1 files changed, 33 insertions, 2 deletions

diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c
index af1cbcfe80..9a5a112022 100644
--- a/source3/lib/popt_common.c
+++ b/source3/lib/popt_common.c
@@ -69,7 +69,7 @@ static void popt_common_callback(poptContext con,
 		break;
 
 	case 'V':
-		printf( "Version %s\n", VERSION );
+		printf( "Version %s\n", SAMBA_VERSION_STRING);
 		exit(0);
 		break;
 
@@ -119,6 +119,7 @@ struct poptOption popt_common_connection[] = {
 	{ "netbiosname", 'n', POPT_ARG_STRING, NULL, 'n', "Primary netbios name", "NETBIOSNAME" },
 	{ "workgroup", 'W', POPT_ARG_STRING, NULL, 'W', "Set the workgroup name", "WORKGROUP" },
 	{ "scope", 'i', POPT_ARG_STRING, NULL, 'i', "Use this Netbios scope", "SCOPE" },
+
 	POPT_TABLEEND
 };
 
@@ -259,6 +260,7 @@ static void get_credentials_file(const char *file, struct user_auth_info *info)
  *		-k,--use-kerberos
  *		-N,--no-pass
  *		-S,--signing
+ *              -P --machine-pass
  */
 
 
@@ -335,7 +337,8 @@ static void popt_common_credentials_callback(poptContext con,
 			cmdline_auth_info.signing_state = -1;
 			if (strequal(arg, "off") || strequal(arg, "no") || strequal(arg, "false"))
 				cmdline_auth_info.signing_state = False;
-			else if (strequal(arg, "on") || strequal(arg, "yes") || strequal(arg, "true"))
+			else if (strequal(arg, "on") || strequal(arg, "yes") || strequal(arg, "true") ||
+					strequal(arg, "auto") )
 				cmdline_auth_info.signing_state = True;
 			else if (strequal(arg, "force") || strequal(arg, "required") || strequal(arg, "forced"))
 				cmdline_auth_info.signing_state = Required;
@@ -345,6 +348,33 @@ static void popt_common_credentials_callback(poptContext con,
 			}
 		}
 		break;
+	case 'P':
+	        {
+			char *opt_password = NULL;
+			/* it is very useful to be able to make ads queries as the
+			   machine account for testing purposes and for domain leave */
+			
+			if (!secrets_init()) {
+				d_printf("ERROR: Unable to open secrets database\n");
+				exit(1);
+			}
+			
+			opt_password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
+			
+			if (!opt_password) {
+				d_printf("ERROR: Unable to fetch machine password\n");
+				exit(1);
+			}
+			pstr_sprintf(cmdline_auth_info.username, "%s$", 
+				     global_myname());
+			pstrcpy(cmdline_auth_info.password,opt_password);
+			SAFE_FREE(opt_password);
+
+			/* machine accounts only work with kerberos */
+			cmdline_auth_info.use_kerberos = True;
+			cmdline_auth_info.got_pass = True;
+		}
+		break;
 	}
 }
 
@@ -357,5 +387,6 @@ struct poptOption popt_common_credentials[] = {
 	{ "kerberos", 'k', POPT_ARG_NONE, &cmdline_auth_info.use_kerberos, 'k', "Use kerberos (active directory) authentication" },
 	{ "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" },
 	{ "signing", 'S', POPT_ARG_STRING, NULL, 'S', "Set the client signing state", "on|off|required" },
+	{"machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password" },
 	POPT_TABLEEND
 };