diff options
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/extended_dn_out.c | 47 |
1 files changed, 22 insertions, 25 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c index 987a3b3cfb..bd57913ea6 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c @@ -434,6 +434,28 @@ static int extended_callback(struct ldb_request *req, struct ldb_reply *ares, struct ldb_dn *dn; struct dsdb_dn *dsdb_dn = NULL; struct ldb_val *plain_dn = &msg->elements[i].values[j]; + + if (!checked_reveal_control) { + have_reveal_control = + ldb_request_get_control(req, LDB_CONTROL_REVEAL_INTERNALS) != NULL; + checked_reveal_control = true; + } + + /* this is a fast method for detecting deleted + linked attributes, working on the unparsed + ldb_val */ + if (dsdb_dn_is_deleted_val(plain_dn) && !have_reveal_control) { + /* it's a deleted linked attribute, + and we don't have the reveal control */ + memmove(&msg->elements[i].values[j], + &msg->elements[i].values[j+1], + (msg->elements[i].num_values-(j+1))*sizeof(struct ldb_val)); + msg->elements[i].num_values--; + j--; + continue; + } + + dsdb_dn = dsdb_dn_parse(msg, ldb, plain_dn, attribute->syntax->ldap_oid); if (!dsdb_dn || !ldb_dn_validate(dsdb_dn->dn)) { @@ -447,31 +469,6 @@ static int extended_callback(struct ldb_request *req, struct ldb_reply *ares, } dn = dsdb_dn->dn; - if (!checked_reveal_control) { - have_reveal_control = - ldb_request_get_control(req, LDB_CONTROL_REVEAL_INTERNALS) != NULL; - checked_reveal_control = true; - } - - /* this is a fast method for detecting deleted - linked attributes. It relies on the - linearization of extended DNs sorting by name, - and "DELETED" being the first name */ - if (plain_dn->length >= 12 && - strncmp((const char *)plain_dn->data, "<DELETED=1>;", 12) == 0) { - if (!have_reveal_control) { - /* it's a deleted linked - * attribute, and we don't - * have the reveal control */ - memmove(&msg->elements[i].values[j], - &msg->elements[i].values[j+1], - (msg->elements[i].num_values-(j+1))*sizeof(struct ldb_val)); - msg->elements[i].num_values--; - j--; - continue; - } - } - /* don't let users see the internal extended GUID components */ if (!have_reveal_control) { |