From fec25c3a627bfbb14cf0aaf8773f54e0e5017517 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 3 Aug 2011 09:33:29 +1000
Subject: ntlmssp: Add ntlmssp_blob_matches_magic()

This avoids having the same check in 3 different parts of the code

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Aug  3 12:45:04 CEST 2011 on sn-devel-104
---
 libcli/auth/ntlmssp.c          | 10 ++++++++++
 libcli/auth/ntlmssp.h          |  2 ++
 source3/smbd/sesssetup.c       |  2 +-
 source3/smbd/smb2_sesssetup.c  |  2 +-
 source4/auth/ntlmssp/ntlmssp.c |  2 +-
 5 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/libcli/auth/ntlmssp.c b/libcli/auth/ntlmssp.c
index b7f14c153cc..4817329314a 100644
--- a/libcli/auth/ntlmssp.c
+++ b/libcli/auth/ntlmssp.c
@@ -132,3 +132,13 @@ void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
 		ntlmssp_state->neg_flags |= NTLMSSP_REQUEST_TARGET;
 	}
 }
+
+/* Does this blob looks like it could be NTLMSSP? */
+bool ntlmssp_blob_matches_magic(const DATA_BLOB *blob)
+{
+	if (blob->length > 8 && memcmp("NTLMSSP\0", blob->data, 8) == 0) {
+		return true;
+	} else {
+		return false;
+	}
+}
diff --git a/libcli/auth/ntlmssp.h b/libcli/auth/ntlmssp.h
index 495d94f6a03..cf8bb8dd301 100644
--- a/libcli/auth/ntlmssp.h
+++ b/libcli/auth/ntlmssp.h
@@ -169,3 +169,5 @@ NTSTATUS ntlmssp_unwrap(struct ntlmssp_state *ntlmssp_stae,
 			const DATA_BLOB *in,
 			DATA_BLOB *out);
 NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state);
+
+bool ntlmssp_blob_matches_magic(const DATA_BLOB *blob);
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 8b133b4a541..6dc8609071d 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -1140,7 +1140,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 	 * identical regardless.  In particular, both rely only on the
 	 * status code (not the contents of the packet) and do not
 	 * wrap the result */
-	if (sconn->use_gensec_hook || (blob1.length > 7 && strncmp((char *)(blob1.data), "NTLMSSP", 7) == 0)) {
+	if (sconn->use_gensec_hook || ntlmssp_blob_matches_magic(&blob1)) {
 		DATA_BLOB chal;
 
 		if (!vuser->auth_ntlmssp_state) {
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 6517fb6d004..30e65c21371 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -753,7 +753,7 @@ static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req,
 	 * status code (not the contents of the packet) and do not
 	 * wrap the result */
 	if (session->sconn->use_gensec_hook
-	    || (in_security_buffer.length > 7 && strncmp((char *)(in_security_buffer.data), "NTLMSSP", 7) == 0)) {
+	    || ntlmssp_blob_matches_magic(&in_security_buffer)) {
 		return smbd_smb2_raw_ntlmssp_auth(session,
 						smb2req,
 						in_security_mode,
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c
index a53e5547ab2..d90c908d8d6 100644
--- a/source4/auth/ntlmssp/ntlmssp.c
+++ b/source4/auth/ntlmssp/ntlmssp.c
@@ -63,7 +63,7 @@ static const struct ntlmssp_callbacks {
 static NTSTATUS gensec_ntlmssp_magic(struct gensec_security *gensec_security, 
 				     const DATA_BLOB *first_packet) 
 {
-	if (first_packet->length > 8 && memcmp("NTLMSSP\0", first_packet->data, 8) == 0) {
+	if (ntlmssp_blob_matches_magic(first_packet)) {
 		return NT_STATUS_OK;
 	} else {
 		return NT_STATUS_INVALID_PARAMETER;
-- 
cgit v1.2.1