From f3f0c8e2ce9fe315848d15eeb289eae9fb525a3a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 20 Nov 2009 14:19:18 +1100 Subject: s4-dsdb: removed attributes that should not be displayed by default Some attributes (like ntSecurityDescriptor) are stored in our db, but should only be displayed if asked for. This also applied to parentGUID from old installs, which is now generated. --- source4/dsdb/samdb/ldb_modules/operational.c | 37 ++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'source4/dsdb/samdb') diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c index ccfddbe56e..23d1a9fe7f 100644 --- a/source4/dsdb/samdb/ldb_modules/operational.c +++ b/source4/dsdb/samdb/ldb_modules/operational.c @@ -170,6 +170,25 @@ static const struct { { "parentGUID", NULL, construct_parent_guid } }; + +enum op_remove { + OPERATIONAL_REMOVE_ALWAYS, /* remove always */ + OPERATIONAL_REMOVE_UNASKED /* remove if not requested */ +}; + +/* + a list of attributes that may need to be removed from the + underlying db return +*/ +static const struct { + const char *attr; + enum op_remove op; +} operational_remove[] = { + { "ntSecurityDescriptor", OPERATIONAL_REMOVE_UNASKED }, + { "parentGUID", OPERATIONAL_REMOVE_ALWAYS } +}; + + /* post process a search result record. For any search_sub[] attributes that were asked for, we need to call the appropriate copy routine to copy the result @@ -185,6 +204,24 @@ static int operational_search_post_process(struct ldb_module *module, ldb = ldb_module_get_ctx(module); + /* removed any attrs that should not be shown to the user */ + for (i=0; i