search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dsdb-acl: attr is not optional to acl_check_access_on_attribute()
[Samba/gebeck_regimport.git] / source4 / dsdb / schema / schema_filtered.c
blob814f4ebd5bb8c1ea24f7000ff11217e3b7ef5689
1 /*
2 Unix SMB/CIFS mplementation.
3 API for determining af an attribute belongs to the filtered set.
4
5 Copyright (C) Nadezhda Ivanova <nivanova@samba.org> 2010
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19
20 */
21 #include "includes.h"
22 #include "dsdb/samdb/samdb.h"
23 #include "dsdb/common/util.h"
24 #include <ldb_errors.h>
25 #include "../lib/util/dlinklist.h"
26 #include "param/param.h"
27
28 static const char * const never_in_filtered_attrs[] = {
29 "accountExpires",
30 "codePage",
31 "creationTime",
32 "dNSHostName",
33 "displayName",
34 "domainReplica",
35 "fSMORoleOwner",
36 "flatName",
37 "isCriticalSystemObject",
38 "lockOutObservationWindow",
39 "lockoutDuration",
40 "lockoutTime",
41 "logonHours",
42 "maxPwdAge",
43 "minPwdAge",
44 "minPwdLength",
45 "msDS-AdditionalDnsHostName",
46 "msDS-AdditionalSamAccountName",
47 "msDS-AllowedToDelegateTo",
48 "msDS-AuthenticatedAtDC",
49 "msDS-ExecuteScriptPassword",
50 "msDS-KrbTgtLink",
51 "msDS-SPNSuffixes",
52 "msDS-SupportedEncryptionTypes",
53 "msDS-TrustForestTrustInfo",
54 "nETBIOSName",
55 "nTMixedDomain",
56 "notFiltlockoutThreshold",
57 "operatingSystem",
58 "operatingSystemServicePack",
59 "operatingSystemVersion",
60 "pwdHistoryLength",
61 "pwdLastSet",
62 "pwdProperties",
63 "rid",
64 "sIDHistory",
65 "securityIdentifier",
66 "servicePrincipalName",
67 "trustAttributes",
68 "trustDirection",
69 "trustParent",
70 "trustPartner",
71 "trustPosixOffset",
72 "trustType",
73 DSDB_SECRET_ATTRIBUTES
74 };
75
76 /* returns true if the attribute can be in a filtered replica */
77
78 bool dsdb_attribute_is_attr_in_filtered_replica(struct dsdb_attribute *attribute)
79 {
80 int i, size = sizeof(never_in_filtered_attrs)/sizeof(char *);
81 if (attribute->systemOnly ||
82 attribute->schemaFlagsEx & SCHEMA_FLAG_ATTR_IS_CRITICAL) {
83 return false;
84 }
85 if (attribute->systemFlags & (DS_FLAG_ATTR_NOT_REPLICATED |
86 DS_FLAG_ATTR_REQ_PARTIAL_SET_MEMBER |
87 DS_FLAG_ATTR_IS_CONSTRUCTED)) {
88 return false;
89 }
90
91 for (i=0; i < size; i++) {
92 if (strcmp(attribute->lDAPDisplayName, never_in_filtered_attrs[i]) == 0) {
93 return false;
94 }
95 }
96
97 if (attribute->searchFlags & SEARCH_FLAG_RODC_ATTRIBUTE) {
98 return false;
99 }
100 return true;
101 }
reg import