dsdb: Allow dsdb_find_dn_by_guid to show deleted DNs

This helps us in the KCC as we need to return the deleted DN for the GUID
in DsReplicaGetInfo calls (tested for deleted servers against Windows 2008R2).

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>

5 files changed, 17 insertions, 9 deletions

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 8e407768ff..7a243c3d37 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2458,7 +2458,9 @@ struct ldb_dn *samdb_domain_to_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
  */
 int dsdb_find_dn_by_guid(struct ldb_context *ldb, 
 			 TALLOC_CTX *mem_ctx,
-			 const struct GUID *guid, struct ldb_dn **dn)
+			 const struct GUID *guid,
+			 uint32_t dsdb_flags,
+			 struct ldb_dn **dn)
 {
 	int ret;
 	struct ldb_result *res;
@@ -2472,7 +2474,7 @@ int dsdb_find_dn_by_guid(struct ldb_context *ldb,
 	ret = dsdb_search(ldb, mem_ctx, &res, NULL, LDB_SCOPE_SUBTREE, attrs,
 			  DSDB_SEARCH_SEARCH_ALL_PARTITIONS |
 			  DSDB_SEARCH_SHOW_EXTENDED_DN |
-			  DSDB_SEARCH_ONE_ONLY,
+			  DSDB_SEARCH_ONE_ONLY | dsdb_flags,
 			  "objectGUID=%s", guid_str);
 	talloc_free(guid_str);
 	if (ret != LDB_SUCCESS) {
diff --git a/source4/dsdb/kcc/kcc_connection.c b/source4/dsdb/kcc/kcc_connection.c
index ea6383342c..f85ed13f55 100644
--- a/source4/dsdb/kcc/kcc_connection.c
+++ b/source4/dsdb/kcc/kcc_connection.c
@@ -70,7 +70,7 @@ static int kccsrv_add_connection(struct kccsrv_service *s,
 		ret = LDB_ERR_INVALID_DN_SYNTAX;
 		goto done;
 	}
-	ret = dsdb_find_dn_by_guid(s->samdb, tmp_ctx, &conn->dsa_guid, &server_dn);
+	ret = dsdb_find_dn_by_guid(s->samdb, tmp_ctx, &conn->dsa_guid, 0, &server_dn);
 	if (ret != LDB_SUCCESS) {
 		DEBUG(0, ("failed to find fromServer DN '%s'\n",
 			  GUID_string(tmp_ctx, &conn->dsa_guid)));
@@ -111,7 +111,7 @@ static int kccsrv_delete_connection(struct kccsrv_service *s,
 	int ret;
 
 	tmp_ctx = talloc_new(s);
-	ret = dsdb_find_dn_by_guid(s->samdb, tmp_ctx, &conn->obj_guid, &dn);
+	ret = dsdb_find_dn_by_guid(s->samdb, tmp_ctx, &conn->obj_guid, 0, &dn);
 	if (ret != LDB_SUCCESS) {
 		DEBUG(0, ("failed to find nTDSConnection's DN: %s\n",
 			  ldb_strerror(ret)));
diff --git a/source4/dsdb/kcc/kcc_drs_replica_info.c b/source4/dsdb/kcc/kcc_drs_replica_info.c
index 7aa7f5a0f4..ac22312a0c 100644
--- a/source4/dsdb/kcc/kcc_drs_replica_info.c
+++ b/source4/dsdb/kcc/kcc_drs_replica_info.c
@@ -533,6 +533,7 @@ static WERROR fill_neighbor_from_repsFrom(TALLOC_CTX *mem_ctx,
 	neigh->source_dsa_obj_guid = reps_from->source_dsa_obj_guid;
 
 	ret = dsdb_find_dn_by_guid(samdb, mem_ctx, &reps_from->source_dsa_obj_guid,
+				   DSDB_SEARCH_SHOW_RECYCLED,
 				   &source_dsa_dn);
 
 	if (ret != LDB_SUCCESS) {
@@ -544,13 +545,15 @@ static WERROR fill_neighbor_from_repsFrom(TALLOC_CTX *mem_ctx,
 	neigh->source_dsa_obj_dn = ldb_dn_get_linearized(source_dsa_dn);
 	neigh->naming_context_dn = ldb_dn_get_linearized(nc_dn);
 
-	if (dsdb_find_guid_by_dn(samdb, nc_dn, &neigh->naming_context_obj_guid)
+	if (dsdb_find_guid_by_dn(samdb, nc_dn,
+				 &neigh->naming_context_obj_guid)
 			!= LDB_SUCCESS) {
 		return WERR_DS_DRA_INTERNAL_ERROR;
 	}
 
 	if (!GUID_all_zero(&reps_from->transport_guid)) {
 		ret = dsdb_find_dn_by_guid(samdb, mem_ctx, &reps_from->transport_guid,
+					   DSDB_SEARCH_SHOW_RECYCLED,
 					   &transport_obj_dn);
 		if (ret != LDB_SUCCESS) {
 			return WERR_DS_DRA_INTERNAL_ERROR;
@@ -668,7 +671,10 @@ static WERROR fill_neighbor_from_repsTo(TALLOC_CTX *mem_ctx,
 	neigh->last_attempt = reps_to->last_attempt;
 	neigh->source_dsa_obj_guid = reps_to->source_dsa_obj_guid;
 
-	ret = dsdb_find_dn_by_guid(samdb, mem_ctx, &reps_to->source_dsa_obj_guid, &source_dsa_dn);
+	ret = dsdb_find_dn_by_guid(samdb, mem_ctx,
+				   &reps_to->source_dsa_obj_guid,
+				   DSDB_SEARCH_SHOW_RECYCLED,
+				   &source_dsa_dn);
 	if (ret != LDB_SUCCESS) {
 		DEBUG(0,(__location__ ": Failed to find DN for neighbor GUID %s\n",
 			 GUID_string(mem_ctx, &reps_to->source_dsa_obj_guid)));
diff --git a/source4/dsdb/repl/drepl_partitions.c b/source4/dsdb/repl/drepl_partitions.c
index 2a16a4502f..4c5dde27f7 100644
--- a/source4/dsdb/repl/drepl_partitions.c
+++ b/source4/dsdb/repl/drepl_partitions.c
@@ -172,7 +172,7 @@ NTSTATUS dreplsrv_get_target_principal(struct dreplsrv_service *s,
 	tmp_ctx = talloc_new(mem_ctx);
 
 	/* we need to find their hostname */
-	ret = dsdb_find_dn_by_guid(s->samdb, tmp_ctx, &rft->source_dsa_obj_guid, &ntds_dn);
+	ret = dsdb_find_dn_by_guid(s->samdb, tmp_ctx, &rft->source_dsa_obj_guid, 0, &ntds_dn);
 	if (ret != LDB_SUCCESS) {
 		talloc_free(tmp_ctx);
 		/* its OK for their NTDSDSA DN not to be in our database */
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index 219ddbc9f3..5ee87cbfbf 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -452,7 +452,7 @@ static WERROR get_nc_changes_add_la(TALLOC_CTX *mem_ctx,
 				sa->lDAPDisplayName, ldb_dn_get_linearized(msg->dn)));
 			return ntstatus_to_werror(status);
 		}
-		ret = dsdb_find_dn_by_guid(sam_ctx, mem_ctx, &guid, &tdn);
+		ret = dsdb_find_dn_by_guid(sam_ctx, mem_ctx, &guid, 0, &tdn);
 		if (ret == LDB_ERR_NO_SUCH_OBJECT) {
 			DEBUG(2, (" Search of guid %s returned 0 objects, skipping it !\n",
 						GUID_string(mem_ctx, &guid)));
@@ -1151,7 +1151,7 @@ static WERROR getncchanges_change_master(struct drsuapi_bind_state *b_state,
 	W_ERROR_HAVE_NO_MEMORY(msg->dn);
 
 	/* TODO: make sure ntds_dn is a valid nTDSDSA object */
-	ret = dsdb_find_dn_by_guid(ldb, msg, &req10->destination_dsa_guid, &ntds_dn);
+	ret = dsdb_find_dn_by_guid(ldb, msg, &req10->destination_dsa_guid, 0, &ntds_dn);
 	if (ret != LDB_SUCCESS) {
 		DEBUG(0, (__location__ ": Unable to find NTDS object for guid %s - %s\n",
 			  GUID_string(mem_ctx, &req10->destination_dsa_guid), ldb_errstring(ldb)));