const char *sort_attrib,
const char *filter)
{
- va_list ap;
int ret;
struct ldb_request *req;
TALLOC_CTX *tmp_ctx;
return WERR_OK;
}
+
+void drsuapi_process_secret_attribute(struct drsuapi_DsReplicaAttribute *attr,
+ struct drsuapi_DsReplicaMetaData *meta_data)
+{
+ if (attr->value_ctr.num_values == 0) {
+ return;
+ }
+
+ switch (attr->attid) {
+ case DRSUAPI_ATTRIBUTE_dBCSPwd:
+ case DRSUAPI_ATTRIBUTE_unicodePwd:
+ case DRSUAPI_ATTRIBUTE_ntPwdHistory:
+ case DRSUAPI_ATTRIBUTE_lmPwdHistory:
+ case DRSUAPI_ATTRIBUTE_supplementalCredentials:
+ case DRSUAPI_ATTRIBUTE_priorValue:
+ case DRSUAPI_ATTRIBUTE_currentValue:
+ case DRSUAPI_ATTRIBUTE_trustAuthOutgoing:
+ case DRSUAPI_ATTRIBUTE_trustAuthIncoming:
+ case DRSUAPI_ATTRIBUTE_initialAuthOutgoing:
+ case DRSUAPI_ATTRIBUTE_initialAuthIncoming:
+ /*set value to null*/
+ attr->value_ctr.num_values = 0;
+ talloc_free(attr->value_ctr.values);
+ attr->value_ctr.values = NULL;
+ meta_data->originating_change_time = 0;
+ return;
+ default:
+ return;
+ }
+ return;
+}
struct ldb_dn *ncRoot_dn,
struct dsdb_schema *schema,
DATA_BLOB *session_key,
- uint64_t highest_usn)
+ uint64_t highest_usn,
+ uint32_t replica_flags)
{
const struct ldb_val *md_value;
int i, n;
sa->lDAPDisplayName, win_errstr(werr)));
return werr;
}
-
+ /* if DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING is set
+ * check if attribute is secret and send a null value
+ * TODO: check if we can make this in the database layer
+ */
+ if ((replica_flags & DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING)
+ == DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING) {
+ drsuapi_process_secret_attribute(&obj->object.attribute_ctr.attributes[i],
+ &obj->meta_data_ctr->meta_data[i]);
+ }
/* some attributes needs to be encrypted
before being sent */
werr = drsuapi_encrypt_attribute(obj, session_key, rid,
}
werr = get_nc_changes_build_object(obj, site_res->msgs[i], sam_ctx, ncRoot_dn,
- schema, &session_key, r->in.req->req8.highwatermark.highest_usn);
+ schema, &session_key, r->in.req->req8.highwatermark.highest_usn, r->in.req->req8.replica_flags);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}