s4:LDB/LDAP - Re-allow renames

[ira/wip.git] / source4 / ldap_server / ldap_backend.c

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 67cc893ff25c7cc9d6ca8d9a4384707e1e23f6fb..5f9b8221374d20a7958035681a70dc45b2f0bcb2 100644 (file)
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -195,7 +195,7 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
                        = gensec_use_kerberos_mechs(conn, backends, conn->server_credentials);
                int i, j = 0;
                for (i = 0; ops && ops[i]; i++) {
-                       if (!gensec_security_ops_enabled(ops[i], conn->lp_ctx))
+                       if (!lp_parm_bool(conn->lp_ctx,  NULL, "gensec", ops[i]->name, ops[i]->enabled))
                                continue;
 
                        if (ops[i]->sasl_name && ops[i]->server_start) {
@@ -419,7 +419,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
                        ent->attributes = talloc_array(ent_r, struct ldb_message_element, ent->num_attributes);
                        NT_STATUS_HAVE_NO_MEMORY(ent->attributes);
                        for (j=0; j < ent->num_attributes; j++) {
-                               ent->attributes[j].name = talloc_steal(ent->attributes, res->msgs[i]->elements[j].name);
+                               ent->attributes[j].name = res->msgs[i]->elements[j].name;
                                ent->attributes[j].num_values = 0;
                                ent->attributes[j].values = NULL;
                                if (req->attributesonly && (res->msgs[i]->elements[j].num_values == 0)) {
@@ -427,7 +427,6 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
                                }
                                ent->attributes[j].num_values = res->msgs[i]->elements[j].num_values;
                                ent->attributes[j].values = res->msgs[i]->elements[j].values;
-                               talloc_steal(ent->attributes, res->msgs[i]->elements[j].values);
                        }
 queue_reply:
                        ldapsrv_queue_reply(call, ent_r);
@@ -735,7 +734,7 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
        int result = LDAP_SUCCESS;
        int ldb_ret;
 
-       DEBUG(10, ("ModifyDNRequrest"));
+       DEBUG(10, ("ModifyDNRequest"));
        DEBUGADD(10, (" dn: %s", req->dn));
        DEBUGADD(10, (" newrdn: %s", req->newrdn));
 
@@ -751,6 +750,12 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
        DEBUG(10, ("ModifyDNRequest: olddn: [%s]\n", req->dn));
        DEBUG(10, ("ModifyDNRequest: newrdn: [%s]\n", req->newrdn));
 
+       if (ldb_dn_get_comp_num(newrdn) != 1) {
+               result = LDAP_INVALID_DN_SYNTAX;
+               map_ldb_error(local_ctx, LDB_ERR_INVALID_DN_SYNTAX, &errstr);
+               goto reply;
+       }
+
        /* we can't handle the rename if we should not remove the old dn */
        if (!req->deleteolddn) {
                result = LDAP_UNWILLING_TO_PERFORM;
@@ -780,10 +785,7 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
                NT_STATUS_HAVE_NO_MEMORY(parentdn);
        }
 
-       if ( ! ldb_dn_add_child_fmt(parentdn,
-                               "%s=%s",
-                               ldb_dn_get_rdn_name(newrdn),
-                               (char *)ldb_dn_get_rdn_val(newrdn)->data)) {
+       if ( ! ldb_dn_add_child(parentdn, newrdn)) {
                result = LDAP_OTHER;
                goto reply;
        }