From efd89b46d6a66e4a4d17e7cdc400e9e3890b7970 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Thu, 31 Jul 2008 22:53:41 +0200
Subject: dssync keytab: when not in single object replication mode, use object
 dn list as write filter.

I.e. only the passwords and keys of those objects whose dns are provided
are written to the keytab file. Others are skippded.

Michael
(This used to be commit a013f926ae5aadf64e02ef9254306e32aea79e80)
---
 source3/libnet/libnet_dssync_keytab.c | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

(limited to 'source3/libnet')

diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c
index d74ee3dbdb..2558e1d801 100644
--- a/source3/libnet/libnet_dssync_keytab.c
+++ b/source3/libnet/libnet_dssync_keytab.c
@@ -554,6 +554,24 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx,
 	return status;
 }
 
+static bool dn_is_in_object_list(struct dssync_context *ctx,
+				 const char *dn)
+{
+	uint32_t count;
+
+	if (ctx->object_count == 0) {
+		return true;
+	}
+
+	for (count = 0; count < ctx->object_count; count++) {
+		if (strequal(ctx->object_dns[count], dn)) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
 /****************************************************************
 ****************************************************************/
 
@@ -567,6 +585,16 @@ static NTSTATUS keytab_process_objects(struct dssync_context *ctx,
 		(struct libnet_keytab_context *)ctx->private_data;
 
 	for (; cur; cur = cur->next_object) {
+		/*
+		 * When not in single object replication mode,
+		 * the object_dn list is used as a positive write filter.
+		 */
+		if (!ctx->single_object_replication &&
+		    !dn_is_in_object_list(ctx, cur->object.identifier->dn))
+		{
+			continue;
+		}
+
 		status = parse_object(mem_ctx, keytab_ctx, cur);
 		if (!NT_STATUS_IS_OK(status)) {
 			goto out;
-- 
cgit