summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-11-20 14:19:18 +1100
committerAndrew Tridgell <tridge@samba.org>2009-11-20 14:19:18 +1100
commitf3f0c8e2ce9fe315848d15eeb289eae9fb525a3a (patch)
treeec0e855397e50bfb51466d0642e2b98c7d2f2a33 /source4/dsdb
parent086fa79d4d633e2165cae4e4d8e98a96fd5f9166 (diff)
downloadsamba-f3f0c8e2ce9fe315848d15eeb289eae9fb525a3a.tar.gz
samba-f3f0c8e2ce9fe315848d15eeb289eae9fb525a3a.tar.bz2
samba-f3f0c8e2ce9fe315848d15eeb289eae9fb525a3a.zip
s4-dsdb: removed attributes that should not be displayed by default
Some attributes (like ntSecurityDescriptor) are stored in our db, but should only be displayed if asked for. This also applied to parentGUID from old installs, which is now generated.
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/operational.c37
1 files changed, 37 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index ccfddbe56e..23d1a9fe7f 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -170,6 +170,25 @@ static const struct {
{ "parentGUID", NULL, construct_parent_guid }
};
+
+enum op_remove {
+ OPERATIONAL_REMOVE_ALWAYS, /* remove always */
+ OPERATIONAL_REMOVE_UNASKED /* remove if not requested */
+};
+
+/*
+ a list of attributes that may need to be removed from the
+ underlying db return
+*/
+static const struct {
+ const char *attr;
+ enum op_remove op;
+} operational_remove[] = {
+ { "ntSecurityDescriptor", OPERATIONAL_REMOVE_UNASKED },
+ { "parentGUID", OPERATIONAL_REMOVE_ALWAYS }
+};
+
+
/*
post process a search result record. For any search_sub[] attributes that were
asked for, we need to call the appropriate copy routine to copy the result
@@ -185,6 +204,24 @@ static int operational_search_post_process(struct ldb_module *module,
ldb = ldb_module_get_ctx(module);
+ /* removed any attrs that should not be shown to the user */
+ for (i=0; i<ARRAY_SIZE(operational_remove); i++) {
+ struct ldb_message_element *el;
+
+ switch (operational_remove[i].op) {
+ case OPERATIONAL_REMOVE_UNASKED:
+ if (ldb_attr_in_list(attrs, operational_remove[i].attr)) {
+ continue;
+ }
+ case OPERATIONAL_REMOVE_ALWAYS:
+ el = ldb_msg_find_element(msg, operational_remove[i].attr);
+ if (el) {
+ ldb_msg_remove_element(msg, el);
+ }
+ break;
+ }
+ }
+
for (a=0;attrs && attrs[a];a++) {
for (i=0;i<ARRAY_SIZE(search_sub);i++) {
if (ldb_attr_cmp(attrs[a], search_sub[i].attr) != 0) {