5.115.12 SecurityCheckForChanges
-
procedure SecurityCheckForChanges( [in] msgIn: DRS_MSG_GETCHGREQ_V10, [in] filter: LDAPString ): ULONG
Informative summary of behavior: The SecurityCheckForChanges procedure checks whether an LDAP_SERVER_DIRSYNC_OID control client has access rights to read the changes in an NC (msgIn.pNC).
-
attrVecInFilter: PARTIAL_ATTR_VECTOR_V1_EXT if AccessCheckCAR(msgIn.pNC, Ds-Replication-Get-Changes) = false then return insufficientAccessRights endif if msgIn.pPartialAttrSet.cAttrs ≠ 0 and IsFilteredAttributePresent(msgIn.pPartialAttrSet) = true and AccessCheckCAR(msgIn.pNC, Ds-Replication-Get-Changes-In-Filtered-Set) = false and AccessCheckCAR(msgIn.pNC, Ds-Replication-Get-Changes-All) = false then return insufficientAccessRights endif /* Handle attributes in filter */ copy the list of attributes, if present, from filter to attrVecInFilter if attrVecInFilter.cAttrs ≠ 0 and IsFilteredAttributePresent(attrVecInFilter) = true and AccessCheckCAR(msgIn.pNC, Ds-Replication-Get-Changes-In-Filtered-Set) = false and AccessCheckCAR(msgIn.pNC, Ds-Replication-Get-Changes-All) = false then return insufficientAccessRights endif return 0 /* success */