diff options
author | Stefan Metzmacher <metze@samba.org> | 2022-12-12 14:03:50 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2022-12-13 21:37:58 +0100 |
commit | 9669a41693b8da410cf57e21f2de7c7e6e4c4235 (patch) | |
tree | 93a713c877c92d648236dc90c576ef92e7fb1a06 | |
parent | de121d6c613c6e83e49f2622391d1705077646a4 (diff) | |
download | samba-9669a41693b8da410cf57e21f2de7c7e6e4c4235.tar.gz |
CVE-2022-38023 s4:rpc_server/netlogon: add a lp_ctx variable to dcesrv_netr_creds_server_step_check()
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 7baabbe9819cd5a2714e7ea4e57a0c23062c0150)
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 010c3e13677..b85d2253d3c 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -633,8 +633,9 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc struct netr_Authenticator *return_authenticator, struct netlogon_creds_CredentialState **creds_out) { + struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx; NTSTATUS nt_status; - int schannel = lpcfg_server_schannel(dce_call->conn->dce_ctx->lp_ctx); + int schannel = lpcfg_server_schannel(lp_ctx); bool schannel_global_required = (schannel == true); bool schannel_required = schannel_global_required; const char *explicit_opt = NULL; @@ -650,7 +651,7 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc dcesrv_call_auth_info(dce_call, &auth_type, NULL); nt_status = schannel_check_creds_state(mem_ctx, - dce_call->conn->dce_ctx->lp_ctx, + lp_ctx, computer_name, received_authenticator, return_authenticator, @@ -665,7 +666,7 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc * need the explicit_opt pointer in order to * adjust the debug messages. */ - explicit_opt = lpcfg_get_parametric(dce_call->conn->dce_ctx->lp_ctx, + explicit_opt = lpcfg_get_parametric(lp_ctx, NULL, "server require schannel", creds->account_name); |