**/
void string_sub2(char *s,const char *pattern, const char *insert, size_t len,
- BOOL remove_unsafe_characters, BOOL replace_once)
+ BOOL remove_unsafe_characters, BOOL replace_once, BOOL allow_trailing_dollar)
{
char *p;
ssize_t ls,lp,li, i;
case '\'':
case ';':
case '$':
+ /* allow a trailing $ (as in machine accounts) */
+ if (allow_trailing_dollar && (i == li - 1 )) {
+ p[i] = insert[i];
+ break;
+ }
case '%':
case '\r':
case '\n':
void string_sub_once(char *s, const char *pattern, const char *insert, size_t len)
{
- string_sub2( s, pattern, insert, len, True, True );
+ string_sub2( s, pattern, insert, len, True, True, False );
}
void string_sub(char *s,const char *pattern, const char *insert, size_t len)
{
- string_sub2( s, pattern, insert, len, True, False );
+ string_sub2( s, pattern, insert, len, True, False, False );
}
void fstring_sub(char *s,const char *pattern,const char *insert)
DEBUG (3, ("ldapsam_rename_sam_account: Renaming user %s to %s.\n",
oldname, newname));
- pstring_sub(rename_script, "%unew", newname);
- pstring_sub(rename_script, "%uold", oldname);
+ /* we have to allow the account name to end with a '$' */
+ string_sub2(rename_script, "%unew", newname, sizeof(pstring),
+ True, False, True);
+ string_sub2(rename_script, "%uold", oldname, sizeof(pstring),
+ True, False, True);
rc = smbrun(rename_script, NULL);
DEBUG(rc ? 0 : 3,("Running the command `%s' gave %d\n",
if (*rename_script) {
int rename_ret;
- pstring_sub(rename_script, "%unew", newname);
- pstring_sub(rename_script, "%uold",
- pdb_get_username(old_acct));
+ string_sub2(rename_script, "%unew", newname, sizeof(pstring),
+ True, False, True);
+ string_sub2(rename_script, "%uold", pdb_get_username(old_acct),
+ sizeof(pstring), True, False, True);
+
rename_ret = smbrun(rename_script, NULL);
DEBUG(rename_ret ? 0 : 3,("Running the command `%s' gave %d\n", rename_script, rename_ret));
}
/* rename the posix user */
-
- pstring_sub(rename_script, "%unew", newname);
- pstring_sub(rename_script, "%uold", pdb_get_username(old_acct));
+ string_sub2(rename_script, "%unew", newname, sizeof(pstring),
+ True, False, True);
+ string_sub2(rename_script, "%uold", pdb_get_username(old_acct),
+ sizeof(pstring), True, False, True);
rename_ret = smbrun(rename_script, NULL);
DEBUG(rename_ret ? 0 : 3,("Running the command `%s' gave %d\n", rename_script, rename_ret));
/* don't strip out characters like '$' from the printername */
pstrcpy( lpqcommand, lp_lpqcommand(snum));
- string_sub2( lpqcommand, "%p", PRINTERNAME(snum), sizeof(lpqcommand), False, False );
+ string_sub2( lpqcommand, "%p", PRINTERNAME(snum), sizeof(lpqcommand),
+ False, False, False );
standard_sub_snum( snum, lpqcommand, sizeof(lpqcommand) );
pstrcpy( lprmcommand, lp_lprmcommand(snum));
- string_sub2( lprmcommand, "%p", PRINTERNAME(snum), sizeof(lprmcommand), False, False );
+ string_sub2( lprmcommand, "%p", PRINTERNAME(snum), sizeof(lprmcommand),
+ False, False, False );
standard_sub_snum( snum, lprmcommand, sizeof(lprmcommand) );
/*
static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21,
struct samu *pwd)
{
+ fstring new_name;
NTSTATUS status;
-
+
if (id21 == NULL) {
DEBUG(5, ("set_user_info_21: NULL id21\n"));
return NT_STATUS_INVALID_PARAMETER;
}
-
+
+ /* we need to separately check for an account rename first */
+ if (rpcstr_pull(new_name, id21->uni_user_name.buffer,
+ sizeof(new_name), id21->uni_user_name.uni_str_len*2, 0) &&
+ (!strequal(new_name, pdb_get_username(pwd)))) {
+
+ /* check to see if the new username already exists. Note: we can't
+ reliably lock all backends, so there is potentially the
+ possibility that a user can be created in between this check and
+ the rename. The rename should fail, but may not get the
+ exact same failure status code. I think this is small enough
+ of a window for this type of operation and the results are
+ simply that the rename fails with a slightly different status
+ code (like UNSUCCESSFUL instead of ALREADY_EXISTS). */
+
+ status = can_create(mem_ctx, new_name);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = pdb_rename_sam_account(pwd, new_name);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("set_user_info_21: failed to rename account: %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(pwd);
+ return status;
+ }
+
+ /* set the new username so that later
+ functions can work on the new account */
+ pdb_set_username(pwd, new_name, PDB_SET);
+ }
+
copy_id21_to_sam_passwd(pwd, id21);
/*