s4:subtree_rename LDB module - also already deleted objects have to be renamed

This is needed if the SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag was specified
and the parent is renamed.

To be able to do this we also need to relax the constraint checks (using the
"isDeleted" proof).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c
index 97330f898c46d212f3e54d1b5c35e1b41a0fb445..f6b36256788432c925869f22451ea5a52f84b238 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c
+++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c
@@ -152,7 +152,9 @@ static int check_constraints(struct ldb_message *msg,
        bool move_op = false;
        bool rename_op = false;
 
-       /* Skip the checks if old and new DN are the same or if we relax */
+       /* Skip the checks if old and new DN are the same, or if we have the
+        * relax control specified or if the returned objects is already
+        * deleted and needs only to be moved for consistency. */
 
        if (ldb_dn_compare(olddn, newdn) == 0) {
                return LDB_SUCCESS;
@@ -160,6 +162,9 @@ static int check_constraints(struct ldb_message *msg,
        if (ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID) != NULL) {
                return LDB_SUCCESS;
        }
+       if (ldb_msg_find_attr_as_bool(msg, "isDeleted", false)) {
+               return LDB_SUCCESS;
+       }
 
        /* Objects under CN=System */
 
@@ -382,7 +387,7 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req)
 {
        struct ldb_context *ldb;
        static const char * const attrs[] = { "objectClass", "systemFlags",
-                                             NULL };
+                                             "isDeleted", NULL };
        struct ldb_request *search_req;
        struct subtree_rename_context *ac;
        int ret;
@@ -430,6 +435,12 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req)
                return ret;
        }
 
+       ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_RECYCLED_OID,
+                                     true, NULL);
+       if (ret != LDB_SUCCESS) {
+               return ret;
+       }
+
        return ldb_next_request(module, search_req);
 }