From 79d62d83e23fe5969cb432262ab9addad59a3b8d Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 5 Aug 2021 14:24:25 +0200
Subject: [PATCH] CVE-2021-3738 s4:rpc_server/lsa: make use of
 dcesrv_samdb_connect_as_user() helper

This avoids a crash that's triggered by windows clients using
handles from OpenPolicy[2]() on across multiple connections within
an association group.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14468

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/rpc_server/lsa/lsa_init.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c
index f33b61c4035..400c5093079 100644
--- a/source4/rpc_server/lsa/lsa_init.c
+++ b/source4/rpc_server/lsa/lsa_init.c
@@ -71,12 +71,7 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call,
 	}
 
 	/* make sure the sam database is accessible */
-	state->sam_ldb = samdb_connect(state,
-				       dce_call->event_ctx,
-				       dce_call->conn->dce_ctx->lp_ctx,
-				       session_info,
-				       dce_call->conn->remote_address,
-				       0);
+	state->sam_ldb = dcesrv_samdb_connect_as_user(state, dce_call);
 	if (state->sam_ldb == NULL) {
 		return NT_STATUS_INVALID_SYSTEM_SERVICE;
 	}
-- 
2.47.2