s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING in getncchanges

When this flag is specified in the request these attributes are treated as
secret: currentValue, dBCSPwd, initialAuthIncoming, initialAuthOutgoing,
lmPwdHistory, ntPwdHistory, priorValue, supplementalCredentials,
trustAuthIncoming, trustAuthOutgoing, unicodePwd
Their value is changed to NULL and the meta_data.originating_change_time to 0

1 files changed, 31 insertions, 1 deletions

diff --git a/source4/rpc_server/drsuapi/drsutil.c b/source4/rpc_server/drsuapi/drsutil.c
index c78ebdd5fe..9aef3172b9 100644
--- a/source4/rpc_server/drsuapi/drsutil.c
+++ b/source4/rpc_server/drsuapi/drsutil.c
@@ -52,7 +52,6 @@ int drsuapi_search_with_extended_dn(struct ldb_context *ldb,
 				    const char *sort_attrib,
 				    const char *filter)
 {
-	va_list ap;
 	int ret;
 	struct ldb_request *req;
 	TALLOC_CTX *tmp_ctx;
@@ -134,3 +133,34 @@ WERROR drs_security_level_check(struct dcesrv_call_state *dce_call, const char*
 
 	return WERR_OK;
 }
+
+void drsuapi_process_secret_attribute(struct drsuapi_DsReplicaAttribute *attr,
+				      struct drsuapi_DsReplicaMetaData *meta_data)
+{
+	if (attr->value_ctr.num_values == 0) {
+		return;
+	}
+
+	switch (attr->attid) {
+	case DRSUAPI_ATTRIBUTE_dBCSPwd:
+	case DRSUAPI_ATTRIBUTE_unicodePwd:
+	case DRSUAPI_ATTRIBUTE_ntPwdHistory:
+	case DRSUAPI_ATTRIBUTE_lmPwdHistory:
+	case DRSUAPI_ATTRIBUTE_supplementalCredentials:
+	case DRSUAPI_ATTRIBUTE_priorValue:
+	case DRSUAPI_ATTRIBUTE_currentValue:
+	case DRSUAPI_ATTRIBUTE_trustAuthOutgoing:
+	case DRSUAPI_ATTRIBUTE_trustAuthIncoming:
+	case DRSUAPI_ATTRIBUTE_initialAuthOutgoing:
+	case DRSUAPI_ATTRIBUTE_initialAuthIncoming:
+		/*set value to null*/
+		attr->value_ctr.num_values = 0;
+		talloc_free(attr->value_ctr.values);
+		attr->value_ctr.values = NULL;
+		meta_data->originating_change_time = 0;
+		return;
+	default:
+		return;
+	}
+	return;
+}