From: Stefan Metzmacher Date: Mon, 22 May 2017 10:40:05 +0000 (+0200) Subject: s3:secrets: let secrets_delete_machine_password_ex() remove SID and GUID too X-Git-Tag: samba-4.5.13~47 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=64b3919668474852b40dd04ef018ae7a9f7eab7c;p=thirdparty%2Fsamba.git s3:secrets: let secrets_delete_machine_password_ex() remove SID and GUID too BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit cf8a4646fe71a974b6a5ee13ae7d7751a5a0adc9) --- diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 9a6ba131a1b..58d7a16e920 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1713,10 +1713,6 @@ static bool libnet_join_unjoindomain_remove_secrets(TALLOC_CTX *mem_ctx, return false; } - if (!secrets_delete_domain_sid(lp_workgroup())) { - return false; - } - return true; } diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c index 56a944246b8..06e42f2c65b 100644 --- a/source3/passdb/machine_account_secrets.c +++ b/source3/passdb/machine_account_secrets.c @@ -371,8 +371,7 @@ bool secrets_fetch_trust_account_password(const char *domain, uint8_t ret_pwd[16 } /************************************************************************ - Routine to delete the plaintext machine account password, old password, - sec channel type and last change time from secrets database + Routine to delete all information related to the domain joined machine. ************************************************************************/ bool secrets_delete_machine_password_ex(const char *domain) @@ -380,6 +379,12 @@ bool secrets_delete_machine_password_ex(const char *domain) const char *tmpkey = NULL; bool ok; + tmpkey = domain_guid_keystr(domain); + ok = secrets_delete(tmpkey); + if (!ok) { + return false; + } + tmpkey = machine_prev_password_keystr(domain); ok = secrets_delete(tmpkey); if (!ok) { @@ -404,6 +409,12 @@ bool secrets_delete_machine_password_ex(const char *domain) return false; } + tmpkey = domain_sid_keystr(domain); + ok = secrets_delete_entry(tmpkey); + if (!ok) { + return false; + } + return true; } @@ -485,7 +496,6 @@ bool secrets_store_machine_pw_sync(const char *pass, const char *oldpass, const if (delete_join) { secrets_delete_machine_password_ex(domain); - secrets_delete_domain_sid(domain); TALLOC_FREE(frame); return true; }