Allow initial password set on net ads user add. I need to do this on

rpc and rap too.  Anyone know what key I'm supposed to use to encrypt
it for the rap one?
(This used to be commit 033faaa8cbfe7e368c554b26e7a506098d06fa02)

1 files changed, 30 insertions, 3 deletions

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index df10452867..5af492bbb0 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -167,6 +167,7 @@ static int ads_user_add(int argc, const char **argv)
 {
 	ADS_STRUCT *ads;
 	ADS_STATUS status;
+	char *upn, *userdn;
 	void *res=NULL;
 	int rc = -1;
 
@@ -189,12 +190,38 @@ static int ads_user_add(int argc, const char **argv)
 
 	status = ads_add_user_acct(ads, argv[0], opt_comment);
 
+	if (!ADS_ERR_OK(status)) {
+		d_printf("Could not add user %s: %s\n", argv[0],
+			 ads_errstr(status));
+		goto done;
+	}
+
+	/* if no password is to be set, we're done */
+	if (argc == 1) { 
+		d_printf("User %s added\n", argv[0]);
+		rc = 0;
+		goto done;
+	}
+
+	/* try setting the password */
+	asprintf(&upn, "%s@%s", argv[0], ads->realm);
+	status = krb5_set_password(ads->kdc_server, upn, argv[1]);
+	safe_free(upn);
 	if (ADS_ERR_OK(status)) {
 		d_printf("User %s added\n", argv[0]);
 		rc = 0;
-	} else {
-		d_printf("Could not add user %s: %s\n", argv[0],
-			 ads_errstr(status));
+		goto done;
+	}
+
+	/* password didn't set, delete account */
+	d_printf("Could not add user %s.  Error setting password %s\n",
+		 argv[0], ads_errstr(status));
+	ads_msgfree(ads, res);
+	status=ads_find_user_acct(ads, &res, argv[0]);
+	if (ADS_ERR_OK(status)) {
+		userdn = ads_get_dn(ads, res);
+		ads_del_dn(ads, userdn);
+		ads_memfree(ads, userdn);
 	}
 
  done: