r23762: Fix DN renames over LDAP, and instrument the partition module. Add a

test to prove the behaviour of LDAP renames etc.

Fix LDB to return correct error code when failing to rename one DN
onto another.

Andrew Bartlett
(This used to be commit 3f3da9c4710b7752ed97f55c2fc3d32a63d352af)

4 files changed, 81 insertions, 25 deletions

diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c
index b0875d2965e..73ee4ef3a6f 100644
--- a/source4/dsdb/samdb/ldb_modules/partition.c
+++ b/source4/dsdb/samdb/ldb_modules/partition.c
@@ -120,25 +120,6 @@ static struct dsdb_control_current_partition *find_partition(struct partition_pr
 	return NULL;
 };
 
-static struct ldb_module *find_backend(struct ldb_module *module, struct ldb_request *req, struct ldb_dn *dn)
-{
-	struct dsdb_control_current_partition *partition;
-	struct partition_private_data *data = talloc_get_type(module->private_data, 
-							      struct partition_private_data);
-
-	/* Skip the lot if 'data' isn't here yet (initialistion) */
-	if (!data) {
-		return module;
-	}
-
-	partition = find_partition(data, dn);
-	if (!partition) {
-		return module;
-	}
-
-	return make_module_for_next_request(req, module->ldb, partition->module);
-};
-
 /*
   fire the caller's callback for every entry, but only send 'done' once.
 */
@@ -442,10 +423,31 @@ static int partition_delete(struct ldb_module *module, struct ldb_request *req)
 static int partition_rename(struct ldb_module *module, struct ldb_request *req)
 {
 	/* Find backend */
-	struct ldb_module *backend = find_backend(module, req, req->op.rename.olddn);
-	struct ldb_module *backend2 = find_backend(module, req, req->op.rename.newdn);
+	struct dsdb_control_current_partition *backend, *backend2;
+	
+	struct partition_private_data *data = talloc_get_type(module->private_data, 
+							      struct partition_private_data);
+
+	/* Skip the lot if 'data' isn't here yet (initialistion) */
+	if (!data) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+
+	backend = find_partition(data, req->op.rename.olddn);
+	backend2 = find_partition(data, req->op.rename.newdn);
+
+	if ((backend && !backend2) || (!backend && backend2)) {
+		return LDB_ERR_AFFECTS_MULTIPLE_DSAS;
+	}
 
-	if (backend->next != backend2->next) {
+	if (backend != backend2) {
+		ldb_asprintf_errstring(module->ldb, 
+				       "Cannot rename from %s in %s to %s in %s: %s",
+				       ldb_dn_get_linearized(req->op.rename.olddn),
+				       ldb_dn_get_linearized(backend->dn),
+				       ldb_dn_get_linearized(req->op.rename.newdn),
+				       ldb_dn_get_linearized(backend2->dn),
+				       ldb_strerror(LDB_ERR_AFFECTS_MULTIPLE_DSAS));
 		return LDB_ERR_AFFECTS_MULTIPLE_DSAS;
 	}
 
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index fa8c07fa552..bfcdbd2dc1e 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -621,6 +621,7 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
 		result = LDAP_OTHER;
 		goto reply;
 	}
+	newdn = parentdn;
 
 reply:
 	modifydn_r = ldapsrv_init_reply(call, LDAP_TAG_ModifyDNResponse);
diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c
index 6dff3942a87..335e7d540ef 100644
--- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c
+++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c
@@ -857,9 +857,8 @@ static int ltdb_rename(struct ldb_module *module, struct ldb_request *req)
 		goto done;
 	}
 
-	tret = ltdb_add_internal(module, msg);
-	if (tret != LDB_SUCCESS) {
-		ret = LDB_ERR_OPERATIONS_ERROR;
+	ret = ltdb_add_internal(module, msg);
+	if (ret != LDB_SUCCESS) {
 		goto done;
 	}
 
diff --git a/testprogs/ejs/ldap.js b/testprogs/ejs/ldap.js
index 72d8c9acf87..a91285c3af7 100755
--- a/testprogs/ejs/ldap.js
+++ b/testprogs/ejs/ldap.js
@@ -140,6 +140,60 @@ cn: LDAPtestUSER2
 		}
 	}
 
+	ok = ldb.del("cn=ldaptestuser3,cn=users," + base_dn);
+
+	ok = ldb.rename("cn=ldaptestuser2,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn);
+	if (ok.error != 0) {
+		println("Could not rename cn=ldaptestuser2,cn=users," + base_dn + " into cn=ldaptestuser3,cn=users," + base_dn + ": " + ok.errstr);
+		assert(ok.error == 0);
+	}
+
+	// ensure we cannot add it again
+	ok = ldb.add("
+dn: cn=ldaptestuser3,cn=users," + base_dn + "
+objectClass: person
+objectClass: user
+cn: LDAPtestUSER3
+");
+//LDB_ERR_ENTRY_ALREADY_EXISTS
+	if (ok.error != 68) {
+		println("expected error LDB_ERR_ENTRY_ALREADY_EXISTS, got: " + ok.errstr);
+		assert(ok.error == 68);
+	}
+
+	// rename back
+	ok = ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser2,cn=users," + base_dn);
+	if (ok.error != 0) {
+		println(ok.errstr);
+		assert(ok.error == 0);
+	}
+
+	// ensure we cannnot rename it twice
+	ok = ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser2,cn=users," + base_dn);
+//LDB_ERR_NO_SUCH_OBJECT
+	assert(ok.error == 32);
+
+	// ensure can now use that name
+	ok = ldb.add("
+dn: cn=ldaptestuser3,cn=users," + base_dn + "
+objectClass: person
+objectClass: user
+cn: LDAPtestUSER3
+");
+	
+	// ensure we now cannnot rename
+	ok = ldb.rename("cn=ldaptestuser2,cn=users," + base_dn, "cn=ldaptestuser3,cn=users," + base_dn);
+//LDB_ERR_ENTRY_ALREADY_EXISTS
+	if (ok.error != 68) {
+		println("expected error LDB_ERR_ENTRY_ALREADY_EXISTS, got: " + ok.errstr);
+		assert(ok.error == 68);
+	}
+	assert(ok.error == 68);
+	ok = ldb.rename("cn=ldaptestuser3,cn=users," + base_dn, "cn=ldaptestuser3,cn=configuration," + base_dn);
+	assert(ok.error == 71);
+
+	ok = ldb.del("cn=ldaptestuser3,cn=users," + base_dn);
+
 	ok = ldb.add("
 dn: cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn + "
 objectClass: user