s4-rpc: dnsserver: Do not search for deleted DNS entries

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
index 856016c5345243191a289ae7e5aa00a5c34d4cf6..5162ab027e3392ef194999c4f6958902aeaf0db5 100644 (file)
--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
@@ -1631,7 +1631,8 @@ static WERROR dnsserver_enumerate_root_records(struct dnsserver_state *dsstate,
        }
 
        ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
-                               LDB_SCOPE_ONELEVEL, attrs, "(&(objectClass=dnsNode)(name=@))");
+                        LDB_SCOPE_ONELEVEL, attrs,
+                        "(&(objectClass=dnsNode)(name=@)(!(dNSTombstoned=TRUE)))");
        if (ret != LDB_SUCCESS) {
                talloc_free(tmp_ctx);
                return WERR_INTERNAL_DB_ERROR;
@@ -1663,8 +1664,9 @@ static WERROR dnsserver_enumerate_root_records(struct dnsserver_state *dsstate,
        if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) {
                for (i=0; i<add_count; i++) {
                        ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
-                                       LDB_SCOPE_ONELEVEL, attrs,
-                                       "(&(objectClass=dnsNode)(name=%s))", add_names[i]);
+                                        LDB_SCOPE_ONELEVEL, attrs,
+                                        "(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))",
+                                       add_names[i]);
                        if (ret != LDB_SUCCESS || res->count == 0) {
                                talloc_free(res);
                                continue;
@@ -1728,11 +1730,12 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
        /* search all records under parent tree */
        if (strcasecmp(name, z->name) == 0) {
                ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
-                               LDB_SCOPE_ONELEVEL, attrs, "(objectClass=dnsNode)");
+                                LDB_SCOPE_ONELEVEL, attrs,
+                                "(&(objectClass=dnsNode)(!(dNSTombstoned=TRUE)))");
        } else {
                ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
-                               LDB_SCOPE_ONELEVEL, attrs,
-                               "(&(objectClass=dnsNode)(|(name=%s)(name=*.%s)))",
+                                LDB_SCOPE_ONELEVEL, attrs,
+                                "(&(objectClass=dnsNode)(|(name=%s)(name=*.%s))(!(dNSTombstoned=TRUE)))",
                                name, name);
        }
        if (ret != LDB_SUCCESS) {
@@ -1807,7 +1810,8 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
                                name = dns_split_node_name(tmp_ctx, add_names[i], z2->name);
                                ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z2->zone_dn,
                                                LDB_SCOPE_ONELEVEL, attrs,
-                                               "(&(objectClass=dnsNode)(name=%s))", name);
+                                               "(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))",
+                                               name);
                                talloc_free(name);
                                if (ret != LDB_SUCCESS) {
                                        continue;