The branch, master has been updated
via bf7fbf7e2b6 s3-net: no secrets access required when processing a
ODJ provisioning
from 0bfdefffc8b s3:include: Fix code spelling
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit bf7fbf7e2b675145e25ce7bffc29abbf44c35540
Author: Günther Deschner <g...@samba.org>
Date: Tue Jun 6 11:14:01 2023 +0200
s3-net: no secrets access required when processing a ODJ provisioning
It should be possible to call "net offlinejoin provision" as non-root,
no access to secrets.tdb required in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15414
Guenther
Signed-off-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Autobuild-User(master): Günther Deschner <g...@samba.org>
Autobuild-Date(master): Wed Jul 5 09:23:22 UTC 2023 on atb-devel-224
-----------------------------------------------------------------------
Summary of changes:
source3/libnet/libnet_join.c | 8 ++++++++
1 file changed, 8 insertions(+)
Changeset truncated at 500 lines:
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 3bff7ec1412..b60eb112d0a 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -2369,6 +2369,14 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX
*mem_ctx,
r->in.admin_account = admin_account;
}
+ if (r->in.provision_computer_account_only) {
+ /*
+ * When in the "provision_computer_account_only" path we do not
+ * need to have access to secrets.tdb at all - gd
+ */
+ return WERR_OK;
+ }
+
if (!secrets_init()) {
libnet_join_set_error_string(mem_ctx, r,
"Unable to open secrets database");
--
Samba Shared Repository
