source4/dsdb/schema/schema_filtered.c

   1 /*
   2    Unix SMB/CIFS mplementation.
   3    API for determining af an attribute belongs to the filtered set.
   4
   5    Copyright (C) Nadezhda Ivanova <nivanova@samba.org> 2010
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19
  20 */
  21 #include "includes.h"
  22 #include "dsdb/samdb/samdb.h"
  23 #include "dsdb/common/util.h"
  24 #include "lib/ldb/include/ldb_errors.h"
  25 #include "../lib/util/dlinklist.h"
  26 #include "param/param.h"
  27
  28 const char *never_in_filtered_attrs[] = { "accountExpires",
  29                                      "codePage",
  30                                      "creationTime",
  31                                      "currentValue",
  32                                      "dBCSPwd",
  33                                      "dNSHostName",
  34                                      "displayName",
  35                                      "domainReplica",
  36                                      "fSMORoleOwner",
  37                                      "flatName",
  38                                      "initialAuthIncoming",
  39                                      "initialAuthOutgoing",
  40                                      "isCriticalSystemObject",
  41                                      "lmPwdHistory",
  42                                      "lockOutObservationWindow",
  43                                      "lockoutDuration",
  44                                      "lockoutTime",
  45                                      "logonHours",
  46                                      "maxPwdAge",
  47                                      "minPwdAge",
  48                                      "minPwdLength",
  49                                      "msDS-AdditionalDnsHostName",
  50                                      "msDS-AdditionalSamAccountName",
  51                                      "msDS-AllowedToDelegateTo",
  52                                      "msDS-AuthenticatedAtDC",
  53                                      "msDS-ExecuteScriptPassword",
  54                                      "msDS-KrbTgtLink",
  55                                      "msDS-SPNSuffixes",
  56                                      "msDS-SupportedEncryptionTypes",
  57                                      "msDS-TrustForestTrustInfo",
  58                                      "nETBIOSName",
  59                                      "nTMixedDomain",
  60                                      "notFiltlockoutThreshold",
  61                                      "ntPwdHistory",
  62                                      "operatingSystem",
  63                                      "operatingSystemServicePack",
  64                                      "operatingSystemVersion",
  65                                      "priorValue",
  66                                      "pwdHistoryLength",
  67                                      "pwdLastSet",
  68                                      "pwdProperties",
  69                                      "rid",
  70                                      "sIDHistory",
  71                                      "securityIdentifier",
  72                                      "servicePrincipalName",
  73                                      "supplementalCredentials",
  74                                      "trustAttributes",
  75                                      "trustAuthIncoming",
  76                                      "trustAuthOutgoing",
  77                                      "trustDirection",
  78                                      "trustParent",
  79                                      "trustPartner",
  80                                      "trustPosixOffset",
  81                                      "trustType",
  82                                      "unicodePwd"
  83 };
  84
  85 /* returns true if the attribute can be in a filtered replica */
  86
  87 bool dsdb_attribute_is_attr_in_filtered_replica(struct dsdb_attribute *attribute)
  88 {
  89         int i, size = sizeof(never_in_filtered_attrs)/sizeof(char *);
  90         if (attribute->systemOnly ||
  91             attribute->schemaFlagsEx & DS_FLAG_ATTR_IS_CRITICAL) {
  92                 return false;
  93         }
  94         if (attribute->systemFlags & (DS_FLAG_ATTR_NOT_REPLICATED |
  95                                       DS_FLAG_ATTR_REQ_PARTIAL_SET_MEMBER |
  96                                       DS_FLAG_ATTR_IS_CONSTRUCTED)) {
  97                 return false;
  98         }
  99
 100         for (i=0; i < size; i++) {
 101                 if (strcmp(attribute->lDAPDisplayName, never_in_filtered_attrs[i]) == 0) {
 102                         return false;
 103                 }
 104         }
 105
 106         if (attribute->searchFlags & SEARCH_FLAG_RODC_ATTRIBUTE) {
 107                 return false;
 108         }
 109         return true;
 110 }