moving more code around.

  * move rid allocation into IDMAP.  See comments in _api_samr_create_user()
  * add winbind delete user/group functions

I'm checking this in to sync up with everyone.  But I'm going to split
the add a separate winbindd_allocate_rid() function for systems
that have an 'add user script' but need idmap to give them a RID.
Life would be so much simplier without 'enable rid algorithm'.
The current RID allocation is horrible due to this one fact.
Tested idmap_tdb but not idmap_ldap yet.  Will do that tomorrow.

Nothing has changed in the way a samba domain is represented, stored,
or search in the directory so things should be ok with previous installations.

going to bed now.
(This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)

1 files changed, 60 insertions, 22 deletions

diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index 6ebf6effa76..f5337993704 100644
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -526,16 +526,36 @@ static BOOL wbinfo_create_user(char *username)
 	ZERO_STRUCT(request);
 	ZERO_STRUCT(response);
 
+	request.flags = WBFLAG_ALLOCATE_RID;
 	fstrcpy(request.data.acct_mgt.username, username);
 
 	result = winbindd_request(WINBINDD_CREATE_USER, &request, &response);
 	
-	if (response.data.auth.nt_status)
-		d_printf("error code was %s (0x%x)\nerror messsage was: %s\n", 
-			 response.data.auth.nt_status_string, 
-			 response.data.auth.nt_status,
-			 response.data.auth.error_string);
+	if ( result == NSS_STATUS_SUCCESS )
+		d_printf("New RID is %d\n", response.data.rid);
+	
+        return result == NSS_STATUS_SUCCESS;
+}
 
+/******************************************************************
+ remove a winbindd user
+******************************************************************/
+
+static BOOL wbinfo_delete_user(char *username)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+        NSS_STATUS result;
+
+	/* Send off request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	fstrcpy(request.data.acct_mgt.username, username);
+
+	result = winbindd_request(WINBINDD_DELETE_USER, &request, &response);
+	
         return result == NSS_STATUS_SUCCESS;
 }
 
@@ -558,12 +578,28 @@ static BOOL wbinfo_create_group(char *groupname)
 
 	result = winbindd_request(WINBINDD_CREATE_GROUP, &request, &response);
 	
-	if (response.data.auth.nt_status)
-		d_printf("error code was %s (0x%x)\nerror messsage was: %s\n", 
-			 response.data.auth.nt_status_string, 
-			 response.data.auth.nt_status,
-			 response.data.auth.error_string);
+        return result == NSS_STATUS_SUCCESS;
+}
 
+/******************************************************************
+ remove a winbindd group
+******************************************************************/
+
+static BOOL wbinfo_delete_group(char *groupname)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+        NSS_STATUS result;
+
+	/* Send off request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	fstrcpy(request.data.acct_mgt.groupname, groupname);
+
+	result = winbindd_request(WINBINDD_DELETE_GROUP, &request, &response);
+	
         return result == NSS_STATUS_SUCCESS;
 }
 
@@ -614,12 +650,6 @@ static BOOL wbinfo_add_user_to_group(char *string)
 
 	result = winbindd_request(WINBINDD_ADD_USER_TO_GROUP, &request, &response);
 	
-	if (response.data.auth.nt_status)
-		d_printf("error code was %s (0x%x)\nerror messsage was: %s\n", 
-			 response.data.auth.nt_status_string, 
-			 response.data.auth.nt_status,
-			 response.data.auth.error_string);
-
         return result == NSS_STATUS_SUCCESS;
 }
 
@@ -647,12 +677,6 @@ static BOOL wbinfo_remove_user_from_group(char *string)
 
 	result = winbindd_request(WINBINDD_REMOVE_USER_FROM_GROUP, &request, &response);
 	
-	if (response.data.auth.nt_status)
-		d_printf("error code was %s (0x%x)\nerror messsage was: %s\n", 
-			 response.data.auth.nt_status_string, 
-			 response.data.auth.nt_status,
-			 response.data.auth.error_string);
-
         return result == NSS_STATUS_SUCCESS;
 }
 
@@ -851,7 +875,9 @@ int main(int argc, char **argv)
 		{ "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
 		{ "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
 		{ "create-user", 'c', POPT_ARG_STRING, &string_arg, 'c', "Create a local user account", "name" },
+		{ "delete-user", 'x', POPT_ARG_STRING, &string_arg, 'x', "Delete a local user account", "name" },
 		{ "create-group", 'C', POPT_ARG_STRING, &string_arg, 'C', "Create a local group", "name" },
+		{ "delete-group", 'X', POPT_ARG_STRING, &string_arg, 'X', "Delete a local group", "name" },
 		{ "add-to-group", 'o', POPT_ARG_STRING, &string_arg, 'o', "Add user to group", "user:group" },
 		{ "del-from-group", 'O', POPT_ARG_STRING, &string_arg, 'O', "Remove user from group", "user:group" },
 		{ "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
@@ -1036,6 +1062,18 @@ int main(int argc, char **argv)
 				goto done;
 			}
 			break;
+		case 'x':
+			if ( !wbinfo_delete_user(string_arg) ) {
+				d_printf("Could not delete user account\n");
+				goto done;
+			}
+			break;
+		case 'X':
+			if ( !wbinfo_delete_group(string_arg) ) {
+				d_printf("Could not delete group\n");
+				goto done;
+			}
+			break;
 		case 'P':
 			if (!wbinfo_ping()) {
 				d_printf("could not ping winbindd!\n");