From 1eada71cad761528db159f6aecaba90db9148269 Mon Sep 17 00:00:00 2001
From: Amitay Isaacs <amitay@gmail.com>
Date: Thu, 31 Jul 2014 17:24:52 +1000
Subject: [PATCH 1/3] s4-rpc: dnsserver: Do not search for deleted DNS entries

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
index 856016c..5162ab0 100644
--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
@@ -1631,7 +1631,8 @@ static WERROR dnsserver_enumerate_root_records(struct dnsserver_state *dsstate,
 	}
 
 	ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
-				LDB_SCOPE_ONELEVEL, attrs, "(&(objectClass=dnsNode)(name=@))");
+			 LDB_SCOPE_ONELEVEL, attrs,
+			 "(&(objectClass=dnsNode)(name=@)(!(dNSTombstoned=TRUE)))");
 	if (ret != LDB_SUCCESS) {
 		talloc_free(tmp_ctx);
 		return WERR_INTERNAL_DB_ERROR;
@@ -1663,8 +1664,9 @@ static WERROR dnsserver_enumerate_root_records(struct dnsserver_state *dsstate,
 	if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) {
 		for (i=0; i<add_count; i++) {
 			ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
-					LDB_SCOPE_ONELEVEL, attrs,
-					"(&(objectClass=dnsNode)(name=%s))", add_names[i]);
+					 LDB_SCOPE_ONELEVEL, attrs,
+					 "(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))",
+					add_names[i]);
 			if (ret != LDB_SUCCESS || res->count == 0) {
 				talloc_free(res);
 				continue;
@@ -1728,11 +1730,12 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
 	/* search all records under parent tree */
 	if (strcasecmp(name, z->name) == 0) {
 		ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
-				LDB_SCOPE_ONELEVEL, attrs, "(objectClass=dnsNode)");
+				 LDB_SCOPE_ONELEVEL, attrs,
+				 "(&(objectClass=dnsNode)(!(dNSTombstoned=TRUE)))");
 	} else {
 		ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
-				LDB_SCOPE_ONELEVEL, attrs,
-				"(&(objectClass=dnsNode)(|(name=%s)(name=*.%s)))",
+				 LDB_SCOPE_ONELEVEL, attrs,
+				 "(&(objectClass=dnsNode)(|(name=%s)(name=*.%s))(!(dNSTombstoned=TRUE)))",
 				name, name);
 	}
 	if (ret != LDB_SUCCESS) {
@@ -1807,7 +1810,8 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
 				name = dns_split_node_name(tmp_ctx, add_names[i], z2->name);
 				ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z2->zone_dn,
 						LDB_SCOPE_ONELEVEL, attrs,
-						"(&(objectClass=dnsNode)(name=%s))", name);
+						"(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))",
+						name);
 				talloc_free(name);
 				if (ret != LDB_SUCCESS) {
 					continue;
-- 
1.9.1


From dbd6f59430cc05bbc93d62a10ef8761fd0de9029 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 4 Sep 2014 07:18:53 +0200
Subject: [PATCH 2/3] s4-rpc: dnsserver: don't update tombstoned soa records

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source4/rpc_server/dnsserver/dnsdb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source4/rpc_server/dnsserver/dnsdb.c b/source4/rpc_server/dnsserver/dnsdb.c
index 24e9e89..e04083b 100644
--- a/source4/rpc_server/dnsserver/dnsdb.c
+++ b/source4/rpc_server/dnsserver/dnsdb.c
@@ -265,7 +265,7 @@ static unsigned int dnsserver_update_soa(TALLOC_CTX *mem_ctx,
 	t /= 3600;         /* convert to hours */
 
 	ret = ldb_search(samdb, mem_ctx, &res, z->zone_dn, LDB_SCOPE_ONELEVEL, attrs,
-			"(&(objectClass=dnsNode)(name=@))");
+			"(&(objectClass=dnsNode)(name=@)(!(dNSTombstoned=TRUE)))");
 	if (ret != LDB_SUCCESS || res->count == 0) {
 		return -1;
 	}
-- 
1.9.1


From a8a5103d5fd7ffa3bc93f5de9f4ed57fdacb7795 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 4 Sep 2014 07:19:46 +0200
Subject: [PATCH 3/3] s4-rpc: dnsserver: reset dNSTombstoned=FALSE on update

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source4/rpc_server/dnsserver/dnsdb.c | 40 ++++++++++++++++++++++++++++++++++--
 1 file changed, 38 insertions(+), 2 deletions(-)

diff --git a/source4/rpc_server/dnsserver/dnsdb.c b/source4/rpc_server/dnsserver/dnsdb.c
index e04083b..dd9e3d0 100644
--- a/source4/rpc_server/dnsserver/dnsdb.c
+++ b/source4/rpc_server/dnsserver/dnsdb.c
@@ -395,7 +395,7 @@ WERROR dnsserver_db_add_record(TALLOC_CTX *mem_ctx,
 					const char *name,
 					struct DNS_RPC_RECORD *add_record)
 {
-	const char * const attrs[] = { "dnsRecord", NULL };
+	const char * const attrs[] = { "dnsRecord", "dNSTombstoned", NULL };
 	struct ldb_result *res;
 	struct dnsp_DnssrvRpcRecord *rec;
 	struct ldb_message_element *el;
@@ -404,6 +404,7 @@ WERROR dnsserver_db_add_record(TALLOC_CTX *mem_ctx,
 	NTTIME t;
 	int ret, i;
 	int serial;
+	bool was_tombstoned = false;
 
 	rec = dns_to_dnsp_copy(mem_ctx, add_record);
 	W_ERROR_HAVE_NO_MEMORY(rec);
@@ -444,6 +445,9 @@ WERROR dnsserver_db_add_record(TALLOC_CTX *mem_ctx,
 		return dnsserver_db_do_add_rec(mem_ctx, samdb, dn, 1, rec);
 	}
 
+	was_tombstoned = ldb_msg_find_attr_as_bool(rec->msgs,
+						   "dNSTombstoned", false);
+
 	el = ldb_msg_find_element(res->msgs[0], "dnsRecord");
 	if (el == NULL) {
 		ret = ldb_msg_add_empty(res->msgs[0], "dnsRecord", 0, &el);
@@ -481,6 +485,20 @@ WERROR dnsserver_db_add_record(TALLOC_CTX *mem_ctx,
 		return WERR_GENERAL_FAILURE;
 	}
 
+	if (was_tombstoned) {
+		ret = ldb_msg_add_empty(res->msgs[0], "dNSTombstoned",
+					LDB_FLAG_MOD_REPLACE, NULL);
+		if (ret != LDB_SUCCESS) {
+			return WERR_GENERAL_FAILURE;
+		}
+
+		ret = ldb_msg_add_fmt(res->msgs[0], "dNSTombstoned",
+				      "%s", "FALSE");
+		if (ret != LDB_SUCCESS) {
+			return WERR_GENERAL_FAILURE;
+		}
+	}
+
 	el->flags = LDB_FLAG_MOD_REPLACE;
 	ret = ldb_modify(samdb, res->msgs[0]);
 	if (ret != LDB_SUCCESS) {
@@ -499,7 +517,7 @@ WERROR dnsserver_db_update_record(TALLOC_CTX *mem_ctx,
 					struct DNS_RPC_RECORD *add_record,
 					struct DNS_RPC_RECORD *del_record)
 {
-	const char * const attrs[] = { "dnsRecord", NULL };
+	const char * const attrs[] = { "dnsRecord", "dNSTombstoned", NULL };
 	struct ldb_result *res;
 	struct dnsp_DnssrvRpcRecord *arec, *drec;
 	struct ldb_message_element *el;
@@ -507,6 +525,7 @@ WERROR dnsserver_db_update_record(TALLOC_CTX *mem_ctx,
 	NTTIME t;
 	int ret, i;
 	int serial;
+	bool was_tombstoned = false;
 
 	arec = dns_to_dnsp_copy(mem_ctx, add_record);
 	W_ERROR_HAVE_NO_MEMORY(arec);
@@ -529,6 +548,9 @@ WERROR dnsserver_db_update_record(TALLOC_CTX *mem_ctx,
 		return WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST;
 	}
 
+	was_tombstoned = ldb_msg_find_attr_as_bool(rec->msgs,
+						   "dNSTombstoned", false);
+
 	el = ldb_msg_find_element(res->msgs[0], "dnsRecord");
 	if (el == NULL || el->num_values == 0) {
 		return WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST;
@@ -584,6 +606,20 @@ WERROR dnsserver_db_update_record(TALLOC_CTX *mem_ctx,
 		return WERR_GENERAL_FAILURE;
 	}
 
+	if (was_tombstoned) {
+		ret = ldb_msg_add_empty(res->msgs[0], "dNSTombstoned",
+					LDB_FLAG_MOD_REPLACE, NULL);
+		if (ret != LDB_SUCCESS) {
+			return WERR_GENERAL_FAILURE;
+		}
+
+		ret = ldb_msg_add_fmt(res->msgs[0], "dNSTombstoned",
+				      "%s", "FALSE");
+		if (ret != LDB_SUCCESS) {
+			return WERR_GENERAL_FAILURE;
+		}
+	}
+
 	el->flags = LDB_FLAG_MOD_REPLACE;
 	ret = ldb_modify(samdb, res->msgs[0]);
 	if (ret != LDB_SUCCESS) {
-- 
1.9.1