From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Tue, 10 Aug 2021 23:02:36 +0000 (+0000)
Subject: CVE-2020-25722 s4/cracknames: lookup_spn_alias doesn't need krb5 context
X-Git-Tag: ldb-2.5.0~224
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5a79fca9682fe1962317d100b581de0b7b123153;p=thirdparty%2Fsamba.git

CVE-2020-25722 s4/cracknames: lookup_spn_alias doesn't need krb5 context

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index 0aefaa1e58e..7313a3247c7 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -74,9 +74,9 @@ static WERROR dns_domain_from_principal(TALLOC_CTX *mem_ctx, struct smb_krb5_con
 
 	info1->status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY;
 	return WERR_OK;
-}		
+}
 
-static enum drsuapi_DsNameStatus LDB_lookup_spn_alias(krb5_context context, struct ldb_context *ldb_ctx, 
+static enum drsuapi_DsNameStatus LDB_lookup_spn_alias(struct ldb_context *ldb_ctx,
 						      TALLOC_CTX *mem_ctx,
 						      const char *alias_from,
 						      char **alias_to)
@@ -221,8 +221,7 @@ static WERROR DsCrackNameSPNAlias(struct ldb_context *sam_ctx, TALLOC_CTX *mem_c
 	dns_name = (const char *)component->data;
 
 	/* MAP it */
-	namestatus = LDB_lookup_spn_alias(smb_krb5_context->krb5_context, 
-					  sam_ctx, mem_ctx, 
+	namestatus = LDB_lookup_spn_alias(sam_ctx, mem_ctx,
 					  service, &new_service);
 
 	if (namestatus == DRSUAPI_DS_NAME_STATUS_NOT_FOUND) {