[SCM] SAMBA-CTDB repository - branch v3-4-ctdb updated - f5317662ecbcd3195fdd6f8ffecabd98f174b082

Michael Adam obnox at samba.org
Wed Jul 1 14:09:49 GMT 2009

The branch, v3-4-ctdb has been updated
  discards  eb31c33d840e5f8761c5c27f38a3fda73b0e0b8e (commit)
  discards  8f834781790cca49684d4c2d9ac6ef9b4f1078f5 (commit)
  discards  793506c531bbb92db56d0b31f6f94a3a7a820a5b (commit)
  discards  1a83fed4bb2c17dad805a3c64a3875fd06c712be (commit)
  discards  7effcb0715233acf8b1cccf5a087620307fd6d2a (commit)
  discards  cc324942794b20c0036ca2e5e95536fc1750a8a3 (commit)
  discards  61a7a65f3c6c52723c34ad91134f39ceec1cb4a5 (commit)
  discards  138a7560d9c4ce09b1a7a502a21fcd4befd72498 (commit)
  discards  fab2b3e07cee8ffc7a09d3458db1f833c6c836eb (commit)
  discards  7d0d0435315a48ecc964e2d7dfc47b68065ad90c (commit)
  discards  68ddc3239b6bf5bff42d187ec3fac5bd81f9784f (commit)
  discards  4ea6673c3b47c9c17a5eba79069a6adb84d52352 (commit)
  discards  8630a1a6dece8f2c654677e72120e76d3377fd17 (commit)
  discards  70a9cb880d9c09098930c38dc5482ca874f8cadd (commit)
  discards  1541cf150cc83a01b8ef4545dcbf64c2aa2125bf (commit)
  discards  c8d0d9f34ef2abc7a7859e8561a98fa8a189156a (commit)
  discards  97948d23485945178690aa24c64e485526b9854c (commit)
  discards  46d551cae9082b5e30e07ff59ef30eaa9ce27089 (commit)
  discards  add9726635e2282fe1105e437f0906ad1f728fbe (commit)
  discards  3c4f2979a8e4b752a014ebd3bf75a3bd6c01accf (commit)
  discards  c3a5566525721ee8fd7c6e76c667cf7da2922554 (commit)
  discards  2e26d3c5e7d8d8f4db59eb269761d144954b1c1b (commit)
  discards  142b0a89c98a9af7150a108a8dd9d8563575c055 (commit)
  discards  70c1cf01a09de16e9e332dcf743fb9cd5d2344f3 (commit)
  discards  1e58e3b6cde91ca4eff0e9cab5bb3945ae9bd3cb (commit)
  discards  132c3dedf98118dc10bc77f188afb5ee0969f0ee (commit)
  discards  2072a0e67696b93ac53d5bb6116adaf6f6caa5c5 (commit)
  discards  cfd68c05eb9ac87c205957404401dcb809bc0892 (commit)
  discards  ca48ecde915a53e41156044695bf6152a953c63a (commit)
       via  f5317662ecbcd3195fdd6f8ffecabd98f174b082 (commit)
       via  47f5e7414c049f169ddcd18cab4d19126ddf4eab (commit)
       via  8811fd5abfe5a0de90282b2e45d80e0f8cebc81d (commit)
       via  a38763f4a3d6827d8723efed753d983ae6fb1a79 (commit)
       via  9c8482bc3ac54e187f4c87c4d7b56feddf0c329b (commit)
       via  597fa1c87446da6740f4193b980c3676d8006cce (commit)
       via  3bca25a56e60077488817835146f771e3d825ee1 (commit)
       via  52608f908c80b098d02c5c6ca40834f2bb5f4de4 (commit)
       via  7b8b53c2490621662b57eb949f0f031187a5f553 (commit)
       via  2736722f5b46bce484a02bfab60eeef537ca9695 (commit)
       via  a3ec5b3f2b7bbdd864693173f29b2a30b9fdf8a9 (commit)
       via  6c553e85bb6a6fdd86b32426b642acea2080229f (commit)
       via  3842afb0b467db9ab3f2b4843a801b884a9cc731 (commit)
       via  48fb4e0788f56d62ae8a79094a6344a350a05922 (commit)
       via  ce61d9681ce835fe23c7933bf85e67f486bd9ae2 (commit)
       via  ffe611f2058b0ee96ebdc12480d6cd642813a364 (commit)
       via  191da19f32340ea2f6a60a47d26a293e5f2e7173 (commit)
       via  49e030b7abe5407d0df41169d8e3013c38b49985 (commit)
       via  115620a4b4ff2d6ae0271500e84dfd3d2e082024 (commit)
       via  3a93ad2be68597fafe8fba389798cf2c56dad573 (commit)
       via  a77963e47ed003262f6e0b69d682a2f476c1daa4 (commit)
       via  dc16a6647f3c288619dfd1b93321c066e4fdf9fb (commit)
       via  f2424fc51007c8c8f818741eb6ef9c1a7aa8b7a3 (commit)
       via  d577f10331ee935efa263091737d327ed1d19b7a (commit)
       via  46ca188cca943d94e8756f910963af966b5e6547 (commit)
       via  f396e590c8d865ac3322332b16ec72073ee15bb0 (commit)
       via  eddac3fe077f1ad19d5d98b6e9a1ae103b01e86c (commit)
       via  5fbbdd284e8eab91b8e8151da41f9207e2405847 (commit)
       via  95c90fa6973676d6599668bbe816bdbbae5d086c (commit)
       via  5c5f72b6c5e7473cfe42d2d54fd34c6b31cbf6b1 (commit)
       via  14be3fd3daee943d0aaad1029ab629e5d379708b (commit)
       via  39bfcc5d50892ad0c387f0ca3932e961e77fdc39 (commit)
       via  8135fb06fb18fe42b05f6a938d31905d8ebc903a (commit)
       via  6bac56bc6873470958a2369827cbfa3a7c8241d4 (commit)
       via  21c9ca179abc18cb3f898e1885adb293c785508c (commit)
       via  75eacdd7e0faa72775c4a143193edd594bd99ee7 (commit)
       via  e742e2b3968801f15f0127f02dff27c78371b5f7 (commit)
       via  d5c73127b7e6a9ab917c35811fcfdcfe11681086 (commit)
       via  36791e2d05f05282ac4eaab17541aa857e48d830 (commit)
      from  eb31c33d840e5f8761c5c27f38a3fda73b0e0b8e (commit)


- Log -----------------------------------------------------------------
commit f5317662ecbcd3195fdd6f8ffecabd98f174b082
Author: Michael Adam <obnox at samba.org>
Date:   Wed Jul 1 11:06:34 2009 +0200

    packaging(RHEL-CTDB): disable the merged build.

commit 47f5e7414c049f169ddcd18cab4d19126ddf4eab
Author: Michael Adam <obnox at samba.org>
Date:   Wed Jul 1 11:02:25 2009 +0200

    Revert "s3/VERSION: Raise version number up to 3.4.0."
    This reverts commit bb59901d6e4f7c03b815ac6afd297b4230031330.
    For v3-4-ctdb, we are still based on 3.4.0rc1 + patches.

commit 8811fd5abfe5a0de90282b2e45d80e0f8cebc81d
Author: Michael Adam <obnox at samba.org>
Date:   Fri Mar 20 00:47:45 2009 +0100

    packaging(RHEL-CTDB): also pack libwbcient in winbind-32bit package
    Signed-off-by: Michael Adam <obnox at samba.org>

commit a38763f4a3d6827d8723efed753d983ae6fb1a79
Author: Michael Adam <obnox at samba.org>
Date:   Fri Mar 20 00:30:35 2009 +0100

    packaging(RHEL-CTDB): add new pam_winbind.mo to the common package
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 9c8482bc3ac54e187f4c87c4d7b56feddf0c329b
Author: Michael Adam <obnox at samba.org>
Date:   Fri Mar 20 00:28:36 2009 +0100

    packaging(RHEL-CTDB): add new binary sharesec to the client package.
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 597fa1c87446da6740f4193b980c3676d8006cce
Author: Michael Adam <obnox at samba.org>
Date:   Fri Mar 20 00:26:11 2009 +0100

    packaging(RHEL-CTDB): add new binary ldbrename to the common rpm
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 3bca25a56e60077488817835146f771e3d825ee1
Author: Michael Adam <obnox at samba.org>
Date:   Mon Jun 29 17:07:14 2009 +0200

    packaging(RHEL-CTDB): fix location of nsswitch/ directory for install
    This has been moved to the top level directory in 3.4.

commit 52608f908c80b098d02c5c6ca40834f2bb5f4de4
Author: Michael Adam <obnox at samba.org>
Date:   Mon Jun 29 17:05:00 2009 +0200

    packaging(RHEL-CTDB): don't pass CFLAGS to make.
    This breaks the build since 3.3 since it overwrites the CFLAGS
    set by configure.

commit 7b8b53c2490621662b57eb949f0f031187a5f553
Author: Michael Adam <obnox at samba.org>
Date:   Mon Jun 29 17:03:09 2009 +0200

    packaging(RHEL-CTDB): don't "make proto" any more.
    This has become unnecessary in 3.3

commit 2736722f5b46bce484a02bfab60eeef537ca9695
Author: Michael Adam <obnox at samba.org>
Date:   Mon Jun 29 16:26:42 2009 +0200

    s3:fix build of old linux quota system and other unixes' quota implementation
    By fixing the use of struct stat_ex.

commit a3ec5b3f2b7bbdd864693173f29b2a30b9fdf8a9
Author: Michael Adam <obnox at samba.org>
Date:   Mon Jun 29 16:11:13 2009 +0200

    s3:lib/sysquotas: fix usage of SMB_STRUCT_STAT (struct stat_ex).
    This fixes the build with quotas / configure time detection
    of sys_quota interface.

commit 6c553e85bb6a6fdd86b32426b642acea2080229f
Author: Michael Adam <obnox at samba.org>
Date:   Mon Jun 29 13:19:48 2009 +0200

    s3:nfsv4_acl.c: fix build with struct stat_ex.

commit 3842afb0b467db9ab3f2b4843a801b884a9cc731
Author: Michael Adam <obnox at samba.org>
Date:   Tue Jun 23 23:09:09 2009 +0200

    packaging(RHEL-CTDB):makerpms.sh: replace source/ by source3/

commit 48fb4e0788f56d62ae8a79094a6344a350a05922
Author: Michael Adam <obnox at samba.org>
Date:   Tue Jun 23 23:06:40 2009 +0200

    packaging(RHEL-CTDB):makespec.sh: fix detection of version

commit ce61d9681ce835fe23c7933bf85e67f486bd9ae2
Author: Michael Adam <obnox at samba.org>
Date:   Tue Jun 23 22:41:51 2009 +0200

    packaging(RHEL-CTDB): makeversion.sh: v3-4-test uses source3 instead of source

commit ffe611f2058b0ee96ebdc12480d6cd642813a364
Author: Michael Adam <obnox at samba.org>
Date:   Tue Jun 23 16:41:38 2009 +0200

    adapt VERSION to be 3.4.0rc1-ctdb-1
    following the versioning scheme of the v3-2-ctdb branch

commit 191da19f32340ea2f6a60a47d26a293e5f2e7173
Author: Michael Adam <obnox at samba.org>
Date:   Wed Jan 21 09:49:12 2009 +0100

    packaging(RHEL-CTDB): makerpms.sh: build winbind-32bit libs in the 64bit build
    (cherry picked from commit a9a506b6640986548e2ae8540b7ae93960d6ece5)

commit 49e030b7abe5407d0df41169d8e3013c38b49985
Author: Michael Adam <obnox at samba.org>
Date:   Tue Jan 20 19:47:28 2009 +0100

    packaging(RHEL-CTDB): Build winbind-32bit package in the 64bit build
    (cherry picked from commit f5cd88a25f360e6609dc5abe24247fab78af6854)

commit 115620a4b4ff2d6ae0271500e84dfd3d2e082024
Author: Michael Adam <obnox at samba.org>
Date:   Wed Jan 21 11:03:34 2009 +0100

    packaging(RHEL-CTDB): extend makespec.sh to extract VENDOR_PATCH from version.h
    (cherry picked from commit fc122aa276bce379b492e5bdf52ab3e03bc3737f)

commit 3a93ad2be68597fafe8fba389798cf2c56dad573
Author: Michael Adam <obnox at samba.org>
Date:   Wed Jan 21 10:24:31 2009 +0100

    packaging(RHEL-CTDB): The former release number has basically moved into VERSION

commit a77963e47ed003262f6e0b69d682a2f476c1daa4
Author: Volker Lendecke <vl at samba.org>
Date:   Thu May 14 15:34:42 2009 +0200

    Introduce "struct stat_ex" as a replacement for SMB_STRUCT_STAT
    This patch introduces
    struct stat_ex {
            dev_t           st_ex_dev;
            ino_t           st_ex_ino;
            mode_t          st_ex_mode;
            nlink_t         st_ex_nlink;
            uid_t           st_ex_uid;
            gid_t           st_ex_gid;
            dev_t           st_ex_rdev;
            off_t           st_ex_size;
            struct timespec st_ex_atime;
            struct timespec st_ex_mtime;
            struct timespec st_ex_ctime;
            struct timespec st_ex_btime; /* birthtime */
            blksize_t       st_ex_blksize;
            blkcnt_t        st_ex_blocks;
    typedef struct stat_ex SMB_STRUCT_STAT;
    It is really large because due to the friendly libc headers playing macro
    tricks with fields like st_ino, so I renamed them to st_ex_xxx.
    Why this change? To support birthtime, we already have quite a few #ifdef's at
    places where it does not really belong. With a stat struct that we control, we
    can consolidate the nanosecond timestamps and the birthtime deep in the VFS
    stat calls.
    At this moment it is triggered by a request to support the birthtime field for
    GPFS. GPFS does not extend the system level struct stat, but instead has a
    separate call that gets us the additional information beyond posix. Without
    being able to do that within the VFS stat calls, that support would have to be
    scattered around the main smbd code.
    It will very likely break all the onefs modules, but I think the changes will
    be reasonably easy to do.

commit dc16a6647f3c288619dfd1b93321c066e4fdf9fb
Author: Michael Adam <obnox at samba.org>
Date:   Wed Jan 28 13:34:34 2009 +0100

    vfs_gpfs_prefetch: correctly return -1 on error condition in smbd_gpfs_fcntl()

commit f2424fc51007c8c8f818741eb6ef9c1a7aa8b7a3
Author: Volker Lendecke <vl at samba.org>
Date:   Mon Apr 28 11:44:26 2008 +0200

    Add a gpfs_prefetch module
    This can not go upstream yet because it uses the non-GPL libgpfs. So it will
    not be compiled by default and will not be included in the SOFS RPMs. But upon
    Sven's request, we include it in the git tree and the source RPMs, so that it
    can be built for in-house tests.

commit d577f10331ee935efa263091737d327ed1d19b7a
Author: Volker Lendecke <vl at samba.org>
Date:   Fri May 29 00:20:10 2009 +0200

    Support getting gpfs birthtime

commit 46ca188cca943d94e8756f910963af966b5e6547
Author: Mathias Dietz <mdietz at de.ibm.com>
Date:   Wed May 27 12:03:12 2009 +0200

    Store winattrs in GPFS
    1. Store win attributes in gpfs instead of posix bits.
        2. use of path based winattr calls of gpfs.
        Signed-off-by: Mathias Dietz <mdietz at de.ibm.com>

commit f396e590c8d865ac3322332b16ec72073ee15bb0
Author: Volker Lendecke <vl at samba.org>
Date:   Mon Dec 15 00:16:56 2008 +0100

    Add the "net groupfilter" command
    This is the start of a bad hack for even worse systems: Many Unix systems still
    have the NGROUPS problem: A user can not be member of more than a very limited
    number of groups. Solaris for example limits this to 16 by default. Many
    Windows environments have a *LOT* more groups per user, some even go to
    hundreds. Whether that is efficient is debatable, but it's there.
    This patch implements the
    "net groupfilter"
    command with the "addsid", "delsid" and "list" subcommands. If any SIDs are
    present according to "net groupfilter list" (they are stored in secrets.tdb),
    then only the SIDs in that list are converted to GIDs for a user at login time.
    This gives the Administrator the possibility to define a set of groups that are
    used on the Unix box, making sure that no user is in more than NGROUPS of those
    at a time.
    This patch is incomplete in the sense that winbind is not aware of this, only
    smbd. So it is kind of an emergency hack for smbd-only machines.
    Signed-off-by: Michael Adam <obnox at samba.org>

commit eddac3fe077f1ad19d5d98b6e9a1ae103b01e86c
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Apr 21 18:41:32 2008 +0200

    apply patch from v3-0-ctdb to special case root in libnss_winbind
    This is needed to ensure the administrator can login to a node even
    when ctdbd and winbindd are stuck

commit 5fbbdd284e8eab91b8e8151da41f9207e2405847
Author: Michael Adam <obnox at samba.org>
Date:   Tue Jun 16 16:03:41 2009 +0200

    add README.v3-4-ctdb

commit 95c90fa6973676d6599668bbe816bdbbae5d086c
Author: Karolin Seeger <kseeger at samba.org>
Date:   Wed Jul 1 14:09:42 2009 +0200

    WHATSNEW: Update changes since 3.4.0rc1.

commit 5c5f72b6c5e7473cfe42d2d54fd34c6b31cbf6b1
Author: Michael Adam <obnox at samba.org>
Date:   Wed Jul 1 10:51:17 2009 +0200

    lib/util: fix order of includes in tevent_ntstatus.c
    replace.h needs to be included first.
    (cherry picked from commit 8d982d91f231abbf003473d09433fca2cfa240ac)
    Signed-off-by: Michael Adam <obnox at samba.org>
    This addresses bug #6521.

commit 14be3fd3daee943d0aaad1029ab629e5d379708b
Author: Günther Deschner <gd at samba.org>
Date:   Tue Jun 30 13:12:01 2009 +0200

    s3-spoolss: Bug #6512. Fix support for enumerating user forms.
    Found while testing Xerox WorkCentre 133 PCL driver, now also tested with
    torture test.
    (cherry picked from commit b85b93dcff89e18bd15d4cef8b8c2dc61bc42cbe)

commit 39bfcc5d50892ad0c387f0ca3932e961e77fdc39
Author: Matt Kraai <mkraai at beckman.com>
Date:   Wed Jul 1 08:18:11 2009 +0200

    s3/docs: Fix typo.
    This fixes bug #6519.
    (cherry picked from commit 4fb1f8e8fe46b3e77c06612ac3fc3d67cf650a11)

commit 8135fb06fb18fe42b05f6a938d31905d8ebc903a
Author: Tim Prouty <tprouty at samba.org>
Date:   Tue Jun 30 16:59:57 2009 -0700

    s3 docs: Add documentation for 'kerberos method' and 'dedicated keytab file' parameters
    (cherry picked from commit 969106a21fe169282e3b42e51d9e14836d6a41b2)
    This fixes bug #6264.

commit 6bac56bc6873470958a2369827cbfa3a7c8241d4
Author: Michael Adam <obnox at samba.org>
Date:   Mon Jun 29 15:39:46 2009 +0200

    lib/util: fix building tevent_ntstatus without config.h
    (when called from places with "#define NO_CONFIG_H" set, such as configure)
    This fixes bug #6521.
    (cherry picked from commit e4e855563bcbeb7be54de57d8c1d41d35ddc5e7a)

commit 21c9ca179abc18cb3f898e1885adb293c785508c
Author: Karolin Seeger <kseeger at samba.org>
Date:   Tue Jun 30 09:14:23 2009 +0200

    WHATSNEW: Update changes since 3.4.0rc1.

commit 75eacdd7e0faa72775c4a143193edd594bd99ee7
Author: Jim McDonough <jmcd at samba.org>
Date:   Fri Jun 19 13:46:07 2009 -0400

    Don't require "Modify property" perms to unjoin bug #6481) "net ads leave" stopped working when "modify properties" permissions were not granted (meaning you had to be allowed to disable the account that you were about to delete).
    Libnetapi should not delete machine accounts, as this does not
    happen on win32.  The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag
    really means "disable" (both in practice and docs).
    However, to keep the functionality in "net ads leave", we
    will still try to do the delete.  If this fails, we try
    to do the disable.
    Additionally, it is possible in windows to not disable or
    delete the account, but just tell the local machine that it
    is no longer in the account.  libnet can now do this as well.
    Don't use ads realm name for non-ads case.  #6481
    Also check that the connection to ads worked.

commit e742e2b3968801f15f0127f02dff27c78371b5f7
Author: Karolin Seeger <kseeger at samba.org>
Date:   Mon Jun 29 15:28:23 2009 +0200

    WHATSNEW: Update changes.

commit d5c73127b7e6a9ab917c35811fcfdcfe11681086
Author: Günther Deschner <gd at samba.org>
Date:   Mon Jun 29 15:06:40 2009 +0200

    s3-selftest: add RPC-SAMR-MACHINE-AUTH to list of test to run against s3.

commit 36791e2d05f05282ac4eaab17541aa857e48d830
Author: David Markey <admin at dmarkey.com>
Date:   Mon Jun 29 08:12:03 2009 +0200

    Fix bug 6514: net gives unhelpful "lp_load failed" when it's missing smb.conf
    (cherry picked from commit 55ed0be65f07b46d51a647e556644039d68a002d)


Summary of changes:
 WHATSNEW.txt                                       |   16 +++++-
 docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml |    2 +-
 .../smbdotconf/security/dedicatedkeytabfile.xml    |   15 +++++
 docs-xml/smbdotconf/security/kerberosmethod.xml    |   39 +++++++++++++
 lib/util/tevent_ntstatus.c                         |    2 +-
 source3/lib/netapi/joindomain.c                    |    1 +
 source3/lib/netapi/netapi.c                        |    2 +-
 source3/libnet/libnet_join.c                       |   61 +++++++++++++------
 source3/librpc/gen_ndr/libnet_join.h               |    5 +-
 source3/librpc/gen_ndr/ndr_libnet_join.c           |    1 +
 source3/librpc/idl/libnet_join.idl                 |    1 +
 source3/rpc_server/srv_spoolss_nt.c                |   10 ++--
 source3/script/tests/test_posix_s3.sh              |    5 +-
 source3/utils/net_ads.c                            |   11 +++-
 14 files changed, 137 insertions(+), 34 deletions(-)
 create mode 100644 docs-xml/smbdotconf/security/dedicatedkeytabfile.xml
 create mode 100644 docs-xml/smbdotconf/security/kerberosmethod.xml

Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 06177ca..a1ac150 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -208,9 +208,14 @@ Changes since 3.4.0rc1
 o    Michael Adam <obnox at samba.org>
      * BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache().
+     * BUG 6521: Fix building tevent_ntstatus without config.h.
-o    Björn Jacke <bj at sernet.de>
+o    Guenther Deschner <gd at samba.org>
+     * BUG 6512: Fix support for enumerating user forms.
+o    Bjoern Jacke <bj at sernet.de>
      * BUG 6497: Fix calling of 'test' in configure.
@@ -218,6 +223,15 @@ o    Volker Lendecke <vl at samba.org>
      * BUG 6498: Add workaround for MS KB932762.
+o    David Markey <admin at dmarkey.com>
+     * BUG 6514: Improve error message in 'net' when smb.conf is not available.
+o    Jim McDonough <jmcd at samba.org>
+     * BUG 6481: 'net ads leave' needs to try account deletion, NetUnjoinDomain
+       not.
 o    Bo Yang <boyang at samba.org>
      * BUG 6499: Fix building of pam_smbpass.
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml b/docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml
index aa879ae..f3fb688 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml
@@ -88,7 +88,7 @@ See <link linkend="pdbeditthing">The <emphasis>pdbedit</emphasis> Command</link>
-<title>New Featuers in Samba-3.x Series</title>
+<title>New Features in Samba-3.x Series</title>
diff --git a/docs-xml/smbdotconf/security/dedicatedkeytabfile.xml b/docs-xml/smbdotconf/security/dedicatedkeytabfile.xml
new file mode 100644
index 0000000..c833e3f
--- /dev/null
+++ b/docs-xml/smbdotconf/security/dedicatedkeytabfile.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="dedicated keytab file" context="G" type="string"
+		 advanced="1" developer="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+	<para>
+	  Specifies the path to the kerberos keytab file when
+	  <smbconfoption name="kerberos method"/> is set to "dedicated
+	  keytab".
+	</para>
+<related>kerberos method</related>
+<value type="default"/>
+<value type="example">/usr/local/etc/krb5.keytab</value>
diff --git a/docs-xml/smbdotconf/security/kerberosmethod.xml b/docs-xml/smbdotconf/security/kerberosmethod.xml
new file mode 100644
index 0000000..3a11e06
--- /dev/null
+++ b/docs-xml/smbdotconf/security/kerberosmethod.xml
@@ -0,0 +1,39 @@
+<samba:parameter name="kerberos method" context="G" type="enum"
+		 advanced="1" developer="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+	<para>
+	Controls how kerberos tickets are verified.
+	</para>
+	<para>Valid options are:</para>
+	<itemizedlist>
+	  <listitem><para>secrets only - use only the secrets.tdb for
+	  ticket verification (default)</para></listitem>
+	  <listitem><para>system keytab - use only the system keytab
+	  for ticket verification</para></listitem>
+	  <listitem><para>dedicated keytab - use a dedicated keytab
+	  for ticket verification</para></listitem>
+	  <listitem><para>secrets and keytab - use the secrets.tdb
+	  first, then the system keytab</para></listitem>
+	</itemizedlist>
+	<para>
+	  The major difference between "system keytab" and "dedicated
+	  keytab" is that the latter method relies on kerberos to find the
+	  correct keytab entry instead of filtering based on expected
+	  principals.
+	</para>
+	<para>
+	  When the kerberos method is in "dedicated keytab" mode,
+	  <smbconfoption name="dedicated keytab file"/> must be set to
+	  specify the location of the keytab file.
+	</para>
+<related>dedicated keytab file</related>
+<value type="default">secrets only</value>
diff --git a/lib/util/tevent_ntstatus.c b/lib/util/tevent_ntstatus.c
index 1a34e9c..6aa576d 100644
--- a/lib/util/tevent_ntstatus.c
+++ b/lib/util/tevent_ntstatus.c
@@ -17,8 +17,8 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#include "tevent_ntstatus.h"
 #include "../replace/replace.h"
+#include "tevent_ntstatus.h"
 bool tevent_req_nterror(struct tevent_req *req,	NTSTATUS status)
diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c
index 9eedc5d..9066d9b 100644
--- a/source3/lib/netapi/joindomain.c
+++ b/source3/lib/netapi/joindomain.c
@@ -203,6 +203,7 @@ WERROR NetUnjoinDomain_l(struct libnetapi_ctx *mem_ctx,
 	u->in.domain_name = domain;
 	u->in.unjoin_flags = r->in.unjoin_flags;
+	u->in.delete_machine_account = false;
 	u->in.modify_config = true;
 	u->in.debug = true;
diff --git a/source3/lib/netapi/netapi.c b/source3/lib/netapi/netapi.c
index 8893881..2f8474b 100644
--- a/source3/lib/netapi/netapi.c
+++ b/source3/lib/netapi/netapi.c
@@ -89,7 +89,7 @@ NET_API_STATUS libnetapi_init(struct libnetapi_ctx **context)
 	if (!lp_load(get_dyn_CONFIGFILE(), true, false, false, false)) {
-		fprintf(stderr, "lp_load failed\n");
+		fprintf(stderr, "error loading %s\n", get_dyn_CONFIGFILE() );
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 376befe..5309452 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1923,6 +1923,12 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx,
+	if (!(r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) &&
+	    !r->in.delete_machine_account) {
+		libnet_join_unjoindomain_remove_secrets(mem_ctx, r);
+		return WERR_OK;
+	}
 	if (!r->in.dc_name) {
 		struct netr_DsRGetDCNameInfo *info;
 		const char *dc;
@@ -1948,38 +1954,55 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx,
-	status = libnet_join_unjoindomain_rpc(mem_ctx, r);
-	if (!NT_STATUS_IS_OK(status)) {
-		libnet_unjoin_set_error_string(mem_ctx, r,
-			"failed to disable machine account via rpc: %s",
-			get_friendly_nt_error_msg(status));
-		}
-		return ntstatus_to_werror(status);
-	}
-	r->out.disabled_machine_account = true;
 #ifdef WITH_ADS
-	if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) {
+	/* for net ads leave, try to delete the account.  If it works,
+	   no sense in disabling.  If it fails, we can still try to
+	   disable it. jmcd */
+	if (r->in.delete_machine_account) {
 		ADS_STATUS ads_status;
-		libnet_unjoin_connect_ads(mem_ctx, r);
-		ads_status = libnet_unjoin_remove_machine_acct(mem_ctx, r);
+		ads_status = libnet_unjoin_connect_ads(mem_ctx, r);
+		if (ADS_ERR_OK(ads_status)) {
+			/* dirty hack */
+			r->out.dns_domain_name =
+				talloc_strdup(mem_ctx,
+					      r->in.ads->server.realm);
+			ads_status =
+				libnet_unjoin_remove_machine_acct(mem_ctx, r);
+		}
 		if (!ADS_ERR_OK(ads_status)) {
 			libnet_unjoin_set_error_string(mem_ctx, r,
 				"failed to remove machine account from AD: %s",
 		} else {
 			r->out.deleted_machine_account = true;
-			/* dirty hack */
-			r->out.dns_domain_name = talloc_strdup(mem_ctx,
-							       r->in.ads->server.realm);
+			libnet_join_unjoindomain_remove_secrets(mem_ctx, r);
+			return WERR_OK;
 #endif /* WITH_ADS */
+	/* The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag really means
+	   "disable".  */
+	if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) {
+		status = libnet_join_unjoindomain_rpc(mem_ctx, r);
+		if (!NT_STATUS_IS_OK(status)) {
+			libnet_unjoin_set_error_string(mem_ctx, r,
+				"failed to disable machine account via rpc: %s",
+				get_friendly_nt_error_msg(status));
+			}
+			return ntstatus_to_werror(status);
+		}
+		r->out.disabled_machine_account = true;
+	}
+	/* If disable succeeded or was not requested at all, we
+	   should be getting rid of our end of things */
 	libnet_join_unjoindomain_remove_secrets(mem_ctx, r);
 	return WERR_OK;
diff --git a/source3/librpc/gen_ndr/libnet_join.h b/source3/librpc/gen_ndr/libnet_join.h
index ed49062..cf915cb 100644
--- a/source3/librpc/gen_ndr/libnet_join.h
+++ b/source3/librpc/gen_ndr/libnet_join.h
@@ -2,13 +2,13 @@
 #include <stdint.h>
+#include "libcli/util/ntstatus.h"
 #include "librpc/gen_ndr/wkssvc.h"
 #include "librpc/gen_ndr/security.h"
 #ifndef _HEADER_libnetjoin
 #define _HEADER_libnetjoin
-enum netr_SchannelType;
 struct libnet_JoinCtx {
 	struct {
@@ -58,6 +58,7 @@ struct libnet_UnjoinCtx {
 		const char * admin_password;
 		const char * machine_password;
 		uint32_t unjoin_flags;
+		uint8_t delete_machine_account;
 		uint8_t modify_config;
 		struct dom_sid *domain_sid;/* [ref] */
 		struct ads_struct *ads;/* [ref] */
diff --git a/source3/librpc/gen_ndr/ndr_libnet_join.c b/source3/librpc/gen_ndr/ndr_libnet_join.c
index 79fcd16..ba31ea6 100644
--- a/source3/librpc/gen_ndr/ndr_libnet_join.c
+++ b/source3/librpc/gen_ndr/ndr_libnet_join.c
@@ -89,6 +89,7 @@ _PUBLIC_ void ndr_print_libnet_UnjoinCtx(struct ndr_print *ndr, const char *name
 		ndr_print_ptr(ndr, "machine_password", r->in.machine_password);
 		ndr_print_wkssvc_joinflags(ndr, "unjoin_flags", r->in.unjoin_flags);
+		ndr_print_uint8(ndr, "delete_machine_account", r->in.delete_machine_account);
 		ndr_print_uint8(ndr, "modify_config", r->in.modify_config);
 		ndr_print_ptr(ndr, "domain_sid", r->in.domain_sid);
diff --git a/source3/librpc/idl/libnet_join.idl b/source3/librpc/idl/libnet_join.idl
index c600ea0..80429dc 100644
--- a/source3/librpc/idl/libnet_join.idl
+++ b/source3/librpc/idl/libnet_join.idl
@@ -53,6 +53,7 @@ interface libnetjoin
 		[in] string admin_password,
 		[in] string machine_password,
 		[in] wkssvc_joinflags unjoin_flags,
+		[in] boolean8 delete_machine_account,
 		[in] boolean8 modify_config,
 		[in] dom_sid *domain_sid,
 		[in] ads_struct *ads,
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 5c56acf..79f0f14 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -7024,7 +7024,7 @@ static WERROR spoolss_enumforms_level1(TALLOC_CTX *mem_ctx,
 	/* construct the list of form structures */
 	for (i=0; i<num_builtin_forms; i++) {
-		DEBUGADD(6,("Filling form number [%d]\n",i));
+		DEBUGADD(6,("Filling builtin form number [%d]\n",i));
 		result = fill_form_info_1(info, &info[i].info1,
 		if (!W_ERROR_IS_OK(result)) {
@@ -7032,10 +7032,10 @@ static WERROR spoolss_enumforms_level1(TALLOC_CTX *mem_ctx,
-	for (; i<num_user_forms; i++) {
-		DEBUGADD(6,("Filling form number [%d]\n",i));
-		result = fill_form_info_1(info, &info[i].info1,
-					  &user_forms[i-num_builtin_forms]);
+	for (i=0; i<num_user_forms; i++) {
+		DEBUGADD(6,("Filling user form number [%d]\n",i));
+		result = fill_form_info_1(info, &info[i+num_builtin_forms].info1,
+					  &user_forms[i]);
 		if (!W_ERROR_IS_OK(result)) {
 			goto out;
diff --git a/source3/script/tests/test_posix_s3.sh b/source3/script/tests/test_posix_s3.sh
index 0bcf369..04d0eeb 100755
--- a/source3/script/tests/test_posix_s3.sh
+++ b/source3/script/tests/test_posix_s3.sh
@@ -42,8 +42,9 @@ rpc="$rpc RPC-SAMBA3-SPOOLSS RPC-SAMBA3-WKSSVC"
 # NOTE: to enable the UNIX-WHOAMI test, we need to change the default share
 # config to allow guest access. I'm not sure whether this would break other
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 8e927be..ed2e17b 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -910,8 +910,12 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv)
 	r->in.admin_account	= c->opt_user_name;
 	r->in.admin_password	= net_prompt_pass(c, c->opt_user_name);
 	r->in.modify_config	= lp_config_backend_is_registry();
+	/* Try to delete it, but if that fails, disable it.  The
+	   WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE really means "disable */
 	r->in.unjoin_flags	= WKSSVC_JOIN_FLAGS_JOIN_TYPE |
+	r->in.delete_machine_account = true;
 	werr = libnet_Unjoin(ctx, r);
 	if (!W_ERROR_IS_OK(werr)) {
@@ -921,7 +925,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv)
 		goto done;
-	if (W_ERROR_IS_OK(werr)) {
+	if (r->out.deleted_machine_account) {
 		d_printf("Deleted account for '%s' in realm '%s'\n",
 			r->in.machine_name, r->out.dns_domain_name);
 		goto done;
@@ -935,7 +939,10 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv)
 		goto done;
-	d_fprintf(stderr, "Failed to disable machine account for '%s' in realm '%s'\n",
+	/* Based on what we requseted, we shouldn't get here, but if
+	   we did, it means the secrets were removed, and therefore
+	   we have left the domain */
+	d_fprintf(stderr, "Machine '%s' Left domain '%s'\n",
 		  r->in.machine_name, r->out.dns_domain_name);

SAMBA-CTDB repository

More information about the samba-cvs mailing list