From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 23 Apr 2026 17:11:49 +0000 (+0200)
Subject: s4:dsdb: let samaccountname_bad_chars_check() use strstr_for_invalid_account_characters()
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=386b2797b40c7ea397e41a4a770de7ca70f51b3f;p=thirdparty%2Fsamba.git

s4:dsdb: let samaccountname_bad_chars_check() use strstr_for_invalid_account_characters()

We don't need this logic twice...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed May 27 09:42:29 UTC 2026 on atb-devel-224
---

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index d5c0efd8710..625e812e91d 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -358,42 +358,41 @@ static int samaccountname_bad_chars_check(struct samldb_ctx *ac,
 	 * Additionally, Samba collapses multiple spaces, and Windows doesn't.
 	 */
 	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
-	size_t i;
+	const char *inv = NULL;
 
-	for (i = 0; name[i] != '\0'; i++) {
-		uint8_t c = name[i];
-		const char *p = NULL;
+	inv = strstr_for_invalid_account_characters(name);
+	if (inv != NULL) {
+		char c = *inv;
 
-		if (c < 32 || c == 127) {
+		if (c == '\0') {
 			ldb_asprintf_errstring(
 				ldb,
-				"samldb: sAMAccountName contains invalid "
-				"0x%.2x character\n", c);
+				"samldb: sAMAccountName is empty\n");
 			return LDB_ERR_CONSTRAINT_VIOLATION;
 		}
-		p = strchr("\"[]:;|=+*?<>/\\,", c);
-		if (p != NULL) {
+
+		if (c == '.') {
+			ldb_asprintf_errstring(
+				ldb,
+				"samldb: sAMAccountName ends with '.'");
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
+
+		if (isprint(c)) {
 			ldb_asprintf_errstring(
 				ldb,
 				"samldb: sAMAccountName contains invalid "
 				"'%c' character\n", c);
 			return LDB_ERR_CONSTRAINT_VIOLATION;
 		}
-	}
 
-	if (i == 0) {
 		ldb_asprintf_errstring(
 			ldb,
-			"samldb: sAMAccountName is empty\n");
+			"samldb: sAMAccountName contains invalid "
+			"0x%.2x character\n", c);
 		return LDB_ERR_CONSTRAINT_VIOLATION;
 	}
 
-	if (name[i - 1] == '.') {
-		ldb_asprintf_errstring(
-			ldb,
-			"samldb: sAMAccountName ends with '.'");
-		return LDB_ERR_CONSTRAINT_VIOLATION;
-	}
 	return LDB_SUCCESS;
 }