diff options
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-06-09 19:46:07 +1200 |
|---|---|---|
| committer | Douglas Bagnall <dbagnall@samba.org> | 2022-07-28 23:41:27 +0000 |
| commit | 15c86028a861139cee4560fe093c965ffc30eb13 (patch) | |
| tree | 6d7e179adf1d03d40fc7b8ec7d54b60da1da8acb /source4/rpc_server | |
| parent | 6b76bc7339addb14884c2d6ddb20c559c7fbe07d (diff) | |
| download | samba-15c86028a861139cee4560fe093c965ffc30eb13.tar.gz | |
CVE-2022-32743 s4:rpc_server/netlogon: Reconnect to samdb as workstation account
This ensures that the database update can be attributed to the
workstation account, rather than to the anonymous SID, in the audit
logs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Jul 28 23:41:27 UTC 2022 on sn-devel-184
Diffstat (limited to 'source4/rpc_server')
| -rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 15cd27b16f0..12ad78036d0 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -2422,6 +2422,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal struct ldb_dn *workstation_dn; struct netr_DomainInformation *domain_info; struct netr_LsaPolicyInformation *lsa_policy_info; + struct auth_session_info *workstation_session_info = NULL; uint32_t default_supported_enc_types = 0xFFFFFFFF; bool update_dns_hostname = true; int ret, i; @@ -2468,6 +2469,33 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal dom_sid_string(mem_ctx, creds->sid)); NT_STATUS_HAVE_NO_MEMORY(workstation_dn); + /* Get the workstation's session info from the database. */ + status = authsam_get_session_info_principal(mem_ctx, + dce_call->conn->dce_ctx->lp_ctx, + sam_ctx, + NULL, /* principal */ + workstation_dn, + 0, /* session_info_flags */ + &workstation_session_info); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + /* + * Reconnect to samdb as the workstation, now that we have its + * session info. We do this so the database update can be + * attributed to the workstation account in the audit logs -- + * otherwise it might be incorrectly attributed to + * SID_NT_ANONYMOUS. + */ + sam_ctx = dcesrv_samdb_connect_session_info(mem_ctx, + dce_call, + workstation_session_info, + workstation_session_info); + if (sam_ctx == NULL) { + return NT_STATUS_INVALID_SYSTEM_SERVICE; + } + /* Lookup for attributes in workstation object */ ret = gendb_search_dn(sam_ctx, mem_ctx, workstation_dn, &res1, attrs2); |