The branch, master has been updated
via 15b42d6... Added a function to check if an attribute can belong to
a filtered replica.
from fe1617a... s3-lanman: fix api_DosPrintQEnum().
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 15b42d6515504862184f33ad8002135ec1e63158
Author: Nadezhda Ivanova <[email protected]>
Date: Mon May 3 14:50:10 2010 +0200
Added a function to check if an attribute can belong to a filtered replica.
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/config.mk | 3 +-
source4/dsdb/schema/schema_filtered.c | 110 +++++++++++++++++++++++++++++++++
source4/dsdb/wscript_build | 2 +-
source4/torture/ldap/schema.c | 17 +++++
4 files changed, 130 insertions(+), 2 deletions(-)
create mode 100644 source4/dsdb/schema/schema_filtered.c
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/config.mk b/source4/dsdb/config.mk
index 4363399..1ab0cb2 100644
--- a/source4/dsdb/config.mk
+++ b/source4/dsdb/config.mk
@@ -43,7 +43,8 @@ SAMDB_SCHEMA_OBJ_FILES = $(addprefix $(dsdbsrcdir)/schema/, \
schema_convert_to_ol.o \
schema_inferiors.o \
schema_prefixmap.o \
- schema_info_attr.o)
+ schema_info_attr.o \
+ schema_filtered.o)
$(eval $(call
proto_header_template,$(dsdbsrcdir)/schema/proto.h,$(SAMDB_SCHEMA_OBJ_FILES:.o=.c)))
# PUBLIC_HEADERS += dsdb/schema/schema.h
diff --git a/source4/dsdb/schema/schema_filtered.c
b/source4/dsdb/schema/schema_filtered.c
new file mode 100644
index 0000000..304160d
--- /dev/null
+++ b/source4/dsdb/schema/schema_filtered.c
@@ -0,0 +1,110 @@
+/*
+ Unix SMB/CIFS mplementation.
+ API for determining af an attribute belongs to the filtered set.
+
+ Copyright (C) Nadezhda Ivanova <[email protected]> 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "lib/ldb/include/ldb_errors.h"
+#include "../lib/util/dlinklist.h"
+#include "param/param.h"
+
+const char *never_in_filtered_attrs[] = { "accountExpires",
+ "codePage",
+ "creationTime",
+ "currentValue",
+ "dBCSPwd",
+ "dNSHostName",
+ "displayName",
+ "domainReplica",
+ "fSMORoleOwner",
+ "flatName",
+ "initialAuthIncoming",
+ "initialAuthOutgoing",
+ "isCriticalSystemObject",
+ "lmPwdHistory",
+ "lockOutObservationWindow",
+ "lockoutDuration",
+ "lockoutTime",
+ "logonHours",
+ "maxPwdAge",
+ "minPwdAge",
+ "minPwdLength",
+ "msDS-AdditionalDnsHostName",
+ "msDS-AdditionalSamAccountName",
+ "msDS-AllowedToDelegateTo",
+ "msDS-AuthenticatedAtDC",
+ "msDS-ExecuteScriptPassword",
+ "msDS-KrbTgtLink",
+ "msDS-SPNSuffixes",
+ "msDS-SupportedEncryptionTypes",
+ "msDS-TrustForestTrustInfo",
+ "nETBIOSName",
+ "nTMixedDomain",
+ "notFiltlockoutThreshold",
+ "ntPwdHistory",
+ "operatingSystem",
+ "operatingSystemServicePack",
+ "operatingSystemVersion",
+ "priorValue",
+ "pwdHistoryLength",
+ "pwdLastSet",
+ "pwdProperties",
+ "rid",
+ "sIDHistory",
+ "securityIdentifier",
+ "servicePrincipalName",
+ "supplementalCredentials",
+ "trustAttributes",
+ "trustAuthIncoming",
+ "trustAuthOutgoing",
+ "trustDirection",
+ "trustParent",
+ "trustPartner",
+ "trustPosixOffset",
+ "trustType",
+ "unicodePwd"
+};
+
+/* returns true if the attribute can be in a filtered replica */
+
+bool dsdb_attribute_is_attr_in_filtered_replica(struct dsdb_attribute
*attribute)
+{
+ int i, size = sizeof(never_in_filtered_attrs)/sizeof(char *);
+ if (attribute->systemOnly ||
+ attribute->schemaFlagsEx & DS_FLAG_ATTR_IS_CRITICAL) {
+ return false;
+ }
+ if (attribute->systemFlags & (DS_FLAG_ATTR_NOT_REPLICATED |
+ DS_FLAG_ATTR_REQ_PARTIAL_SET_MEMBER |
+ DS_FLAG_ATTR_IS_CONSTRUCTED)) {
+ return false;
+ }
+
+ for (i=0; i < size; i++) {
+ if (strcmp(attribute->lDAPDisplayName,
never_in_filtered_attrs[i]) == 0) {
+ return false;
+ }
+ }
+
+ if (attribute->searchFlags & SEARCH_FLAG_RODC_ATTRIBUTE) {
+ return false;
+ }
+ return true;
+}
diff --git a/source4/dsdb/wscript_build b/source4/dsdb/wscript_build
index dbe1f48..92f0561 100644
--- a/source4/dsdb/wscript_build
+++ b/source4/dsdb/wscript_build
@@ -18,7 +18,7 @@ bld.SAMBA_SUBSYSTEM('SAMDB_COMMON',
bld.SAMBA_SUBSYSTEM('SAMDB_SCHEMA',
- source='schema/schema_init.c schema/schema_set.c schema/schema_query.c
schema/schema_syntax.c schema/schema_description.c
schema/schema_convert_to_ol.c schema/schema_inferiors.c
schema/schema_prefixmap.c schema/schema_info_attr.c',
+ source='schema/schema_init.c schema/schema_set.c schema/schema_query.c
schema/schema_syntax.c schema/schema_description.c
schema/schema_convert_to_ol.c schema/schema_inferiors.c
schema/schema_prefixmap.c schema/schema_info_attr.c schema/schema_filtered.c',
autoproto='schema/proto.h',
deps='SAMDB_COMMON NDR_DRSUAPI NDR_DRSBLOBS LDBSAMBA tevent'
)
diff --git a/source4/torture/ldap/schema.c b/source4/torture/ldap/schema.c
index c942340..af33de9 100644
--- a/source4/torture/ldap/schema.c
+++ b/source4/torture/ldap/schema.c
@@ -356,6 +356,22 @@ static bool test_dump_sorted_syntax(struct ldb_context
*ldb, struct test_rootDSE
return true;
}
+static bool test_dump_not_in_filtered_replica(struct ldb_context *ldb, struct
test_rootDSE *root, struct dsdb_schema *schema)
+{
+ struct dsdb_attribute *a;
+ uint32_t a_i = 1;
+
+ d_printf("Dumping attributes not in filtered replica\n");
+
+ for (a=schema->attributes; a; a = a->next) {
+ if (!dsdb_attribute_is_attr_in_filtered_replica(a)) {
+ d_printf("attr[%4u]: '%s'\n", a_i++,
+ a->lDAPDisplayName);
+ }
+ }
+ return true;
+}
+
bool torture_ldap_schema(struct torture_context *torture)
{
struct ldb_context *ldb;
@@ -384,6 +400,7 @@ bool torture_ldap_schema(struct torture_context *torture)
ret &= test_dump_partial(ldb, &rootDSE, schema);
ret &= test_dump_contructed(ldb, &rootDSE, schema);
ret &= test_dump_sorted_syntax(ldb, &rootDSE, schema);
+ ret &= test_dump_not_in_filtered_replica(ldb, &rootDSE, schema);
failed:
return ret;
--
Samba Shared Repository
