Merge branch 'master' of ssh://git.samba.org/data/git/samba

7 files changed, 42 insertions, 14 deletions

diff --git a/source3/include/proto.h b/source3/include/proto.h
index dd46bdda83..7e31da064f 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3307,6 +3307,7 @@ void update_trustdom_cache( void );
 
 NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
 				      const char *domain,
+				      const char *account_name,
 				      unsigned char orig_trust_passwd_hash[16],
 				      uint32 sec_channel_type);
 NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *cli, 
@@ -3976,6 +3977,7 @@ char *lp_ldap_suffix(void);
 char *lp_ldap_admin_dn(void);
 int lp_ldap_ssl(void);
 bool lp_ldap_ssl_ads(void);
+int lp_ldap_ref_follow(void);
 int lp_ldap_passwd_sync(void);
 bool lp_ldap_delete_dn(void);
 int lp_ldap_replication_sleep(void);
@@ -5237,6 +5239,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
 					      struct netr_SamInfo3 **info3);
 NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
 					    TALLOC_CTX *mem_ctx,
+					    const char *account_name,
 					    const unsigned char orig_trust_passwd_hash[16],
 					    const char *new_trust_pwd_cleartext,
 					    const unsigned char new_trust_passwd_hash[16],
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index c96801a72b..47b2208880 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -721,9 +721,18 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri)
 	rc = ldap_initialize(ldap_struct, uri);
 	if (rc) {
 		DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc)));
+		return rc;
 	}
 
-	return rc;
+	if (lp_ldap_ref_follow() != Auto) {
+		rc = ldap_set_option(*ldap_struct, LDAP_OPT_REFERRALS,
+		     lp_ldap_ref_follow() ? LDAP_OPT_ON : LDAP_OPT_OFF);
+		if (rc != LDAP_SUCCESS)
+			DEBUG(0, ("Failed to set LDAP_OPT_REFERRALS: %s\n",
+				ldap_err2string(rc)));
+	}
+
+	return LDAP_SUCCESS;
 #else 
 
 	/* Parse the string manually */
@@ -774,7 +783,6 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri)
 	}
 #endif /* HAVE_LDAP_INITIALIZE */
 
-
 	/* now set connection timeout */
 #ifdef LDAP_X_OPT_CONNECT_TIMEOUT /* Netscape */
 	{
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 8c3030711b..aa5f54adaf 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -789,6 +789,7 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
 	E_md4hash(trust_passwd, orig_trust_passwd_hash);
 
 	status = rpccli_netlogon_set_trust_password(pipe_hnd, mem_ctx,
+						    r->in.machine_name,
 						    orig_trust_passwd_hash,
 						    r->in.machine_password,
 						    new_trust_passwd_hash,
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index adf1525812..e201814163 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -29,6 +29,7 @@
 
 NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
 				      const char *domain,
+				      const char *account_name,
 				      unsigned char orig_trust_passwd_hash[16],
 				      uint32 sec_channel_type)
 {
@@ -47,6 +48,7 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m
 	E_md4hash(new_trust_passwd, new_trust_passwd_hash);
 
 	nt_status = rpccli_netlogon_set_trust_password(cli, mem_ctx,
+						       account_name,
 						       orig_trust_passwd_hash,
 						       new_trust_passwd,
 						       new_trust_passwd_hash,
@@ -88,6 +90,7 @@ NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *cli,
 	}
 
 	return trust_pw_change_and_store_it(cli, mem_ctx, domain,
+					    global_myname(),
 					    old_trust_passwd_hash,
 					    sec_channel_type);
 }
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index b1f2a4aeb5..7bac72ebd3 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -260,6 +260,7 @@ struct global {
 	char *szLdapGroupSuffix;
 	int ldap_ssl;
 	bool ldap_ssl_ads;
+	int ldap_ref_follow;
 	char *szLdapSuffix;
 	char *szLdapAdminDn;
 	int ldap_debug_level;
@@ -3667,6 +3668,14 @@ static struct parm_struct parm_table[] = {
 		.flags		= FLAG_ADVANCED,
 	},
 	{
+		.label		= "ldap ref follow",
+		.type		= P_ENUM,
+		.p_class	= P_GLOBAL,
+		.ptr		= &Globals.ldap_ref_follow,
+		.enum_list	= enum_bool_auto,
+		.flags		= FLAG_ADVANCED,
+	},
+	{
 		.label		= "ldap timeout",
 		.type		= P_INTEGER,
 		.p_class	= P_GLOBAL,
@@ -5038,6 +5047,7 @@ static void init_globals(bool first_time_only)
 	Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
 	Globals.ldap_delete_dn = False;
 	Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
+	Globals.ldap_ref_follow = Auto;
 	Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
 	Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
 	Globals.ldap_page_size = LDAP_PAGE_SIZE;
@@ -5387,6 +5397,7 @@ FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix)
 FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn)
 FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl)
 FN_GLOBAL_BOOL(lp_ldap_ssl_ads, &Globals.ldap_ssl_ads)
+FN_GLOBAL_INTEGER(lp_ldap_ref_follow, &Globals.ldap_ref_follow)
 FN_GLOBAL_INTEGER(lp_ldap_passwd_sync, &Globals.ldap_passwd_sync)
 FN_GLOBAL_BOOL(lp_ldap_delete_dn, &Globals.ldap_delete_dn)
 FN_GLOBAL_INTEGER(lp_ldap_replication_sleep, &Globals.ldap_replication_sleep)
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 6caffd74a6..5e116c95de 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -509,6 +509,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
 
 NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
 					    TALLOC_CTX *mem_ctx,
+					    const char *account_name,
 					    const unsigned char orig_trust_passwd_hash[16],
 					    const char *new_trust_pwd_cleartext,
 					    const unsigned char new_trust_passwd_hash[16],
@@ -523,7 +524,7 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
 						     cli->desthost, /* server name */
 						     lp_workgroup(), /* domain */
 						     global_myname(), /* client name */
-						     global_myname(), /* machine account name */
+						     account_name, /* machine account name */
 						     orig_trust_passwd_hash,
 						     sec_channel_type,
 						     &neg_flags);
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index be971d8555..896ea8cc65 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -344,6 +344,7 @@ static NTSTATUS rpc_oldjoin_internals(struct net_context *c,
 	E_md4hash(trust_passwd, orig_trust_passwd_hash);
 
 	result = trust_pw_change_and_store_it(pipe_hnd, mem_ctx, c->opt_target_workgroup,
+					      global_myname(),
 					      orig_trust_passwd_hash,
 					      sec_channel_type);
 
@@ -6029,7 +6030,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv)
 	if (c->display_usage) {
 		d_printf(_("Usage:\n"
 			   "net rpc trustdom list\n"
-			   "    List trust relationships\n"));
+			   "    List in- and outgoing trust relationships\n"));
 		return 0;
 	}
 
@@ -6300,41 +6301,41 @@ static int rpc_trustdom(struct net_context *c, int argc, const char **argv)
 			"add",
 			rpc_trustdom_add,
 			NET_TRANSPORT_RPC,
-			N_("Add trusted domain's account"),
+			N_("Add trusting domain's account"),
 			N_("net rpc trustdom add\n"
-			   "    Add trusted domain's account")
+			   "    Add trusting domain's account")
 		},
 		{
 			"del",
 			rpc_trustdom_del,
 			NET_TRANSPORT_RPC,
-			N_("Remove trusted domain's account"),
+			N_("Remove trusting domain's account"),
 			N_("net rpc trustdom del\n"
-			   "    Remove trusted domain's account")
+			   "    Remove trusting domain's account")
 		},
 		{
 			"establish",
 			rpc_trustdom_establish,
 			NET_TRANSPORT_RPC,
-			N_("Establish trust relationship"),
+			N_("Establish outgoing trust relationship"),
 			N_("net rpc trustdom establish\n"
-			   "    Establish trust relationship")
+			   "    Establish outgoing trust relationship")
 		},
 		{
 			"revoke",
 			rpc_trustdom_revoke,
 			NET_TRANSPORT_RPC,
-			N_("Revoke trust relationship"),
+			N_("Revoke outgoing trust relationship"),
 			N_("net rpc trustdom revoke\n"
-			   "    Revoke trust relationship")
+			   "    Revoke outgoing trust relationship")
 		},
 		{
 			"list",
 			rpc_trustdom_list,
 			NET_TRANSPORT_RPC,
-			N_("List domain trusts"),
+			N_("List in- and outgoing domain trusts"),
 			N_("net rpc trustdom list\n"
-			   "    List domain trusts")
+			   "    List in- and outgoing domain trusts")
 		},
 		{
 			"vampire",