From b4960c4338c7332deb3b62a0e0e98d011ade5f88 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 25 Sep 2013 01:30:23 +0200 Subject: [PATCH] ldb:rdn_name: reject 'distinguishedName' depending of the MOD flags This is what Windows 2008 R2 returns: LDB_MOD_ADD => LDB_ERR_UNWILLING_TO_PERFORM LDB_MOD_REPLACE => LDB_ERR_CONSTRAINT_VIOLATION LDB_MOD_DEL => LDB_ERR_UNWILLING_TO_PERFORM Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit d2ff474766ebb104309bf1e801c54ce0f8ea0a64) --- lib/ldb/modules/rdn_name.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/ldb/modules/rdn_name.c b/lib/ldb/modules/rdn_name.c index 50b63aee133..f44ea71f660 100644 --- a/lib/ldb/modules/rdn_name.c +++ b/lib/ldb/modules/rdn_name.c @@ -371,6 +371,7 @@ static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb; const struct ldb_val *rdn_val_p; + struct ldb_message_element *e = NULL; ldb = ldb_module_get_ctx(module); @@ -389,10 +390,15 @@ static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_INVALID_DN_SYNTAX; } - if (ldb_msg_find_element(req->op.mod.message, "distinguishedName")) { + e = ldb_msg_find_element(req->op.mod.message, "distinguishedName"); + if (e != NULL) { ldb_asprintf_errstring(ldb, "Modify of 'distinguishedName' on %s not permitted, must use 'rename' operation instead", ldb_dn_get_linearized(req->op.mod.message->dn)); - return LDB_ERR_CONSTRAINT_VIOLATION; + if (e->flags == LDB_FLAG_MOD_REPLACE) { + return LDB_ERR_CONSTRAINT_VIOLATION; + } else { + return LDB_ERR_UNWILLING_TO_PERFORM; + } } if (ldb_msg_find_element(req->op.mod.message, "name")) { -- 2.11.4.GIT