+/****************************************************************************
+receive a SMB request header from the wire, forming a request_context
+from the result
+****************************************************************************/
+NTSTATUS smbsrv_recv_smb_request(void *private_data, DATA_BLOB blob)
+{
+ struct smbsrv_connection *smb_conn = talloc_get_type(private_data, struct smbsrv_connection);
+ struct smbsrv_request *req;
+ struct timeval cur_time = timeval_current();
+ uint8_t command;
+
+ smb_conn->statistics.last_request_time = cur_time;
+
+ /* see if its a special NBT packet */
+ if (CVAL(blob.data, 0) != 0) {
+ req = smbsrv_init_request(smb_conn);
+ NT_STATUS_HAVE_NO_MEMORY(req);
+
+ ZERO_STRUCT(req->in);
+
+ req->in.buffer = talloc_steal(req, blob.data);
+ req->in.size = blob.length;
+ req->request_time = cur_time;
+
+ smbsrv_reply_special(req);
+ return NT_STATUS_OK;
+ }
+
+ if ((NBT_HDR_SIZE + MIN_SMB_SIZE) > blob.length) {
+ DEBUG(2,("Invalid SMB packet: length %ld\n", (long)blob.length));
+ smbsrv_terminate_connection(smb_conn, "Invalid SMB packet");
+ return NT_STATUS_OK;
+ }
+
+ /* Make sure this is an SMB packet */
+ if (IVAL(blob.data, NBT_HDR_SIZE) != SMB_MAGIC) {
+ DEBUG(2,("Non-SMB packet of length %ld. Terminating connection\n",
+ (long)blob.length));
+ smbsrv_terminate_connection(smb_conn, "Non-SMB packet");
+ return NT_STATUS_OK;
+ }
+
+ req = smbsrv_init_request(smb_conn);
+ NT_STATUS_HAVE_NO_MEMORY(req);
+
+ req->in.buffer = talloc_steal(req, blob.data);
+ req->in.size = blob.length;
+ req->request_time = cur_time;
+ req->chained_fnum = -1;
+ req->in.allocated = req->in.size;
+ req->in.hdr = req->in.buffer + NBT_HDR_SIZE;
+ req->in.vwv = req->in.hdr + HDR_VWV;
+ req->in.wct = CVAL(req->in.hdr, HDR_WCT);
+
+ command = CVAL(req->in.hdr, HDR_COM);
+
+ if (req->in.vwv + VWV(req->in.wct) <= req->in.buffer + req->in.size) {
+ req->in.data = req->in.vwv + VWV(req->in.wct) + 2;
+ req->in.data_size = SVAL(req->in.vwv, VWV(req->in.wct));
+
+ /* special handling for oversize calls. Windows seems
+ to take the maximum of the BCC value and the
+ computed buffer size. This handles oversized writeX
+ calls, and possibly oversized SMBtrans calls */
+ if ((message_flags(command) & LARGE_REQUEST) &&
+ ( !(message_flags(command) & AND_X) ||
+ (req->in.wct < 1 || SVAL(req->in.vwv, VWV(0)) == SMB_CHAIN_NONE)) &&
+ req->in.data_size < req->in.size - PTR_DIFF(req->in.data,req->in.buffer)) {
+ req->in.data_size = req->in.size - PTR_DIFF(req->in.data,req->in.buffer);
+ }
+ }
+
+ if (NBT_HDR_SIZE + MIN_SMB_SIZE + 2*req->in.wct > req->in.size) {
+ DEBUG(2,("Invalid SMB word count %d\n", req->in.wct));
+ smbsrv_terminate_connection(req->smb_conn, "Invalid SMB packet");
+ return NT_STATUS_OK;
+ }
+
+ if (NBT_HDR_SIZE + MIN_SMB_SIZE + 2*req->in.wct + req->in.data_size > req->in.size) {
+ DEBUG(2,("Invalid SMB buffer length count %d\n",
+ (int)req->in.data_size));
+ smbsrv_terminate_connection(req->smb_conn, "Invalid SMB packet");
+ return NT_STATUS_OK;
+ }
+
+ req->flags2 = SVAL(req->in.hdr, HDR_FLG2);
+
+ /* fix the bufinfo */
+ smbsrv_setup_bufinfo(req);
+
+ if (!smbsrv_signing_check_incoming(req)) {
+ smbsrv_send_error(req, NT_STATUS_ACCESS_DENIED);
+ return NT_STATUS_OK;
+ }
+
+ command = CVAL(req->in.hdr, HDR_COM);
+ switch_message(command, req);
+ return NT_STATUS_OK;
+}
+