From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 5 Aug 2021 12:22:47 +0000 (+0200)
Subject: CVE-2021-3738 s4:rpc_server/dnsserver: make use of dcesrv_samdb_connect_as_user(... 
X-Git-Tag: samba-4.13.14~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=caf3d32f68f91ea83c7f601577dd1f7c98f030e5;p=thirdparty%2Fsamba.git

CVE-2021-3738 s4:rpc_server/dnsserver: make use of dcesrv_samdb_connect_as_user() helper

This is not strictly required, but it makes it easier to audit that
source4/rpc_server no longer calls samdb_connect() directly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14468

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
index 88efc01f154..b84b737d0b8 100644
--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
@@ -22,6 +22,7 @@
 #include "includes.h"
 #include "talloc.h"
 #include "rpc_server/dcerpc_server.h"
+#include "rpc_server/common/common.h"
 #include "dsdb/samdb/samdb.h"
 #include "lib/util/dlinklist.h"
 #include "librpc/gen_ndr/ndr_dnsserver.h"
@@ -104,8 +105,6 @@ static void dnsserver_reload_zones(struct dnsserver_state *dsstate)
 
 static struct dnsserver_state *dnsserver_connect(struct dcesrv_call_state *dce_call)
 {
-	struct auth_session_info *session_info =
-		dcesrv_call_session_info(dce_call);
 	struct dnsserver_state *dsstate;
 	struct dnsserver_zone *zones, *z, *znext;
 	struct dnsserver_partition *partitions, *p;
@@ -125,13 +124,7 @@ static struct dnsserver_state *dnsserver_connect(struct dcesrv_call_state *dce_c
 
 	dsstate->lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
 
-	/* FIXME: create correct auth_session_info for connecting user */
-	dsstate->samdb = samdb_connect(dsstate,
-				       dce_call->event_ctx,
-				       dsstate->lp_ctx,
-				       session_info,
-				       dce_call->conn->remote_address,
-				       0);
+	dsstate->samdb = dcesrv_samdb_connect_as_user(dsstate, dce_call);
 	if (dsstate->samdb == NULL) {
 		DEBUG(0,("dnsserver: Failed to open samdb"));
 		goto failed;