fixing typos pointed out by Vance in WHATSNEW

Include patch to manually set the machine trust account
password (on request from jht) to mimic 2.2. behavior.

last changes before RC2 (not counting syncing the docs).
(This used to be commit ce090371449097d4e5010e1219d449db8b0ccac5)

2 files changed, 57 insertions, 2 deletions

diff --git a/source3/utils/net.c b/source3/utils/net.c
index c49c77dd50..90f71f5035 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -79,6 +79,30 @@ struct in_addr opt_dest_ip;
 
 extern BOOL AllowDebugChange;
 
+/**************************************************************************************************/
+/* Utility function to prompt for password from stdin.  Password entered must end with a newline. */
+/**************************************************************************************************/
+static char *stdin_new_passwd(void)
+{
+	static fstring new_pw;
+	size_t len;
+
+	ZERO_ARRAY(new_pw);
+
+	/*
+	 * if no error is reported from fgets() and string at least contains
+	 * the newline that ends the password, then replace the newline with
+	 * a null terminator.
+	 */
+	if ( fgets(new_pw, sizeof(new_pw), stdin) != NULL) {
+		if ((len = strlen(new_pw)) > 0) {
+			if(new_pw[len-1] == '\n')
+				new_pw[len - 1] = 0; 
+		}
+	}
+	return(new_pw);
+}
+
 uint32 get_sec_channel_type(const char *param) 
 {
 	if (!(param && *param)) {
@@ -355,6 +379,33 @@ static int net_changetrustpw(int argc, const char **argv)
 	return net_rpc_changetrustpw(argc, argv);
 }
 
+static int net_changesecretpw(int argc, const char **argv)
+{
+        char *trust_pw;
+        char trust_pw_hash[16];
+        uint32 sec_channel_type = SEC_CHAN_WKSTA;
+
+
+	if(opt_force) {
+		trust_pw = getpass("Enter machine password: ");
+
+		if (!secrets_store_machine_password(trust_pw, lp_workgroup(), sec_channel_type)) {
+			    d_printf("Unable to write the machine account password in the secrets database");
+			    return 1;
+		}
+		else {
+		    d_printf("Modified trust account password in secrets database\n");
+		}
+	}
+	else {
+		d_printf("Machine account password change requires the -f flag.\n");
+		d_printf("Do NOT use this function unless you know what it does!\n");
+		d_printf("This function will change the ADS Domain member machine account password in the secrets.tdb file!\n");
+	}
+
+        return 0;
+}
+
 static int net_share(int argc, const char **argv)
 {
 	if (net_rpc_check(0))
@@ -537,6 +588,7 @@ static struct functable net_func[] = {
 	{"SERVICE", net_rap_service},	
 	{"PASSWORD", net_rap_password},
 	{"CHANGETRUSTPW", net_changetrustpw},
+	{"CHANGESECRETPW", net_changesecretpw},
 	{"TIME", net_time},
 	{"LOOKUP", net_lookup},
 	{"JOIN", net_join},
diff --git a/source3/utils/net_help.c b/source3/utils/net_help.c
index 1f3afb1690..272a06bc90 100644
--- a/source3/utils/net_help.c
+++ b/source3/utils/net_help.c
@@ -47,7 +47,7 @@ int net_common_flags_usage(int argc, const char **argv)
 	d_printf("\t-U or --user=<name>\t\tuser name\n");
 	d_printf("\t-s or --configfile=<path>\t\tpathname of smb.conf file\n");
 	d_printf("\t-l or --long\t\t\tDisplay full information\n");
-	d_printf("\t-V or --version\t\tPrint samba version information\n");
+	d_printf("\t-V or --version\t\t\tPrint samba version information\n");
 	d_printf("\t-P or --machine-pass\t\tAuthenticate as machine account\n");
 	return -1;
 }
@@ -60,7 +60,8 @@ static int help_usage(int argc, const char **argv)
 "\n"\
 "Valid functions are:\n"\
 "  RPC RAP ADS FILE SHARE SESSION SERVER DOMAIN PRINTQ USER GROUP VALIDATE\n"\
-"  GROUPMEMBER ADMIN SERVICE PASSWORD TIME LOOKUP GETLOCALSID SETLOCALSID\n");
+"  GROUPMEMBER ADMIN SERVICE PASSWORD TIME LOOKUP GETLOCALSID SETLOCALSID\n"\
+"  CHANGESCRETPW\n");
 	return -1;
 }
 
@@ -156,6 +157,8 @@ static int net_usage(int argc, const char **argv)
 		 "  net cache\t\tto operate on cache tdb file\n"\
 		 "  net getlocalsid [NAME]\tto get the SID for local name\n"\
 		 "  net setlocalsid SID\tto set the local domain SID\n"\
+		 "  net changesecretpw\tto change the machine password in the local secrets database only\n"\
+		 "                    \tthis requires the -f flag as a safety barrier\n"\
 		 "\n"\
 		 "  net ads <command>\tto run ADS commands\n"\
 		 "  net rap <command>\tto run RAP (pre-RPC) commands\n"\