s3:secrets: let secrets_delete_machine_password_ex() also remove the des_salt key

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/include/secrets.h b/source3/include/secrets.h
index 548003fc4fd61f4357f1e98e1bebe7bbb330797b..fc8e11841f43ebfb8f667a92331b9201746890e1 100644 (file)
--- a/source3/include/secrets.h
+++ b/source3/include/secrets.h
@@ -110,7 +110,7 @@ bool secrets_fetch_trusted_domain_password(const char *domain, char** pwd,
                                            struct dom_sid  *sid, time_t *pass_last_set_time);
 bool secrets_store_trusted_domain_password(const char* domain, const char* pwd,
                                            const struct dom_sid  *sid);
-bool secrets_delete_machine_password_ex(const char *domain);
+bool secrets_delete_machine_password_ex(const char *domain, const char *realm);
 bool secrets_delete_domain_sid(const char *domain);
 bool secrets_store_machine_password(const char *pass, const char *domain, enum netr_SchannelType sec_channel);
 char *secrets_fetch_prev_machine_password(const char *domain);

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 9a2f2272b975be477768db314589ce0af0a747d2..ecae4c5cd9a732fdd39dab88e878387115c4fa76 100644 (file)
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1701,11 +1701,10 @@ static WERROR libnet_join_post_verify(TALLOC_CTX *mem_ctx,
 static bool libnet_join_unjoindomain_remove_secrets(TALLOC_CTX *mem_ctx,
                                                    struct libnet_UnjoinCtx *r)
 {
-       if (!secrets_delete_machine_password_ex(lp_workgroup())) {
-               return false;
-       }
-
-       return true;
+       /*
+        * TODO: use values from 'struct libnet_UnjoinCtx' ?
+        */
+       return secrets_delete_machine_password_ex(lp_workgroup(), lp_realm());
 }
 
 /****************************************************************

diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index 06e42f2c65b36ee29d5141e0f9bb54dadc54e59a..70a8277bd57feb45e0c9cf94e14d1026333b63df 100644 (file)
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -374,11 +374,19 @@ bool secrets_fetch_trust_account_password(const char *domain, uint8_t ret_pwd[16
  Routine to delete all information related to the domain joined machine.
 ************************************************************************/
 
-bool secrets_delete_machine_password_ex(const char *domain)
+bool secrets_delete_machine_password_ex(const char *domain, const char *realm)
 {
        const char *tmpkey = NULL;
        bool ok;
 
+       if (realm != NULL) {
+               tmpkey = des_salt_key(domain);
+               ok = secrets_delete(tmpkey);
+               if (!ok) {
+                       return false;
+               }
+       }
+
        tmpkey = domain_guid_keystr(domain);
        ok = secrets_delete(tmpkey);
        if (!ok) {
@@ -495,7 +503,7 @@ bool secrets_store_machine_pw_sync(const char *pass, const char *oldpass, const
        uint8_t sec_channel_bytes[4];
 
        if (delete_join) {
-               secrets_delete_machine_password_ex(domain);
+               secrets_delete_machine_password_ex(domain, realm);
                TALLOC_FREE(frame);
                return true;
        }