s4:dsdb/extended_dn_in: don't force DSDB_SEARCH_SHOW_RECYCLED

We should take the controls the caller provided when we search for existing objects. A search with a basedn of '<GUID=....>' should result in LDB_ERR_NO_SUCH_OBJECT is the object has isDeleted=TRUE. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10694 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 9e6349f81edb3914d18bc50473d65c0c1f5bc113)
author: Stefan Metzmacher <metze@samba.org> 2014-07-07 12:00:14 +0200
committer: Karolin Seeger <kseeger@samba.org> 2014-07-15 12:46:16 +0200
commit: b23e9d5598c16990ec26f7aea3637760255e1633 (patch)
tree: 147c5736988bcb484faa7ab7e06e35b732937306 /source4
parent: f23869c4f263337429af2b20b9120b10c2a747f9 (diff)
download: samba-b23e9d5598c16990ec26f7aea3637760255e1633.tar.gz
1 files changed, 20 insertions, 17 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
index 034d22a2ca3..213b2c2c87b 100644
--- a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c
@@ -315,6 +315,7 @@ struct extended_dn_filter_ctx {
 	struct ldb_module *module;
 	struct ldb_request *req;
 	struct dsdb_schema *schema;
+	uint32_t dsdb_flags;
 };
 
 /*
@@ -411,10 +412,7 @@ static int extended_dn_filter_callback(struct ldb_parse_tree *tree, void *privat
 		return LDB_SUCCESS;
 	}
 
-	dsdb_flags = DSDB_FLAG_NEXT_MODULE |
-		DSDB_FLAG_AS_SYSTEM |
-		DSDB_SEARCH_SHOW_RECYCLED |
-		DSDB_SEARCH_SHOW_EXTENDED_DN;
+	dsdb_flags = filter_ctx->dsdb_flags | DSDB_FLAG_NEXT_MODULE;
 
 	if (guid_val) {
 		expression = talloc_asprintf(filter_ctx, "objectGUID=%s", ldb_binary_encode(filter_ctx, *guid_val));
@@ -475,7 +473,9 @@ static int extended_dn_filter_callback(struct ldb_parse_tree *tree, void *privat
   fix the parse tree to change any extended DN components to their
   caconical form
  */
-static int extended_dn_fix_filter(struct ldb_module *module, struct ldb_request *req)
+static int extended_dn_fix_filter(struct ldb_module *module,
+				  struct ldb_request *req,
+				  uint32_t default_dsdb_flags)
 {
 	struct extended_dn_filter_ctx *filter_ctx;
 	int ret;
@@ -493,6 +493,7 @@ static int extended_dn_fix_filter(struct ldb_module *module, struct ldb_request
 	filter_ctx->module    = module;
 	filter_ctx->req       = req;
 	filter_ctx->schema    = dsdb_get_schema(ldb_module_get_ctx(module), filter_ctx);
+	filter_ctx->dsdb_flags= default_dsdb_flags;
 
 	ret = ldb_parse_tree_walk(req->op.search.tree, extended_dn_filter_callback, filter_ctx);
 	if (ret != LDB_SUCCESS) {
@@ -541,10 +542,20 @@ static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req
 	static const char *no_attr[] = {
 		NULL
 	};
-	bool all_partitions = false;
+	uint32_t dsdb_flags = DSDB_FLAG_AS_SYSTEM | DSDB_SEARCH_SHOW_EXTENDED_DN;
+
+	if (ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID)) {
+		dsdb_flags |= DSDB_SEARCH_SHOW_DELETED;
+	}
+	if (ldb_request_get_control(req, LDB_CONTROL_SHOW_RECYCLED_OID)) {
+		dsdb_flags |= DSDB_SEARCH_SHOW_RECYCLED;
+	}
+	if (ldb_request_get_control(req, DSDB_CONTROL_DBCHECK)) {
+		dsdb_flags |= DSDB_SEARCH_SHOW_RECYCLED;
+	}
 
 	if (req->operation == LDB_SEARCH) {
-		ret = extended_dn_fix_filter(module, req);
+		ret = extended_dn_fix_filter(module, req, dsdb_flags);
 		if (ret != LDB_SUCCESS) {
 			return ret;
 		}
@@ -556,7 +567,6 @@ static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req
 	} else {
 		/* It looks like we need to map the DN */
 		const struct ldb_val *sid_val, *guid_val, *wkguid_val;
-		uint32_t dsdb_flags = 0;
 
 		if (!ldb_dn_match_allowed(dn, req)) {
 			return ldb_error(ldb_module_get_ctx(module),
@@ -573,7 +583,7 @@ static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req
 		  ForeignSecurityPrinciples due to provision errors
 		 */
 		if (guid_val) {
-			all_partitions = true;
+			dsdb_flags |= DSDB_SEARCH_SEARCH_ALL_PARTITIONS;
 			base_dn = NULL;
 			base_dn_filter = talloc_asprintf(req, "(objectGUID=%s)",
 							 ldb_binary_encode(req, *guid_val));
@@ -584,7 +594,7 @@ static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req
 			base_dn_attrs = no_attr;
 
 		} else if (sid_val) {
-			all_partitions = true;
+			dsdb_flags |= DSDB_SEARCH_SEARCH_ALL_PARTITIONS;
 			base_dn = NULL;
 			base_dn_filter = talloc_asprintf(req, "(objectSid=%s)",
 							 ldb_binary_encode(req, *sid_val));
@@ -661,13 +671,6 @@ static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req
 			return ldb_operr(ldb_module_get_ctx(module));
 		}
 
-		dsdb_flags = DSDB_FLAG_AS_SYSTEM |
-			DSDB_SEARCH_SHOW_RECYCLED |
-			DSDB_SEARCH_SHOW_EXTENDED_DN;
-		if (all_partitions) {
-			dsdb_flags |= DSDB_SEARCH_SEARCH_ALL_PARTITIONS;
-		}
-
 		ret = dsdb_request_add_controls(down_req, dsdb_flags);
 		if (ret != LDB_SUCCESS) {
 			return ret;
author	Stefan Metzmacher <metze@samba.org>	2014-07-07 12:00:14 +0200
committer	Karolin Seeger <kseeger@samba.org>	2014-07-15 12:46:16 +0200
commit	b23e9d5598c16990ec26f7aea3637760255e1633 (patch)
tree	147c5736988bcb484faa7ab7e06e35b732937306 /source4
parent	f23869c4f263337429af2b20b9120b10c2a747f9 (diff)
download	samba-b23e9d5598c16990ec26f7aea3637760255e1633.tar.gz