From f0624d389010bd3ac760f8f07a7174fd708496be Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 13 Sep 2017 13:00:08 +1200
Subject: ldb_tdb: Also ban a (indexed) search against like @IDXDN=foo

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
---
 lib/ldb/ldb_tdb/ldb_index.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c
index 566372380f8..7150086f574 100644
--- a/lib/ldb/ldb_tdb/ldb_index.c
+++ b/lib/ldb/ldb_tdb/ldb_index.c
@@ -945,6 +945,12 @@ static int ltdb_index_dn_leaf(struct ldb_module *module,
 		list->count = 0;
 		return LDB_SUCCESS;
 	}
+	if (tree->u.equality.attr[0] == '@') {
+		/* Do not allow a indexed search against an @ */
+		list->dn = NULL;
+		list->count = 0;
+		return LDB_SUCCESS;
+	}
 	if (ldb_attr_dn(tree->u.equality.attr) == 0) {
 		struct ldb_dn *dn
 			= ldb_dn_from_ldb_val(list,
-- 
cgit v1.2.1