From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 8 Jul 2016 08:47:41 +0000 (+0200)
Subject: s4:dsdb/repl_meta_data: remove secret attributes on delete
X-Git-Tag: tdb-1.3.10~446
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0350e3a42ab509130a5f48b43b1923d8738b2ad0;p=thirdparty%2Fsamba.git

s4:dsdb/repl_meta_data: remove secret attributes on delete

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 1a9a400b40a..9a1ff166b30 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -3130,6 +3130,11 @@ static int replmd_delete_internals(struct ldb_module *module, struct ldb_request
 		"whenChanged",
 		NULL
 	};
+	static const char * const all_attrs[] = {
+		DSDB_SECRET_ATTRIBUTES,
+		"*",
+		NULL
+	};
 	unsigned int i, el_count = 0;
 	enum deletion_state deletion_state, next_deletion_state;
 
@@ -3167,7 +3172,7 @@ static int replmd_delete_internals(struct ldb_module *module, struct ldb_request
 
 	/* we need the complete msg off disk, so we can work out which
 	   attributes need to be removed */
-	ret = dsdb_module_search_dn(module, tmp_ctx, &res, old_dn, NULL,
+	ret = dsdb_module_search_dn(module, tmp_ctx, &res, old_dn, all_attrs,
 	                            DSDB_FLAG_NEXT_MODULE |
 	                            DSDB_SEARCH_SHOW_RECYCLED |
 				    DSDB_SEARCH_REVEAL_INTERNALS |