a) --- source3/rpc_server/srv_pipe_hnd.c | 14 -------------- 1 file changed, 14 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index c3197c3f0d..969c9ecda3 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -68,20 +68,6 @@ static bool close_internal_rpc_pipe_hnd(void *np_conn); static void *make_internal_rpc_pipe_p(const char *pipe_name, connection_struct *conn, uint16 vuid); -/**************************************************************************** - Pipe iterator functions. -****************************************************************************/ - -smb_np_struct *get_first_pipe(void) -{ - return Pipes; -} - -smb_np_struct *get_next_pipe(smb_np_struct *p) -{ - return p->next; -} - /**************************************************************************** Internal Pipe iterator functions. ****************************************************************************/ -- cgit From 02dd1f7f4c4f6e1f91bd651ccdde9b2bb3fcef81 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 16 Dec 2007 12:58:07 +0100 Subject: Make smb_np_struct talloc'ed Convert "name" from string to a talloc'ed char * (This used to be commit e82069f921b3a22295db91e092c22c459ccd7215) --- source3/rpc_server/srv_pipe_hnd.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 969c9ecda3..95ce496ba6 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -195,14 +195,21 @@ smb_np_struct *open_rpc_pipe_p(const char *pipe_name, DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum)); } - p = SMB_MALLOC_P(smb_np_struct); + p = talloc(NULL, smb_np_struct); if (!p) { - DEBUG(0,("ERROR! no memory for pipes_struct!\n")); + DEBUG(0,("ERROR! no memory for smb_np_struct!\n")); return NULL; } ZERO_STRUCTP(p); + p->name = talloc_strdup(p, pipe_name); + if (p->name == NULL) { + TALLOC_FREE(p); + DEBUG(0,("ERROR! no memory for pipe name!\n")); + return NULL; + } + /* add a dso mechanism instead of this, here */ p->namedpipe_create = make_internal_rpc_pipe_p; @@ -241,9 +248,7 @@ smb_np_struct *open_rpc_pipe_p(const char *pipe_name, p->vuid = vuid; p->max_trans_reply = 0; - - fstrcpy(p->name, pipe_name); - + DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n", pipe_name, i, pipes_open)); @@ -1163,9 +1168,7 @@ bool close_rpc_pipe_hnd(smb_np_struct *p) "pipe from open db.\n", p->name)); } - ZERO_STRUCTP(p); - - SAFE_FREE(p); + TALLOC_FREE(p); return True; } -- cgit From e06aa46b9fab1e107fea8f6453fb13deffa91e96 Mon Sep 17 00:00:00 2001 From: Marc VanHeyningen Date: Fri, 14 Mar 2008 14:26:28 -0800 Subject: Coverity fixes (This used to be commit 3fc85d22590550f0539215d020e4411bf5b14363) --- source3/rpc_server/srv_pipe_hnd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 95ce496ba6..45f649d0ce 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -348,7 +348,7 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name, /* * Initialize the outgoing RPC data buffer with no memory. */ - prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL); + prs_init_empty(&p->out_data.rdata, p->mem_ctx, MARSHALL); fstrcpy(p->name, pipe_name); @@ -408,7 +408,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) return -1; } - prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL); + prs_init_empty( &rpc_in, p->mem_ctx, UNMARSHALL); prs_set_endian_data( &rpc_in, p->endian); prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0], @@ -693,7 +693,7 @@ static void process_complete_pdu(pipes_struct *p) return; } - prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL); + prs_init_empty( &rpc_in, p->mem_ctx, UNMARSHALL); /* * Ensure we're using the corrent endianness for both the -- cgit From bb3755968f5e953340edfb0b71997dddc11badb9 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 29 Apr 2008 13:35:00 +0200 Subject: Remove "nt_user_token" from "struct user_struct" (This used to be commit 51d5d512f28eadc74eced43e5e7f4e5bdff3ff69) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 45f649d0ce..9224774380 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -342,7 +342,7 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name, if (vuser) { p->session_key = data_blob(vuser->session_key.data, vuser->session_key.length); p->pipe_user.nt_user_token = dup_nt_token( - NULL, vuser->nt_user_token); + NULL, vuser->server_info->ptok); } /* -- cgit From 82d2f07dae5d69fc1635a4ed326a2af6632d8a97 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 30 Apr 2008 14:26:16 +0200 Subject: Remove "session_key" from "struct user_struct" This one took a bit -- I hope I covered all data paths (This used to be commit 74c88a44422f88d6e2f2cdbfdfa0bafe0dbe06c4) --- source3/rpc_server/srv_pipe_hnd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 9224774380..1d62199ad8 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -340,7 +340,9 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name, /* Store the session key and NT_TOKEN */ if (vuser) { - p->session_key = data_blob(vuser->session_key.data, vuser->session_key.length); + p->session_key = data_blob( + vuser->server_info->user_session_key.data, + vuser->server_info->user_session_key.length); p->pipe_user.nt_user_token = dup_nt_token( NULL, vuser->server_info->ptok); } -- cgit From c203de0e3a6f5b2254bc5c308cf87e6a7b67cad8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 20 Jun 2008 16:22:32 +0200 Subject: Fix a SAFE_FREE/TALLOC_FREE mixup (This used to be commit b39852f51313059899630ba63509fee904ba3613) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 1d62199ad8..2e03d01c93 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -221,7 +221,7 @@ smb_np_struct *open_rpc_pipe_p(const char *pipe_name, if (p->np_state == NULL) { DEBUG(0,("open_rpc_pipe_p: make_internal_rpc_pipe_p failed.\n")); - SAFE_FREE(p); + TALLOC_FREE(p); return NULL; } -- cgit From df905a5d77037eaffe5f52edd26409152b740068 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 20 Jun 2008 16:22:49 +0200 Subject: Make pipes_struct its own talloc ctx (This used to be commit 829b1ad4697f2f1ea008377d591456722dccd025) --- source3/rpc_server/srv_pipe_hnd.c | 25 +++++-------------------- 1 file changed, 5 insertions(+), 20 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 2e03d01c93..22903aacba 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -279,33 +279,23 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name, return NULL; } - p = SMB_MALLOC_P(pipes_struct); + p = TALLOC_ZERO_P(NULL, pipes_struct); if (!p) { DEBUG(0,("ERROR! no memory for pipes_struct!\n")); return NULL; } - ZERO_STRUCTP(p); - if ((p->mem_ctx = talloc_init("pipe %s %p", pipe_name, p)) == NULL) { DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n")); - SAFE_FREE(p); - return NULL; - } - - if ((p->pipe_state_mem_ctx = talloc_init("pipe_state %s %p", pipe_name, p)) == NULL) { - DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n")); - talloc_destroy(p->mem_ctx); - SAFE_FREE(p); + TALLOC_FREE(p); return NULL; } if (!init_pipe_handle_list(p, pipe_name)) { DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n")); talloc_destroy(p->mem_ctx); - talloc_destroy(p->pipe_state_mem_ctx); - SAFE_FREE(p); + TALLOC_FREE(p); return NULL; } @@ -319,9 +309,8 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name, if(!prs_init(&p->in_data.data, RPC_MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) { DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n")); talloc_destroy(p->mem_ctx); - talloc_destroy(p->pipe_state_mem_ctx); close_policy_by_pipe(p); - SAFE_FREE(p); + TALLOC_FREE(p); return NULL; } @@ -1214,10 +1203,6 @@ static bool close_internal_rpc_pipe_hnd(void *np_conn) talloc_destroy(p->mem_ctx); } - if (p->pipe_state_mem_ctx) { - talloc_destroy(p->pipe_state_mem_ctx); - } - free_pipe_rpc_context( p->contexts ); /* Free the handles database. */ @@ -1231,7 +1216,7 @@ static bool close_internal_rpc_pipe_hnd(void *np_conn) ZERO_STRUCTP(p); - SAFE_FREE(p); + TALLOC_FREE(p); return True; } -- cgit From 9ff4001245d718515cb90036659109e23833e5fe Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 23 Jun 2008 08:38:27 +0200 Subject: Remove "conn" from pipes_struct For spoolss, we need the client's IP address (This used to be commit 64a4dfaa826cf9319ef3f5c65023352bf8af539e) --- source3/rpc_server/srv_pipe_hnd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 22903aacba..1feed1550c 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -316,7 +316,8 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name, DLIST_ADD(InternalPipes, p); - p->conn = conn; + memcpy(p->client_address, conn->client_address, + sizeof(p->client_address)); p->vuid = vuid; -- cgit From d331624fdfe9fc72f1da7fd01c59a1a20cf1c7d7 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 24 Jun 2008 14:18:55 +0200 Subject: Add server_info to pipes_struct (This used to be commit d621867bb8767e1c4236d28dd9294a61db6cbb10) --- source3/rpc_server/srv_pipe_hnd.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 1feed1550c..9a57a1bdb3 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -314,6 +314,15 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name, return NULL; } + p->server_info = copy_serverinfo(p, conn->server_info); + if (p->server_info == NULL) { + DEBUG(0, ("open_rpc_pipe_p: copy_serverinfo failed\n")); + talloc_destroy(p->mem_ctx); + close_policy_by_pipe(p); + TALLOC_FREE(p); + return NULL; + } + DLIST_ADD(InternalPipes, p); memcpy(p->client_address, conn->client_address, -- cgit From 747a5809528cffc40f46d7e27a96ce0c559056b4 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 24 Jun 2008 14:33:31 +0200 Subject: Now that we have p->server_info, use p->server_info->user_session_key (This used to be commit aefad64e3a5c86d2f988d47e6215ed2085b8fc47) --- source3/rpc_server/srv_pipe_hnd.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 9a57a1bdb3..f2b2919f43 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -339,9 +339,6 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name, /* Store the session key and NT_TOKEN */ if (vuser) { - p->session_key = data_blob( - vuser->server_info->user_session_key.data, - vuser->server_info->user_session_key.length); p->pipe_user.nt_user_token = dup_nt_token( NULL, vuser->server_info->ptok); } @@ -1219,7 +1216,6 @@ static bool close_internal_rpc_pipe_hnd(void *np_conn) close_policy_by_pipe(p); TALLOC_FREE(p->pipe_user.nt_user_token); - data_blob_free(&p->session_key); SAFE_FREE(p->pipe_user.ut.groups); DLIST_REMOVE(InternalPipes, p); -- cgit From aa02c3fcd580a9e53b87d885fb87fb71f138bb7d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 24 Jun 2008 15:24:08 +0200 Subject: Remove p->vuid The users can use p->server_info. Now pipes_struct is decoupled from the SMB transport. (This used to be commit d4cf5a131919530317cd457006b4df5af2c69fa7) --- source3/rpc_server/srv_pipe_hnd.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index f2b2919f43..c0b525c06b 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -328,8 +328,6 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name, memcpy(p->client_address, conn->client_address, sizeof(p->client_address)); - p->vuid = vuid; - p->endian = RPC_LITTLE_ENDIAN; ZERO_STRUCT(p->pipe_user); @@ -366,8 +364,8 @@ static void set_incoming_fault(pipes_struct *p) p->in_data.pdu_needed_len = 0; p->in_data.pdu_received_len = 0; p->fault_state = True; - DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : vuid = 0x%x\n", - p->name, p->vuid )); + DEBUG(10, ("set_incoming_fault: Setting fault state on pipe %s\n", + p->name)); } /**************************************************************************** -- cgit From 1ee37bc9c3d3a4aefc50efc90db42b81f51bcd03 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 12 Jul 2008 12:20:08 +0200 Subject: Refactor make_internal_rpc_pipe_p: connection_struct is not needed (This used to be commit defcf0eecfb8eb035d9ca80530720b9e6873f6c7) --- source3/rpc_server/srv_pipe_hnd.c | 32 +++++++++++--------------------- 1 file changed, 11 insertions(+), 21 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index c0b525c06b..aa5bd5394a 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -65,8 +65,6 @@ static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n, bool *is_data_outstanding); static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n); static bool close_internal_rpc_pipe_hnd(void *np_conn); -static void *make_internal_rpc_pipe_p(const char *pipe_name, - connection_struct *conn, uint16 vuid); /**************************************************************************** Internal Pipe iterator functions. @@ -217,7 +215,8 @@ smb_np_struct *open_rpc_pipe_p(const char *pipe_name, p->namedpipe_write = write_to_internal_pipe; p->namedpipe_close = close_internal_rpc_pipe_hnd; - p->np_state = p->namedpipe_create(pipe_name, conn, vuid); + p->np_state = p->namedpipe_create(pipe_name, conn->client_address, + conn->server_info, vuid); if (p->np_state == NULL) { DEBUG(0,("open_rpc_pipe_p: make_internal_rpc_pipe_p failed.\n")); @@ -266,19 +265,15 @@ smb_np_struct *open_rpc_pipe_p(const char *pipe_name, Make an internal namedpipes structure ****************************************************************************/ -static void *make_internal_rpc_pipe_p(const char *pipe_name, - connection_struct *conn, uint16 vuid) +struct pipes_struct *make_internal_rpc_pipe_p(const char *pipe_name, + const char *client_address, + struct auth_serversupplied_info *server_info, + uint16_t vuid) { pipes_struct *p; - user_struct *vuser = get_valid_user_struct(vuid); DEBUG(4,("Create pipe requested %s\n", pipe_name)); - if (!vuser && vuid != UID_FIELD_INVALID) { - DEBUG(0,("ERROR! vuid %d did not map to a valid vuser struct!\n", vuid)); - return NULL; - } - p = TALLOC_ZERO_P(NULL, pipes_struct); if (!p) { @@ -314,7 +309,7 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name, return NULL; } - p->server_info = copy_serverinfo(p, conn->server_info); + p->server_info = copy_serverinfo(p, server_info); if (p->server_info == NULL) { DEBUG(0, ("open_rpc_pipe_p: copy_serverinfo failed\n")); talloc_destroy(p->mem_ctx); @@ -325,21 +320,16 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name, DLIST_ADD(InternalPipes, p); - memcpy(p->client_address, conn->client_address, - sizeof(p->client_address)); + memcpy(p->client_address, client_address, sizeof(p->client_address)); p->endian = RPC_LITTLE_ENDIAN; ZERO_STRUCT(p->pipe_user); + p->pipe_user.vuid = vuid; p->pipe_user.ut.uid = (uid_t)-1; p->pipe_user.ut.gid = (gid_t)-1; - - /* Store the session key and NT_TOKEN */ - if (vuser) { - p->pipe_user.nt_user_token = dup_nt_token( - NULL, vuser->server_info->ptok); - } + p->pipe_user.nt_user_token = dup_nt_token(NULL, server_info->ptok); /* * Initialize the outgoing RPC data buffer with no memory. @@ -351,7 +341,7 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name, DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n", pipe_name, pipes_open)); - return (void*)p; + return p; } /**************************************************************************** -- cgit From a803f0a9204fc917668b68ca67ff02e8f9ed0262 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 12 Jul 2008 12:25:42 +0200 Subject: Refactoring: Make close_internal_rpc_pipe_hnd a talloc destructor (This used to be commit 10b47a0c2cfd62489428518112da82f73a52b7bc) --- source3/rpc_server/srv_pipe_hnd.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index aa5bd5394a..2e77b5b903 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -64,7 +64,7 @@ static struct bitmap *bmap; static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n, bool *is_data_outstanding); static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n); -static bool close_internal_rpc_pipe_hnd(void *np_conn); +static int close_internal_rpc_pipe_hnd(struct pipes_struct *pipe); /**************************************************************************** Internal Pipe iterator functions. @@ -213,7 +213,6 @@ smb_np_struct *open_rpc_pipe_p(const char *pipe_name, p->namedpipe_create = make_internal_rpc_pipe_p; p->namedpipe_read = read_from_internal_pipe; p->namedpipe_write = write_to_internal_pipe; - p->namedpipe_close = close_internal_rpc_pipe_hnd; p->np_state = p->namedpipe_create(pipe_name, conn->client_address, conn->server_info, vuid); @@ -341,6 +340,8 @@ struct pipes_struct *make_internal_rpc_pipe_p(const char *pipe_name, DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n", pipe_name, pipes_open)); + talloc_set_destructor(p, close_internal_rpc_pipe_hnd); + return p; } @@ -1136,7 +1137,7 @@ bool close_rpc_pipe_hnd(smb_np_struct *p) return False; } - p->namedpipe_close(p->np_state); + TALLOC_FREE(p->np_state); bitmap_clear(bmap, p->pnum - pipe_handle_offset); @@ -1179,9 +1180,8 @@ void pipe_close_conn(connection_struct *conn) Close an rpc pipe. ****************************************************************************/ -static bool close_internal_rpc_pipe_hnd(void *np_conn) +static int close_internal_rpc_pipe_hnd(struct pipes_struct *p) { - pipes_struct *p = (pipes_struct *)np_conn; if (!p) { DEBUG(0,("Invalid pipe in close_internal_rpc_pipe_hnd\n")); return False; -- cgit From 33cbe2f88ce411718db1d37a0e2f9d19e931e383 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 12 Jul 2008 12:56:00 +0200 Subject: make read/write to internal pipes available externally (This used to be commit e11b5cb1e061caf4c3793fb402ca6bee95a8f26c) --- source3/rpc_server/srv_pipe_hnd.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 2e77b5b903..bc6d180199 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -61,9 +61,6 @@ static struct bitmap *bmap; * system _anyway_. so that's the next step... */ -static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n, - bool *is_data_outstanding); -static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n); static int close_internal_rpc_pipe_hnd(struct pipes_struct *pipe); /**************************************************************************** @@ -925,9 +922,8 @@ ssize_t write_to_pipe(smb_np_struct *p, char *data, size_t n) Accepts incoming data on an internal rpc pipe. ****************************************************************************/ -static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n) +ssize_t write_to_internal_pipe(struct pipes_struct *p, char *data, size_t n) { - pipes_struct *p = (pipes_struct*)np_conn; size_t data_left = n; while(data_left) { @@ -985,10 +981,9 @@ ssize_t read_from_pipe(smb_np_struct *p, char *data, size_t n, have been prepared into arrays of headers + data stream sections. ****************************************************************************/ -static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n, - bool *is_data_outstanding) +ssize_t read_from_internal_pipe(struct pipes_struct *p, char *data, size_t n, + bool *is_data_outstanding) { - pipes_struct *p = (pipes_struct*)np_conn; uint32 pdu_remaining = 0; ssize_t data_returned = 0; -- cgit From e29e81624ef03e262c525aa209c076b0b12963b7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 30 Jul 2008 15:01:33 -0700 Subject: Fix duplicate gloabl warning. Jeremy. (This used to be commit 6da33797b0549a2da7dc0fa7ee21dc5e8a6b1459) --- source3/rpc_server/srv_pipe_hnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_pipe_hnd.c') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index bc6d180199..3968d41168 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -61,7 +61,7 @@ static struct bitmap *bmap; * system _anyway_. so that's the next step... */ -static int close_internal_rpc_pipe_hnd(struct pipes_struct *pipe); +static int close_internal_rpc_pipe_hnd(struct pipes_struct *p); /**************************************************************************** Internal Pipe iterator functions. -- cgit