CVE-2022-38023 s3:rpc_server/netlogon: Avoid unnecessary loadparm_context allocations

After s3 and s4 rpc servers merge the loadparm_context is available in
the dcesrv_context structure.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan  9 15:17:14 UTC 2023 on sn-devel-184

(cherry picked from commit 56837f3d3169a02d0d92bd085d9c8250415ce29b)

Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Mon Jan 23 10:01:41 UTC 2023 on sn-devel-184

diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index edf1c1c215c901e3bd28fa363e7eb72f9b9e26c6..e52b08ec6c6d20285a6098539c2088139f04a6fe 100644 (file)
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -859,7 +859,7 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
         * so use a copy to avoid destroying the client values. */
        uint32_t in_neg_flags = *r->in.negotiate_flags;
        const char *fn;
-       struct loadparm_context *lp_ctx;
+       struct loadparm_context *lp_ctx = p->dce_call->conn->dce_ctx->lp_ctx;
        struct dom_sid sid;
        struct samr_Password mach_pwd;
        struct netlogon_creds_CredentialState *creds;
@@ -977,20 +977,11 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
                goto out;
        }
 
-       lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_helpers());
-       if (lp_ctx == NULL) {
-               DEBUG(10, ("loadparm_init_s3 failed\n"));
-               status = NT_STATUS_INTERNAL_ERROR;
-               goto out;
-       }
-
        /* Store off the state so we can continue after client disconnect. */
        become_root();
        status = schannel_save_creds_state(p->mem_ctx, lp_ctx, creds);
        unbecome_root();
 
-       talloc_unlink(p->mem_ctx, lp_ctx);
-
        if (!NT_STATUS_IS_OK(status)) {
                ZERO_STRUCTP(r->out.return_credentials);
                goto out;
@@ -1985,7 +1976,7 @@ NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p,
 {
        NTSTATUS status;
        struct netlogon_creds_CredentialState *creds = NULL;
-       struct loadparm_context *lp_ctx;
+       struct loadparm_context *lp_ctx = p->dce_call->conn->dce_ctx->lp_ctx;
 
        *r->out.authoritative = true;
 
@@ -1994,18 +1985,10 @@ NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p,
                return status;
        }
 
-       lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_helpers());
-       if (lp_ctx == NULL) {
-               DEBUG(0, ("loadparm_init_s3 failed\n"));
-               return NT_STATUS_INTERNAL_ERROR;
-       }
-
        become_root();
        status = schannel_get_creds_state(p->mem_ctx, lp_ctx,
                                          r->in.computer_name, &creds);
        unbecome_root();
-       talloc_unlink(p->mem_ctx, lp_ctx);
-
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }