[PATCH 3/4] s4-backupkey: Don't retrieve deleted LSA objects

[Arvid Requate]

Signed-off-by: Arvid Requate <requate at univention.de>
---
 source4/rpc_server/backupkey/dcesrv_backupkey.c | 43 
+++++++++++++++++++++++--
 1 file changed, 40 insertions(+), 3 deletions(-)

diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c 
b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index 850735d..6699b78 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -178,6 +178,13 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx,
        struct ldb_result *res;
        struct ldb_dn *domain_dn;
        struct ldb_dn *system_dn;
+       char *expression;
+       struct ldb_control dont_show_deleted = { LDB_CONTROL_SHOW_DELETED_OID, 
false, NULL };
+       struct ldb_control *req_ctrls[] = {
+               &dont_show_deleted,
+               NULL
+       };
+       struct ldb_request *req;
        const struct ldb_val *val;
        uint8_t *data;
        const char *attrs[] = {
@@ -205,9 +212,39 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx,
                return NT_STATUS_NO_MEMORY;
        }
 
-       ret = ldb_search(ldb, mem_ctx, &res, system_dn, LDB_SCOPE_SUBTREE, 
attrs,
-                          "(&(cn=%s Secret)(objectclass=secret))",
-                          ldb_binary_encode_string(tmp_mem, name));
+       expression = talloc_asprintf(tmp_mem,
+                               "(&(cn=%s Secret)(objectclass=secret))",
+                               ldb_binary_encode_string(tmp_mem, name));
+       if (!expression) {
+               talloc_free(tmp_mem);
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       res = talloc_zero(mem_ctx, struct ldb_result);
+       if (!res) {
+               talloc_free(tmp_mem);
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       ret = ldb_build_search_req(&req, ldb, mem_ctx,
+                               system_dn,
+                               LDB_SCOPE_SUBTREE,
+                               expression,
+                               attrs,
+                               req_ctrls,
+                               res,
+                               ldb_search_default_callback,
+                               NULL);
+       ldb_req_set_location(req, "ldb_search");
+       if (ret != LDB_SUCCESS) {
+               talloc_free(tmp_mem);
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       ret = ldb_request(ldb, req);
+       if (ret == LDB_SUCCESS) {
+               ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+       }
 
        if (ret != LDB_SUCCESS || res->count == 0) {
                talloc_free(tmp_mem);
-- 
2.0.0.rc2