s4-dsdb: some more attribuutes that we should only give if asked for
[ira/wip.git] / source4 / dsdb / samdb / ldb_modules / operational.c
index ccfddbe56edf98530856d2a18d2687b709dfd56e..4e27157bb9709572af3d7d4c5dd03be1d5a9614a 100644 (file)
@@ -170,6 +170,30 @@ static const struct {
        { "parentGUID", NULL, construct_parent_guid }
 };
 
+
+enum op_remove {
+       OPERATIONAL_REMOVE_ALWAYS, /* remove always */
+       OPERATIONAL_REMOVE_UNASKED /* remove if not requested */
+};
+
+/*
+  a list of attributes that may need to be removed from the
+  underlying db return
+*/
+static const struct {
+       const char *attr;
+       enum op_remove op;
+} operational_remove[] = {
+       { "ntSecurityDescriptor", OPERATIONAL_REMOVE_UNASKED },
+       { "parentGUID",           OPERATIONAL_REMOVE_ALWAYS },
+       { "replPropertyMetaData", OPERATIONAL_REMOVE_UNASKED },
+       { "ntPwdHistory",         OPERATIONAL_REMOVE_UNASKED },
+       { "lmPwdHistory",         OPERATIONAL_REMOVE_UNASKED },
+       { "unicodePwd",           OPERATIONAL_REMOVE_UNASKED },
+       { "supplementalCredentials", OPERATIONAL_REMOVE_UNASKED }
+};
+
+
 /*
   post process a search result record. For any search_sub[] attributes that were
   asked for, we need to call the appropriate copy routine to copy the result
@@ -185,6 +209,24 @@ static int operational_search_post_process(struct ldb_module *module,
 
        ldb = ldb_module_get_ctx(module);
 
+       /* removed any attrs that should not be shown to the user */
+       for (i=0; i<ARRAY_SIZE(operational_remove); i++) {
+               struct ldb_message_element *el;
+
+               switch (operational_remove[i].op) {
+               case OPERATIONAL_REMOVE_UNASKED:
+                       if (ldb_attr_in_list(attrs, operational_remove[i].attr)) {
+                               continue;
+                       }
+               case OPERATIONAL_REMOVE_ALWAYS:
+                       el = ldb_msg_find_element(msg, operational_remove[i].attr);
+                       if (el) {
+                               ldb_msg_remove_element(msg, el);
+                       }
+                       break;
+               }
+       }
+
        for (a=0;attrs && attrs[a];a++) {
                for (i=0;i<ARRAY_SIZE(search_sub);i++) {
                        if (ldb_attr_cmp(attrs[a], search_sub[i].attr) != 0) {