diff options
| author | Anatoliy Atanasov <anatoliy.atanasov@postpath.com> | 2009-09-23 16:51:55 -0700 |
|---|---|---|
| committer | Anatoliy Atanasov <anatoliy.atanasov@postpath.com> | 2009-09-23 17:10:27 -0700 |
| commit | 4f9de0e995cbdebe8919bc703ea257149f02d5b1 (patch) | |
| tree | cf59189add1333d1d99e3d3412d0e64b48432cee /source4/rpc_server/drsuapi/getncchanges.c | |
| parent | 23e4470c31a1800065830205241295344057ca01 (diff) | |
| download | samba-4f9de0e995cbdebe8919bc703ea257149f02d5b1.tar.gz samba-4f9de0e995cbdebe8919bc703ea257149f02d5b1.tar.bz2 samba-4f9de0e995cbdebe8919bc703ea257149f02d5b1.zip | |
s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING in getncchanges
When this flag is specified in the request these attributes are treated as
secret: currentValue, dBCSPwd, initialAuthIncoming, initialAuthOutgoing,
lmPwdHistory, ntPwdHistory, priorValue, supplementalCredentials,
trustAuthIncoming, trustAuthOutgoing, unicodePwd
Their value is changed to NULL and the meta_data.originating_change_time to 0
Diffstat (limited to 'source4/rpc_server/drsuapi/getncchanges.c')
| -rw-r--r-- | source4/rpc_server/drsuapi/getncchanges.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index 75f6213963..a9c4b451c2 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -41,7 +41,8 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem struct ldb_dn *ncRoot_dn, struct dsdb_schema *schema, DATA_BLOB *session_key, - uint64_t highest_usn) + uint64_t highest_usn, + uint32_t replica_flags) { const struct ldb_val *md_value; int i, n; @@ -182,7 +183,15 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem sa->lDAPDisplayName, win_errstr(werr))); return werr; } - + /* if DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING is set + * check if attribute is secret and send a null value + * TODO: check if we can make this in the database layer + */ + if ((replica_flags & DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING) + == DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING) { + drsuapi_process_secret_attribute(&obj->object.attribute_ctr.attributes[i], + &obj->meta_data_ctr->meta_data[i]); + } /* some attributes needs to be encrypted before being sent */ werr = drsuapi_encrypt_attribute(obj, session_key, rid, @@ -436,7 +445,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ } werr = get_nc_changes_build_object(obj, site_res->msgs[i], sam_ctx, ncRoot_dn, - schema, &session_key, r->in.req->req8.highwatermark.highest_usn); + schema, &session_key, r->in.req->req8.highwatermark.highest_usn, r->in.req->req8.replica_flags); if (!W_ERROR_IS_OK(werr)) { return werr; } |