summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/smbd/password.c2
-rw-r--r--source3/utils/smbpasswd.c143
2 files changed, 117 insertions, 28 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index f74cc49eca..b279e76f41 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -1247,8 +1247,10 @@ BOOL domain_client_validate( char *user, char *domain, char *server_list,
}
#endif /* 0 */
+#if 0
cli_nt_session_close(&cli, nt_pipe_fnum);
cli_ulogoff(&cli);
cli_shutdown(&cli);
+#endif
return True;
}
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index d9a5dc4bbd..7411d07a9b 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -22,6 +22,7 @@
extern pstring myhostname;
extern pstring global_myname;
+extern pstring global_myworkgroup;
extern int DEBUGLEVEL;
/*
@@ -80,6 +81,98 @@ static void usage(void)
}
/*********************************************************
+record Trust Account password.
+**********************************************************/
+static BOOL create_trust_account_file(char *domain, char *name, uchar pass[16])
+{
+ /*
+ * Create the machine account password file.
+ */
+
+ if(!trust_password_lock( domain, name, True))
+ {
+ fprintf(stderr, "unable to open the trust account password file for \
+machine %s in domain %s.\n", global_myname, domain);
+ return False;
+ }
+
+ /*
+ * Write the old machine account password.
+ */
+
+ if(!set_trust_account_password( pass))
+ {
+ fprintf(stderr, "unable to write the trust account password for \
+%s in domain %s.\n", name, domain);
+ trust_password_unlock();
+ return False;
+ }
+
+ trust_password_unlock();
+
+ return True;
+}
+
+/*********************************************************
+Join a domain.
+**********************************************************/
+static int create_interdomain_trust_acct(char *domain, char *name)
+{
+ fstring trust_passwd;
+ unsigned char hash[16];
+ uint16 sec_chan;
+
+ switch (lp_server_role())
+ {
+ case ROLE_DOMAIN_PDC:
+ {
+ DEBUG(0, ("Joining domain - we are PDC\n"));
+ sec_chan = SEC_CHAN_DOMAIN;
+ break;
+ }
+ case ROLE_DOMAIN_BDC:
+ {
+ DEBUG(0, ("Cannot set up inter-domain trust as BDC!\n"));
+ return 1;
+ }
+ default:
+ {
+ DEBUG(0, ("Cannot set up inter-domain trust as workstation!\n"));
+ return 1;
+ }
+ }
+
+#if 0
+ pstrcpy(remote_machine, remote ? remote : lp_passwordserver());
+
+ if (!remote_machine[0])
+ {
+ fprintf(stderr, "You must specify the PDC via 'password server' or -r.");
+ return 1;
+ }
+#endif
+
+ fstrcpy(trust_passwd, name);
+ strlower(trust_passwd);
+ E_md4hash( (uchar *)trust_passwd, hash);
+
+ if (!create_trust_account_file(domain, name, hash))
+ {
+ return 1;
+ }
+
+#if 0
+ if(!change_trust_account_password(domain, remote_machine, sec_chan))
+ {
+ fprintf(stderr,"Unable to join domain %s.\n",domain);
+ return 1;
+ }
+#endif
+ printf("Created Inter-Domain Trust Account for %s.\n",domain);
+ return 0;
+}
+
+/*********************************************************
Join a domain.
**********************************************************/
static int join_domain(char *domain, char *remote)
@@ -87,7 +180,6 @@ static int join_domain(char *domain, char *remote)
pstring remote_machine;
fstring trust_passwd;
unsigned char orig_trust_passwd_hash[16];
- BOOL ret;
uint16 sec_chan;
switch (lp_server_role())
@@ -122,32 +214,13 @@ static int join_domain(char *domain, char *remote)
strlower(trust_passwd);
E_md4hash( (uchar *)trust_passwd, orig_trust_passwd_hash);
- /*
- * Create the machine account password file.
- */
- if(!trust_password_lock( domain, global_myname, True))
+ if (!create_trust_account_file(domain, global_myname, trust_passwd))
{
- fprintf(stderr, "unable to open the machine account password file for \
-machine %s in domain %s.\n", global_myname, domain);
- return 1;
- }
-
- /*
- * Write the old machine account password.
- */
-
- if(!set_trust_account_password( orig_trust_passwd_hash))
- {
- fprintf(stderr, "unable to write the machine account password for \
-machine %s in domain %s.\n", global_myname, domain);
- trust_password_unlock();
return 1;
}
- ret = change_trust_account_password(domain, remote_machine, sec_chan);
- trust_password_unlock();
-
- if(!ret) {
+ if(!change_trust_account_password(domain, remote_machine, sec_chan))
+ {
fprintf(stderr,"Unable to join domain %s.\n",domain);
return 1;
}
@@ -423,11 +496,14 @@ static int process_root(int argc, char *argv[])
if (joining_domain)
{
- if (argc != 0) usage();
- ret = join_domain(new_domain, remote_machine);
+ if (!dom_trust_account)
+ {
+ if (argc != 0) usage();
+ ret = join_domain(new_domain, remote_machine);
- if ((ret != 0) || (!sam_sync))
- return ret;
+ if ((ret != 0) || (!sam_sync))
+ return ret;
+ }
}
if (sam_sync)
@@ -496,13 +572,24 @@ static int process_root(int argc, char *argv[])
exit(1);
}
+ if (joining_domain)
+ {
+ if (dom_trust_account)
+ {
+ ret = create_interdomain_trust_acct(new_domain,
+ global_myworkgroup);
+
+ if ((ret != 0) || (!sam_sync))
+ return ret;
+ }
+ }
+
if (remote_machine != NULL) {
old_passwd = get_pass("Old SMB password:",stdin_passwd_get);
}
if (!new_passwd)
{
-
/*
* If we are trying to enable a user, first we need to find out
* if they are using a modern version of the smbpasswd file that