s4-dsdb: some more attribuutes that we should only give if asked for
[ira/wip.git] / source4 / dsdb / samdb / ldb_modules / operational.c
index 7e3aec41e98e77adad07a87ceaaa1f077d8cd162..4e27157bb9709572af3d7d4c5dd03be1d5a9614a 100644 (file)
@@ -5,22 +5,18 @@
    Copyright (C) Simo Sorce 2006-2008
    Copyright (C) Matthias Dieter Wallnöfer 2009
 
-     ** NOTE! The following LGPL license applies to the ldb
-     ** library. This does NOT imply that all of Samba is released
-     ** under the LGPL
-
-   This library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 3 of the License, or (at your option) any later version.
-
-   This library is distributed in the hope that it will be useful,
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public
-   License along with this library; if not, see <http://www.gnu.org/licenses/>.
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 /*
   modifiersName: not supported by w2k3?
 */
 
+#include "includes.h"
 #include "ldb_includes.h"
 #include "ldb_module.h"
 
-#include "includes.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "param/param.h"
 #include "dsdb/samdb/samdb.h"
 
 #ifndef ARRAY_SIZE
@@ -112,6 +110,35 @@ static int construct_primary_group_token(struct ldb_module *module,
        }
 }
 
+static int construct_parent_guid(struct ldb_module *module,
+               struct ldb_message *msg)
+{
+       struct ldb_context *ldb;
+       struct GUID parent_guid;
+       int ret;
+
+       ldb = ldb_module_get_ctx(module);
+
+       ret = dsdb_find_parentguid_by_dn(ldb, msg->dn, &parent_guid);
+
+
+       if (ret != LDB_SUCCESS){
+
+               /* if there is no parentGUID for this object, then return */
+               if (ret == LDB_ERR_NO_SUCH_OBJECT){
+                       return LDB_SUCCESS;
+               }else{
+                       return ret;
+               }
+
+       }
+
+       ret = dsdb_msg_add_guid(msg, &parent_guid, "parentGUID");
+
+       return ret;
+
+}
+
 
 /*
   a list of attribute names that should be substituted in the parse
@@ -139,9 +166,34 @@ static const struct {
        { "modifyTimestamp", "whenChanged", NULL },
        { "structuralObjectClass", "objectClass", NULL },
        { "canonicalName", "distinguishedName", construct_canonical_name },
-       { "primaryGroupToken", "objectSid", construct_primary_group_token }
+       { "primaryGroupToken", "objectSid", construct_primary_group_token },
+       { "parentGUID", NULL, construct_parent_guid }
+};
+
+
+enum op_remove {
+       OPERATIONAL_REMOVE_ALWAYS, /* remove always */
+       OPERATIONAL_REMOVE_UNASKED /* remove if not requested */
 };
 
+/*
+  a list of attributes that may need to be removed from the
+  underlying db return
+*/
+static const struct {
+       const char *attr;
+       enum op_remove op;
+} operational_remove[] = {
+       { "ntSecurityDescriptor", OPERATIONAL_REMOVE_UNASKED },
+       { "parentGUID",           OPERATIONAL_REMOVE_ALWAYS },
+       { "replPropertyMetaData", OPERATIONAL_REMOVE_UNASKED },
+       { "ntPwdHistory",         OPERATIONAL_REMOVE_UNASKED },
+       { "lmPwdHistory",         OPERATIONAL_REMOVE_UNASKED },
+       { "unicodePwd",           OPERATIONAL_REMOVE_UNASKED },
+       { "supplementalCredentials", OPERATIONAL_REMOVE_UNASKED }
+};
+
+
 /*
   post process a search result record. For any search_sub[] attributes that were
   asked for, we need to call the appropriate copy routine to copy the result
@@ -157,6 +209,24 @@ static int operational_search_post_process(struct ldb_module *module,
 
        ldb = ldb_module_get_ctx(module);
 
+       /* removed any attrs that should not be shown to the user */
+       for (i=0; i<ARRAY_SIZE(operational_remove); i++) {
+               struct ldb_message_element *el;
+
+               switch (operational_remove[i].op) {
+               case OPERATIONAL_REMOVE_UNASKED:
+                       if (ldb_attr_in_list(attrs, operational_remove[i].attr)) {
+                               continue;
+                       }
+               case OPERATIONAL_REMOVE_ALWAYS:
+                       el = ldb_msg_find_element(msg, operational_remove[i].attr);
+                       if (el) {
+                               ldb_msg_remove_element(msg, el);
+                       }
+                       break;
+               }
+       }
+
        for (a=0;attrs && attrs[a];a++) {
                for (i=0;i<ARRAY_SIZE(search_sub);i++) {
                        if (ldb_attr_cmp(attrs[a], search_sub[i].attr) != 0) {