dssync keytab: remove old UpToDateNess vectors from keytab before storing new one.

Michael
(This used to be commit 717bd6f6c3ec94e3b8b5845c43717a5fbd41c38f)

diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c
index 0d17fdad3d7927793c97b9150a0c9895520a3f87..cfcbb6f34c98fa9582baade3e60f48bb95d36af6 100644 (file)
--- a/source3/libnet/libnet_dssync_keytab.c
+++ b/source3/libnet/libnet_dssync_keytab.c
@@ -113,6 +113,7 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
        if (new_utdv) {
                enum ndr_err_code ndr_err;
                DATA_BLOB blob;
+               char *principal;
 
                if (DEBUGLEVEL >= 10) {
                        NDR_PRINT_DEBUG(replUpToDateVectorBlob, new_utdv);
@@ -135,6 +136,24 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
                if (!NT_STATUS_IS_OK(status)) {
                        goto done;
                }
+
+               principal = talloc_asprintf(mem_ctx, "UTDV/%s@%s",
+                                           ctx->nc_dn, ctx->dns_domain_name);
+               if (!principal) {
+                       status = NT_STATUS_NO_MEMORY;
+                       goto done;
+               }
+
+               ret = libnet_keytab_remove_entries(keytab_ctx, principal,
+                                                  0, ENCTYPE_ARCFOUR_HMAC);
+               if (ret) {
+                       status = krb5_to_nt_status(ret);
+                       ctx->error_message = talloc_asprintf(mem_ctx,
+                               "Failed to remove old UTDV entries from "
+                               "keytab %s: %s", keytab_ctx->keytab_name,
+                               error_message(ret));
+                       goto done;
+               }
        }
 
        ret = libnet_keytab_add(keytab_ctx);