From 7e1899a5d9908871f0f3af04c1032fab877a9e76 Mon Sep 17 00:00:00 2001
From: Amitay Isaacs <amitay@gmail.com>
Date: Thu, 31 Jul 2014 17:24:52 +1000
Subject: [PATCH 1/2] s4-rpc: dnsserver: Do not search for deleted DNS entries

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
index d54940a..dee69fe 100644
--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
@@ -1625,7 +1625,8 @@ static WERROR dnsserver_enumerate_root_records(struct dnsserver_state *dsstate,
 	}
 
 	ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
-				LDB_SCOPE_ONELEVEL, attrs, "(&(objectClass=dnsNode)(name=@))");
+			 LDB_SCOPE_ONELEVEL, attrs,
+			 "(&(objectClass=dnsNode)(name=@)(!(dNSTombstoned=TRUE)))");
 	if (ret != LDB_SUCCESS) {
 		talloc_free(tmp_ctx);
 		return WERR_INTERNAL_DB_ERROR;
@@ -1657,8 +1658,9 @@ static WERROR dnsserver_enumerate_root_records(struct dnsserver_state *dsstate,
 	if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) {
 		for (i=0; i<add_count; i++) {
 			ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
-					LDB_SCOPE_ONELEVEL, attrs,
-					"(&(objectClass=dnsNode)(name=%s))", add_names[i]);
+					 LDB_SCOPE_ONELEVEL, attrs,
+					 "(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))",
+					add_names[i]);
 			if (ret != LDB_SUCCESS || res->count == 0) {
 				talloc_free(res);
 				continue;
@@ -1722,11 +1724,12 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
 	/* search all records under parent tree */
 	if (strcasecmp(name, z->name) == 0) {
 		ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
-				LDB_SCOPE_ONELEVEL, attrs, "(objectClass=dnsNode)");
+				 LDB_SCOPE_ONELEVEL, attrs,
+				 "(&(objectClass=dnsNode)(!(dNSTombstoned=TRUE)))");
 	} else {
 		ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
-				LDB_SCOPE_ONELEVEL, attrs,
-				"(&(objectClass=dnsNode)(|(name=%s)(name=*.%s)))",
+				 LDB_SCOPE_ONELEVEL, attrs,
+				 "(&(objectClass=dnsNode)(|(name=%s)(name=*.%s))(!(dNSTombstoned=TRUE)))",
 				name, name);
 	}
 	if (ret != LDB_SUCCESS) {
@@ -1801,7 +1804,8 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
 				name = dns_split_node_name(tmp_ctx, add_names[i], z2->name);
 				ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z2->zone_dn,
 						LDB_SCOPE_ONELEVEL, attrs,
-						"(&(objectClass=dnsNode)(name=%s))", name);
+						"(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))",
+						name);
 				talloc_free(name);
 				if (ret != LDB_SUCCESS) {
 					continue;
-- 
1.9.1


From 5186fc7af2ac038be280d87768a7dd150ba98c5c Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 4 Sep 2014 07:19:46 +0200
Subject: [PATCH 2/2] s4-rpc: dnsserver: handle updates of tombstoned dnsNode
 objects

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
---
 source4/rpc_server/dnsserver/dnsdb.c | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/source4/rpc_server/dnsserver/dnsdb.c b/source4/rpc_server/dnsserver/dnsdb.c
index 24e9e89..1c87138 100644
--- a/source4/rpc_server/dnsserver/dnsdb.c
+++ b/source4/rpc_server/dnsserver/dnsdb.c
@@ -395,7 +395,7 @@ WERROR dnsserver_db_add_record(TALLOC_CTX *mem_ctx,
 					const char *name,
 					struct DNS_RPC_RECORD *add_record)
 {
-	const char * const attrs[] = { "dnsRecord", NULL };
+	const char * const attrs[] = { "dnsRecord", "dNSTombstoned", NULL };
 	struct ldb_result *res;
 	struct dnsp_DnssrvRpcRecord *rec;
 	struct ldb_message_element *el;
@@ -404,6 +404,7 @@ WERROR dnsserver_db_add_record(TALLOC_CTX *mem_ctx,
 	NTTIME t;
 	int ret, i;
 	int serial;
+	bool was_tombstoned = false;
 
 	rec = dns_to_dnsp_copy(mem_ctx, add_record);
 	W_ERROR_HAVE_NO_MEMORY(rec);
@@ -452,6 +453,12 @@ WERROR dnsserver_db_add_record(TALLOC_CTX *mem_ctx,
 		}
 	}
 
+	was_tombstoned = ldb_msg_find_attr_as_bool(res->msgs[0],
+						   "dNSTombstoned", false);
+	if (was_tombstoned) {
+		el->num_values = 0;
+	}
+
 	for (i=0; i<el->num_values; i++) {
 		struct dnsp_DnssrvRpcRecord rec2;
 
@@ -481,6 +488,20 @@ WERROR dnsserver_db_add_record(TALLOC_CTX *mem_ctx,
 		return WERR_GENERAL_FAILURE;
 	}
 
+	if (was_tombstoned) {
+		ret = ldb_msg_add_empty(res->msgs[0], "dNSTombstoned",
+					LDB_FLAG_MOD_REPLACE, NULL);
+		if (ret != LDB_SUCCESS) {
+			return WERR_GENERAL_FAILURE;
+		}
+
+		ret = ldb_msg_add_fmt(res->msgs[0], "dNSTombstoned",
+				      "%s", "FALSE");
+		if (ret != LDB_SUCCESS) {
+			return WERR_GENERAL_FAILURE;
+		}
+	}
+
 	el->flags = LDB_FLAG_MOD_REPLACE;
 	ret = ldb_modify(samdb, res->msgs[0]);
 	if (ret != LDB_SUCCESS) {
@@ -520,7 +541,7 @@ WERROR dnsserver_db_update_record(TALLOC_CTX *mem_ctx,
 	arec->dwTimeStamp = t;
 
 	ret = ldb_search(samdb, mem_ctx, &res, z->zone_dn, LDB_SCOPE_ONELEVEL, attrs,
-			"(&(objectClass=dnsNode)(name=%s))", name);
+			"(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))", name);
 	if (ret != LDB_SUCCESS) {
 		return WERR_INTERNAL_DB_ERROR;
 	}
-- 
1.9.1