Clean up a few unused functions, add a bit of static etc.

Importantly:

The removal of the silly 'delete user script' behaviour when secuity=domain.

I have left the name the same - as it still does the (previously documented,
but not in smb.conf(5)) sane behaviour of deleting users on request.

When we decide what to do with the 'add user' functionality, we might
rename it.

Andrew Bartlett

8 files changed, 32 insertions, 89 deletions

diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml
index 4911d3a9142..aabc7bfcda4 100644
--- a/docs/docbook/manpages/smb.conf.5.sgml
+++ b/docs/docbook/manpages/smb.conf.5.sgml
@@ -1903,47 +1903,16 @@
 		<varlistentry>
 		<term><anchor id="DELETEUSERSCRIPT">delete user script (G)</term>
 		<listitem><para>This is the full pathname to a script that will 
-		be run <emphasis>AS ROOT</emphasis> by <ulink url="smbd.8.html">
-		<command>smbd(8)</command></ulink> under special circumstances 
-		described below.</para>
+		be run by <ulink url="smbd.8.html"><command>smbd(8)</command></ulink>
+                when managing user's with remote RPC (NT) tools.
+		</para>
 
-		<para>Normally, a Samba server requires that UNIX users are 
-		created for all users accessing files on this server. For sites 
-		that use Windows NT account databases as their primary user database 
-		creating these users and keeping the user list in sync with the 
-		Windows NT PDC is an onerous task. This option allows <command>
-		smbd</command> to delete the required UNIX users <emphasis>ON 
-		DEMAND</emphasis> when a user accesses the Samba server and the 
-		Windows NT user no longer exists.</para>
-		
-		<para>In order to use this option, <command>smbd</command> must be 
-		set to <parameter>security = domain</parameter> or <parameter>security =
-		user</parameter> and <parameter>delete user script</parameter> 
-		must be set to a full pathname for a script 
-		that will delete a UNIX user given one argument of <parameter>%u</parameter>, 
-		which expands into the UNIX user name to delete.</para>
+                <para>This script is called when a remote client removes a user
+                from the server, normally using 'User Manager for Domains' or
+                <command>rpcclient</command>.
 
-		<para>When the Windows user attempts to access the Samba server, 
-		at <emphasis>login</emphasis> (session setup in the SMB protocol) 
-		time, <command>smbd</command> contacts the <link linkend="PASSWORDSERVER">
-		<parameter>password server</parameter></link> and attempts to authenticate 
-		the given user with the given password. If the authentication fails 
-		with the specific Domain error code meaning that the user no longer 
-		exists then <command>smbd</command> attempts to find a UNIX user in 
-		the UNIX password database that matches the Windows user account. If 
-		this lookup succeeds, and <parameter>delete user script</parameter> is 
-		set then <command>smbd</command> will all the specified script 
-		<emphasis>AS ROOT</emphasis>, expanding any <parameter>%u</parameter> 
-		argument to be the user name to delete.</para>
-
-		<para>This script should delete the given UNIX username. In this way, 
-		UNIX users are dynamically deleted to match existing Windows NT 
-		accounts.</para>
-
-		<para>See also <link linkend="SECURITYEQUALSDOMAIN">security = domain</link>,
-		<link linkend="PASSWORDSERVER"><parameter>password server</parameter>
-		</link>, <link linkend="ADDUSERSCRIPT"><parameter>add user script</parameter>
-		</link>.</para>
+		<para>This script should delete the given UNIX username. 
+		</para>
 
 		<para>Default: <command>delete user script = &lt;empty string&gt;
 		</command></para>
diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 7179252ce77..0d7a952c049 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -49,24 +49,6 @@ static int smb_create_user(const char *unix_user, const char *homedir)
 }
 
 /****************************************************************************
- Delete a UNIX user on demand.
-****************************************************************************/
-
-int smb_delete_user(const char *unix_user)
-{
-	pstring del_script;
-	int ret;
-
-	pstrcpy(del_script, lp_deluser_script());
-	if (! *del_script)
-		return -1;
-	all_string_sub(del_script, "%u", unix_user, sizeof(pstring));
-	ret = smbrun(del_script,NULL);
-	DEBUG(3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret));
-	return ret;
-}
-
-/****************************************************************************
  Add and Delete UNIX users on demand, based on NTSTATUS codes.
 ****************************************************************************/
 
@@ -88,16 +70,6 @@ void smb_user_control(const auth_usersupplied_info *user_info, auth_serversuppli
 				smb_create_user(user_info->internal_username.str, NULL);
 			}
 		}
-	} else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) {
-		/*
-		 * User failed to validate ok against Domain controller.
-		 * If the failure was "user doesn't exist" and admin 
-		 * wants us to try and delete that UNIX user on the fly,
-		 * do so.
-		 */
-		if (lp_deluser_script()) {
-			smb_delete_user(user_info->internal_username.str);
-		}
 	}
 }
 
diff --git a/source/lib/substitute.c b/source/lib/substitute.c
index 09921c145d8..6c56cdd4808 100644
--- a/source/lib/substitute.c
+++ b/source/lib/substitute.c
@@ -226,7 +226,7 @@ void standard_sub_basic(const char *smb_name, char *str)
  Do some standard substitutions in a string.
 ****************************************************************************/
 
-void standard_sub_advanced(int snum, const char *user, const char *connectpath, gid_t gid, const char *smb_name, char *str)
+static void standard_sub_advanced(int snum, const char *user, const char *connectpath, gid_t gid, const char *smb_name, char *str)
 {
 	char *p, *s, *home;
 
@@ -391,20 +391,3 @@ void standard_sub_snum(int snum, char *str)
 	standard_sub_advanced(snum, cached_user, "", -1, current_user_info.smb_name, str);
 }
 
-/*******************************************************************
- Substitute strings with useful parameters.
-********************************************************************/
-
-void standard_sub_vuser(char *str, user_struct *vuser)
-{
-	standard_sub_advanced(-1, vuser->user.unix_name, "", -1, current_user_info.smb_name, str);
-}
-
-/*******************************************************************
- Substitute strings with useful parameters.
-********************************************************************/
-
-void standard_sub_vsnum(char *str, user_struct *vuser, int snum)
-{
-	standard_sub_advanced(snum, vuser->user.unix_name, "", -1, current_user_info.smb_name, str);
-}
diff --git a/source/lib/username.c b/source/lib/username.c
index f6ce765b412..be8acfb4d6a 100644
--- a/source/lib/username.c
+++ b/source/lib/username.c
@@ -30,7 +30,7 @@ static struct passwd *uname_string_combinations2(char *s, int offset, struct pas
  *local* people, there's nothing for you here...).
 *****************************************************************/
 
-BOOL name_is_local(const char *name)
+static BOOL name_is_local(const char *name)
 {
 	return !(strchr_m(name, *lp_winbind_separator()));
 }
diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c
index 7d18692236c..0b6436b5080 100644
--- a/source/libsmb/cliconnect.c
+++ b/source/libsmb/cliconnect.c
@@ -1130,8 +1130,9 @@ again:
 			DEBUG(1,("failed tcon_X\n"));
 			nt_status = cli_nt_error(cli);
 			cli_shutdown(cli);
-			if (NT_STATUS_IS_OK(nt_status)) 
+			if (NT_STATUS_IS_OK(nt_status)) {
 				nt_status = NT_STATUS_UNSUCCESSFUL;
+			}
 			return nt_status;
 		}
 	}
diff --git a/source/libsmb/pwd_cache.c b/source/libsmb/pwd_cache.c
index 8b79788fed7..fc0602507ab 100644
--- a/source/libsmb/pwd_cache.c
+++ b/source/libsmb/pwd_cache.c
@@ -73,7 +73,7 @@ void pwd_set_cleartext(struct pwd_info *pwd, char *clr)
  Gets a cleartext password.
 ****************************************************************************/
 
-void pwd_get_cleartext(struct pwd_info *pwd, char *clr)
+void pwd_get_cleartext(struct pwd_info *pwd, fstring clr)
 {
 	if (pwd->cleartext)
 		fstrcpy(clr, pwd->password);
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 6a623bd2a0a..c889581faef 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -3174,6 +3174,24 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE
 
 }
 
+/****************************************************************************
+ Delete a UNIX user on demand.
+****************************************************************************/
+
+static int smb_delete_user(const char *unix_user)
+{
+	pstring del_script;
+	int ret;
+
+	pstrcpy(del_script, lp_deluser_script());
+	if (! *del_script)
+		return -1;
+	all_string_sub(del_script, "%u", unix_user, sizeof(pstring));
+	ret = smbrun(del_script,NULL);
+	DEBUG(3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret));
+	return ret;
+}
+
 /*********************************************************************
  _samr_delete_dom_user
 *********************************************************************/
diff --git a/source/smbd/password.c b/source/smbd/password.c
index a8fd2b47f16..e50ba4ec1b5 100644
--- a/source/smbd/password.c
+++ b/source/smbd/password.c
@@ -346,7 +346,7 @@ void add_session_user(char *user)
 /****************************************************************************
 check if a username is valid
 ****************************************************************************/
-BOOL user_ok(char *user,int snum)
+BOOL user_ok(const char *user,int snum)
 {
 	char **valid, **invalid;
 	BOOL ret;