[PATCH 3/4] s4-backupkey: Don't retrieve deleted LSA objects
Arvid Requate
requate at univention.de
Tue Jul 8 10:23:30 MDT 2014
Signed-off-by: Arvid Requate <requate at univention.de>
---
source4/rpc_server/backupkey/dcesrv_backupkey.c | 43
+++++++++++++++++++++++--
1 file changed, 40 insertions(+), 3 deletions(-)
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c
b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index 850735d..6699b78 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -178,6 +178,13 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx,
struct ldb_result *res;
struct ldb_dn *domain_dn;
struct ldb_dn *system_dn;
+ char *expression;
+ struct ldb_control dont_show_deleted = { LDB_CONTROL_SHOW_DELETED_OID,
false, NULL };
+ struct ldb_control *req_ctrls[] = {
+ &dont_show_deleted,
+ NULL
+ };
+ struct ldb_request *req;
const struct ldb_val *val;
uint8_t *data;
const char *attrs[] = {
@@ -205,9 +212,39 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- ret = ldb_search(ldb, mem_ctx, &res, system_dn, LDB_SCOPE_SUBTREE,
attrs,
- "(&(cn=%s Secret)(objectclass=secret))",
- ldb_binary_encode_string(tmp_mem, name));
+ expression = talloc_asprintf(tmp_mem,
+ "(&(cn=%s Secret)(objectclass=secret))",
+ ldb_binary_encode_string(tmp_mem, name));
+ if (!expression) {
+ talloc_free(tmp_mem);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ res = talloc_zero(mem_ctx, struct ldb_result);
+ if (!res) {
+ talloc_free(tmp_mem);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ret = ldb_build_search_req(&req, ldb, mem_ctx,
+ system_dn,
+ LDB_SCOPE_SUBTREE,
+ expression,
+ attrs,
+ req_ctrls,
+ res,
+ ldb_search_default_callback,
+ NULL);
+ ldb_req_set_location(req, "ldb_search");
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_mem);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ret = ldb_request(ldb, req);
+ if (ret == LDB_SUCCESS) {
+ ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+ }
if (ret != LDB_SUCCESS || res->count == 0) {
talloc_free(tmp_mem);
--
2.0.0.rc2
More information about the samba-technical
mailing list