vampire keytab: add command line switch --clean-old-entries .

This allows to control cleaning the keytab.
It will only clean old occurences of keys that are replicated in
this run. So if you want to ensure things are cleaned up, combine
this switch with --force-full-repl or --single-obj-repl (+dn list).

Michael
(This used to be commit 21385e1c635ea67215eb1da90e7dca97ae2f5d56)

3 files changed, 3 insertions, 0 deletions

diff --git a/source3/utils/net.c b/source3/utils/net.c
index a38e3ce2d45..bab2f41d117 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -655,6 +655,7 @@ static struct functable net_func[] = {
 		/* Options for 'net rpc vampire (keytab)' */
 		{"force-full-repl", 0, POPT_ARG_NONE, &c->opt_force_full_repl},
 		{"single-obj-repl", 0, POPT_ARG_NONE, &c->opt_single_obj_repl},
+		{"clean-old-entries", 0, POPT_ARG_NONE, &c->opt_clean_old_entries},
 
 		POPT_COMMON_SAMBA
 		{ 0, 0, 0, 0}
diff --git a/source3/utils/net.h b/source3/utils/net.h
index b3fc0eb92c5..e7f9ce03be9 100644
--- a/source3/utils/net.h
+++ b/source3/utils/net.h
@@ -59,6 +59,7 @@ struct net_context {
 	bool opt_kerberos;
 	int opt_force_full_repl;
 	int opt_single_obj_repl;
+	int opt_clean_old_entries;
 
 	int opt_have_ip;
 	struct sockaddr_storage opt_dest_ip;
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index 14449d5f495..c01aace8f59 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -297,6 +297,7 @@ static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c,
 	}
 
 	ctx->force_full_replication = c->opt_force_full_repl ? true : false;
+	ctx->clean_old_entries = c->opt_clean_old_entries ? true : false;
 
 	if (argc >= 1) {
 		ctx->output_filename = argv[0];