s4-dsdb: some more attribuutes that we should only give if asked for
[ira/wip.git] / source4 / dsdb / samdb / ldb_modules / operational.c
index cd2a6bc0f657f05e0d43de4939bceb6bfe3eb11f..4e27157bb9709572af3d7d4c5dd03be1d5a9614a 100644 (file)
   modifiersName: not supported by w2k3?
 */
 
+#include "includes.h"
 #include "ldb_includes.h"
 #include "ldb_module.h"
 
-#include "includes.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "param/param.h"
 #include "dsdb/samdb/samdb.h"
 
 #ifndef ARRAY_SIZE
@@ -108,6 +110,35 @@ static int construct_primary_group_token(struct ldb_module *module,
        }
 }
 
+static int construct_parent_guid(struct ldb_module *module,
+               struct ldb_message *msg)
+{
+       struct ldb_context *ldb;
+       struct GUID parent_guid;
+       int ret;
+
+       ldb = ldb_module_get_ctx(module);
+
+       ret = dsdb_find_parentguid_by_dn(ldb, msg->dn, &parent_guid);
+
+
+       if (ret != LDB_SUCCESS){
+
+               /* if there is no parentGUID for this object, then return */
+               if (ret == LDB_ERR_NO_SUCH_OBJECT){
+                       return LDB_SUCCESS;
+               }else{
+                       return ret;
+               }
+
+       }
+
+       ret = dsdb_msg_add_guid(msg, &parent_guid, "parentGUID");
+
+       return ret;
+
+}
+
 
 /*
   a list of attribute names that should be substituted in the parse
@@ -135,9 +166,34 @@ static const struct {
        { "modifyTimestamp", "whenChanged", NULL },
        { "structuralObjectClass", "objectClass", NULL },
        { "canonicalName", "distinguishedName", construct_canonical_name },
-       { "primaryGroupToken", "objectSid", construct_primary_group_token }
+       { "primaryGroupToken", "objectSid", construct_primary_group_token },
+       { "parentGUID", NULL, construct_parent_guid }
+};
+
+
+enum op_remove {
+       OPERATIONAL_REMOVE_ALWAYS, /* remove always */
+       OPERATIONAL_REMOVE_UNASKED /* remove if not requested */
+};
+
+/*
+  a list of attributes that may need to be removed from the
+  underlying db return
+*/
+static const struct {
+       const char *attr;
+       enum op_remove op;
+} operational_remove[] = {
+       { "ntSecurityDescriptor", OPERATIONAL_REMOVE_UNASKED },
+       { "parentGUID",           OPERATIONAL_REMOVE_ALWAYS },
+       { "replPropertyMetaData", OPERATIONAL_REMOVE_UNASKED },
+       { "ntPwdHistory",         OPERATIONAL_REMOVE_UNASKED },
+       { "lmPwdHistory",         OPERATIONAL_REMOVE_UNASKED },
+       { "unicodePwd",           OPERATIONAL_REMOVE_UNASKED },
+       { "supplementalCredentials", OPERATIONAL_REMOVE_UNASKED }
 };
 
+
 /*
   post process a search result record. For any search_sub[] attributes that were
   asked for, we need to call the appropriate copy routine to copy the result
@@ -153,6 +209,24 @@ static int operational_search_post_process(struct ldb_module *module,
 
        ldb = ldb_module_get_ctx(module);
 
+       /* removed any attrs that should not be shown to the user */
+       for (i=0; i<ARRAY_SIZE(operational_remove); i++) {
+               struct ldb_message_element *el;
+
+               switch (operational_remove[i].op) {
+               case OPERATIONAL_REMOVE_UNASKED:
+                       if (ldb_attr_in_list(attrs, operational_remove[i].attr)) {
+                               continue;
+                       }
+               case OPERATIONAL_REMOVE_ALWAYS:
+                       el = ldb_msg_find_element(msg, operational_remove[i].attr);
+                       if (el) {
+                               ldb_msg_remove_element(msg, el);
+                       }
+                       break;
+               }
+       }
+
        for (a=0;attrs && attrs[a];a++) {
                for (i=0;i<ARRAY_SIZE(search_sub);i++) {
                        if (ldb_attr_cmp(attrs[a], search_sub[i].attr) != 0) {