diff options
author | Nadezhda Ivanova <nivanova@samba.org> | 2010-05-03 14:50:10 +0200 |
---|---|---|
committer | Nadezhda Ivanova <nivanova@samba.org> | 2010-05-03 14:50:10 +0200 |
commit | 15b42d6515504862184f33ad8002135ec1e63158 (patch) | |
tree | 15712b1627662cac4773a47baba3ef01b3c9337f | |
parent | fe1617a818b13b2ff2289e3afd33f2ddcfa76124 (diff) | |
download | samba-15b42d6515504862184f33ad8002135ec1e63158.tar.gz samba-15b42d6515504862184f33ad8002135ec1e63158.tar.bz2 samba-15b42d6515504862184f33ad8002135ec1e63158.zip |
Added a function to check if an attribute can belong to a filtered replica.
-rw-r--r-- | source4/dsdb/config.mk | 3 | ||||
-rw-r--r-- | source4/dsdb/schema/schema_filtered.c | 110 | ||||
-rw-r--r-- | source4/dsdb/wscript_build | 2 | ||||
-rw-r--r-- | source4/torture/ldap/schema.c | 17 |
4 files changed, 130 insertions, 2 deletions
diff --git a/source4/dsdb/config.mk b/source4/dsdb/config.mk index 4363399bc3..1ab0cb2102 100644 --- a/source4/dsdb/config.mk +++ b/source4/dsdb/config.mk @@ -43,7 +43,8 @@ SAMDB_SCHEMA_OBJ_FILES = $(addprefix $(dsdbsrcdir)/schema/, \ schema_convert_to_ol.o \ schema_inferiors.o \ schema_prefixmap.o \ - schema_info_attr.o) + schema_info_attr.o \ + schema_filtered.o) $(eval $(call proto_header_template,$(dsdbsrcdir)/schema/proto.h,$(SAMDB_SCHEMA_OBJ_FILES:.o=.c))) # PUBLIC_HEADERS += dsdb/schema/schema.h diff --git a/source4/dsdb/schema/schema_filtered.c b/source4/dsdb/schema/schema_filtered.c new file mode 100644 index 0000000000..304160d473 --- /dev/null +++ b/source4/dsdb/schema/schema_filtered.c @@ -0,0 +1,110 @@ +/* + Unix SMB/CIFS mplementation. + API for determining af an attribute belongs to the filtered set. + + Copyright (C) Nadezhda Ivanova <nivanova@samba.org> 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. + +*/ +#include "includes.h" +#include "dsdb/samdb/samdb.h" +#include "dsdb/common/util.h" +#include "lib/ldb/include/ldb_errors.h" +#include "../lib/util/dlinklist.h" +#include "param/param.h" + +const char *never_in_filtered_attrs[] = { "accountExpires", + "codePage", + "creationTime", + "currentValue", + "dBCSPwd", + "dNSHostName", + "displayName", + "domainReplica", + "fSMORoleOwner", + "flatName", + "initialAuthIncoming", + "initialAuthOutgoing", + "isCriticalSystemObject", + "lmPwdHistory", + "lockOutObservationWindow", + "lockoutDuration", + "lockoutTime", + "logonHours", + "maxPwdAge", + "minPwdAge", + "minPwdLength", + "msDS-AdditionalDnsHostName", + "msDS-AdditionalSamAccountName", + "msDS-AllowedToDelegateTo", + "msDS-AuthenticatedAtDC", + "msDS-ExecuteScriptPassword", + "msDS-KrbTgtLink", + "msDS-SPNSuffixes", + "msDS-SupportedEncryptionTypes", + "msDS-TrustForestTrustInfo", + "nETBIOSName", + "nTMixedDomain", + "notFiltlockoutThreshold", + "ntPwdHistory", + "operatingSystem", + "operatingSystemServicePack", + "operatingSystemVersion", + "priorValue", + "pwdHistoryLength", + "pwdLastSet", + "pwdProperties", + "rid", + "sIDHistory", + "securityIdentifier", + "servicePrincipalName", + "supplementalCredentials", + "trustAttributes", + "trustAuthIncoming", + "trustAuthOutgoing", + "trustDirection", + "trustParent", + "trustPartner", + "trustPosixOffset", + "trustType", + "unicodePwd" +}; + +/* returns true if the attribute can be in a filtered replica */ + +bool dsdb_attribute_is_attr_in_filtered_replica(struct dsdb_attribute *attribute) +{ + int i, size = sizeof(never_in_filtered_attrs)/sizeof(char *); + if (attribute->systemOnly || + attribute->schemaFlagsEx & DS_FLAG_ATTR_IS_CRITICAL) { + return false; + } + if (attribute->systemFlags & (DS_FLAG_ATTR_NOT_REPLICATED | + DS_FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | + DS_FLAG_ATTR_IS_CONSTRUCTED)) { + return false; + } + + for (i=0; i < size; i++) { + if (strcmp(attribute->lDAPDisplayName, never_in_filtered_attrs[i]) == 0) { + return false; + } + } + + if (attribute->searchFlags & SEARCH_FLAG_RODC_ATTRIBUTE) { + return false; + } + return true; +} diff --git a/source4/dsdb/wscript_build b/source4/dsdb/wscript_build index dbe1f483a5..92f056197b 100644 --- a/source4/dsdb/wscript_build +++ b/source4/dsdb/wscript_build @@ -18,7 +18,7 @@ bld.SAMBA_SUBSYSTEM('SAMDB_COMMON', bld.SAMBA_SUBSYSTEM('SAMDB_SCHEMA', - source='schema/schema_init.c schema/schema_set.c schema/schema_query.c schema/schema_syntax.c schema/schema_description.c schema/schema_convert_to_ol.c schema/schema_inferiors.c schema/schema_prefixmap.c schema/schema_info_attr.c', + source='schema/schema_init.c schema/schema_set.c schema/schema_query.c schema/schema_syntax.c schema/schema_description.c schema/schema_convert_to_ol.c schema/schema_inferiors.c schema/schema_prefixmap.c schema/schema_info_attr.c schema/schema_filtered.c', autoproto='schema/proto.h', deps='SAMDB_COMMON NDR_DRSUAPI NDR_DRSBLOBS LDBSAMBA tevent' ) diff --git a/source4/torture/ldap/schema.c b/source4/torture/ldap/schema.c index c9423409a8..af33de9d0a 100644 --- a/source4/torture/ldap/schema.c +++ b/source4/torture/ldap/schema.c @@ -356,6 +356,22 @@ static bool test_dump_sorted_syntax(struct ldb_context *ldb, struct test_rootDSE return true; } +static bool test_dump_not_in_filtered_replica(struct ldb_context *ldb, struct test_rootDSE *root, struct dsdb_schema *schema) +{ + struct dsdb_attribute *a; + uint32_t a_i = 1; + + d_printf("Dumping attributes not in filtered replica\n"); + + for (a=schema->attributes; a; a = a->next) { + if (!dsdb_attribute_is_attr_in_filtered_replica(a)) { + d_printf("attr[%4u]: '%s'\n", a_i++, + a->lDAPDisplayName); + } + } + return true; +} + bool torture_ldap_schema(struct torture_context *torture) { struct ldb_context *ldb; @@ -384,6 +400,7 @@ bool torture_ldap_schema(struct torture_context *torture) ret &= test_dump_partial(ldb, &rootDSE, schema); ret &= test_dump_contructed(ldb, &rootDSE, schema); ret &= test_dump_sorted_syntax(ldb, &rootDSE, schema); + ret &= test_dump_not_in_filtered_replica(ldb, &rootDSE, schema); failed: return ret; |