From: Stefan Metzmacher Date: Mon, 12 Dec 2022 13:03:50 +0000 (+0100) Subject: CVE-2022-38023 s4:rpc_server/netlogon: add a lp_ctx variable to dcesrv_netr_creds_ser... X-Git-Tag: samba-4.15.13~86 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9669a41693b8da410cf57e21f2de7c7e6e4c4235;p=thirdparty%2Fsamba.git CVE-2022-38023 s4:rpc_server/netlogon: add a lp_ctx variable to dcesrv_netr_creds_server_step_check() This will simplify the following changes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett Reviewed-by: Ralph Boehme (cherry picked from commit 7baabbe9819cd5a2714e7ea4e57a0c23062c0150) --- diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 010c3e13677..b85d2253d3c 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -633,8 +633,9 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc struct netr_Authenticator *return_authenticator, struct netlogon_creds_CredentialState **creds_out) { + struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx; NTSTATUS nt_status; - int schannel = lpcfg_server_schannel(dce_call->conn->dce_ctx->lp_ctx); + int schannel = lpcfg_server_schannel(lp_ctx); bool schannel_global_required = (schannel == true); bool schannel_required = schannel_global_required; const char *explicit_opt = NULL; @@ -650,7 +651,7 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc dcesrv_call_auth_info(dce_call, &auth_type, NULL); nt_status = schannel_check_creds_state(mem_ctx, - dce_call->conn->dce_ctx->lp_ctx, + lp_ctx, computer_name, received_authenticator, return_authenticator, @@ -665,7 +666,7 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc * need the explicit_opt pointer in order to * adjust the debug messages. */ - explicit_opt = lpcfg_get_parametric(dce_call->conn->dce_ctx->lp_ctx, + explicit_opt = lpcfg_get_parametric(lp_ctx, NULL, "server require schannel", creds->account_name);