CVE-2021-3738 s4:rpc_server/lsa: make use of dcesrv_samdb_connect_as_user() helper

This avoids a crash that's triggered by windows clients using
handles from OpenPolicy[2]() on across multiple connections within
an association group.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14468

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c
index f33b61c40357d7ce642436666e726c90f40902d9..400c5093079252a6b95be17a322f9b63776b3c98 100644 (file)
--- a/source4/rpc_server/lsa/lsa_init.c
+++ b/source4/rpc_server/lsa/lsa_init.c
@@ -71,12 +71,7 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call,
        }
 
        /* make sure the sam database is accessible */
-       state->sam_ldb = samdb_connect(state,
-                                      dce_call->event_ctx,
-                                      dce_call->conn->dce_ctx->lp_ctx,
-                                      session_info,
-                                      dce_call->conn->remote_address,
-                                      0);
+       state->sam_ldb = dcesrv_samdb_connect_as_user(state, dce_call);
        if (state->sam_ldb == NULL) {
                return NT_STATUS_INVALID_SYSTEM_SERVICE;
        }