5 files changed, 13 insertions, 62 deletions

diff --git a/source3/libads/ads_utils.c b/source3/libads/ads_utils.c
index 626c177926..750940e336 100644
--- a/source3/libads/ads_utils.c
+++ b/source3/libads/ads_utils.c
@@ -89,52 +89,6 @@ uint32 ads_uf2atype(uint32 uf)
 } 
 
 /* 
-translated the GROUP_CTRL Flags to GroupType (groupType) 
-*/ 
-uint32 ads_gcb2gtype(uint16 gcb)
-{
-	uint32 gtype = 0x00000000;
-
-	if (gcb & GCB_ALIAS_GROUP)	gtype |= GTYPE_SECURITY_BUILTIN_LOCAL_GROUP;
-	else if(gcb & GCB_LOCAL_GROUP)	gtype |= GTYPE_SECURITY_DOMAIN_LOCAL_GROUP;
-	if (gcb & GCB_GLOBAL_GROUP)	gtype |= GTYPE_SECURITY_GLOBAL_GROUP;
-		
-	return gtype;
-}
-
-/*
-translated the GroupType (groupType) to GROUP_CTRL Flags
-*/
-uint16 ads_gtype2gcb(uint32 gtype)
-{
-	uint16 gcb = 0x0000;
-
-	switch(gtype) {
-		case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP:
-			gcb = GCB_ALIAS_GROUP;
-			break;
-		case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP:
-			gcb = GCB_LOCAL_GROUP;
-			break;
-		case GTYPE_SECURITY_GLOBAL_GROUP:
-			gcb = GCB_GLOBAL_GROUP;
-			break;
-
-		case GTYPE_DISTRIBUTION_GLOBAL_GROUP:
-			gcb = GCB_GLOBAL_GROUP;
-			break;
-		case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP:
-			gcb = GCB_LOCAL_GROUP;
-			break;
-		case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP:
-			gcb = GCB_GLOBAL_GROUP;
-			break;
-	}
-	
-	return gcb;
-}
-
-/* 
 get the accountType from the groupType
 */
 uint32 ads_gtype2atype(uint32 gtype)
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index 35d429ca2a..6a50137400 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -53,7 +53,7 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
 		return NT_STATUS_LOGON_FAILURE;
 	}
 
-	password_s = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
+	password_s = secrets_fetch_machine_password();
 	if (!password_s) {
 		DEBUG(1,("failed to fetch machine password\n"));
 		return NT_STATUS_LOGON_FAILURE;
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 214871b3fb..a5b9eee4ce 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -538,6 +538,7 @@ ADS_STATUS krb5_set_password(const char *kdc_host, const char *princ, const char
 
 	krb5_free_creds(context, credsp);
 	krb5_free_principal(context, creds.client);
+	krb5_free_principal(context, creds.server);
 	krb5_free_principal(context, principal);
 	krb5_free_context(context);
 
@@ -570,11 +571,11 @@ kerb_prompter(krb5_context ctx, void *data,
 	return 0;
 }
 
-static ADS_STATUS krb5_chg_password(const char *kdc_host,
-				    const char *principal,
-				    const char *oldpw, 
-				    const char *newpw, 
-				    int time_offset)
+ADS_STATUS krb5_chg_password(const char *kdc_host,
+				const char *principal,
+				const char *oldpw, 
+				const char *newpw, 
+				int time_offset)
 {
     ADS_STATUS aret;
     krb5_error_code ret;
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 3ce80975da..baedfb28db 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -1024,7 +1024,6 @@ char *ads_ou_string(const char *org_unit)
   add a machine account to the ADS server
 */
 static ADS_STATUS ads_add_machine_acct(ADS_STRUCT *ads, const char *hostname, 
-				       uint32 account_type,
 				       const char *org_unit)
 {
 	ADS_STATUS ret, status;
@@ -1074,7 +1073,7 @@ static ADS_STATUS ads_add_machine_acct(ADS_STRUCT *ads, const char *hostname,
 	if (!(samAccountName = talloc_asprintf(ctx, "%s$", hostname)))
 		goto done;
 
-	acct_control = account_type | UF_DONT_EXPIRE_PASSWD;
+	acct_control = UF_WORKSTATION_TRUST_ACCOUNT | UF_DONT_EXPIRE_PASSWD;
 #ifndef ENCTYPE_ARCFOUR_HMAC
 	acct_control |= UF_USE_DES_KEY_ONLY;
 #endif
@@ -1336,8 +1335,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res)
  * @param org_unit Organizational unit to place machine in
  * @return status of join
  **/
-ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *hostname, 
-			  uint32 account_type, const char *org_unit)
+ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *hostname, const char *org_unit)
 {
 	ADS_STATUS status;
 	LDAPMessage *res;
@@ -1358,7 +1356,7 @@ ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *hostname,
 		}
 	}
 
-	status = ads_add_machine_acct(ads, host, account_type, org_unit);
+	status = ads_add_machine_acct(ads, host, org_unit);
 	if (!ADS_ERR_OK(status)) {
 		DEBUG(0, ("ads_add_machine_acct: %s\n", ads_errstr(status)));
 		return status;
diff --git a/source3/libads/util.c b/source3/libads/util.c
index 9912a7ba83..335cabc952 100644
--- a/source3/libads/util.c
+++ b/source3/libads/util.c
@@ -29,23 +29,21 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip
     char *new_password;
     char *service_principal;
     ADS_STATUS ret;
-    uint32 sec_channel_type;
-    
-    if ((password = secrets_fetch_machine_password(lp_workgroup(), NULL, &sec_channel_type)) == NULL) {
+
+    if ((password = secrets_fetch_machine_password()) == NULL) {
 	DEBUG(1,("Failed to retrieve password for principal %s\n", host_principal));
 	return ADS_ERROR_SYSTEM(ENOENT);
     }
 
     tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
     new_password = strdup(tmp_password);
-    
     asprintf(&service_principal, "HOST/%s", host_principal);
 
     ret = kerberos_set_password(ads->auth.kdc_server, service_principal, password, service_principal, new_password, ads->auth.time_offset);
 
     if (!ADS_ERR_OK(ret)) goto failed;
 
-    if (!secrets_store_machine_password(new_password, lp_workgroup(), sec_channel_type)) {
+    if (!secrets_store_machine_password(new_password)) {
 	    DEBUG(1,("Failed to save machine password\n"));
 	    return ADS_ERROR_SYSTEM(EACCES);
     }