CVE-2021-3738 s4:rpc_server/lsa: make use of dcesrv_samdb_connect_as_user() helper

This avoids a crash that's triggered by windows clients using handles from OpenPolicy[2]() on across multiple connections within an association group. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14468 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2021-08-05 14:24:25 +0200
committer: Jule Anger <janger@samba.org> 2021-11-08 10:52:13 +0100
commit: 79d62d83e23fe5969cb432262ab9addad59a3b8d (patch)
tree: 2c9b8f4a2c87a8d05c434c0125942113e9becc2b
parent: caf3d32f68f91ea83c7f601577dd1f7c98f030e5 (diff)
download: samba-79d62d83e23fe5969cb432262ab9addad59a3b8d.tar.gz
1 files changed, 1 insertions, 6 deletions
diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c
index f33b61c4035..400c5093079 100644
--- a/source4/rpc_server/lsa/lsa_init.c
+++ b/source4/rpc_server/lsa/lsa_init.c
@@ -71,12 +71,7 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call,
 	}
 
 	/* make sure the sam database is accessible */
-	state->sam_ldb = samdb_connect(state,
-				       dce_call->event_ctx,
-				       dce_call->conn->dce_ctx->lp_ctx,
-				       session_info,
-				       dce_call->conn->remote_address,
-				       0);
+	state->sam_ldb = dcesrv_samdb_connect_as_user(state, dce_call);
 	if (state->sam_ldb == NULL) {
 		return NT_STATUS_INVALID_SYSTEM_SERVICE;
 	}
author	Stefan Metzmacher <metze@samba.org>	2021-08-05 14:24:25 +0200
committer	Jule Anger <janger@samba.org>	2021-11-08 10:52:13 +0100
commit	79d62d83e23fe5969cb432262ab9addad59a3b8d (patch)
tree	2c9b8f4a2c87a8d05c434c0125942113e9becc2b
parent	caf3d32f68f91ea83c7f601577dd1f7c98f030e5 (diff)
download	samba-79d62d83e23fe5969cb432262ab9addad59a3b8d.tar.gz