3 files changed, 38 insertions, 5 deletions

diff --git a/usr/src/cmd/smbsrv/smbadm/smbadm.c b/usr/src/cmd/smbsrv/smbadm/smbadm.c
index f1c1fa800f..0b4072c0e5 100644
--- a/usr/src/cmd/smbsrv/smbadm/smbadm.c
+++ b/usr/src/cmd/smbsrv/smbadm/smbadm.c
@@ -20,7 +20,7 @@
  */
 /*
  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2016 Nexenta Systems, Inc.  All rights reserved.
+ * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
  */
 
 /*
@@ -65,7 +65,8 @@ typedef enum {
 	HELP_SET,
 	HELP_SHOW,
 	HELP_USER_DISABLE,
-	HELP_USER_ENABLE
+	HELP_USER_ENABLE,
+	HELP_USER_DELETE
 } smbadm_help_t;
 
 #define	SMBADM_CMDF_NONE	0x00
@@ -118,6 +119,7 @@ static int smbadm_group_addmember(int, char **);
 static int smbadm_group_delmember(int, char **);
 static int smbadm_group_add_del_member(char *, char *, smbadm_grp_action_t);
 
+static int smbadm_user_delete(int, char **);
 static int smbadm_user_disable(int, char **);
 static int smbadm_user_enable(int, char **);
 
@@ -129,6 +131,8 @@ static smbadm_cmdinfo_t smbadm_cmdtable[] =
 		SMBADM_CMDF_GROUP,	SMBADM_ACTION_AUTH },
 	{ "delete",		smbadm_group_delete,	HELP_DELETE,
 		SMBADM_CMDF_GROUP,	SMBADM_ACTION_AUTH },
+	{ "delete-user",	smbadm_user_delete,	HELP_USER_DELETE,
+		SMBADM_CMDF_USER,	SMBADM_ACTION_AUTH },
 	{ "disable-user",	smbadm_user_disable,	HELP_USER_DISABLE,
 		SMBADM_CMDF_USER,	SMBADM_ACTION_AUTH },
 	{ "enable-user",	smbadm_user_enable,	HELP_USER_ENABLE,
@@ -181,8 +185,8 @@ static int smbadm_setprop_desc(char *gname, smbadm_prop_t *prop);
 static int smbadm_getprop_desc(char *gname, smbadm_prop_t *prop);
 
 static smbadm_prop_handle_t smbadm_ptable[] = {
-	{"backup",	"on | off", 	smbadm_setprop_backup,
-	smbadm_getprop_backup,	smbadm_chkprop_priv 	},
+	{"backup",	"on | off",	smbadm_setprop_backup,
+	smbadm_getprop_backup,	smbadm_chkprop_priv	},
 	{"restore",	"on | off",	smbadm_setprop_restore,
 	smbadm_getprop_restore,	smbadm_chkprop_priv	},
 	{"take-ownership", "on | off",	smbadm_setprop_tkowner,
@@ -219,6 +223,7 @@ smbadm_cmdusage(FILE *fp, smbadm_cmdinfo_t *cmd)
 		(void) fprintf(fp, gettext("\t%s group\n"), cmd->name);
 		return;
 
+	case HELP_USER_DELETE:
 	case HELP_USER_DISABLE:
 	case HELP_USER_ENABLE:
 		(void) fprintf(fp, gettext("\t%s user\n"), cmd->name);
@@ -1394,7 +1399,7 @@ smbadm_group_delmember(int argc, char **argv)
 
 static int
 smbadm_group_add_del_member(char *gname, char *mname,
-	smbadm_grp_action_t act)
+    smbadm_grp_action_t act)
 {
 	lsa_account_t	acct;
 	smb_gsid_t msid;
@@ -1459,6 +1464,27 @@ smbadm_group_add_del_member(char *gname, char *mname,
 }
 
 static int
+smbadm_user_delete(int argc, char **argv)
+{
+	int error;
+	char *user = NULL;
+
+	user = argv[optind];
+	if (optind >= argc || user == NULL || *user == '\0') {
+		(void) fprintf(stderr, gettext("missing user name\n"));
+		smbadm_usage(B_FALSE);
+	}
+
+	error = smb_pwd_setcntl(user, SMB_PWC_DELETE);
+	if (error == SMB_PWE_SUCCESS)
+		(void) printf(gettext("%s has been deleted.\n"), user);
+	else
+		(void) fprintf(stderr, "%s\n", smbadm_pwd_strerror(error));
+
+	return (error);
+}
+
+static int
 smbadm_user_disable(int argc, char **argv)
 {
 	int error;
diff --git a/usr/src/lib/smbsrv/libsmb/common/libsmb.h b/usr/src/lib/smbsrv/libsmb/common/libsmb.h
index 8d6eb04683..b9357d1e49 100644
--- a/usr/src/lib/smbsrv/libsmb/common/libsmb.h
+++ b/usr/src/lib/smbsrv/libsmb/common/libsmb.h
@@ -457,6 +457,7 @@ typedef struct smb_passwd {
 #define	SMB_PWC_DISABLE	0x01
 #define	SMB_PWC_ENABLE	0x02
 #define	SMB_PWC_NOLM	0x04
+#define	SMB_PWC_DELETE	0x08
 
 #define	SMB_PWE_SUCCESS		0
 #define	SMB_PWE_USER_UNKNOWN	1
diff --git a/usr/src/lib/smbsrv/libsmb/common/smb_pwdutil.c b/usr/src/lib/smbsrv/libsmb/common/smb_pwdutil.c
index 9b9e06ccea..00abc51e4d 100644
--- a/usr/src/lib/smbsrv/libsmb/common/smb_pwdutil.c
+++ b/usr/src/lib/smbsrv/libsmb/common/smb_pwdutil.c
@@ -524,6 +524,12 @@ smb_pwd_update(const char *name, const char *password, int control)
 	 */
 	while (smb_pwd_fgetent(src, &pwbuf, SMB_PWD_GETF_ALL) != NULL) {
 		if (strcmp(smbpw.pw_name, name) == 0) {
+			if ((control & SMB_PWC_DELETE) != 0) {
+				/* exclude the entry from the new passwd file */
+				newent = B_FALSE;
+				err = SMB_PWE_SUCCESS;
+				continue;
+			}
 			err = smb_pwd_chgpwent(&smbpw, password, control);
 			if (err == SMB_PWE_USER_DISABLE)
 				user_disable = B_TRUE;