From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 15 Mar 2024 15:14:18 +0000 (+0100)
Subject: samba-tool: let 'samba-tool domain exportkeytab' take an --only-current-keys option
X-Git-Tag: tdb-1.4.11~630
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b4be5718d3de3bc90d142cb53f79fe067d0a3e0a;p=thirdparty%2Fsamba.git

samba-tool: let 'samba-tool domain exportkeytab' take an --only-current-keys option

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/python/samba/netcmd/domain/keytab.py b/python/samba/netcmd/domain/keytab.py
index 0136a11436f..a6d5291ae1a 100644
--- a/python/samba/netcmd/domain/keytab.py
+++ b/python/samba/netcmd/domain/keytab.py
@@ -47,6 +47,9 @@ else:
         takes_options = [
             Option("--principal", help="extract only this principal", type=str),
             Option("--keep-stale-entries", help="keep stale keys in keytab (useful for collecting keys for Wireshark)", action="store_true"),
+            Option("--only-current-keys",
+                   help="This avoids exporting old and older keys (useful for keytabs used by kinit)",
+                   action="store_true"),
         ]
 
         takes_args = ["keytab"]
@@ -58,7 +61,8 @@ else:
                 versionopts=None,
                 hostopts=None,
                 principal=None,
-                keep_stale_entries=None):
+                keep_stale_entries=None,
+                only_current_keys=None):
             lp = sambaopts.get_loadparm()
             net = Net(None, lp)
             samdb = self.ldb_connect(hostopts, sambaopts, credopts)
@@ -66,6 +70,7 @@ else:
                 net.export_keytab(samdb=samdb,
                                   keytab=keytab,
                                   principal=principal,
-                                  keep_stale_entries=keep_stale_entries)
+                                  keep_stale_entries=keep_stale_entries,
+                                  only_current_keys=only_current_keys)
             except NTSTATUSError as error:
                 raise CommandError(f"Failed to export domain keys into keytab {keytab}: {error.args[1]}")