static ssize_t read_from_internal_pipe | ( | void * | np_conn, | |
char * | data, | |||
size_t | n, | |||
BOOL * | is_data_outstanding | |||
) | [static] |
srv_pipe_hnd.c の 1011 行で定義されています。
参照先 create_next_pdu()・_output_data::current_pdu・_output_data::current_pdu_len・_output_data::current_pdu_sent・_output_data::data_sent_length・pipes_struct::fault_state・pipes_struct::name・pipes_struct::out_data・_output_data::rdata.
参照元 open_rpc_pipe_p().
01013 { 01014 pipes_struct *p = (pipes_struct*)np_conn; 01015 uint32 pdu_remaining = 0; 01016 ssize_t data_returned = 0; 01017 01018 if (!p) { 01019 DEBUG(0,("read_from_pipe: pipe not open\n")); 01020 return -1; 01021 } 01022 01023 DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n)); 01024 01025 /* 01026 * We cannot return more than one PDU length per 01027 * read request. 01028 */ 01029 01030 /* 01031 * This condition should result in the connection being closed. 01032 * Netapp filers seem to set it to 0xffff which results in domain 01033 * authentications failing. Just ignore it so things work. 01034 */ 01035 01036 if(n > RPC_MAX_PDU_FRAG_LEN) { 01037 DEBUG(5,("read_from_pipe: too large read (%u) requested on \ 01038 pipe %s. We can only service %d sized reads.\n", (unsigned int)n, p->name, RPC_MAX_PDU_FRAG_LEN )); 01039 } 01040 01041 /* 01042 * Determine if there is still data to send in the 01043 * pipe PDU buffer. Always send this first. Never 01044 * send more than is left in the current PDU. The 01045 * client should send a new read request for a new 01046 * PDU. 01047 */ 01048 01049 if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) { 01050 data_returned = (ssize_t)MIN(n, pdu_remaining); 01051 01052 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \ 01053 returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, 01054 (unsigned int)p->out_data.current_pdu_sent, (int)data_returned)); 01055 01056 memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned); 01057 p->out_data.current_pdu_sent += (uint32)data_returned; 01058 goto out; 01059 } 01060 01061 /* 01062 * At this point p->current_pdu_len == p->current_pdu_sent (which 01063 * may of course be zero if this is the first return fragment. 01064 */ 01065 01066 DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \ 01067 = %u, prs_offset(&p->out_data.rdata) = %u.\n", 01068 p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) )); 01069 01070 if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) { 01071 /* 01072 * We have sent all possible data, return 0. 01073 */ 01074 data_returned = 0; 01075 goto out; 01076 } 01077 01078 /* 01079 * We need to create a new PDU from the data left in p->rdata. 01080 * Create the header/data/footers. This also sets up the fields 01081 * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length 01082 * and stores the outgoing PDU in p->current_pdu. 01083 */ 01084 01085 if(!create_next_pdu(p)) { 01086 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name)); 01087 return -1; 01088 } 01089 01090 data_returned = MIN(n, p->out_data.current_pdu_len); 01091 01092 memcpy( data, p->out_data.current_pdu, (size_t)data_returned); 01093 p->out_data.current_pdu_sent += (uint32)data_returned; 01094 01095 out: 01096 01097 (*is_data_outstanding) = p->out_data.current_pdu_len > n; 01098 return data_returned; 01099 }
static ssize_t write_to_internal_pipe | ( | void * | np_conn, | |
char * | data, | |||
size_t | n | |||
) | [static] |
srv_pipe_hnd.c の 951 行で定義されています。
参照元 open_rpc_pipe_p().
00952 { 00953 pipes_struct *p = (pipes_struct*)np_conn; 00954 size_t data_left = n; 00955 00956 while(data_left) { 00957 ssize_t data_used; 00958 00959 DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left )); 00960 00961 data_used = process_incoming_data(p, data, data_left); 00962 00963 DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used )); 00964 00965 if(data_used < 0) { 00966 return -1; 00967 } 00968 00969 data_left -= data_used; 00970 data += data_used; 00971 } 00972 00973 return n; 00974 }
static BOOL close_internal_rpc_pipe_hnd | ( | void * | np_conn | ) | [static] |
srv_pipe_hnd.c の 1207 行で定義されています。
参照先 pipes_struct::auth・pipe_auth_data::auth_data_free_func・close_policy_by_pipe()・pipes_struct::contexts・_input_data::data・data_blob_free()・free_pipe_rpc_context()・_unix_token::groups・pipes_struct::in_data・InternalPipes・pipes_struct::mem_ctx・current_user::nt_user_token・pipes_struct::out_data・pipes_struct::pipe_state_mem_ctx・pipes_struct::pipe_user・prs_mem_free()・_output_data::rdata・pipes_struct::session_key・current_user::ut.
参照元 open_rpc_pipe_p().
01208 { 01209 pipes_struct *p = (pipes_struct *)np_conn; 01210 if (!p) { 01211 DEBUG(0,("Invalid pipe in close_internal_rpc_pipe_hnd\n")); 01212 return False; 01213 } 01214 01215 prs_mem_free(&p->out_data.rdata); 01216 prs_mem_free(&p->in_data.data); 01217 01218 if (p->auth.auth_data_free_func) { 01219 (*p->auth.auth_data_free_func)(&p->auth); 01220 } 01221 01222 if (p->mem_ctx) { 01223 talloc_destroy(p->mem_ctx); 01224 } 01225 01226 if (p->pipe_state_mem_ctx) { 01227 talloc_destroy(p->pipe_state_mem_ctx); 01228 } 01229 01230 free_pipe_rpc_context( p->contexts ); 01231 01232 /* Free the handles database. */ 01233 close_policy_by_pipe(p); 01234 01235 TALLOC_FREE(p->pipe_user.nt_user_token); 01236 data_blob_free(&p->session_key); 01237 SAFE_FREE(p->pipe_user.ut.groups); 01238 01239 DLIST_REMOVE(InternalPipes, p); 01240 01241 ZERO_STRUCTP(p); 01242 01243 SAFE_FREE(p); 01244 01245 return True; 01246 }
static void * make_internal_rpc_pipe_p | ( | char * | pipe_name, | |
connection_struct * | conn, | |||
uint16 | vuid | |||
) | [static] |
srv_pipe_hnd.c の 279 行で定義されています。
参照先 close_policy_by_pipe()・pipes_struct::conn・data_blob_::data・_input_data::data・data_blob()・dup_nt_token()・pipes_struct::endian・get_valid_user_struct()・_unix_token::gid・pipes_struct::in_data・init_pipe_handle_list()・InternalPipes・data_blob_::length・pipes_struct::mem_ctx・pipes_struct::name・user_struct::nt_user_token・current_user::nt_user_token・pipes_struct::out_data・pipes_struct::pipe_state_mem_ctx・pipes_struct::pipe_user・pipes_open・prs_init()・_output_data::rdata・user_struct::session_key・pipes_struct::session_key・talloc_init()・_unix_token::uid・current_user::ut・pipes_struct::vuid.
参照元 open_rpc_pipe_p().
00281 { 00282 pipes_struct *p; 00283 user_struct *vuser = get_valid_user_struct(vuid); 00284 00285 DEBUG(4,("Create pipe requested %s\n", pipe_name)); 00286 00287 if (!vuser && vuid != UID_FIELD_INVALID) { 00288 DEBUG(0,("ERROR! vuid %d did not map to a valid vuser struct!\n", vuid)); 00289 return NULL; 00290 } 00291 00292 p = SMB_MALLOC_P(pipes_struct); 00293 00294 if (!p) { 00295 DEBUG(0,("ERROR! no memory for pipes_struct!\n")); 00296 return NULL; 00297 } 00298 00299 ZERO_STRUCTP(p); 00300 00301 if ((p->mem_ctx = talloc_init("pipe %s %p", pipe_name, p)) == NULL) { 00302 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n")); 00303 SAFE_FREE(p); 00304 return NULL; 00305 } 00306 00307 if ((p->pipe_state_mem_ctx = talloc_init("pipe_state %s %p", pipe_name, p)) == NULL) { 00308 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n")); 00309 talloc_destroy(p->mem_ctx); 00310 SAFE_FREE(p); 00311 return NULL; 00312 } 00313 00314 if (!init_pipe_handle_list(p, pipe_name)) { 00315 DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n")); 00316 talloc_destroy(p->mem_ctx); 00317 talloc_destroy(p->pipe_state_mem_ctx); 00318 SAFE_FREE(p); 00319 return NULL; 00320 } 00321 00322 /* 00323 * Initialize the incoming RPC data buffer with one PDU worth of memory. 00324 * We cheat here and say we're marshalling, as we intend to add incoming 00325 * data directly into the prs_struct and we want it to auto grow. We will 00326 * change the type to UNMARSALLING before processing the stream. 00327 */ 00328 00329 if(!prs_init(&p->in_data.data, RPC_MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) { 00330 DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n")); 00331 talloc_destroy(p->mem_ctx); 00332 talloc_destroy(p->pipe_state_mem_ctx); 00333 close_policy_by_pipe(p); 00334 SAFE_FREE(p); 00335 return NULL; 00336 } 00337 00338 DLIST_ADD(InternalPipes, p); 00339 00340 p->conn = conn; 00341 00342 p->vuid = vuid; 00343 00344 p->endian = RPC_LITTLE_ENDIAN; 00345 00346 ZERO_STRUCT(p->pipe_user); 00347 00348 p->pipe_user.ut.uid = (uid_t)-1; 00349 p->pipe_user.ut.gid = (gid_t)-1; 00350 00351 /* Store the session key and NT_TOKEN */ 00352 if (vuser) { 00353 p->session_key = data_blob(vuser->session_key.data, vuser->session_key.length); 00354 p->pipe_user.nt_user_token = dup_nt_token( 00355 NULL, vuser->nt_user_token); 00356 } 00357 00358 /* 00359 * Initialize the outgoing RPC data buffer with no memory. 00360 */ 00361 prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL); 00362 00363 fstrcpy(p->name, pipe_name); 00364 00365 DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n", 00366 pipe_name, pipes_open)); 00367 00368 return (void*)p; 00369 }
smb_np_struct* get_first_pipe | ( | void | ) |
smb_np_struct* get_next_pipe | ( | smb_np_struct * | p | ) |
pipes_struct* get_first_internal_pipe | ( | void | ) |
pipes_struct* get_next_internal_pipe | ( | pipes_struct * | p | ) |
void set_pipe_handle_offset | ( | int | max_open_files | ) |
srv_pipe_hnd.c の 107 行で定義されています。
参照先 pipe_handle_offset.
参照元 file_init().
00108 { 00109 if(max_open_files < 0x7000) { 00110 pipe_handle_offset = 0x7000; 00111 } else { 00112 pipe_handle_offset = max_open_files + 10; /* For safety. :-) */ 00113 } 00114 }
void reset_chain_p | ( | void | ) |
srv_pipe_hnd.c の 120 行で定義されています。
参照先 chain_p.
参照元 construct_reply().
00121 { 00122 chain_p = NULL; 00123 }
void init_rpc_pipe_hnd | ( | void | ) |
srv_pipe_hnd.c の 129 行で定義されています。
参照先 bitmap_allocate()・bmap・exit_server().
参照元 init_structs().
00130 { 00131 bmap = bitmap_allocate(MAX_OPEN_PIPES); 00132 if (!bmap) { 00133 exit_server("out of memory in init_rpc_pipe_hnd"); 00134 } 00135 }
static BOOL pipe_init_outgoing_data | ( | pipes_struct * | p | ) | [static] |
srv_pipe_hnd.c の 141 行で定義されています。
参照先 _output_data::current_pdu・_output_data::current_pdu_len・_output_data::current_pdu_sent・_output_data::data_sent_length・pipes_struct::mem_ctx・pipes_struct::out_data・prs_init()・prs_mem_free()・_output_data::rdata.
参照元 process_complete_pdu()・process_request_pdu().
00142 { 00143 output_data *o_data = &p->out_data; 00144 00145 /* Reset the offset counters. */ 00146 o_data->data_sent_length = 0; 00147 o_data->current_pdu_len = 0; 00148 o_data->current_pdu_sent = 0; 00149 00150 memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu)); 00151 00152 /* Free any memory in the current return data buffer. */ 00153 prs_mem_free(&o_data->rdata); 00154 00155 /* 00156 * Initialize the outgoing RPC data buffer. 00157 * we will use this as the raw data area for replying to rpc requests. 00158 */ 00159 if(!prs_init(&o_data->rdata, RPC_MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) { 00160 DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n")); 00161 return False; 00162 } 00163 00164 return True; 00165 }
smb_np_struct* open_rpc_pipe_p | ( | char * | pipe_name, | |
connection_struct * | conn, | |||
uint16 | vuid | |||
) |
srv_pipe_hnd.c の 171 行で定義されています。
参照先 bitmap_find()・bitmap_set()・bmap・chain_p・close_internal_rpc_pipe_hnd()・smb_np_struct::conn・current_spoolss_pipes_open・smb_np_struct::device_state・make_internal_rpc_pipe_p()・smb_np_struct::max_trans_reply・smb_np_struct::name・smb_np_struct::namedpipe_close・smb_np_struct::namedpipe_create・smb_np_struct::namedpipe_read・smb_np_struct::namedpipe_write・smb_np_struct::next・smb_np_struct::np_state・smb_np_struct::open・pipe_handle_offset・Pipes・pipes_open・smb_np_struct::pnum・smb_np_struct::priority・read_from_internal_pipe()・sys_getpid()・smb_np_struct::vuid・write_to_internal_pipe().
参照元 nt_open_pipe()・reply_open_pipe_and_X().
00173 { 00174 int i; 00175 smb_np_struct *p, *p_it; 00176 static int next_pipe; 00177 BOOL is_spoolss_pipe = False; 00178 00179 DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n", 00180 pipe_name, pipes_open)); 00181 00182 if (strstr(pipe_name, "spoolss")) { 00183 is_spoolss_pipe = True; 00184 } 00185 00186 if (is_spoolss_pipe && current_spoolss_pipes_open >= MAX_OPEN_SPOOLSS_PIPES) { 00187 DEBUG(10,("open_rpc_pipe_p: spooler bug workaround. Denying open on pipe %s\n", 00188 pipe_name )); 00189 return NULL; 00190 } 00191 00192 /* not repeating pipe numbers makes it easier to track things in 00193 log files and prevents client bugs where pipe numbers are reused 00194 over connection restarts */ 00195 00196 if (next_pipe == 0) { 00197 next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES; 00198 } 00199 00200 i = bitmap_find(bmap, next_pipe); 00201 00202 if (i == -1) { 00203 DEBUG(0,("ERROR! Out of pipe structures\n")); 00204 return NULL; 00205 } 00206 00207 next_pipe = (i+1) % MAX_OPEN_PIPES; 00208 00209 for (p = Pipes; p; p = p->next) { 00210 DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum)); 00211 } 00212 00213 p = SMB_MALLOC_P(smb_np_struct); 00214 if (!p) { 00215 DEBUG(0,("ERROR! no memory for pipes_struct!\n")); 00216 return NULL; 00217 } 00218 00219 ZERO_STRUCTP(p); 00220 00221 /* add a dso mechanism instead of this, here */ 00222 00223 p->namedpipe_create = make_internal_rpc_pipe_p; 00224 p->namedpipe_read = read_from_internal_pipe; 00225 p->namedpipe_write = write_to_internal_pipe; 00226 p->namedpipe_close = close_internal_rpc_pipe_hnd; 00227 00228 p->np_state = p->namedpipe_create(pipe_name, conn, vuid); 00229 00230 if (p->np_state == NULL) { 00231 DEBUG(0,("open_rpc_pipe_p: make_internal_rpc_pipe_p failed.\n")); 00232 SAFE_FREE(p); 00233 return NULL; 00234 } 00235 00236 DLIST_ADD(Pipes, p); 00237 00238 /* 00239 * Initialize the incoming RPC data buffer with one PDU worth of memory. 00240 * We cheat here and say we're marshalling, as we intend to add incoming 00241 * data directly into the prs_struct and we want it to auto grow. We will 00242 * change the type to UNMARSALLING before processing the stream. 00243 */ 00244 00245 bitmap_set(bmap, i); 00246 i += pipe_handle_offset; 00247 00248 pipes_open++; 00249 00250 p->pnum = i; 00251 00252 p->open = True; 00253 p->device_state = 0; 00254 p->priority = 0; 00255 p->conn = conn; 00256 p->vuid = vuid; 00257 00258 p->max_trans_reply = 0; 00259 00260 fstrcpy(p->name, pipe_name); 00261 00262 DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n", 00263 pipe_name, i, pipes_open)); 00264 00265 chain_p = p; 00266 00267 /* Iterate over p_it as a temp variable, to display all open pipes */ 00268 for (p_it = Pipes; p_it; p_it = p_it->next) { 00269 DEBUG(5,("open pipes: name %s pnum=%x\n", p_it->name, p_it->pnum)); 00270 } 00271 00272 return chain_p; 00273 }
static void set_incoming_fault | ( | pipes_struct * | p | ) | [static] |
srv_pipe_hnd.c の 375 行で定義されています。
参照先 _input_data::data・pipes_struct::fault_state・pipes_struct::in_data・pipes_struct::name・_input_data::pdu_needed_len・_input_data::pdu_received_len・prs_mem_free()・pipes_struct::vuid.
参照元 process_complete_pdu()・process_incoming_data()・process_request_pdu()・unmarshall_rpc_header().
00376 { 00377 prs_mem_free(&p->in_data.data); 00378 p->in_data.pdu_needed_len = 0; 00379 p->in_data.pdu_received_len = 0; 00380 p->fault_state = True; 00381 DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : vuid = 0x%x\n", 00382 p->name, p->vuid )); 00383 }
static ssize_t fill_rpc_header | ( | pipes_struct * | p, | |
char * | data, | |||
size_t | data_to_copy | |||
) | [static] |
srv_pipe_hnd.c の 389 行で定義されています。
参照先 _input_data::current_in_pdu・pipes_struct::in_data・_input_data::pdu_received_len.
00390 { 00391 size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len); 00392 00393 DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n", 00394 (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr, 00395 (unsigned int)p->in_data.pdu_received_len )); 00396 00397 memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr); 00398 p->in_data.pdu_received_len += len_needed_to_complete_hdr; 00399 00400 return (ssize_t)len_needed_to_complete_hdr; 00401 }
static ssize_t unmarshall_rpc_header | ( | pipes_struct * | p | ) | [static] |
srv_pipe_hnd.c の 407 行で定義されています。
参照先 _prs_struct::bigendian_data・_input_data::current_in_pdu・_input_data::data・pipes_struct::endian・rpc_hdr_info::flags・rpc_hdr_info::frag_len・pipes_struct::hdr・pipes_struct::in_data・rpc_hdr_info::major・pipes_struct::mem_ctx・rpc_hdr_info::minor・_input_data::pdu_needed_len・_input_data::pdu_received_len・rpc_hdr_info::pkt_type・prs_init()・prs_mem_free()・RPC_REQUEST・set_incoming_fault()・smb_io_rpc_hdr().
00408 { 00409 /* 00410 * Unmarshall the header to determine the needed length. 00411 */ 00412 00413 prs_struct rpc_in; 00414 00415 if(p->in_data.pdu_received_len != RPC_HEADER_LEN) { 00416 DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n")); 00417 set_incoming_fault(p); 00418 return -1; 00419 } 00420 00421 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL); 00422 prs_set_endian_data( &rpc_in, p->endian); 00423 00424 prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0], 00425 p->in_data.pdu_received_len, False); 00426 00427 /* 00428 * Unmarshall the header as this will tell us how much 00429 * data we need to read to get the complete pdu. 00430 * This also sets the endian flag in rpc_in. 00431 */ 00432 00433 if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) { 00434 DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n")); 00435 set_incoming_fault(p); 00436 prs_mem_free(&rpc_in); 00437 return -1; 00438 } 00439 00440 /* 00441 * Validate the RPC header. 00442 */ 00443 00444 if(p->hdr.major != 5 && p->hdr.minor != 0) { 00445 DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n")); 00446 set_incoming_fault(p); 00447 prs_mem_free(&rpc_in); 00448 return -1; 00449 } 00450 00451 /* 00452 * If there's not data in the incoming buffer this should be the start of a new RPC. 00453 */ 00454 00455 if(prs_offset(&p->in_data.data) == 0) { 00456 00457 /* 00458 * AS/U doesn't set FIRST flag in a BIND packet it seems. 00459 */ 00460 00461 if ((p->hdr.pkt_type == RPC_REQUEST) && !(p->hdr.flags & RPC_FLG_FIRST)) { 00462 /* 00463 * Ensure that the FIRST flag is set. If not then we have 00464 * a stream missmatch. 00465 */ 00466 00467 DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n")); 00468 set_incoming_fault(p); 00469 prs_mem_free(&rpc_in); 00470 return -1; 00471 } 00472 00473 /* 00474 * If this is the first PDU then set the endianness 00475 * flag in the pipe. We will need this when parsing all 00476 * data in this RPC. 00477 */ 00478 00479 p->endian = rpc_in.bigendian_data; 00480 00481 DEBUG(5,("unmarshall_rpc_header: using %sendian RPC\n", 00482 p->endian == RPC_LITTLE_ENDIAN ? "little-" : "big-" )); 00483 00484 } else { 00485 00486 /* 00487 * If this is *NOT* the first PDU then check the endianness 00488 * flag in the pipe is the same as that in the PDU. 00489 */ 00490 00491 if (p->endian != rpc_in.bigendian_data) { 00492 DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag (%d) different in next PDU !\n", (int)p->endian)); 00493 set_incoming_fault(p); 00494 prs_mem_free(&rpc_in); 00495 return -1; 00496 } 00497 } 00498 00499 /* 00500 * Ensure that the pdu length is sane. 00501 */ 00502 00503 if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > RPC_MAX_PDU_FRAG_LEN)) { 00504 DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n")); 00505 set_incoming_fault(p); 00506 prs_mem_free(&rpc_in); 00507 return -1; 00508 } 00509 00510 DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type, 00511 (unsigned int)p->hdr.flags )); 00512 00513 p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN; 00514 00515 prs_mem_free(&rpc_in); 00516 00517 return 0; /* No extra data processed. */ 00518 }
static void free_pipe_context | ( | pipes_struct * | p | ) | [static] |
srv_pipe_hnd.c の 525 行で定義されています。
参照先 pipes_struct::fault_state・pipes_struct::mem_ctx・pipes_struct::name・talloc_free_children()・talloc_init()・talloc_total_size().
00526 { 00527 if (p->mem_ctx) { 00528 DEBUG(3,("free_pipe_context: destroying talloc pool of size " 00529 "%lu\n", (unsigned long)talloc_total_size(p->mem_ctx) )); 00530 talloc_free_children(p->mem_ctx); 00531 } else { 00532 p->mem_ctx = talloc_init("pipe %s %p", p->name, p); 00533 if (p->mem_ctx == NULL) { 00534 p->fault_state = True; 00535 } 00536 } 00537 }
static BOOL process_request_pdu | ( | pipes_struct * | p, | |
prs_struct * | rpc_in_p | |||
) | [static] |
srv_pipe_hnd.c の 544 行で定義されています。
参照先 api_pipe_ntlmssp_auth_process()・api_pipe_request()・api_pipe_schannel_process()・pipes_struct::auth・rpc_hdr_info::auth_len・pipe_auth_data::auth_type・_input_data::data・rpc_hdr_info::flags・rpc_hdr_info::frag_len・free_pipe_context()・pipes_struct::hdr・pipes_struct::hdr_req・pipes_struct::in_data・nt_errstr()・PIPE_AUTH_TYPE_NONE・PIPE_AUTH_TYPE_NTLMSSP・PIPE_AUTH_TYPE_SCHANNEL・PIPE_AUTH_TYPE_SPNEGO_NTLMSSP・pipes_struct::pipe_bound・pipe_init_outgoing_data()・set_incoming_fault()・smb_io_rpc_hdr_req()・status.
00545 { 00546 uint32 ss_padding_len = 0; 00547 size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN - 00548 (p->hdr.auth_len ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len; 00549 00550 if(!p->pipe_bound) { 00551 DEBUG(0,("process_request_pdu: rpc request with no bind.\n")); 00552 set_incoming_fault(p); 00553 return False; 00554 } 00555 00556 /* 00557 * Check if we need to do authentication processing. 00558 * This is only done on requests, not binds. 00559 */ 00560 00561 /* 00562 * Read the RPC request header. 00563 */ 00564 00565 if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) { 00566 DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n")); 00567 set_incoming_fault(p); 00568 return False; 00569 } 00570 00571 switch(p->auth.auth_type) { 00572 case PIPE_AUTH_TYPE_NONE: 00573 break; 00574 00575 case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: 00576 case PIPE_AUTH_TYPE_NTLMSSP: 00577 { 00578 NTSTATUS status; 00579 if(!api_pipe_ntlmssp_auth_process(p, rpc_in_p, &ss_padding_len, &status)) { 00580 DEBUG(0,("process_request_pdu: failed to do auth processing.\n")); 00581 DEBUG(0,("process_request_pdu: error was %s.\n", nt_errstr(status) )); 00582 set_incoming_fault(p); 00583 return False; 00584 } 00585 break; 00586 } 00587 00588 case PIPE_AUTH_TYPE_SCHANNEL: 00589 if (!api_pipe_schannel_process(p, rpc_in_p, &ss_padding_len)) { 00590 DEBUG(3,("process_request_pdu: failed to do schannel processing.\n")); 00591 set_incoming_fault(p); 00592 return False; 00593 } 00594 break; 00595 00596 default: 00597 DEBUG(0,("process_request_pdu: unknown auth type %u set.\n", (unsigned int)p->auth.auth_type )); 00598 set_incoming_fault(p); 00599 return False; 00600 } 00601 00602 /* Now we've done the sign/seal we can remove any padding data. */ 00603 if (data_len > ss_padding_len) { 00604 data_len -= ss_padding_len; 00605 } 00606 00607 /* 00608 * Check the data length doesn't go over the 15Mb limit. 00609 * increased after observing a bug in the Windows NT 4.0 SP6a 00610 * spoolsv.exe when the response to a GETPRINTERDRIVER2 RPC 00611 * will not fit in the initial buffer of size 0x1068 --jerry 22/01/2002 00612 */ 00613 00614 if(prs_offset(&p->in_data.data) + data_len > 15*1024*1024) { 00615 DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n", 00616 (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len )); 00617 set_incoming_fault(p); 00618 return False; 00619 } 00620 00621 /* 00622 * Append the data portion into the buffer and return. 00623 */ 00624 00625 if(!prs_append_some_prs_data(&p->in_data.data, rpc_in_p, prs_offset(rpc_in_p), data_len)) { 00626 DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n", 00627 (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) )); 00628 set_incoming_fault(p); 00629 return False; 00630 } 00631 00632 if(p->hdr.flags & RPC_FLG_LAST) { 00633 BOOL ret = False; 00634 /* 00635 * Ok - we finally have a complete RPC stream. 00636 * Call the rpc command to process it. 00637 */ 00638 00639 /* 00640 * Ensure the internal prs buffer size is *exactly* the same 00641 * size as the current offset. 00642 */ 00643 00644 if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data))) { 00645 DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n")); 00646 set_incoming_fault(p); 00647 return False; 00648 } 00649 00650 /* 00651 * Set the parse offset to the start of the data and set the 00652 * prs_struct to UNMARSHALL. 00653 */ 00654 00655 prs_set_offset(&p->in_data.data, 0); 00656 prs_switch_type(&p->in_data.data, UNMARSHALL); 00657 00658 /* 00659 * Process the complete data stream here. 00660 */ 00661 00662 free_pipe_context(p); 00663 00664 if(pipe_init_outgoing_data(p)) { 00665 ret = api_pipe_request(p); 00666 } 00667 00668 free_pipe_context(p); 00669 00670 /* 00671 * We have consumed the whole data stream. Set back to 00672 * marshalling and set the offset back to the start of 00673 * the buffer to re-use it (we could also do a prs_mem_free() 00674 * and then re_init on the next start of PDU. Not sure which 00675 * is best here.... JRA. 00676 */ 00677 00678 prs_switch_type(&p->in_data.data, MARSHALL); 00679 prs_set_offset(&p->in_data.data, 0); 00680 return ret; 00681 } 00682 00683 return True; 00684 }
static void process_complete_pdu | ( | pipes_struct * | p | ) | [static] |
srv_pipe_hnd.c の 691 行で定義されています。
参照先 api_pipe_alter_context()・api_pipe_bind_auth3()・api_pipe_bind_req()・_input_data::current_in_pdu・_input_data::data・pipes_struct::endian・pipes_struct::fault_state・pipes_struct::hdr・pipes_struct::in_data・pipes_struct::mem_ctx・pipes_struct::name・_input_data::pdu_needed_len・_input_data::pdu_received_len・pipe_init_outgoing_data()・pipes_struct::pipe_srv_name・rpc_hdr_info::pkt_type・process_request_pdu()・prs_init()・prs_mem_free()・RPC_ACK・RPC_ALTCONT・RPC_ALTCONTRESP・RPC_AUTH3・RPC_BIND・RPC_BINDACK・RPC_BINDNACK・RPC_CANCEL_ACK・RPC_CL_CANCEL・RPC_CO_CANCEL・RPC_FACK・RPC_FAULT・RPC_NOCALL・RPC_ORPHANED・RPC_PING・RPC_REJECT・RPC_REQUEST・RPC_RESPONSE・RPC_SHUTDOWN・RPC_WORKING・set_incoming_fault()・setup_cancel_ack_reply()・setup_fault_pdu().
00692 { 00693 prs_struct rpc_in; 00694 size_t data_len = p->in_data.pdu_received_len - RPC_HEADER_LEN; 00695 char *data_p = (char *)&p->in_data.current_in_pdu[RPC_HEADER_LEN]; 00696 BOOL reply = False; 00697 00698 if(p->fault_state) { 00699 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n", 00700 p->name )); 00701 set_incoming_fault(p); 00702 setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR)); 00703 return; 00704 } 00705 00706 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL); 00707 00708 /* 00709 * Ensure we're using the corrent endianness for both the 00710 * RPC header flags and the raw data we will be reading from. 00711 */ 00712 00713 prs_set_endian_data( &rpc_in, p->endian); 00714 prs_set_endian_data( &p->in_data.data, p->endian); 00715 00716 prs_give_memory( &rpc_in, data_p, (uint32)data_len, False); 00717 00718 DEBUG(10,("process_complete_pdu: processing packet type %u\n", 00719 (unsigned int)p->hdr.pkt_type )); 00720 00721 switch (p->hdr.pkt_type) { 00722 case RPC_REQUEST: 00723 reply = process_request_pdu(p, &rpc_in); 00724 break; 00725 00726 case RPC_PING: /* CL request - ignore... */ 00727 DEBUG(0,("process_complete_pdu: Error. Connectionless packet type %u received on pipe %s.\n", 00728 (unsigned int)p->hdr.pkt_type, p->name)); 00729 break; 00730 00731 case RPC_RESPONSE: /* No responses here. */ 00732 DEBUG(0,("process_complete_pdu: Error. RPC_RESPONSE received from client on pipe %s.\n", 00733 p->name )); 00734 break; 00735 00736 case RPC_FAULT: 00737 case RPC_WORKING: /* CL request - reply to a ping when a call in process. */ 00738 case RPC_NOCALL: /* CL - server reply to a ping call. */ 00739 case RPC_REJECT: 00740 case RPC_ACK: 00741 case RPC_CL_CANCEL: 00742 case RPC_FACK: 00743 case RPC_CANCEL_ACK: 00744 DEBUG(0,("process_complete_pdu: Error. Connectionless packet type %u received on pipe %s.\n", 00745 (unsigned int)p->hdr.pkt_type, p->name)); 00746 break; 00747 00748 case RPC_BIND: 00749 /* 00750 * We assume that a pipe bind is only in one pdu. 00751 */ 00752 if(pipe_init_outgoing_data(p)) { 00753 reply = api_pipe_bind_req(p, &rpc_in); 00754 } 00755 break; 00756 00757 case RPC_BINDACK: 00758 case RPC_BINDNACK: 00759 DEBUG(0,("process_complete_pdu: Error. RPC_BINDACK/RPC_BINDNACK packet type %u received on pipe %s.\n", 00760 (unsigned int)p->hdr.pkt_type, p->name)); 00761 break; 00762 00763 00764 case RPC_ALTCONT: 00765 /* 00766 * We assume that a pipe bind is only in one pdu. 00767 */ 00768 if(pipe_init_outgoing_data(p)) { 00769 reply = api_pipe_alter_context(p, &rpc_in); 00770 } 00771 break; 00772 00773 case RPC_ALTCONTRESP: 00774 DEBUG(0,("process_complete_pdu: Error. RPC_ALTCONTRESP on pipe %s: Should only be server -> client.\n", 00775 p->name)); 00776 break; 00777 00778 case RPC_AUTH3: 00779 /* 00780 * The third packet in an NTLMSSP auth exchange. 00781 */ 00782 if(pipe_init_outgoing_data(p)) { 00783 reply = api_pipe_bind_auth3(p, &rpc_in); 00784 } 00785 break; 00786 00787 case RPC_SHUTDOWN: 00788 DEBUG(0,("process_complete_pdu: Error. RPC_SHUTDOWN on pipe %s: Should only be server -> client.\n", 00789 p->name)); 00790 break; 00791 00792 case RPC_CO_CANCEL: 00793 /* For now just free all client data and continue processing. */ 00794 DEBUG(3,("process_complete_pdu: RPC_ORPHANED. Abandoning rpc call.\n")); 00795 /* As we never do asynchronous RPC serving, we can never cancel a 00796 call (as far as I know). If we ever did we'd have to send a cancel_ack 00797 reply. For now, just free all client data and continue processing. */ 00798 reply = True; 00799 break; 00800 #if 0 00801 /* Enable this if we're doing async rpc. */ 00802 /* We must check the call-id matches the outstanding callid. */ 00803 if(pipe_init_outgoing_data(p)) { 00804 /* Send a cancel_ack PDU reply. */ 00805 /* We should probably check the auth-verifier here. */ 00806 reply = setup_cancel_ack_reply(p, &rpc_in); 00807 } 00808 break; 00809 #endif 00810 00811 case RPC_ORPHANED: 00812 /* We should probably check the auth-verifier here. 00813 For now just free all client data and continue processing. */ 00814 DEBUG(3,("process_complete_pdu: RPC_ORPHANED. Abandoning rpc call.\n")); 00815 reply = True; 00816 break; 00817 00818 default: 00819 DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type )); 00820 break; 00821 } 00822 00823 /* Reset to little endian. Probably don't need this but it won't hurt. */ 00824 prs_set_endian_data( &p->in_data.data, RPC_LITTLE_ENDIAN); 00825 00826 if (!reply) { 00827 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name)); 00828 set_incoming_fault(p); 00829 setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR)); 00830 prs_mem_free(&rpc_in); 00831 } else { 00832 /* 00833 * Reset the lengths. We're ready for a new pdu. 00834 */ 00835 p->in_data.pdu_needed_len = 0; 00836 p->in_data.pdu_received_len = 0; 00837 } 00838 00839 prs_mem_free(&rpc_in); 00840 }
static ssize_t process_incoming_data | ( | pipes_struct * | p, | |
char * | data, | |||
size_t | n | |||
) | [static] |
srv_pipe_hnd.c の 846 行で定義されています。
参照先 _input_data::current_in_pdu・fill_rpc_header()・pipes_struct::in_data・_input_data::pdu_needed_len・_input_data::pdu_received_len・process_complete_pdu()・set_incoming_fault()・unmarshall_rpc_header().
00847 { 00848 size_t data_to_copy = MIN(n, RPC_MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len); 00849 00850 DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n", 00851 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len, 00852 (unsigned int)n )); 00853 00854 if(data_to_copy == 0) { 00855 /* 00856 * This is an error - data is being received and there is no 00857 * space in the PDU. Free the received data and go into the fault state. 00858 */ 00859 DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \ 00860 incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n )); 00861 set_incoming_fault(p); 00862 return -1; 00863 } 00864 00865 /* 00866 * If we have no data already, wait until we get at least a RPC_HEADER_LEN 00867 * number of bytes before we can do anything. 00868 */ 00869 00870 if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) { 00871 /* 00872 * Always return here. If we have more data then the RPC_HEADER 00873 * will be processed the next time around the loop. 00874 */ 00875 return fill_rpc_header(p, data, data_to_copy); 00876 } 00877 00878 /* 00879 * At this point we know we have at least an RPC_HEADER_LEN amount of data 00880 * stored in current_in_pdu. 00881 */ 00882 00883 /* 00884 * If pdu_needed_len is zero this is a new pdu. 00885 * Unmarshall the header so we know how much more 00886 * data we need, then loop again. 00887 */ 00888 00889 if(p->in_data.pdu_needed_len == 0) { 00890 ssize_t rret = unmarshall_rpc_header(p); 00891 if (rret == -1 || p->in_data.pdu_needed_len > 0) { 00892 return rret; 00893 } 00894 /* If rret == 0 and pdu_needed_len == 0 here we have a PDU that consists 00895 of an RPC_HEADER only. This is a RPC_SHUTDOWN, RPC_CO_CANCEL or RPC_ORPHANED 00896 pdu type. Deal with this in process_complete_pdu(). */ 00897 } 00898 00899 /* 00900 * Ok - at this point we have a valid RPC_HEADER in p->hdr. 00901 * Keep reading until we have a full pdu. 00902 */ 00903 00904 data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len); 00905 00906 /* 00907 * Copy as much of the data as we need into the current_in_pdu buffer. 00908 * pdu_needed_len becomes zero when we have a complete pdu. 00909 */ 00910 00911 memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy); 00912 p->in_data.pdu_received_len += data_to_copy; 00913 p->in_data.pdu_needed_len -= data_to_copy; 00914 00915 /* 00916 * Do we have a complete PDU ? 00917 * (return the number of bytes handled in the call) 00918 */ 00919 00920 if(p->in_data.pdu_needed_len == 0) { 00921 process_complete_pdu(p); 00922 return data_to_copy; 00923 } 00924 00925 DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n", 00926 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len )); 00927 00928 return (ssize_t)data_to_copy; 00929 }
ssize_t write_to_pipe | ( | smb_np_struct * | p, | |
char * | data, | |||
size_t | n | |||
) |
srv_pipe_hnd.c の 935 行で定義されています。
参照先 dump_data()・smb_np_struct::name・smb_np_struct::namedpipe_write・smb_np_struct::np_state・smb_np_struct::open・smb_np_struct::pnum.
参照元 api_fd_reply()・reply_pipe_write()・reply_pipe_write_and_X().
00936 { 00937 DEBUG(6,("write_to_pipe: %x", p->pnum)); 00938 00939 DEBUG(6,(" name: %s open: %s len: %d\n", 00940 p->name, BOOLSTR(p->open), (int)n)); 00941 00942 dump_data(50, data, n); 00943 00944 return p->namedpipe_write(p->np_state, data, n); 00945 }
ssize_t read_from_pipe | ( | smb_np_struct * | p, | |
char * | data, | |||
size_t | n, | |||
BOOL * | is_data_outstanding | |||
) |
srv_pipe_hnd.c の 987 行で定義されています。
参照先 smb_np_struct::namedpipe_read・smb_np_struct::np_state・smb_np_struct::open・smb_np_struct::pnum.
参照元 api_rpc_trans_reply()・reply_pipe_read_and_X().
00989 { 00990 if (!p || !p->open) { 00991 DEBUG(0,("read_from_pipe: pipe not open\n")); 00992 return -1; 00993 } 00994 00995 DEBUG(6,("read_from_pipe: %x", p->pnum)); 00996 00997 return p->namedpipe_read(p->np_state, data, n, is_data_outstanding); 00998 }
BOOL wait_rpc_pipe_hnd_state | ( | smb_np_struct * | p, | |
uint16 | priority | |||
) |
srv_pipe_hnd.c の 1105 行で定義されています。
参照先 smb_np_struct::name・smb_np_struct::open・smb_np_struct::priority.
参照元 api_WNPHS().
01106 { 01107 if (p == NULL) { 01108 return False; 01109 } 01110 01111 if (p->open) { 01112 DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n", 01113 priority, p->name)); 01114 01115 p->priority = priority; 01116 01117 return True; 01118 } 01119 01120 DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n", 01121 priority, p->name)); 01122 return False; 01123 }
BOOL set_rpc_pipe_hnd_state | ( | smb_np_struct * | p, | |
uint16 | device_state | |||
) |
srv_pipe_hnd.c の 1130 行で定義されています。
参照先 smb_np_struct::device_state・smb_np_struct::name・smb_np_struct::open.
参照元 api_SNPHS().
01131 { 01132 if (p == NULL) { 01133 return False; 01134 } 01135 01136 if (p->open) { 01137 DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n", 01138 device_state, p->name)); 01139 01140 p->device_state = device_state; 01141 01142 return True; 01143 } 01144 01145 DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n", 01146 device_state, p->name)); 01147 return False; 01148 }
BOOL close_rpc_pipe_hnd | ( | smb_np_struct * | p | ) |
srv_pipe_hnd.c の 1155 行で定義されています。
参照先 bitmap_clear()・bmap・delete_pipe_opendb()・smb_np_struct::name・smb_np_struct::namedpipe_close・smb_np_struct::np_state・pipe_handle_offset・Pipes・pipes_open・smb_np_struct::pnum.
参照元 pipe_close_conn()・reply_pipe_close().
01156 { 01157 if (!p) { 01158 DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n")); 01159 return False; 01160 } 01161 01162 p->namedpipe_close(p->np_state); 01163 01164 bitmap_clear(bmap, p->pnum - pipe_handle_offset); 01165 01166 pipes_open--; 01167 01168 DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n", 01169 p->name, p->pnum, pipes_open)); 01170 01171 DLIST_REMOVE(Pipes, p); 01172 01173 /* Remove from pipe open db */ 01174 01175 if ( !delete_pipe_opendb( p ) ) { 01176 DEBUG(3,("close_rpc_pipe_hnd: failed to delete %s " 01177 "pipe from open db.\n", p->name)); 01178 } 01179 01180 ZERO_STRUCTP(p); 01181 01182 SAFE_FREE(p); 01183 01184 return True; 01185 }
void pipe_close_conn | ( | connection_struct * | conn | ) |
srv_pipe_hnd.c の 1191 行で定義されています。
参照先 close_rpc_pipe_hnd()・smb_np_struct::conn・smb_np_struct::next・Pipes.
参照元 close_cnum().
01192 { 01193 smb_np_struct *p, *next; 01194 01195 for (p=Pipes;p;p=next) { 01196 next = p->next; 01197 if (p->conn == conn) { 01198 close_rpc_pipe_hnd(p); 01199 } 01200 } 01201 }
smb_np_struct* get_rpc_pipe_p | ( | char * | buf, | |
int | where | |||
) |
srv_pipe_hnd.c の 1252 行で定義されています。
参照先 chain_p・get_rpc_pipe().
参照元 reply_pipe_close()・reply_pipe_read_and_X()・reply_pipe_write()・reply_pipe_write_and_X().
01253 { 01254 int pnum = SVAL(buf,where); 01255 01256 if (chain_p) { 01257 return chain_p; 01258 } 01259 01260 return get_rpc_pipe(pnum); 01261 }
smb_np_struct* get_rpc_pipe | ( | int | pnum | ) |
srv_pipe_hnd.c の 1267 行で定義されています。
参照先 chain_p・smb_np_struct::name・smb_np_struct::next・Pipes・pipes_open・smb_np_struct::pnum.
参照元 api_fd_reply()・get_rpc_pipe_p().
01268 { 01269 smb_np_struct *p; 01270 01271 DEBUG(4,("search for pipe pnum=%x\n", pnum)); 01272 01273 for (p=Pipes;p;p=p->next) { 01274 DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n", 01275 p->name, p->pnum, pipes_open)); 01276 } 01277 01278 for (p=Pipes;p;p=p->next) { 01279 if (p->pnum == pnum) { 01280 chain_p = p; 01281 return p; 01282 } 01283 } 01284 01285 return NULL; 01286 }
smb_np_struct* chain_p [static] |
srv_pipe_hnd.c の 31 行で定義されています。
参照元 get_rpc_pipe()・get_rpc_pipe_p()・open_rpc_pipe_p()・reset_chain_p().
int pipes_open [static] |
srv_pipe_hnd.c の 32 行で定義されています。
参照元 close_rpc_pipe_hnd()・get_rpc_pipe()・make_internal_rpc_pipe_p()・open_rpc_pipe_p().
int current_spoolss_pipes_open [static] |
smb_np_struct* Pipes [static] |
srv_pipe_hnd.c の 51 行で定義されています。
参照元 close_rpc_pipe_hnd()・get_first_pipe()・get_rpc_pipe()・open_rpc_pipe_p()・pipe_close_conn().
pipes_struct* InternalPipes [static] |
srv_pipe_hnd.c の 53 行で定義されています。
参照元 close_rpc_pipe_hnd()・conn_free()・conn_init()・conn_new()・init_rpc_pipe_hnd()・open_rpc_pipe_p().
int pipe_handle_offset [static] |
srv_pipe_hnd.c の 101 行で定義されています。
参照元 close_rpc_pipe_hnd()・open_rpc_pipe_p()・set_pipe_handle_offset().