From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 5 Feb 2025 03:50:28 +0000 (+1300)
Subject: winbindd:migrate_secrets_tdb_to_ldb() handles no client password
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=82120ebf7967584c8f4d55e710d2e4b7b1c32126;p=thirdparty%2Fsamba.git

winbindd:migrate_secrets_tdb_to_ldb() handles no client password

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
---

diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 3c991425dd9..174ebcbdc3d 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -903,7 +903,8 @@ static void wb_imsg_new_trusted_domain(struct imessaging_context *msg,
 static bool migrate_secrets_tdb_to_ldb(struct winbindd_domain *domain)
 {
 	bool ok;
-	struct cli_credentials *creds;
+	struct cli_credentials *creds = NULL;
+	const char *password = NULL;
 	NTSTATUS can_migrate = pdb_get_trust_credentials(domain->name,
 							 NULL, domain, &creds);
 	if (!NT_STATUS_IS_OK(can_migrate)) {
@@ -919,7 +920,13 @@ static bool migrate_secrets_tdb_to_ldb(struct winbindd_domain *domain)
 	 * oldpass, because a new password is created at
 	 * classicupgrade, so this is not a concern.
 	 */
-	ok = secrets_store_machine_pw_sync(cli_credentials_get_password(creds),
+	password = cli_credentials_get_password(creds);
+	if (password == NULL) {
+		DBG_ERR("No password was provided for local AD domain join\n");
+		return false;
+	}
+
+	ok = secrets_store_machine_pw_sync(password,
 		   NULL /* oldpass */,
 		   cli_credentials_get_domain(creds),
 		   cli_credentials_get_realm(creds),