search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:dsdb/schema/schema_filtered.c: use DSDB_SECRET_ATTRIBUTES
[Samba/gebeck_regimport.git] / source4 / dsdb / schema / schema_filtered.c
blob8fdeec2866e38fd52464b8e3946aa14bf4d2cc9e
1 /*
2 Unix SMB/CIFS mplementation.
3 API for determining af an attribute belongs to the filtered set.
4
5 Copyright (C) Nadezhda Ivanova <nivanova@samba.org> 2010
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19
20 */
21 #include "includes.h"
22 #include "dsdb/samdb/samdb.h"
23 #include "dsdb/common/util.h"
24 #include "lib/ldb/include/ldb_errors.h"
25 #include "../lib/util/dlinklist.h"
26 #include "param/param.h"
27
28 const char *never_in_filtered_attrs[] = { "accountExpires",
29 "codePage",
30 "creationTime",
31 "dNSHostName",
32 "displayName",
33 "domainReplica",
34 "fSMORoleOwner",
35 "flatName",
36 "isCriticalSystemObject",
37 "lockOutObservationWindow",
38 "lockoutDuration",
39 "lockoutTime",
40 "logonHours",
41 "maxPwdAge",
42 "minPwdAge",
43 "minPwdLength",
44 "msDS-AdditionalDnsHostName",
45 "msDS-AdditionalSamAccountName",
46 "msDS-AllowedToDelegateTo",
47 "msDS-AuthenticatedAtDC",
48 "msDS-ExecuteScriptPassword",
49 "msDS-KrbTgtLink",
50 "msDS-SPNSuffixes",
51 "msDS-SupportedEncryptionTypes",
52 "msDS-TrustForestTrustInfo",
53 "nETBIOSName",
54 "nTMixedDomain",
55 "notFiltlockoutThreshold",
56 "operatingSystem",
57 "operatingSystemServicePack",
58 "operatingSystemVersion",
59 "pwdHistoryLength",
60 "pwdLastSet",
61 "pwdProperties",
62 "rid",
63 "sIDHistory",
64 "securityIdentifier",
65 "servicePrincipalName",
66 "trustAttributes",
67 "trustDirection",
68 "trustParent",
69 "trustPartner",
70 "trustPosixOffset",
71 "trustType",
72 DSDB_SECRET_ATTRIBUTES
73 };
74
75 /* returns true if the attribute can be in a filtered replica */
76
77 bool dsdb_attribute_is_attr_in_filtered_replica(struct dsdb_attribute *attribute)
78 {
79 int i, size = sizeof(never_in_filtered_attrs)/sizeof(char *);
80 if (attribute->systemOnly ||
81 attribute->schemaFlagsEx & SCHEMA_FLAG_ATTR_IS_CRITICAL) {
82 return false;
83 }
84 if (attribute->systemFlags & (DS_FLAG_ATTR_NOT_REPLICATED |
85 DS_FLAG_ATTR_REQ_PARTIAL_SET_MEMBER |
86 DS_FLAG_ATTR_IS_CONSTRUCTED)) {
87 return false;
88 }
89
90 for (i=0; i < size; i++) {
91 if (strcmp(attribute->lDAPDisplayName, never_in_filtered_attrs[i]) == 0) {
92 return false;
93 }
94 }
95
96 if (attribute->searchFlags & SEARCH_FLAG_RODC_ATTRIBUTE) {
97 return false;
98 }
99 return true;
100 }
reg import