diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-11-16 08:34:52 +0100 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-11-16 08:42:07 +0000 |
commit | 0f2904247ba7f888023bd4ab4e2e42d565d7e840 (patch) | |
tree | 793bc6de9daac69d31cc329cfe027b74fb9c6d9f /source4 | |
parent | 71a5ea93ff76dee94f23a4f69dd1ede0a12255f6 (diff) | |
download | samba-0f2904247ba7f888023bd4ab4e2e42d565d7e840.tar.gz samba-0f2904247ba7f888023bd4ab4e2e42d565d7e840.tar.bz2 samba-0f2904247ba7f888023bd4ab4e2e42d565d7e840.zip |
s4:subtree_rename LDB module - make use of "dsdb_find_nc_root"
This is exactly what's needed there.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Nov 16 08:42:07 UTC 2010 on sn-devel-104
Diffstat (limited to 'source4')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/subtree_rename.c | 49 |
1 files changed, 27 insertions, 22 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c index 64bbc089c4..cf08a9a41e 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c @@ -147,10 +147,11 @@ static int check_constraints(struct ldb_message *msg, struct ldb_dn *olddn, struct ldb_dn *newdn) { struct ldb_context *ldb = ldb_module_get_ctx(ac->module); - struct ldb_dn *dn1, *dn2; + struct ldb_dn *dn1, *dn2, *nc_root; int32_t systemFlags; bool move_op = false; bool rename_op = false; + int ret; /* Skip the checks if old and new DN are the same, or if we have the * relax control specified or if the returned objects is already @@ -215,9 +216,28 @@ static int check_constraints(struct ldb_message *msg, systemFlags = ldb_msg_find_attr_as_int(msg, "systemFlags", 0); - /* the config system flags don't apply for the schema partition */ - if ((ldb_dn_compare_base(ldb_get_config_basedn(ldb), olddn) == 0) && - (ldb_dn_compare_base(ldb_get_schema_basedn(ldb), olddn) != 0)) { + /* Fetch name context */ + + ret = dsdb_find_nc_root(ldb, ac, olddn, &nc_root); + if (ret != LDB_SUCCESS) { + return ret; + } + + if (ldb_dn_compare(nc_root, ldb_get_schema_basedn(ldb)) == 0) { + if (move_op) { + ldb_asprintf_errstring(ldb, + "subtree_rename: Cannot move %s, it isn't permitted!", + ldb_dn_get_linearized(olddn)); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + if (rename_op && + (systemFlags & SYSTEM_FLAG_SCHEMA_BASE_OBJECT) != 0) { + ldb_asprintf_errstring(ldb, + "subtree_rename: Cannot rename %s, it isn't permitted!", + ldb_dn_get_linearized(olddn)); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + } else if (ldb_dn_compare(nc_root, ldb_get_config_basedn(ldb)) == 0) { if (move_op && (systemFlags & SYSTEM_FLAG_CONFIG_ALLOW_MOVE) == 0) { /* Here we have to do more: control the @@ -256,24 +276,7 @@ static int check_constraints(struct ldb_message *msg, ldb_dn_get_linearized(olddn)); return LDB_ERR_UNWILLING_TO_PERFORM; } - } - if (ldb_dn_compare_base(ldb_get_schema_basedn(ldb), olddn) == 0) { - if (move_op) { - ldb_asprintf_errstring(ldb, - "subtree_rename: Cannot move %s, it isn't permitted!", - ldb_dn_get_linearized(olddn)); - return LDB_ERR_UNWILLING_TO_PERFORM; - } - if (rename_op && - (systemFlags & SYSTEM_FLAG_SCHEMA_BASE_OBJECT) != 0) { - ldb_asprintf_errstring(ldb, - "subtree_rename: Cannot rename %s, it isn't permitted!", - ldb_dn_get_linearized(olddn)); - return LDB_ERR_UNWILLING_TO_PERFORM; - } - } - if (ldb_dn_compare_base(ldb_get_default_basedn(ldb), - ac->current->olddn) == 0) { + } else if (ldb_dn_compare(nc_root, ldb_get_default_basedn(ldb)) == 0) { if (move_op && (systemFlags & SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE) != 0) { ldb_asprintf_errstring(ldb, @@ -290,6 +293,8 @@ static int check_constraints(struct ldb_message *msg, } } + talloc_free(nc_root); + return LDB_SUCCESS; } |