9 files changed, 101 insertions, 62 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index d6a03a8d6f..064e2f32a5 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1711,6 +1711,7 @@ BOOL trust_password_delete( char *domain, char *name );
 BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_time);
 BOOL set_trust_account_password( unsigned char *md4_new_pwd);
 BOOL trust_get_passwd( unsigned char trust_passwd[16], char *domain, char *myname);
+BOOL create_trust_account_file(char *domain, char *name, uchar pass[16]);
 
 /*The following definitions come from  passdb/smbpassgroup.c  */
 
@@ -1904,6 +1905,7 @@ void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred);
 BOOL cli_net_logon_ctrl2(const char* srv_name, uint32 status_level);
 uint32 cli_net_auth2(const char *srv_name,
 				const char *trust_acct, 
+				const char *acct_name, 
 				uint16 sec_chan, 
 				uint32 neg_flags, DOM_CHAL *srv_chal);
 uint32 cli_net_req_chal( const char *srv_name, const char* myhostname,
@@ -2059,7 +2061,7 @@ BOOL samr_open_domain(  const POLICY_HND *connect_pol,
 BOOL samr_query_lookup_domain(  POLICY_HND *pol, const char *dom_name,
 			      DOM_SID *dom_sid);
 BOOL samr_query_lookup_names(  POLICY_HND *pol, uint32 flags,
-				uint32 num_names, const char **names,
+				uint32 num_names, char **names,
 				uint32 *num_rids,
 				uint32 rid[MAX_LOOKUP_SIDS],
 				uint32 type[MAX_LOOKUP_SIDS]);
@@ -2301,7 +2303,7 @@ uint32 msrpc_sam_enum_aliases( const char* srv_name,
 				ALIAS_MEM_FN(als_mem_fn));
 BOOL create_samr_domain_user( POLICY_HND *pol_dom,
 				const char *acct_name, uint16 acb_info,
-				const char* password,
+				const char* password, int plen,
 				uint32 *rid);
 BOOL create_samr_domain_alias( POLICY_HND *pol_open_domain,
 				const char *acct_name, const char *acct_desc,
@@ -2348,7 +2350,7 @@ BOOL get_samr_query_aliasinfo(
 				uint32 alias_rid, ALIAS_INFO_CTR *ctr);
 BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1,
 				const char *acct_name, uint16 acb_info,
-				const char *password,
+				const char *password, int plen,
 				uint32 *rid);
 BOOL msrpc_sam_query_dispinfo(const char* srv_name, const char* domain,
 				DOM_SID *sid1,
@@ -3030,7 +3032,7 @@ BOOL make_samr_r_query_aliasmem(SAMR_R_QUERY_ALIASMEM *r_u,
 BOOL samr_io_r_query_aliasmem(char *desc,  SAMR_R_QUERY_ALIASMEM *r_u, prs_struct *ps, int depth);
 BOOL make_samr_q_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
 		POLICY_HND *pol, uint32 flags,
-		uint32 num_names, const char **name);
+		uint32 num_names, char **name);
 BOOL samr_io_q_lookup_names(char *desc,  SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *ps, int depth);
 BOOL make_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u,
 		uint32 num_rids, uint32 *rid, uint8 *type, uint32 status);
diff --git a/source3/passdb/smbpassfile.c b/source3/passdb/smbpassfile.c
index 83b0e7ef6b..d2a7b0bdf9 100644
--- a/source3/passdb/smbpassfile.c
+++ b/source3/passdb/smbpassfile.c
@@ -43,7 +43,7 @@ static void get_trust_account_file_name( char *domain, char *name, char *mac_fil
 
   if ((int)(sizeof(pstring) - mac_file_len - strlen(domain) - strlen(name) - 6) < 0)
   {
-    DEBUG(0,("trust_password_lock: path %s too long to add trust details.\n",
+    DEBUG(0,("get_trust_account_file_name: path %s too long to add trust details.\n",
               mac_file));
     return;
   }
@@ -268,3 +268,36 @@ trust %s in domain %s.\n", myname, domain ));
   }
   return True;
 }
+
+/*********************************************************
+record Trust Account password.
+**********************************************************/
+BOOL create_trust_account_file(char *domain, char *name, uchar pass[16])
+{
+	/*
+	 * Create the machine account password file.
+	 */
+
+	if (!trust_password_lock( domain, name, True))
+	{
+		DEBUG(0,("unable to open the trust account password file for \
+account %s in domain %s.\n", name, domain)); 
+		return False;
+	}
+
+	/*
+	 * Write the old machine account password.
+	 */
+	
+	if (!set_trust_account_password( pass))
+	{              
+		DEBUG(0,("unable to write the trust account password for \
+%s in domain %s.\n", name, domain));
+		trust_password_unlock();
+		return False;
+	}
+	
+	trust_password_unlock();
+	
+	return True;
+}
diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c
index 832731d92d..a9244c886e 100644
--- a/source3/rpc_client/cli_login.c
+++ b/source3/rpc_client/cli_login.c
@@ -89,7 +89,7 @@ uint32 cli_nt_setup_creds( char* servers, const char* myhostname,
 	 * Receive an auth-2 challenge response and check it.
 	 */
 
-	ret = cli_net_auth2(srv_name, trust_acct, 
+	ret = cli_net_auth2(srv_name, trust_acct, myhostname,
 	                    sec_chan, 0x000001ff, &srv_chal);
 	if (ret != 0x0)
 	{
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 1231c706d0..fd6242c996 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -114,6 +114,7 @@ encrypt of the server challenge originally received. JRA.
 
 uint32 cli_net_auth2(const char *srv_name,
 				const char *trust_acct, 
+				const char *acct_name, 
 				uint16 sec_chan, 
 				uint32 neg_flags, DOM_CHAL *srv_chal)
 {
@@ -142,13 +143,13 @@ uint32 cli_net_auth2(const char *srv_name,
 	/* create and send a MSRPC command with api NET_AUTH2 */
 
 	DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x\n",
-	          srv_name, trust_acct, sec_chan, srv_name,
+	          srv_name, trust_acct, sec_chan, acct_name,
 	          neg_flags));
 
 	cli_con_get_cli_cred(con, &clnt_cred);
 
 	/* store the parameters */
-	make_q_auth_2(&q_a, srv_name, trust_acct, sec_chan, srv_name,
+	make_q_auth_2(&q_a, srv_name, trust_acct, sec_chan, acct_name,
 	              &clnt_cred.challenge, neg_flags);
 
 	/* turn parameters into data stream */
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index 0c3da6801a..a0cb48969d 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -1636,7 +1636,7 @@ BOOL samr_query_lookup_domain(  POLICY_HND *pol, const char *dom_name,
 do a SAMR Query Lookup Names
 ****************************************************************************/
 BOOL samr_query_lookup_names(  POLICY_HND *pol, uint32 flags,
-				uint32 num_names, const char **names,
+				uint32 num_names, char **names,
 				uint32 *num_rids,
 				uint32 rid[MAX_LOOKUP_SIDS],
 				uint32 type[MAX_LOOKUP_SIDS])
diff --git a/source3/rpc_client/msrpc_samr.c b/source3/rpc_client/msrpc_samr.c
index f6148571aa..49f34fe386 100644
--- a/source3/rpc_client/msrpc_samr.c
+++ b/source3/rpc_client/msrpc_samr.c
@@ -997,15 +997,13 @@ do a SAMR create domain user
 ****************************************************************************/
 BOOL create_samr_domain_user( POLICY_HND *pol_dom,
 				const char *acct_name, uint16 acb_info,
-				const char* password,
+				const char* password, int plen,
 				uint32 *rid)
 {
 	POLICY_HND pol_open_user;
 	BOOL ret = True;
 	BOOL res1 = True;
 	char pwbuf[516];
-	char randompw[24];
-	int plen = 0;
 	SAM_USER_INFO_24 *p24;
 	SAM_USER_INFO_16 *p16;
 	SAM_USER_INFO_16 usr16;
@@ -1052,16 +1050,6 @@ BOOL create_samr_domain_user( POLICY_HND *pol_dom,
 		return True;
 	}
 
-	if (password == NULL)
-	{
-		generate_random_buffer(randompw, sizeof(randompw), True);
-		password = randompw;
-		plen = sizeof(randompw);
-	}
-	else
-	{
-		plen = strlen(password);
-	}
 	encode_pw_buffer(pwbuf, password, plen, False);
 
 	p24 = (SAM_USER_INFO_24*)malloc(sizeof(SAM_USER_INFO_24));
@@ -1525,7 +1513,7 @@ SAM create domain user.
 ****************************************************************************/
 BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1,
 				const char *acct_name, uint16 acb_info,
-				const char *password,
+				const char *password, int plen,
 				uint32 *rid)
 {
 	BOOL res = True;
@@ -1535,6 +1523,7 @@ BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1,
 	uint32 user_rid; 
 	POLICY_HND sam_pol;
 	POLICY_HND pol_dom;
+	char *pwd = NULL;
 
 	/* establish a connection. */
 	res = res ? samr_connect( 
@@ -1550,7 +1539,7 @@ BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1,
 	res2 = res1 ? create_samr_domain_user( 
 				&pol_dom,
 	                        acct_name, 
-				acb_info, password, &user_rid) : False;
+				acb_info, password, plen, &user_rid) : False;
 
 	res1 = res1 ? samr_close( &pol_dom) : False;
 	res  = res  ? samr_close( &sam_pol) : False;
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index 45dc5b57c8..8ce5275bae 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -4399,7 +4399,7 @@ makes a SAMR_Q_LOOKUP_NAMES structure.
 ********************************************************************/
 BOOL make_samr_q_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
 		POLICY_HND *pol, uint32 flags,
-		uint32 num_names, const char **name)
+		uint32 num_names, char **name)
 {
 	uint32 i;
 	if (q_u == NULL) return False;
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index a8ab18f6b8..33deb77f4c 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -690,11 +690,18 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[])
 {
 	fstring domain;
 	fstring acct_name;
+	fstring name;
 	fstring sid;
 	DOM_SID sid1;
 	uint32 user_rid; 
 	uint16 acb_info = ACB_NORMAL;
+	BOOL join_domain = False;
 	int opt;
+	char *password = NULL;
+	int plen = 0;
+	int len = 0;
+	UNISTR2 upw;
+
 	fstring srv_name;
 	fstrcpy(srv_name, "\\\\");
 	fstrcat(srv_name, info->dest_host);
@@ -713,7 +720,7 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[])
 
 	if (argc < 2)
 	{
-		report(out_hnd, "createuser: <acct name> [-i] [-s]\n");
+		report(out_hnd, "createuser: <acct name> [-i] [-s] [-j]\n");
 		return;
 	}
 
@@ -721,12 +728,15 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[])
 	argv++;
 
 	safe_strcpy(acct_name, argv[0], sizeof(acct_name));
-	if (acct_name[strlen(acct_name)-1] == '$')
+	len = strlen(acct_name)-1;
+	if (acct_name[len] == '$')
 	{
+		safe_strcpy(name, argv[0], sizeof(name));
+		name[len] = 0;
 		acb_info = ACB_WSTRUST;
 	}
 
-	while ((opt = getopt(argc, argv,"is")) != EOF)
+	while ((opt = getopt(argc, argv,"isj")) != EOF)
 	{
 		switch (opt)
 		{
@@ -740,19 +750,56 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[])
 				acb_info = ACB_SVRTRUST;
 				break;
 			}
+			case 'j':
+			{
+				join_domain = True;
+			}
 		}
 	}
 
+	if (join_domain && acb_info == ACB_NORMAL)
+	{
+		report(out_hnd, "can only join trust accounts to a domain\n");
+		return;
+	}
+
 	report(out_hnd, "SAM Create Domain User\n");
 	report(out_hnd, "Domain: %s Name: %s ACB: %s\n",
 	                  domain, acct_name,
 	    pwdb_encode_acct_ctrl(acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN));
 
+	if (acb_info == ACB_WSTRUST || acb_info == ACB_SVRTRUST)
+	{
+		upw.uni_str_len = 24;
+		upw.uni_max_len = 24;
+		generate_random_buffer((uchar*)upw.buffer,
+		                       upw.uni_str_len, True);
+		password = (char*)upw.buffer;
+		plen = upw.uni_str_len;
+	}
+
 	if (msrpc_sam_create_dom_user(srv_name, &sid1,
-	                              acct_name, acb_info, NULL,
+	                              acct_name, acb_info, password, plen,
 	                              &user_rid))
 	{
 		report(out_hnd, "Create Domain User: OK\n");
+
+		if (join_domain)
+		{
+			uchar ntpw[16];
+			
+			nt_owf_genW(&upw, ntpw);
+
+			report(out_hnd, "Join %s to Domain %s", name, domain);
+			if (create_trust_account_file(domain, name, ntpw))
+			{
+				report(out_hnd, ": OK\n");
+			}
+			else
+			{
+				report(out_hnd, ": FAILED\n");
+			}
+		}
 	}
 	else
 	{
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 7411d07a9b..3b87687c26 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -81,39 +81,6 @@ static void usage(void)
 }
 
 /*********************************************************
-record Trust Account password.
-**********************************************************/
-static BOOL create_trust_account_file(char *domain, char *name, uchar pass[16])
-{
-	/*
-	 * Create the machine account password file.
-	 */
-
-	if(!trust_password_lock( domain, name, True))
-	{
-		fprintf(stderr, "unable to open the trust account password file for \
-machine %s in domain %s.\n", global_myname, domain); 
-		return False;
-	}
-
-	/*
-	 * Write the old machine account password.
-	 */
-	
-	if(!set_trust_account_password( pass))
-	{              
-		fprintf(stderr, "unable to write the trust account password for \
-%s in domain %s.\n", name, domain);
-		trust_password_unlock();
-		return False;
-	}
-	
-	trust_password_unlock();
-	
-	return True;
-}
-
-/*********************************************************
 Join a domain.
 **********************************************************/
 static int create_interdomain_trust_acct(char *domain, char *name)