This is the checkin that adds the security=domain functionality.

WARNING - so far this has only been tested against a Samba PDC
(still waiting for IS to add me the machine accounts :-).

Still missing is the code in smbpasswd that will add a machine
account password and change it on the domain controller, but
this is not hard, and I will check it in soon.

Jeremy.
(This used to be commit 17b94a7084621b3f0106dd4d3386f05cdfc56d19)

2 files changed, 6 insertions, 4 deletions

diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c
index dca97ab923..0788ae1b60 100644
--- a/source3/libsmb/nterr.c
+++ b/source3/libsmb/nterr.c
@@ -527,6 +527,8 @@ char *get_nt_error_msg(uint32 nt_code)
 
 	strcpy(msg, "Unknown NT error");
 
+        nt_code &= 0xFFFF;
+
 	while (nt_errs[idx].nt_errstr != NULL)
 	{
 		if (nt_errs[idx].nt_errcode == nt_code)
@@ -536,6 +538,6 @@ char *get_nt_error_msg(uint32 nt_code)
 		}
 		idx++;
 	}
-	return NULL;
+	return msg;
 }
 
diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c
index cf46e53ff5..4daf616588 100644
--- a/source3/libsmb/smbdes.c
+++ b/source3/libsmb/smbdes.c
@@ -347,13 +347,13 @@ void cred_hash2(unsigned char *out,unsigned char *in,unsigned char *key)
 	smbhash(out, buf, key2, 1);
 }
 
-void cred_hash3(unsigned char *out,unsigned char *in,unsigned char *key)
+void cred_hash3(unsigned char *out,unsigned char *in,unsigned char *key, int forw)
 {
         static unsigned char key2[8];
 
-        smbhash(out, in, key, 0);
+        smbhash(out, in, key, forw);
         key2[0] = key[7];
-        smbhash(out + 8, in + 8, key2, 0);
+        smbhash(out + 8, in + 8, key2, forw);
 }
 
 void SamOEMhash( unsigned char *data, unsigned char *key, int val)