From 3c3765fb10c51ce6ea22f0b8343ade79fa8d1d68 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 22 May 2017 12:44:31 +0200 Subject: [PATCH] s3:secrets: let secrets_delete_machine_password_ex() also remove the des_salt key BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit dfaadc81925e313901c9b30cd98a4b4fd2404f9d) --- source3/include/secrets.h | 2 +- source3/libnet/libnet_join.c | 9 ++++----- source3/passdb/machine_account_secrets.c | 12 ++++++++++-- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/source3/include/secrets.h b/source3/include/secrets.h index 548003fc4fd..fc8e11841f4 100644 --- a/source3/include/secrets.h +++ b/source3/include/secrets.h @@ -110,7 +110,7 @@ bool secrets_fetch_trusted_domain_password(const char *domain, char** pwd, struct dom_sid *sid, time_t *pass_last_set_time); bool secrets_store_trusted_domain_password(const char* domain, const char* pwd, const struct dom_sid *sid); -bool secrets_delete_machine_password_ex(const char *domain); +bool secrets_delete_machine_password_ex(const char *domain, const char *realm); bool secrets_delete_domain_sid(const char *domain); bool secrets_store_machine_password(const char *pass, const char *domain, enum netr_SchannelType sec_channel); char *secrets_fetch_prev_machine_password(const char *domain); diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 58d7a16e920..c13ac15d595 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1709,11 +1709,10 @@ static WERROR libnet_join_post_verify(TALLOC_CTX *mem_ctx, static bool libnet_join_unjoindomain_remove_secrets(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx *r) { - if (!secrets_delete_machine_password_ex(lp_workgroup())) { - return false; - } - - return true; + /* + * TODO: use values from 'struct libnet_UnjoinCtx' ? + */ + return secrets_delete_machine_password_ex(lp_workgroup(), lp_realm()); } /**************************************************************** diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c index 06e42f2c65b..70a8277bd57 100644 --- a/source3/passdb/machine_account_secrets.c +++ b/source3/passdb/machine_account_secrets.c @@ -374,11 +374,19 @@ bool secrets_fetch_trust_account_password(const char *domain, uint8_t ret_pwd[16 Routine to delete all information related to the domain joined machine. ************************************************************************/ -bool secrets_delete_machine_password_ex(const char *domain) +bool secrets_delete_machine_password_ex(const char *domain, const char *realm) { const char *tmpkey = NULL; bool ok; + if (realm != NULL) { + tmpkey = des_salt_key(domain); + ok = secrets_delete(tmpkey); + if (!ok) { + return false; + } + } + tmpkey = domain_guid_keystr(domain); ok = secrets_delete(tmpkey); if (!ok) { @@ -495,7 +503,7 @@ bool secrets_store_machine_pw_sync(const char *pass, const char *oldpass, const uint8_t sec_channel_bytes[4]; if (delete_join) { - secrets_delete_machine_password_ex(domain); + secrets_delete_machine_password_ex(domain, realm); TALLOC_FREE(frame); return true; } -- 2.47.2