summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/smb.h1
-rw-r--r--source3/passdb/passdb.c26
-rw-r--r--source3/utils/smbpasswd.c22
3 files changed, 42 insertions, 7 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h
index fafaf36c3e..02fb060244 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -656,6 +656,7 @@ typedef struct sam_passwd
#define LOCAL_SET_NO_PASSWORD 0x20
#define LOCAL_SET_PASSWORD 0x40
#define LOCAL_SET_LDAP_ADMIN_PW 0x80
+#define LOCAL_INTERDOM_ACCOUNT 0x100
/* key and data in the connections database - used in smbstatus and smbd */
struct connections_key {
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index fa4946b093..4c64ad5e01 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -954,13 +954,27 @@ account without a valid local system user.\n", user_name);
return False;
}
- /* set account flags. Note that the default is non-expiring accounts */
- /*if (!pdb_set_acct_ctrl(sam_pass,((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL|ACB_PWNOEXP) )) {*/
- if (!pdb_set_acct_ctrl(sam_pass,((local_flags & LOCAL_TRUST_ACCOUNT) ? ACB_WSTRUST : ACB_NORMAL) )) {
- slprintf(err_str, err_str_len-1, "Failed to set 'trust account' flags for user %s.\n", user_name);
- pdb_free_sam(&sam_pass);
- return False;
+
+ if (local_flags & LOCAL_TRUST_ACCOUNT) {
+ if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST)) {
+ slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name);
+ pdb_free_sam(&sam_pass);
+ return False;
+ }
+ } else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
+ if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST)) {
+ slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name);
+ pdb_free_sam(&sam_pass);
+ return False;
+ }
+ } else {
+ if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL)) {
+ slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name);
+ pdb_free_sam(&sam_pass);
+ return False;
+ }
}
+
} else {
/* the entry already existed */
local_flags &= ~LOCAL_ADD_USER;
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 7086fbff37..3ee94661ab 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -56,6 +56,7 @@ static void usage(void)
printf(" -e enable user\n");
printf(" -n set no password\n");
printf(" -m machine trust account\n");
+ printf(" -i interdomain trust account\n");
#ifdef WITH_LDAP_SAM
printf(" -w ldap admin password\n");
#endif
@@ -213,7 +214,7 @@ static int process_root(int argc, char *argv[])
user_name[0] = '\0';
- while ((ch = getopt(argc, argv, "axdehmnjr:swR:D:U:L")) != EOF) {
+ while ((ch = getopt(argc, argv, "axdehmnijr:swR:D:U:L")) != EOF) {
switch(ch) {
case 'L':
local_mode = True;
@@ -236,6 +237,9 @@ static int process_root(int argc, char *argv[])
case 'm':
local_flags |= LOCAL_TRUST_ACCOUNT;
break;
+ case 'i':
+ local_flags |= LOCAL_INTERDOM_ACCOUNT;
+ break;
case 'j':
d_printf("See 'net rpc join' for this functionality\n");
exit(1);
@@ -375,6 +379,22 @@ static int process_root(int argc, char *argv[])
slprintf(buf, sizeof(buf)-1, "%s$", user_name);
fstrcpy(user_name, buf);
+ } else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
+ static fstring buf;
+
+ if (local_flags & LOCAL_ADD_USER) {
+ /*
+ * Prompt for trusting domain's account password
+ */
+ new_passwd = prompt_for_new_password(stdin_passwd_get);
+ if(!new_passwd) {
+ fprintf(stderr, "Unable to get newpassword.\n");
+ exit(1);
+ }
+ }
+ slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
+ fstrcpy(user_name, buf);
+
} else {
if (remote_machine != NULL) {