s4:subtree_rename LDB module - fix the move/rename constraints
authorMatthias Dieter Wallnöfer <mdw@samba.org>
Fri, 29 Apr 2011 11:38:56 +0000 (13:38 +0200)
committerMatthias Dieter Wallnöfer <mdw@samba.org>
Fri, 29 Apr 2011 18:13:36 +0000 (20:13 +0200)
By the inspiration of an email request by ekacnet I have rechecked the
move/rename constraints and re-read the chapter 3.1.1.5.4.1 located in the
MS-ADTS technical documentation.
It really turns out that the constraint checking is only performed on
the root object of a request.

In addition add my copyright notice (I've written these constraint checks).

source4/dsdb/samdb/ldb_modules/subtree_rename.c

index f26a99e..4313575 100644 (file)
@@ -3,6 +3,7 @@
 
    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006-2007
    Copyright (C) Stefan Metzmacher <metze@samba.org> 2007
+   Copyright (C) Matthias Dieter Wallnöfer <mdw@samba.org> 2010-2011
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -319,9 +320,12 @@ static int subtree_rename_search_callback(struct ldb_request *req,
        switch (ares->type) {
        case LDB_REPLY_ENTRY:
                if (ldb_dn_compare(ares->message->dn, ac->list->olddn) == 0) {
-                       /* this was already stored by the
-                        * subtree_rename_search() */
-
+                       /*
+                        * This is the root entry of the originating move
+                        * respectively rename request. It has been already
+                        * stored in the list using "subtree_rename_search()".
+                        * Only this one is subject to constraint checking.
+                        */
                        ret = check_constraints(ares->message, ac,
                                                ac->list->olddn,
                                                ac->list->newdn);
@@ -356,13 +360,6 @@ static int subtree_rename_search_callback(struct ldb_request *req,
                        return ldb_module_done(ac->req, NULL, NULL,
                                                LDB_ERR_OPERATIONS_ERROR);
                }
-
-               ret = check_constraints(ares->message, ac,
-                                       store->olddn, store->newdn);
-               if (ret != LDB_SUCCESS) {
-                       return ldb_module_done(ac->req, NULL, NULL, ret);
-               }
-
                break;
 
        case LDB_REPLY_REFERRAL: