From 2f6e384a63d8659e2453919e9f30338ff71fe83d Mon Sep 17 00:00:00 2001
From: Amitay Isaacs <amitay@gmail.com>
Date: Thu, 31 Jul 2014 17:24:52 +1000
Subject: [PATCH] s4-rpc: dnsserver: Do not search for deleted DNS entries

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
---
 source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
index 856016c..5162ab0 100644
--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
@@ -1631,7 +1631,8 @@ static WERROR dnsserver_enumerate_root_records(struct dnsserver_state *dsstate,
 	}
 
 	ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
-				LDB_SCOPE_ONELEVEL, attrs, "(&(objectClass=dnsNode)(name=@))");
+			 LDB_SCOPE_ONELEVEL, attrs,
+			 "(&(objectClass=dnsNode)(name=@)(!(dNSTombstoned=TRUE)))");
 	if (ret != LDB_SUCCESS) {
 		talloc_free(tmp_ctx);
 		return WERR_INTERNAL_DB_ERROR;
@@ -1663,8 +1664,9 @@ static WERROR dnsserver_enumerate_root_records(struct dnsserver_state *dsstate,
 	if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) {
 		for (i=0; i<add_count; i++) {
 			ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
-					LDB_SCOPE_ONELEVEL, attrs,
-					"(&(objectClass=dnsNode)(name=%s))", add_names[i]);
+					 LDB_SCOPE_ONELEVEL, attrs,
+					 "(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))",
+					add_names[i]);
 			if (ret != LDB_SUCCESS || res->count == 0) {
 				talloc_free(res);
 				continue;
@@ -1728,11 +1730,12 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
 	/* search all records under parent tree */
 	if (strcasecmp(name, z->name) == 0) {
 		ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
-				LDB_SCOPE_ONELEVEL, attrs, "(objectClass=dnsNode)");
+				 LDB_SCOPE_ONELEVEL, attrs,
+				 "(&(objectClass=dnsNode)(!(dNSTombstoned=TRUE)))");
 	} else {
 		ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
-				LDB_SCOPE_ONELEVEL, attrs,
-				"(&(objectClass=dnsNode)(|(name=%s)(name=*.%s)))",
+				 LDB_SCOPE_ONELEVEL, attrs,
+				 "(&(objectClass=dnsNode)(|(name=%s)(name=*.%s))(!(dNSTombstoned=TRUE)))",
 				name, name);
 	}
 	if (ret != LDB_SUCCESS) {
@@ -1807,7 +1810,8 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
 				name = dns_split_node_name(tmp_ctx, add_names[i], z2->name);
 				ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z2->zone_dn,
 						LDB_SCOPE_ONELEVEL, attrs,
-						"(&(objectClass=dnsNode)(name=%s))", name);
+						"(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))",
+						name);
 				talloc_free(name);
 				if (ret != LDB_SUCCESS) {
 					continue;
-- 
1.9.3