s3:secrets: let secrets_delete_machine_password_ex() remove SID and GUID too

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 7669c2e0a4d22b8e6a7958188a65fc39d496ef4b..9a2f2272b975be477768db314589ce0af0a747d2 100644 (file)
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1705,10 +1705,6 @@ static bool libnet_join_unjoindomain_remove_secrets(TALLOC_CTX *mem_ctx,
                return false;
        }
 
-       if (!secrets_delete_domain_sid(lp_workgroup())) {
-               return false;
-       }
-
        return true;
 }
 

diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index 56a944246b8d5fc146031b01a52703daa5ea1ff7..06e42f2c65b36ee29d5141e0f9bb54dadc54e59a 100644 (file)
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -371,8 +371,7 @@ bool secrets_fetch_trust_account_password(const char *domain, uint8_t ret_pwd[16
 }
 
 /************************************************************************
- Routine to delete the plaintext machine account password, old password,
- sec channel type and last change time from secrets database
+ Routine to delete all information related to the domain joined machine.
 ************************************************************************/
 
 bool secrets_delete_machine_password_ex(const char *domain)
@@ -380,6 +379,12 @@ bool secrets_delete_machine_password_ex(const char *domain)
        const char *tmpkey = NULL;
        bool ok;
 
+       tmpkey = domain_guid_keystr(domain);
+       ok = secrets_delete(tmpkey);
+       if (!ok) {
+               return false;
+       }
+
        tmpkey = machine_prev_password_keystr(domain);
        ok = secrets_delete(tmpkey);
        if (!ok) {
@@ -404,6 +409,12 @@ bool secrets_delete_machine_password_ex(const char *domain)
                return false;
        }
 
+       tmpkey = domain_sid_keystr(domain);
+       ok = secrets_delete_entry(tmpkey);
+       if (!ok) {
+               return false;
+       }
+
        return true;
 }
 
@@ -485,7 +496,6 @@ bool secrets_store_machine_pw_sync(const char *pass, const char *oldpass, const
 
        if (delete_join) {
                secrets_delete_machine_password_ex(domain);
-               secrets_delete_domain_sid(domain);
                TALLOC_FREE(frame);
                return true;
        }