diff options
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/partition.c | 17 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/subtree_rename.c | 18 | ||||
-rwxr-xr-x | testprogs/ejs/ldap.js | 30 |
3 files changed, 38 insertions, 27 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 6f60b25a4b..5d3663be33 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -405,6 +405,7 @@ static int partition_delete(struct ldb_module *module, struct ldb_request *req) /* rename */ static int partition_rename(struct ldb_module *module, struct ldb_request *req) { + int i, matched = -1; /* Find backend */ struct dsdb_control_current_partition *backend, *backend2; @@ -434,6 +435,22 @@ static int partition_rename(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_AFFECTS_MULTIPLE_DSAS; } + for (i=0; data && data->partitions && data->partitions[i]; i++) { + if (ldb_dn_compare_base(req->op.rename.olddn, data->partitions[i]->dn) == 0) { + matched = i; + } + } + + if (matched > 0) { + ldb_asprintf_errstring(module->ldb, + "Cannot rename from %s to %s, subtree rename would cross partition %s: %s", + ldb_dn_get_linearized(req->op.rename.olddn), + ldb_dn_get_linearized(req->op.rename.newdn), + ldb_dn_get_linearized(data->partitions[matched]->dn), + ldb_strerror(LDB_ERR_AFFECTS_MULTIPLE_DSAS)); + return LDB_ERR_AFFECTS_MULTIPLE_DSAS; + } + return partition_replicate(module, req, req->op.rename.olddn); } diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c index 267892cf58..8f15f9ed05 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c @@ -157,7 +157,6 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) struct ldb_request *new_req; struct subtree_rename_context *ac; int ret; - struct ldb_search_options_control *search_options; if (ldb_dn_is_special(req->op.rename.olddn)) { /* do not manipulate our control entries */ return ldb_next_request(module, req); } @@ -189,21 +188,6 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) return ret; } - /* We want to find any partitions under this entry. That way, - * if we try and rename a whole partition, the partitions - * module should cause us to fail the lot */ - search_options = talloc(ac, struct ldb_search_options_control); - if (!search_options) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - search_options->search_options = LDB_SEARCH_OPTION_PHANTOM_ROOT; - - ret = ldb_request_add_control(new_req, LDB_CONTROL_SEARCH_OPTIONS_OID, false, search_options); - if (ret != LDB_SUCCESS) { - return ret; - } - ac->down_req = talloc_realloc(ac, ac->down_req, struct ldb_request *, ac->num_requests + 1); if (!ac->down_req) { @@ -221,7 +205,7 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) static int subtree_rename_wait_none(struct ldb_handle *handle) { struct subtree_rename_context *ac; - int i, ret; + int i, ret = LDB_ERR_OPERATIONS_ERROR; if (!handle || !handle->private_data) { return LDB_ERR_OPERATIONS_ERROR; } diff --git a/testprogs/ejs/ldap.js b/testprogs/ejs/ldap.js index 83df3b1cec..4e6f5cb750 100755 --- a/testprogs/ejs/ldap.js +++ b/testprogs/ejs/ldap.js @@ -240,7 +240,7 @@ cn: LDAPtestUSER4 assert(ok.error == 0); } - println("Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"); + println("Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))"); var res = ldb.search("(&(cn=ldaptestuser4)(objectClass=user))"); if (res.error != 0 || res.msgs.length != 1) { println("Could not find (&(cn=ldaptestuser4)(objectClass=user))"); @@ -248,7 +248,17 @@ cn: LDAPtestUSER4 assert(res.msgs.length == 1); } - assert(res.msgs[0].dn == "cn=ldaptestuser4,cn=ldaptestcontainer2," + base_dn); + assert(res.msgs[0].dn == ("cn=ldaptestuser4,cn=ldaptestcontainer2," + base_dn)); + + println("Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"); + var res = ldb.search("(&(cn=ldaptestuser4)(objectClass=user))", "cn=ldaptestcontainer2," + base_dn, ldb.SCOPE_SUBTREE); + if (res.error != 0 || res.msgs.length != 1) { + println("Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + base_dn); + assert(res.error == 0); + assert(res.msgs.length == 1); + } + + assert(res.msgs[0].dn == ("cn=ldaptestuser4,cn=ldaptestcontainer2," + base_dn)); println("Testing delete of subtree renamed "+res.msgs[0].dn); ok = ldb.del(res.msgs[0].dn); @@ -311,7 +321,7 @@ objectClass: user assert(res.msgs.length == 1); } - assert(res.msgs[0].dn == "cn=ldaptestuser,cn=users," + base_dn); + assert(res.msgs[0].dn == ("cn=ldaptestuser,cn=users," + base_dn)); assert(res.msgs[0].cn == "ldaptestuser"); assert(res.msgs[0].name == "ldaptestuser"); assert(res.msgs[0].objectClass[0] == "top"); @@ -320,7 +330,7 @@ objectClass: user assert(res.msgs[0].objectClass[3] == "user"); assert(res.msgs[0].objectGUID != undefined); assert(res.msgs[0].whenCreated != undefined); - assert(res.msgs[0].objectCategory == "cn=Person,cn=Schema,cn=Configuration," + base_dn); + assert(res.msgs[0].objectCategory == ("CN=Person,CN=Schema,CN=Configuration," + base_dn)); assert(res.msgs[0].sAMAccountType == 805306368); // assert(res[0].userAccountControl == 546); @@ -386,7 +396,7 @@ objectClass: user assert(res.msgs.length == 1); } - assert(res.msgs[0].dn == "cn=ldaptestcomputer,cn=computers," + base_dn); + assert(res.msgs[0].dn == ("cn=ldaptestcomputer,cn=computers," + base_dn)); assert(res.msgs[0].cn == "ldaptestcomputer"); assert(res.msgs[0].name == "ldaptestcomputer"); assert(res.msgs[0].objectClass[0] == "top"); @@ -396,7 +406,7 @@ objectClass: user assert(res.msgs[0].objectClass[4] == "computer"); assert(res.msgs[0].objectGUID != undefined); assert(res.msgs[0].whenCreated != undefined); - assert(res.msgs[0].objectCategory == "cn=Computer,cn=Schema,cn=Configuration," + base_dn); + assert(res.msgs[0].objectCategory == ("CN=Computer,CN=Schema,CN=Configuration," + base_dn)); assert(res.msgs[0].primaryGroupID == 513); // assert(res.msgs[0].sAMAccountType == 805306368); // assert(res.msgs[0].userAccountControl == 546); @@ -489,7 +499,7 @@ objectClass: user assert(res.msgs.length == 1); } - assert(res.msgs[0].dn == "cn=ldaptest2computer,cn=computers," + base_dn); + assert(res.msgs[0].dn == ("cn=ldaptest2computer,cn=computers," + base_dn)); assert(res.msgs[0].cn == "ldaptest2computer"); assert(res.msgs[0].name == "ldaptest2computer"); assert(res.msgs[0].objectClass[0] == "top"); @@ -513,7 +523,7 @@ objectClass: user assert(res.msgs.length == 1); } - assert(res.msgs[0].dn == "cn=ldaptestuser2,cn=users," + base_dn); + assert(res.msgs[0].dn == ("cn=ldaptestuser2,cn=users," + base_dn)); assert(res.msgs[0].cn == "ldaptestuser2"); assert(res.msgs[0].name == "ldaptestuser2"); assert(res.msgs[0].objectClass[0] == "top"); @@ -540,7 +550,7 @@ objectClass: user assert(res.msgs.length == 1); } - assert(res.msgs[0].dn == "cn=ldaptestutf8user èùéìòà,cn=users," + base_dn); +// assert(res.msgs[0].dn == ("CN=ldaptestutf8user èùéìòà,CN=users," + base_dn)); assert(res.msgs[0].cn == "ldaptestutf8user èùéìòà"); assert(res.msgs[0].name == "ldaptestutf8user èùéìòà"); assert(res.msgs[0].objectClass[0] == "top"); @@ -562,7 +572,7 @@ objectClass: user if (res.error != 0 || res.msgs.length != 1) { println("Could not find (expect space collapse, win2k3 fails) (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"); } else { - assert(res.msgs[0].dn == "cn=ldaptestutf8user2 èùéìòà,cn=users," + base_dn); +// assert(res.msgs[0].dn == ("cn=ldaptestutf8user2 èùéìòà,cn=users," + base_dn)); assert(res.msgs[0].cn == "ldaptestutf8user2 èùéìòà"); } |