s4/rodc: RODC FAS initial implementation

author: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> 2010-04-26 09:56:59 +0300
committer: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> 2010-04-29 10:18:06 +0300
commit: dbbbc7d1f8a86bd0535c46f50fae8223c26afd9a (patch)
tree: a3ae306ff09e4329aebd06f5f17db1b2f4ed6776 /source4/rpc_server/drsuapi/getncchanges.c
parent: 5a4ee75289e8394ea2f2de0b0415ed7f7ee54575 (diff)
download: samba-dbbbc7d1f8a86bd0535c46f50fae8223c26afd9a.tar.gz
samba-dbbbc7d1f8a86bd0535c46f50fae8223c26afd9a.tar.bz2
samba-dbbbc7d1f8a86bd0535c46f50fae8223c26afd9a.zip
1 files changed, 10 insertions, 11 deletions
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index df8305e155..354ebf0f85 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -105,7 +105,6 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
 	const char *rdn;
 	const struct dsdb_attribute *rdn_sa;
 	unsigned int instanceType;
-	int rodc_filtered_flags;
 
 	instanceType = ldb_msg_find_attr_as_uint(msg, "instanceType", 0);
 	if (instanceType & INSTANCE_TYPE_IS_NC_HEAD) {
@@ -206,19 +205,19 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
 			continue;
 		}
 
-		/* if the recipient is a RODC, then we should not add any
-		* RODC filtered attribute */
-		/* TODO: This is not strictly correct, as it doesn't allow for administrators
-		   to setup some users to transfer passwords to specific RODCs. To support that
-		   we would instead remove this check and rely on extended ACL checking in the dsdb
-		   acl module. */
-		rodc_filtered_flags = SEARCH_FLAG_RODC_ATTRIBUTE | SEARCH_FLAG_CONFIDENTIAL;
-		if ((replica_flags & DRSUAPI_DRS_WRIT_REP) == 0 &&
-		    (sa->searchFlags & rodc_filtered_flags)) {
+		/*
+		 * If the recipient is a RODC, then we should not add any
+		 * RODC filtered attribute
+		 *
+		 * TODO: This is not strictly correct, as it doesn't allow for administrators
+		 * to setup some users to transfer passwords to specific RODCs. To support that
+		 * we would instead remove this check and rely on extended ACL checking in the dsdb
+		 * acl module.
+		 */
+		if (dsdb_attr_in_rodc_fas(replica_flags, sa)) {
 			continue;
 		}
 
-
 		obj->meta_data_ctr->meta_data[n].originating_change_time = md.ctr.ctr1.array[i].originating_change_time;
 		obj->meta_data_ctr->meta_data[n].version = md.ctr.ctr1.array[i].version;
 		obj->meta_data_ctr->meta_data[n].originating_invocation_id = md.ctr.ctr1.array[i].originating_invocation_id;
author	Anatoliy Atanasov <anatoliy.atanasov@postpath.com>	2010-04-26 09:56:59 +0300
committer	Anatoliy Atanasov <anatoliy.atanasov@postpath.com>	2010-04-29 10:18:06 +0300
commit	dbbbc7d1f8a86bd0535c46f50fae8223c26afd9a (patch)
tree	a3ae306ff09e4329aebd06f5f17db1b2f4ed6776 /source4/rpc_server/drsuapi/getncchanges.c
parent	5a4ee75289e8394ea2f2de0b0415ed7f7ee54575 (diff)
download	samba-dbbbc7d1f8a86bd0535c46f50fae8223c26afd9a.tar.gz samba-dbbbc7d1f8a86bd0535c46f50fae8223c26afd9a.tar.bz2 samba-dbbbc7d1f8a86bd0535c46f50fae8223c26afd9a.zip