Rafal (mimir) patch for trusts r.

(This used to be commit c26623671e2b0b2e80c6d6383a99880c4f439f04)

diff --git a/source3/include/smb.h b/source3/include/smb.h
index fafaf36c3e4038481c00e009b6cf55b213774dad..02fb06024430d62de6602fcd038cd4210ee2c66f 100644 (file)
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -656,6 +656,7 @@ typedef struct sam_passwd
 #define LOCAL_SET_NO_PASSWORD 0x20
 #define LOCAL_SET_PASSWORD 0x40
 #define LOCAL_SET_LDAP_ADMIN_PW 0x80
+#define LOCAL_INTERDOM_ACCOUNT 0x100
 
 /* key and data in the connections database - used in smbstatus and smbd */
 struct connections_key {

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index fa4946b09303f0af759bdf5bac56bafb9f385076..4c64ad5e017248a54144192de774d9b99bc020a1 100644 (file)
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -954,13 +954,27 @@ account without a valid local system user.\n", user_name);
                        return False;
                }
 
-               /* set account flags. Note that the default is non-expiring accounts */
-               /*if (!pdb_set_acct_ctrl(sam_pass,((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL|ACB_PWNOEXP) )) {*/
-               if (!pdb_set_acct_ctrl(sam_pass,((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL) )) {
-                       slprintf(err_str, err_str_len-1, "Failed to set 'trust account' flags for user %s.\n", user_name);
-                       pdb_free_sam(&sam_pass);
-                       return False;
+       
+               if (local_flags & LOCAL_TRUST_ACCOUNT) {
+                       if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST)) {
+                               slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name);
+                               pdb_free_sam(&sam_pass);
+                               return False;
+                       }
+               } else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
+                       if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST)) {
+                               slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name);
+                               pdb_free_sam(&sam_pass);
+                               return False;
+                       }
+               } else {
+                       if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL)) {
+                               slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name);
+                               pdb_free_sam(&sam_pass);
+                               return False;
+                       }
                }
+
        } else {
                /* the entry already existed */
                local_flags &= ~LOCAL_ADD_USER;

diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 7086fbff37eea1855ac561cb7c93c17f8783de6f..3ee94661ab9de48da409bef7523bc1bc6cf523f8 100644 (file)
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -56,6 +56,7 @@ static void usage(void)
        printf("  -e                   enable user\n");
        printf("  -n                   set no password\n");
        printf("  -m                   machine trust account\n");
+       printf("  -i                   interdomain trust account\n");
 #ifdef WITH_LDAP_SAM
        printf("  -w                   ldap admin password\n");
 #endif
@@ -213,7 +214,7 @@ static int process_root(int argc, char *argv[])
 
        user_name[0] = '\0';
 
-       while ((ch = getopt(argc, argv, "axdehmnjr:swR:D:U:L")) != EOF) {
+       while ((ch = getopt(argc, argv, "axdehmnijr:swR:D:U:L")) != EOF) {
                switch(ch) {
                case 'L':
                        local_mode = True;
@@ -236,6 +237,9 @@ static int process_root(int argc, char *argv[])
                case 'm':
                        local_flags |= LOCAL_TRUST_ACCOUNT;
                        break;
+               case 'i':
+                       local_flags |= LOCAL_INTERDOM_ACCOUNT;
+                       break;
                case 'j':
                        d_printf("See 'net rpc join' for this functionality\n");
                        exit(1);
@@ -375,6 +379,22 @@ static int process_root(int argc, char *argv[])
 
                slprintf(buf, sizeof(buf)-1, "%s$", user_name);
                fstrcpy(user_name, buf);
+       } else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
+               static fstring buf;
+
+               if (local_flags & LOCAL_ADD_USER) {
+                       /*
+                        * Prompt for trusting domain's account password
+                        */
+                       new_passwd = prompt_for_new_password(stdin_passwd_get);
+                       if(!new_passwd) {
+                               fprintf(stderr, "Unable to get newpassword.\n");
+                               exit(1);
+                       }
+               }
+               slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
+               fstrcpy(user_name, buf);
+
        } else {
                
                if (remote_machine != NULL) {