Rafal (mimir) patch for trusts r.

(This used to be commit c26623671e2b0b2e80c6d6383a99880c4f439f04)

3 files changed, 42 insertions, 7 deletions

diff --git a/source3/include/smb.h b/source3/include/smb.h
index fafaf36c3e..02fb060244 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -656,6 +656,7 @@ typedef struct sam_passwd
 #define LOCAL_SET_NO_PASSWORD 0x20
 #define LOCAL_SET_PASSWORD 0x40
 #define LOCAL_SET_LDAP_ADMIN_PW 0x80
+#define LOCAL_INTERDOM_ACCOUNT 0x100
 
 /* key and data in the connections database - used in smbstatus and smbd */
 struct connections_key {
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index fa4946b093..4c64ad5e01 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -954,13 +954,27 @@ account without a valid local system user.\n", user_name);
 			return False;
 		}
 
-		/* set account flags. Note that the default is non-expiring accounts */
-		/*if (!pdb_set_acct_ctrl(sam_pass,((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL|ACB_PWNOEXP) )) {*/
-		if (!pdb_set_acct_ctrl(sam_pass,((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL) )) {
-			slprintf(err_str, err_str_len-1, "Failed to set 'trust account' flags for user %s.\n", user_name);
-			pdb_free_sam(&sam_pass);
-			return False;
+	
+		if (local_flags & LOCAL_TRUST_ACCOUNT) {
+	        	if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST)) {
+	                	slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name);
+	                	pdb_free_sam(&sam_pass);
+	                	return False;
+	        	}
+		} else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
+	        	if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST)) {
+	                	slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name);
+	                	pdb_free_sam(&sam_pass);
+	                	return False;
+	        	}
+		} else {
+	        	if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL)) {
+	                	slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name);
+	               	 	pdb_free_sam(&sam_pass);
+	               	 	return False;
+	        	}
 		}
+
 	} else {
 		/* the entry already existed */
 		local_flags &= ~LOCAL_ADD_USER;
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 7086fbff37..3ee94661ab 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -56,6 +56,7 @@ static void usage(void)
 	printf("  -e                   enable user\n");
 	printf("  -n                   set no password\n");
 	printf("  -m                   machine trust account\n");
+	printf("  -i                   interdomain trust account\n");
 #ifdef WITH_LDAP_SAM
 	printf("  -w                   ldap admin password\n");
 #endif
@@ -213,7 +214,7 @@ static int process_root(int argc, char *argv[])
 
 	user_name[0] = '\0';
 
-	while ((ch = getopt(argc, argv, "axdehmnjr:swR:D:U:L")) != EOF) {
+	while ((ch = getopt(argc, argv, "axdehmnijr:swR:D:U:L")) != EOF) {
 		switch(ch) {
 		case 'L':
 			local_mode = True;
@@ -236,6 +237,9 @@ static int process_root(int argc, char *argv[])
 		case 'm':
 			local_flags |= LOCAL_TRUST_ACCOUNT;
 			break;
+		case 'i':
+			local_flags |= LOCAL_INTERDOM_ACCOUNT;
+			break;
 		case 'j':
 			d_printf("See 'net rpc join' for this functionality\n");
 			exit(1);
@@ -375,6 +379,22 @@ static int process_root(int argc, char *argv[])
 
 		slprintf(buf, sizeof(buf)-1, "%s$", user_name);
 		fstrcpy(user_name, buf);
+	} else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
+		static fstring buf;
+
+		if (local_flags & LOCAL_ADD_USER) {
+			/*
+			 * Prompt for trusting domain's account password
+			 */
+			new_passwd = prompt_for_new_password(stdin_passwd_get);
+			if(!new_passwd) {
+				fprintf(stderr, "Unable to get newpassword.\n");
+				exit(1);
+			}
+		}
+		slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
+		fstrcpy(user_name, buf);
+
 	} else {
 		
 		if (remote_machine != NULL) {