sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-03 01:18:10 +03:00
Code

s3-net: no secrets access required when processing a ODJ provisioning

Browse Source 
It should be possible to call "net offlinejoin provision" as non-root,
no access to secrets.tdb required in that case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15414

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jul  5 09:23:22 UTC 2023 on atb-devel-224

(cherry picked from commit bf7fbf7e2b)
This commit is contained in:
Günther Deschner 2023-06-06 11:14:01 +02:00 committed by Jule Anger
parent 9100d5ac2e
commit 5ac859e96e
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
source3/libnet/libnet_join.c
View File

@ -2369,6 +2369,14 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx,
r->in.admin_account = admin_account;
}
if (r->in.provision_computer_account_only) {
/*
* When in the "provision_computer_account_only" path we do not
* need to have access to secrets.tdb at all - gd
*/
return WERR_OK;
}
if (!secrets_init()) {
libnet_join_set_error_string(mem_ctx, r,
"Unable to open secrets database");