From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 25 Sep 2009 00:20:55 +0000 (-0700)
Subject: s4:ldb Don't allow modifcation of distinguishedName
X-Git-Tag: talloc-2.0.1~169
X-Git-Url: http://git.samba.org/samba.git/?p=samba.git;a=commitdiff_plain;h=2f211daa47d1

s4:ldb Don't allow modifcation of distinguishedName
---

diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c
index 55acb6132d8..7427b981632 100644
--- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c
+++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c
@@ -621,8 +621,14 @@ int ltdb_modify_internal(struct ldb_module *module,
 		struct ldb_val *vals;
 		const char *dn;
 		const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(ldb, el->name);
-		switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
 
+		if (ldb_attr_cmp(el->name, "distinguishedName") == 0) {
+			ldb_asprintf_errstring(ldb, "it is not permitted to perform a modify on distinguishedName (use rename instead): %s",
+					       ldb_dn_get_linearized(msg->dn));
+			return LDB_ERR_UNWILLING_TO_PERFORM;
+		}
+
+		switch (msg->elements[i].flags & LDB_FLAG_MOD_MASK) {
 		case LDB_FLAG_MOD_ADD:
 			
 			/* add this element to the message. fail if it