r25761: Rename to be a DN to be a child of itself wasn't being checked for.

This prevents CN=test,dc=samba,dc=example,dc=com being renamed into
CN=test2,cn=test,dc=samba,dc=example,dc=com

Andrew Bartlett
(This used to be commit 958a92ed0c6bee19d8b86df7c66330d2bba23e46)

source4/dsdb/samdb/ldb_modules/subtree_rename.c

@@ -163,6 +163,14 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req)
 		return ldb_next_request(module, req);
 	}
 
+	/* Firstly ensure we are not trying to rename it to be a child of itself */
+	if ((ldb_dn_compare_base(req->op.rename.olddn, req->op.rename.newdn) == 0) 
+	    && (ldb_dn_compare(req->op.rename.olddn, req->op.rename.newdn) != 0)) {
+		ldb_asprintf_errstring(module->ldb, "Cannot rename %s to be a child of itself",
+				       ldb_dn_get_linearized(req->op.rename.olddn));
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
 	/* This gets complex:  We need to:
 	   - Do a search for all entires under this entry 
 	   - Wait for these results to appear

testprogs/ejs/ldap.js

@@ -288,6 +288,13 @@ cn: LDAPtestUSER4
 
 	assert(res.msgs[0].dn == ("CN=ldaptestuser4,CN=ldaptestcontainer2," + base_dn));
 
+	println("Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + base_dn);
+	ok = ldb.rename("cn=ldaptestcontainer2," + base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + base_dn);
+	if (ok.error != 53) { /* LDAP_UNWILLING_TO_PERFORM */
+		println(ok.errstr);
+		assert(ok.error == 53);
+	}
+
 	println("Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + base_dn);
 	ok = ldb.del("cn=ldaptestcontainer2," + base_dn);
 	if (ok.error != 66) { /* LDB_ERR_NOT_ALLOWED_ON_NON_LEAF */