Attachment 1666 Details for Bug 2331 – allow account rename in samrsetuserinfo level 21

[patch] allow account rename in samrsetuserinfo level 21

samba3-machine_rename.diff (text/plain), 3.21 KB, created by Guenther Deschner on 2006-01-11 12:26:55 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Guenther Deschner

Created: 2006-01-11 12:26:55 UTC

Size: 3.21 KB

patch

obsolete

>Index: passdb/pdb_ldap.c
>===================================================================
>--- passdb/pdb_ldap.c	(revision 12844)
>+++ passdb/pdb_ldap.c	(working copy)
>@@ -1893,8 +1893,9 @@
> 	DEBUG (3, ("ldapsam_rename_sam_account: Renaming user %s to %s.\n", 
> 		   oldname, newname));
> 
>-	pstring_sub(rename_script, "%unew", newname);
>-	pstring_sub(rename_script, "%uold", oldname);
>+	/* we have to allow the account name to end with a '$' */
>+	string_sub2(rename_script, "%unew", newname, sizeof(pstring), False, False);
>+	string_sub2(rename_script, "%uold", oldname, sizeof(pstring), False, False);
> 	rc = smbrun(rename_script, NULL);
> 
> 	DEBUG(rc ? 0 : 3,("Running the command `%s' gave %d\n", 
>Index: rpc_server/srv_samr_nt.c
>===================================================================
>--- rpc_server/srv_samr_nt.c	(revision 12844)
>+++ rpc_server/srv_samr_nt.c	(working copy)
>@@ -3024,14 +3024,49 @@
>  set_user_info_21
>  ********************************************************************/
> 
>-static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, SAM_ACCOUNT *pwd)
>+static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21, SAM_ACCOUNT *pwd)
> {
>- 
>+	fstring new_name;
>+	NTSTATUS status;
>+	
> 	if (id21 == NULL) {
> 		DEBUG(5, ("set_user_info_21: NULL id21\n"));
>-		return False;
>+		return NT_STATUS_ACCESS_DENIED;
> 	}
>- 
>+
>+	/* we need to separately check for an account rename first */
>+	if (rpcstr_pull(new_name, id21->uni_user_name.buffer, 
>+			sizeof(new_name), id21->uni_user_name.uni_str_len*2, 0) && 
>+	   (!strequal(new_name, pdb_get_username(pwd)))) {
>+
>+		/* check to see if the new username already exists.  Note: we can't
>+		   reliably lock all backends, so there is potentially the 
>+		   possibility that a user can be created in between this check and
>+		   the rename.  The rename should fail, but may not get the
>+		   exact same failure status code.  I think this is small enough
>+		   of a window for this type of operation and the results are
>+		   simply that the rename fails with a slightly different status
>+		   code (like UNSUCCESSFUL instead of ALREADY_EXISTS). */
>+
>+		status = can_create(mem_ctx, new_name);
>+		if (!NT_STATUS_IS_OK(status)) {
>+			return status;
>+		}
>+
>+		status = pdb_rename_sam_account(pwd, new_name);
>+
>+		if (!NT_STATUS_IS_OK(status)) {
>+			DEBUG(0,("set_user_info_21: failed to rename account: %s\n", 
>+				nt_errstr(status)));
>+			pdb_free_sam(&pwd);
>+			return status;
>+		}
>+
>+		/* set the new username so that later 
>+		   functions can work on the new account */
>+		pdb_set_username(pwd, new_name, PDB_SET);
>+	}
>+
> 	copy_id21_to_sam_passwd(pwd, id21);
>  
> 	/*
>@@ -3047,12 +3082,12 @@
> 	/* write the change out */
> 	if(!pdb_update_sam_account(pwd)) {
> 		pdb_free_sam(&pwd);
>-		return False;
>+		return NT_STATUS_ACCESS_DENIED;
>  	}
> 
> 	pdb_free_sam(&pwd);
> 
>-	return True;
>+	return NT_STATUS_OK;
> }
> 
> /*******************************************************************
>@@ -3423,8 +3458,8 @@
> 				r_u->status = NT_STATUS_ACCESS_DENIED;
> 			break;
> 		case 21:
>-			if (!set_user_info_21(ctr->info.id21, pwd))
>-				return NT_STATUS_ACCESS_DENIED;
>+			r_u->status = set_user_info_21(p->mem_ctx,
>+						       ctr->info.id21, pwd);
> 			break;
> 		default:
> 			r_u->status = NT_STATUS_INVALID_INFO_CLASS;

Actions: View

Attachments on bug 2331: 1666 | 1735