diff options
| -rw-r--r-- | source3/include/smb.h | 1 | ||||
| -rw-r--r-- | source3/passdb/passdb.c | 26 | ||||
| -rw-r--r-- | source3/utils/smbpasswd.c | 22 |
3 files changed, 42 insertions, 7 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h index fafaf36c3e..02fb060244 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -656,6 +656,7 @@ typedef struct sam_passwd #define LOCAL_SET_NO_PASSWORD 0x20 #define LOCAL_SET_PASSWORD 0x40 #define LOCAL_SET_LDAP_ADMIN_PW 0x80 +#define LOCAL_INTERDOM_ACCOUNT 0x100 /* key and data in the connections database - used in smbstatus and smbd */ struct connections_key { diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index fa4946b093..4c64ad5e01 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -954,13 +954,27 @@ account without a valid local system user.\n", user_name); return False; } - /* set account flags. Note that the default is non-expiring accounts */ - /*if (!pdb_set_acct_ctrl(sam_pass,((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL|ACB_PWNOEXP) )) {*/ - if (!pdb_set_acct_ctrl(sam_pass,((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL) )) { - slprintf(err_str, err_str_len-1, "Failed to set 'trust account' flags for user %s.\n", user_name); - pdb_free_sam(&sam_pass); - return False; + + if (local_flags & LOCAL_TRUST_ACCOUNT) { + if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST)) { + slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name); + pdb_free_sam(&sam_pass); + return False; + } + } else if (local_flags & LOCAL_INTERDOM_ACCOUNT) { + if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST)) { + slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name); + pdb_free_sam(&sam_pass); + return False; + } + } else { + if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL)) { + slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name); + pdb_free_sam(&sam_pass); + return False; + } } + } else { /* the entry already existed */ local_flags &= ~LOCAL_ADD_USER; diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index 7086fbff37..3ee94661ab 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -56,6 +56,7 @@ static void usage(void) printf(" -e enable user\n"); printf(" -n set no password\n"); printf(" -m machine trust account\n"); + printf(" -i interdomain trust account\n"); #ifdef WITH_LDAP_SAM printf(" -w ldap admin password\n"); #endif @@ -213,7 +214,7 @@ static int process_root(int argc, char *argv[]) user_name[0] = '\0'; - while ((ch = getopt(argc, argv, "axdehmnjr:swR:D:U:L")) != EOF) { + while ((ch = getopt(argc, argv, "axdehmnijr:swR:D:U:L")) != EOF) { switch(ch) { case 'L': local_mode = True; @@ -236,6 +237,9 @@ static int process_root(int argc, char *argv[]) case 'm': local_flags |= LOCAL_TRUST_ACCOUNT; break; + case 'i': + local_flags |= LOCAL_INTERDOM_ACCOUNT; + break; case 'j': d_printf("See 'net rpc join' for this functionality\n"); exit(1); @@ -375,6 +379,22 @@ static int process_root(int argc, char *argv[]) slprintf(buf, sizeof(buf)-1, "%s$", user_name); fstrcpy(user_name, buf); + } else if (local_flags & LOCAL_INTERDOM_ACCOUNT) { + static fstring buf; + + if (local_flags & LOCAL_ADD_USER) { + /* + * Prompt for trusting domain's account password + */ + new_passwd = prompt_for_new_password(stdin_passwd_get); + if(!new_passwd) { + fprintf(stderr, "Unable to get newpassword.\n"); + exit(1); + } + } + slprintf(buf, sizeof(buf) - 1, "%s$", user_name); + fstrcpy(user_name, buf); + } else { if (remote_machine != NULL) { |