s3:net: Remove `net ads keytab flush`

This removes all entries from a keytab *and* removes all SPNs from the AD
machine account. We should not do that and if you want to get rid of the keytab
you can use `rm`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
index 8440c35e46ddfd49ad1e2d588b39e4a7bacce5fc..e5b685308668cd70f1895329221254270368a554 100644 (file)
--- a/source3/libads/ads_proto.h
+++ b/source3/libads/ads_proto.h
@@ -62,7 +62,6 @@ void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_descripto
 
 /* The following definitions come from libads/kerberos_keytab.c  */
 
-int ads_keytab_flush(ADS_STRUCT *ads);
 int ads_keytab_list(const char *keytab_name);
 
 /* The following definitions come from libads/net_ads_setspn.c  */

diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 49a892e5a559360b298fa421d33ce900cf6333bb..8d6b990b6510390051345b1b0806491ace7b2c40 100644 (file)
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -1198,62 +1198,6 @@ static krb5_error_code ads_keytab_open(krb5_context context,
 out:
        return ret;
 }
-
-/**********************************************************************
- Flushes all entries from the system keytab.
-***********************************************************************/
-
-int ads_keytab_flush(ADS_STRUCT *ads)
-{
-       krb5_error_code ret = 0;
-       krb5_context context = NULL;
-       krb5_keytab keytab = NULL;
-       ADS_STATUS aderr;
-
-       ret = smb_krb5_init_context_common(&context);
-       if (ret) {
-               DBG_ERR("kerberos init context failed (%s)\n",
-                       error_message(ret));
-               return ret;
-       }
-
-       ret = ads_keytab_open(context, &keytab);
-       if (ret != 0) {
-               goto out;
-       }
-
-       /* Seek and delete all old keytab entries */
-       ret = smb_krb5_kt_seek_and_delete_old_entries(context,
-                                                     keytab,
-                                                     false, /* keep_old_kvno */
-                                                     -1,
-                                                     false, /* enctype_only */
-                                                     ENCTYPE_NULL,
-                                                     NULL,
-                                                     NULL,
-                                                     true); /* flush */
-       if (ret) {
-               goto out;
-       }
-
-       aderr = ads_clear_service_principal_names(ads, lp_netbios_name());
-       if (!ADS_ERR_OK(aderr)) {
-               DEBUG(1, (__location__ ": Error while clearing service "
-                         "principal listings in LDAP.\n"));
-               ret = -1;
-               goto out;
-       }
-
-out:
-       if (keytab) {
-               krb5_kt_close(context, keytab);
-       }
-       if (context) {
-               krb5_free_context(context);
-       }
-       return ret;
-}
-
 #endif /* HAVE_ADS */
 
 /**********************************************************************

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 0128f3eb7e8df9a6c4b2b63a38d76e9a187f63da..d52073685f529064352cd30394d7d3811bfbf2cb 100644 (file)
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -2911,40 +2911,6 @@ out:
        return ret;
 }
 
-static int net_ads_keytab_flush(struct net_context *c,
-                               int argc,
-                               const char **argv)
-{
-       TALLOC_CTX *tmp_ctx = talloc_stackframe();
-       ADS_STRUCT *ads = NULL;
-       ADS_STATUS status;
-       int ret = -1;
-
-       if (c->display_usage) {
-               d_printf(  "%s\n"
-                          "net ads keytab flush\n"
-                          "    %s\n",
-                        _("Usage:"),
-                        _("Delete the whole keytab"));
-               TALLOC_FREE(tmp_ctx);
-               return -1;
-       }
-
-       if (!c->explicit_credentials) {
-               net_use_krb_machine_account(c);
-       }
-
-       status = ads_startup(c, true, tmp_ctx, &ads);
-       if (!ADS_ERR_OK(status)) {
-               goto out;
-       }
-
-       ret = ads_keytab_flush(ads);
-out:
-       TALLOC_FREE(tmp_ctx);
-       return ret;
-}
-
 static int net_ads_keytab_create(struct net_context *c, int argc, const char **argv)
 {
        NTSTATUS ntstatus;
@@ -3001,14 +2967,6 @@ int net_ads_keytab(struct net_context *c, int argc, const char **argv)
                        N_("net ads keytab create\n"
                           "    Create (sync) a fresh keytab or update existing one (see also smb.conf 'sync machine password to keytab'.")
                },
-               {
-                       "flush",
-                       net_ads_keytab_flush,
-                       NET_TRANSPORT_ADS,
-                       N_("Remove all keytab entries"),
-                       N_("net ads keytab flush\n"
-                          "    Remove all keytab entries")
-               },
                {
                        "list",
                        net_ads_keytab_list,