CVE-2022-38023 s4:rpc_server/netlogon: add a lp_ctx variable to dcesrv_netr_creds_ser...

This will simplify the following changes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 7baabbe9819cd5a2714e7ea4e57a0c23062c0150)

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index f63c3981f7499d5d9d874ef6d3abed8475a8b9b1..43dcd7271729b4678b30ba1ac9941da926d69b5b 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -636,8 +636,9 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
                                                    struct netr_Authenticator *return_authenticator,
                                                    struct netlogon_creds_CredentialState **creds_out)
 {
+       struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
        NTSTATUS nt_status;
-       int schannel = lpcfg_server_schannel(dce_call->conn->dce_ctx->lp_ctx);
+       int schannel = lpcfg_server_schannel(lp_ctx);
        bool schannel_global_required = (schannel == true);
        bool schannel_required = schannel_global_required;
        const char *explicit_opt = NULL;
@@ -653,7 +654,7 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
        dcesrv_call_auth_info(dce_call, &auth_type, NULL);
 
        nt_status = schannel_check_creds_state(mem_ctx,
-                                              dce_call->conn->dce_ctx->lp_ctx,
+                                              lp_ctx,
                                               computer_name,
                                               received_authenticator,
                                               return_authenticator,
@@ -668,7 +669,7 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
         * need the explicit_opt pointer in order to
         * adjust the debug messages.
         */
-       explicit_opt = lpcfg_get_parametric(dce_call->conn->dce_ctx->lp_ctx,
+       explicit_opt = lpcfg_get_parametric(lp_ctx,
                                            NULL,
                                            "server require schannel",
                                            creds->account_name);