ldb_tdb: Do not allow a modification of the GUID_index_attribute (objectGUID)

This would totally break our index scheme if this could be modified.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

diff --git a/lib/ldb/ldb_tdb/ldb_tdb.c b/lib/ldb/ldb_tdb/ldb_tdb.c
index eb667519c5e8f0d41477a6cdcdf2d1d1026bf793..287295a007f8599d1884f468cb1daa2beb518aa5 100644 (file)
--- a/lib/ldb/ldb_tdb/ldb_tdb.c
+++ b/lib/ldb/ldb_tdb/ldb_tdb.c
@@ -651,6 +651,17 @@ static int msg_delete_attribute(struct ldb_module *module,
        unsigned int i;
        int ret;
        struct ldb_message_element *el;
+       bool is_special = ldb_dn_is_special(msg->dn);
+
+       if (!is_special
+           && ltdb->cache->GUID_index_attribute != NULL
+           && ldb_attr_cmp(name, ltdb->cache->GUID_index_attribute) == 0) {
+               struct ldb_context *ldb = ldb_module_get_ctx(module);
+               ldb_asprintf_errstring(ldb, "Must not modify GUID "
+                                      "attribute %s (used as DB index)",
+                                      ltdb->cache->GUID_index_attribute);
+               return LDB_ERR_CONSTRAINT_VIOLATION;
+       }
 
        el = ldb_msg_find_element(msg, name);
        if (el == NULL) {