Index: printing/printing.c =================================================================== --- printing/printing.c (revision 13541) +++ printing/printing.c (working copy) @@ -1447,11 +1447,11 @@ /* don't strip out characters like '$' from the printername */ pstrcpy( lpqcommand, lp_lpqcommand(snum)); - string_sub2( lpqcommand, "%p", PRINTERNAME(snum), sizeof(lpqcommand), False, False ); + string_sub2( lpqcommand, "%p", PRINTERNAME(snum), sizeof(lpqcommand), False, False, False ); standard_sub_snum( snum, lpqcommand, sizeof(lpqcommand) ); pstrcpy( lprmcommand, lp_lprmcommand(snum)); - string_sub2( lprmcommand, "%p", PRINTERNAME(snum), sizeof(lprmcommand), False, False ); + string_sub2( lprmcommand, "%p", PRINTERNAME(snum), sizeof(lprmcommand), False, False, False ); standard_sub_snum( snum, lprmcommand, sizeof(lprmcommand) ); /* Index: lib/util_str.c =================================================================== --- lib/util_str.c (revision 13541) +++ lib/util_str.c (working copy) @@ -923,7 +923,7 @@ **/ void string_sub2(char *s,const char *pattern, const char *insert, size_t len, - BOOL remove_unsafe_characters, BOOL replace_once) + BOOL remove_unsafe_characters, BOOL replace_once, BOOL allow_trailing_dollar) { char *p; ssize_t ls,lp,li, i; @@ -955,6 +955,11 @@ case '\'': case ';': case '$': + /* allow a trailing $ (as in machine accounts) */ + if (allow_trailing_dollar && (i == li - 1 )) { + p[i] = insert[i]; + break; + } case '%': case '\r': case '\n': @@ -978,12 +983,12 @@ void string_sub_once(char *s, const char *pattern, const char *insert, size_t len) { - string_sub2( s, pattern, insert, len, True, True ); + string_sub2( s, pattern, insert, len, True, True, False ); } void string_sub(char *s,const char *pattern, const char *insert, size_t len) { - string_sub2( s, pattern, insert, len, True, False ); + string_sub2( s, pattern, insert, len, True, False, False ); } void fstring_sub(char *s,const char *pattern,const char *insert) Index: rpc_server/srv_samr_nt.c =================================================================== --- rpc_server/srv_samr_nt.c (revision 13541) +++ rpc_server/srv_samr_nt.c (working copy) @@ -3081,13 +3085,47 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21, SAM_ACCOUNT *pwd) { + fstring new_name; NTSTATUS status; - + if (id21 == NULL) { DEBUG(5, ("set_user_info_21: NULL id21\n")); return NT_STATUS_INVALID_PARAMETER; } - + + /* we need to separately check for an account rename first */ + if (rpcstr_pull(new_name, id21->uni_user_name.buffer, + sizeof(new_name), id21->uni_user_name.uni_str_len*2, 0) && + (!strequal(new_name, pdb_get_username(pwd)))) { + + /* check to see if the new username already exists. Note: we can't + reliably lock all backends, so there is potentially the + possibility that a user can be created in between this check and + the rename. The rename should fail, but may not get the + exact same failure status code. I think this is small enough + of a window for this type of operation and the results are + simply that the rename fails with a slightly different status + code (like UNSUCCESSFUL instead of ALREADY_EXISTS). */ + + status = can_create(mem_ctx, new_name); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = pdb_rename_sam_account(pwd, new_name); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("set_user_info_21: failed to rename account: %s\n", + nt_errstr(status))); + pdb_free_sam(&pwd); + return status; + } + + /* set the new username so that later + functions can work on the new account */ + pdb_set_username(pwd, new_name, PDB_SET); + } + copy_id21_to_sam_passwd(pwd, id21); /* Index: passdb/pdb_tdb.c =================================================================== --- passdb/pdb_tdb.c (revision 13541) +++ passdb/pdb_tdb.c (working copy) @@ -799,9 +799,8 @@ } /* rename the posix user */ - - pstring_sub(rename_script, "%unew", newname); - pstring_sub(rename_script, "%uold", pdb_get_username(old_acct)); + string_sub2(rename_script, "%unew", newname, sizeof(pstring), True, False, True); + string_sub2(rename_script, "%uold", pdb_get_username(old_acct), sizeof(pstring), True, False, True); rename_ret = smbrun(rename_script, NULL); DEBUG(rename_ret ? 0 : 3,("Running the command `%s' gave %d\n", rename_script, rename_ret)); Index: passdb/pdb_ldap.c =================================================================== --- passdb/pdb_ldap.c (revision 13541) +++ passdb/pdb_ldap.c (working copy) @@ -1901,8 +1901,9 @@ DEBUG (3, ("ldapsam_rename_sam_account: Renaming user %s to %s.\n", oldname, newname)); - pstring_sub(rename_script, "%unew", newname); - pstring_sub(rename_script, "%uold", oldname); + /* we have to allow the account name to end with a '$' */ + string_sub2(rename_script, "%unew", newname, sizeof(pstring), True, False, True); + string_sub2(rename_script, "%uold", oldname, sizeof(pstring), True, False, True); rc = smbrun(rename_script, NULL); DEBUG(rc ? 0 : 3,("Running the command `%s' gave %d\n", Index: passdb/pdb_smbpasswd.c =================================================================== --- passdb/pdb_smbpasswd.c (revision 13541) +++ passdb/pdb_smbpasswd.c (working copy) @@ -1498,9 +1498,9 @@ if (*rename_script) { int rename_ret; - pstring_sub(rename_script, "%unew", newname); - pstring_sub(rename_script, "%uold", - pdb_get_username(old_acct)); + string_sub2(rename_script, "%unew", newname, sizeof(pstring), True, False, True); + string_sub2(rename_script, "%uold", pdb_get_username(old_acct), sizeof(pstring), True, False, True); + rename_ret = smbrun(rename_script, NULL); DEBUG(rename_ret ? 0 : 3,("Running the command `%s' gave %d\n", rename_script, rename_ret));