Line data Source code
1 : /*
2 : Unix SMB/CIFS Implementation.
3 : API for determining af an attribute belongs to the filtered set.
4 :
5 : Copyright (C) Nadezhda Ivanova <nivanova@samba.org> 2010
6 :
7 : This program is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3 of the License, or
10 : (at your option) any later version.
11 :
12 : This program is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with this program. If not, see <http://www.gnu.org/licenses/>.
19 :
20 : */
21 : #include "includes.h"
22 : #include "dsdb/samdb/samdb.h"
23 : #include "dsdb/common/util.h"
24 : #include <ldb_errors.h>
25 : #include "../lib/util/dlinklist.h"
26 : #include "param/param.h"
27 :
28 : static const char * const never_in_filtered_attrs[] = {
29 : "accountExpires",
30 : "codePage",
31 : "creationTime",
32 : "dNSHostName",
33 : "displayName",
34 : "domainReplica",
35 : "fSMORoleOwner",
36 : "flatName",
37 : "isCriticalSystemObject",
38 : "lockOutObservationWindow",
39 : "lockoutDuration",
40 : "lockoutTime",
41 : "logonHours",
42 : "maxPwdAge",
43 : "minPwdAge",
44 : "minPwdLength",
45 : "msDS-AdditionalDnsHostName",
46 : "msDS-AdditionalSamAccountName",
47 : "msDS-AllowedToDelegateTo",
48 : "msDS-AuthenticatedAtDC",
49 : "msDS-ExecuteScriptPassword",
50 : "msDS-KrbTgtLink",
51 : "msDS-SPNSuffixes",
52 : "msDS-SupportedEncryptionTypes",
53 : "msDS-TrustForestTrustInfo",
54 : "nETBIOSName",
55 : "nTMixedDomain",
56 : "notFiltlockoutThreshold",
57 : "operatingSystem",
58 : "operatingSystemServicePack",
59 : "operatingSystemVersion",
60 : "pwdHistoryLength",
61 : "pwdLastSet",
62 : "pwdProperties",
63 : "rid",
64 : "sIDHistory",
65 : "securityIdentifier",
66 : "servicePrincipalName",
67 : "trustAttributes",
68 : "trustDirection",
69 : "trustParent",
70 : "trustPartner",
71 : "trustPosixOffset",
72 : "trustType",
73 : DSDB_SECRET_ATTRIBUTES
74 : };
75 :
76 : /* returns true if the attribute can be in a filtered replica */
77 :
78 1473 : bool dsdb_attribute_is_attr_in_filtered_replica(struct dsdb_attribute *attribute)
79 : {
80 1473 : int i, size = sizeof(never_in_filtered_attrs)/sizeof(char *);
81 2769 : if (attribute->systemOnly ||
82 1296 : attribute->schemaFlagsEx & SCHEMA_FLAG_ATTR_IS_CRITICAL) {
83 440 : return false;
84 : }
85 1033 : if (attribute->systemFlags & (DS_FLAG_ATTR_NOT_REPLICATED |
86 : DS_FLAG_ATTR_REQ_PARTIAL_SET_MEMBER |
87 : DS_FLAG_ATTR_IS_CONSTRUCTED)) {
88 16 : return false;
89 : }
90 :
91 60003 : for (i=0; i < size; i++) {
92 58986 : if (strcmp(attribute->lDAPDisplayName, never_in_filtered_attrs[i]) == 0) {
93 0 : return false;
94 : }
95 : }
96 :
97 1017 : if (attribute->searchFlags & SEARCH_FLAG_RODC_ATTRIBUTE) {
98 18 : return false;
99 : }
100 999 : return true;
101 : }
|