s4:ldb Don't allow modifcation of distinguishedName

[ira/wip.git] / source4 / lib / ldb / ldb_tdb / ldb_tdb.c

diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c
index e569a5a2a89815fe8442cfd9cc48341746166ba3..7427b9816323e9a9981e538dfa3e9626bf2adcec 100644 (file)
--- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c
+++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c
@@ -270,7 +270,7 @@ static int ltdb_add_internal(struct ldb_module *module,
                const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
 
                if (el->num_values == 0) {
-                       ldb_asprintf_errstring(ldb, "attribute %s on %s speicified, but with 0 values (illigal)", 
+                       ldb_asprintf_errstring(ldb, "attribute %s on %s specified, but with 0 values (illegal)", 
                                               el->name, ldb_dn_get_linearized(msg->dn));
                        return LDB_ERR_CONSTRAINT_VIOLATION;
                }
@@ -621,8 +621,14 @@ int ltdb_modify_internal(struct ldb_module *module,
                struct ldb_val *vals;
                const char *dn;
                const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
-               switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
 
+               if (ldb_attr_cmp(el->name, "distinguishedName") == 0) {
+                       ldb_asprintf_errstring(ldb, "it is not permitted to perform a modify on distinguishedName (use rename instead): %s",
+                                              ldb_dn_get_linearized(msg->dn));
+                       return LDB_ERR_UNWILLING_TO_PERFORM;
+               }
+
+               switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
                case LDB_FLAG_MOD_ADD:
                        
                        /* add this element to the message. fail if it