diff options
| author | Stefan Metzmacher <metze@samba.org> | 2013-09-25 01:30:23 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2013-10-10 08:35:30 +0200 |
| commit | d2ff474766ebb104309bf1e801c54ce0f8ea0a64 (patch) | |
| tree | 8c7dadc4acff0b85dd46f5e3453a211a362a9598 /lib | |
| parent | da7ef12b43f355fa6ff92af98645c80c85699d78 (diff) | |
| download | samba-d2ff474766ebb104309bf1e801c54ce0f8ea0a64.tar.gz samba-d2ff474766ebb104309bf1e801c54ce0f8ea0a64.tar.bz2 samba-d2ff474766ebb104309bf1e801c54ce0f8ea0a64.zip | |
ldb:rdn_name: reject 'distinguishedName' depending of the MOD flags
This is what Windows 2008 R2 returns:
LDB_MOD_ADD => LDB_ERR_UNWILLING_TO_PERFORM
LDB_MOD_REPLACE => LDB_ERR_CONSTRAINT_VIOLATION
LDB_MOD_DEL => LDB_ERR_UNWILLING_TO_PERFORM
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/ldb/modules/rdn_name.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/ldb/modules/rdn_name.c b/lib/ldb/modules/rdn_name.c index 50b63aee13..f44ea71f66 100644 --- a/lib/ldb/modules/rdn_name.c +++ b/lib/ldb/modules/rdn_name.c @@ -371,6 +371,7 @@ static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb; const struct ldb_val *rdn_val_p; + struct ldb_message_element *e = NULL; ldb = ldb_module_get_ctx(module); @@ -389,10 +390,15 @@ static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_INVALID_DN_SYNTAX; } - if (ldb_msg_find_element(req->op.mod.message, "distinguishedName")) { + e = ldb_msg_find_element(req->op.mod.message, "distinguishedName"); + if (e != NULL) { ldb_asprintf_errstring(ldb, "Modify of 'distinguishedName' on %s not permitted, must use 'rename' operation instead", ldb_dn_get_linearized(req->op.mod.message->dn)); - return LDB_ERR_CONSTRAINT_VIOLATION; + if (e->flags == LDB_FLAG_MOD_REPLACE) { + return LDB_ERR_CONSTRAINT_VIOLATION; + } else { + return LDB_ERR_UNWILLING_TO_PERFORM; + } } if (ldb_msg_find_element(req->op.mod.message, "name")) { |