From a8eec313549905724a8186a1a4c14480658e2967 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 6 Jan 2006 21:04:32 +0000
Subject: r12746: An initial version of the kludge_acls module.

This should be replaced with real ACLs, which tridge is working on.
In the meantime, the rules are very simple:

- SYSTEM and Administrators can read all.

- Users and anonymous cannot read passwords, can read everything else

- list of 'password' attributes is hard-coded

Most of the difficult work in this was fighting with the C/js
interface to add a system_session() all, as it still doesn't get on
with me :-)

Andrew Bartlett
(This used to be commit be9d0cae8989429ef47a713d8f0a82f12966fc78)
---
 source4/setup/provision | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source4/setup/provision')

diff --git a/source4/setup/provision b/source4/setup/provision
index 51e62016a8..6974afeec9 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -114,10 +114,10 @@ if (!provision_validate(subobj, message)) {
 }
 
 var creds = options.get_credentials();
+var system_session = system_session();
 
 message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
 message("Using administrator password: %s\n", subobj.ADMINPASS);
-message("Credentials: %s\n", creds);
-provision(subobj, message, blank, provision_default_paths(subobj), NULL, creds);
+provision(subobj, message, blank, provision_default_paths(subobj), system_session, creds);
 message("All OK\n");
 return 0;
-- 
cgit