diff options
-rw-r--r-- | source4/auth/gensec/schannel_state.c | 14 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 17 | ||||
-rw-r--r-- | source4/kdc/hdb-ldb.c | 18 | ||||
-rw-r--r-- | source4/lib/ldb/include/ldb.h | 3 | ||||
-rw-r--r-- | source4/lib/ldb/tools/ad2oLschema.c | 12 | ||||
-rw-r--r-- | source4/param/share_ldb.c | 12 | ||||
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 18 | ||||
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 22 |
8 files changed, 41 insertions, 75 deletions
diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 4969e9aeaa..466df33b67 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -183,27 +183,19 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, struct ldb_result *res; int ret; const struct ldb_val *val; - char *expr=NULL; *creds = talloc_zero(mem_ctx, struct creds_CredentialState); if (!*creds) { return NT_STATUS_NO_MEMORY; } - expr = talloc_asprintf(mem_ctx, "(&(computerName=%s)(flatname=%s))", - computer_name, domain); - if (expr == NULL) { - return NT_STATUS_NO_MEMORY; - } - - ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res); - talloc_free(expr); + ret = ldb_search_exp_fmt(ldb, mem_ctx, &res, + NULL, LDB_SCOPE_SUBTREE, NULL, + "(&(computerName=%s)(flatname=%s))", computer_name, domain); if (ret != LDB_SUCCESS) { DEBUG(3,("schannel: Failed to find a record for client %s: %s\n", computer_name, ldb_errstring(ldb))); - talloc_free(res); return NT_STATUS_INVALID_HANDLE; } - talloc_steal(mem_ctx, res); if (res->count != 1) { DEBUG(3,("schannel: Failed to find a record for client: %s (found %d records)\n", computer_name, res->count)); talloc_free(res); diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index c62c7dcf71..26560c361e 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -297,14 +297,11 @@ int samldb_notice_sid(struct ldb_module *module, struct ldb_result *dom_res; struct ldb_result *res; uint32_t old_rid; - char *filter; /* find if this SID already exists */ - - filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", - ldap_encode_ndr_dom_sid(mem_ctx, sid)); - - ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, filter, attrs, &res); + ret = ldb_search_exp_fmt(module->ldb, mem_ctx, &res, + NULL, LDB_SCOPE_SUBTREE, attrs, + "(objectSid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, sid)); if (ret == LDB_SUCCESS) { if (res->count > 0) { talloc_free(res); @@ -332,13 +329,11 @@ int samldb_notice_sid(struct ldb_module *module, dom_sid->num_auths--; /* find the domain DN */ - - filter = talloc_asprintf(mem_ctx, "(&(objectSid=%s)(objectclass=domain))", + ret = ldb_search_exp_fmt(module->ldb, mem_ctx, &dom_res, + NULL, LDB_SCOPE_SUBTREE, attrs, + "(&(objectSid=%s)(objectclass=domain))", ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); - - ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, filter, attrs, &dom_res); if (ret == LDB_SUCCESS) { - talloc_steal(mem_ctx, dom_res); if (dom_res->count == 0) { talloc_free(dom_res); /* This isn't an operation on a domain we know about, so nothing to update */ diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c index 7ba9a4692e..f7bbbb9a9b 100644 --- a/source4/kdc/hdb-ldb.c +++ b/source4/kdc/hdb-ldb.c @@ -525,26 +525,20 @@ static krb5_error_code LDB_lookup_realm(krb5_context context, struct ldb_context struct ldb_message ***pmsg) { int ret; - char *cross_ref_filter; struct ldb_result *cross_ref_res; struct ldb_dn *partitions_basedn = samdb_partitions_dn(ldb_ctx, mem_ctx); - cross_ref_filter = talloc_asprintf(mem_ctx, - "(&(&(|(&(dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*))", - realm, realm); - if (!cross_ref_filter) { - krb5_set_error_string(context, "asprintf: out of memory"); - return ENOMEM; - } - - ret = ldb_search(ldb_ctx, partitions_basedn, LDB_SCOPE_SUBTREE, cross_ref_filter, realm_ref_attrs, &cross_ref_res); + ret = ldb_search_exp_fmt(ldb_ctx, mem_ctx, &cross_ref_res, + partitions_basedn, LDB_SCOPE_SUBTREE, realm_ref_attrs, + "(&(&(|(&(dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*))", + realm, realm); if (ret != LDB_SUCCESS) { - DEBUG(3, ("Failed to search for %s: %s\n", cross_ref_filter, ldb_errstring(ldb_ctx))); + DEBUG(3, ("Failed to search to lookup realm(%s): %s\n", realm, ldb_errstring(ldb_ctx))); talloc_free(cross_ref_res); return HDB_ERR_NOENTRY; } else if (cross_ref_res->count == 0 || cross_ref_res->count > 1) { - DEBUG(3, ("Failed find a single entry for %s: got %d\n", cross_ref_filter, cross_ref_res->count)); + DEBUG(3, ("Failed find a single entry for realm %s: got %d\n", realm, cross_ref_res->count)); talloc_free(cross_ref_res); return HDB_ERR_NOENTRY; } diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h index 9d48810078..dfa447b534 100644 --- a/source4/lib/ldb/include/ldb.h +++ b/source4/lib/ldb/include/ldb.h @@ -989,6 +989,9 @@ int ldb_search(struct ldb_context *ldb, const char *expression, const char * const *attrs, struct ldb_result **res); +int ldb_search_exp_fmt(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_result **result, + struct ldb_dn *base, enum ldb_scope scope, const char * const *attrs, + const char *exp_fmt, ...); /* like ldb_search() but takes a parse tree */ diff --git a/source4/lib/ldb/tools/ad2oLschema.c b/source4/lib/ldb/tools/ad2oLschema.c index 49c4fa1fd6..875882659b 100644 --- a/source4/lib/ldb/tools/ad2oLschema.c +++ b/source4/lib/ldb/tools/ad2oLschema.c @@ -120,20 +120,16 @@ static int fetch_oc_recursive(struct ldb_context *ldb, struct ldb_dn *schemadn, struct ldb_result *res; const char *name = ldb_msg_find_attr_as_string(search_from->msgs[i], "lDAPDisplayname", NULL); - char *filter = talloc_asprintf(mem_ctx, "(&(&(objectClass=classSchema)(subClassOf=%s))(!(lDAPDisplayName=%s)))", - name, name); - ret = ldb_search(ldb, schemadn, LDB_SCOPE_SUBTREE, - filter, - oc_attrs, &res); - talloc_free(filter); + ret = ldb_search_exp_fmt(ldb, mem_ctx, &res, + schemadn, LDB_SCOPE_SUBTREE, oc_attrs, + "(&(&(objectClass=classSchema)(subClassOf=%s))(!(lDAPDisplayName=%s)))", + name, name); if (ret != LDB_SUCCESS) { printf("Search failed: %s\n", ldb_errstring(ldb)); return ret; } - talloc_steal(mem_ctx, res); - res_list->msgs = talloc_realloc(res_list, res_list->msgs, struct ldb_message *, res_list->count + 2); if (!res_list->msgs) { diff --git a/source4/param/share_ldb.c b/source4/param/share_ldb.c index 8db3a02f1c..451d003a0d 100644 --- a/source4/param/share_ldb.c +++ b/source4/param/share_ldb.c @@ -211,7 +211,6 @@ static NTSTATUS sldb_get_config(TALLOC_CTX *mem_ctx, struct ldb_context *ldb; struct ldb_result *res; TALLOC_CTX *tmp_ctx; - char *filter; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { @@ -221,14 +220,9 @@ static NTSTATUS sldb_get_config(TALLOC_CTX *mem_ctx, ldb = talloc_get_type(ctx->priv_data, struct ldb_context); - filter = talloc_asprintf(tmp_ctx,"(name=%s)", name); - if (!filter) { - DEBUG(0,("ERROR: Out of memory!\n")); - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - ret = ldb_search(ldb, ldb_dn_new(tmp_ctx, ldb, "CN=SHARES"), LDB_SCOPE_SUBTREE, filter, NULL, &res); - talloc_steal(tmp_ctx, res); + ret = ldb_search_exp_fmt(ldb, tmp_ctx, &res, + ldb_dn_new(tmp_ctx, ldb, "CN=SHARES"), LDB_SCOPE_SUBTREE, NULL, + "(name=%s)", name); if (ret != LDB_SUCCESS || res->count != 1) { talloc_free(tmp_ctx); return NT_STATUS_BAD_NETWORK_NAME; diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index beae1e340a..0b2c5a0cfb 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -285,7 +285,6 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ "dnsRoot", NULL }; - char *ref_filter; int ret; state = talloc(mem_ctx, struct lsa_policy_state); @@ -337,31 +336,30 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ talloc_free(dom_res); - ref_filter = talloc_asprintf(state, "(&(objectclass=crossRef)(ncName=%s))", - ldb_dn_get_linearized(state->domain_dn)); - if (!ref_filter) { - return NT_STATUS_NO_MEMORY; - } - - ret = ldb_search(state->sam_ldb, partitions_basedn, LDB_SCOPE_SUBTREE, ref_filter, ref_attrs, &ref_res); - talloc_steal(state, ref_res); - talloc_free(ref_filter); + ret = ldb_search_exp_fmt(state->sam_ldb, state, &ref_res, + partitions_basedn, LDB_SCOPE_SUBTREE, ref_attrs, + "(&(objectclass=crossRef)(ncName=%s))", + ldb_dn_get_linearized(state->domain_dn)); if (ret != LDB_SUCCESS) { + talloc_free(ref_res); return NT_STATUS_INVALID_SYSTEM_SERVICE; } if (ref_res->count != 1) { + talloc_free(ref_res); return NT_STATUS_NO_SUCH_DOMAIN; } state->domain_name = ldb_msg_find_attr_as_string(ref_res->msgs[0], "nETBIOSName", NULL); if (!state->domain_name) { + talloc_free(ref_res); return NT_STATUS_NO_SUCH_DOMAIN; } talloc_steal(state, state->domain_name); state->domain_dns = ldb_msg_find_attr_as_string(ref_res->msgs[0], "dnsRoot", NULL); if (!state->domain_dns) { + talloc_free(ref_res); return NT_STATUS_NO_SUCH_DOMAIN; } talloc_steal(state, state->domain_dns); diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 398d347b07..bc85e4e665 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -2093,7 +2093,6 @@ static NTSTATUS samr_AddGroupMember(struct dcesrv_call_state *dce_call, TALLOC_C const char *memberdn; struct ldb_result *res; const char * const attrs[] = { NULL }; - const char *filter; int ret; DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP); @@ -2105,18 +2104,16 @@ static NTSTATUS samr_AddGroupMember(struct dcesrv_call_state *dce_call, TALLOC_C if (membersid == NULL) return NT_STATUS_NO_MEMORY; - filter = talloc_asprintf(mem_ctx, "(&(objectSid=%s)(objectclass=user))", - ldap_encode_ndr_dom_sid(mem_ctx, membersid)); - /* In native mode, AD can also nest domain groups. Not sure yet * whether this is also available via RPC. */ - ret = ldb_search(d_state->sam_ctx, d_state->domain_dn, LDB_SCOPE_SUBTREE, - filter, attrs, &res); + ret = ldb_search_exp_fmt(d_state->sam_ctx, mem_ctx, &res, + d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs, + "(&(objectSid=%s)(objectclass=user))", + ldap_encode_ndr_dom_sid(mem_ctx, membersid)); if (ret != 0) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } - talloc_steal(mem_ctx, res); if (res->count == 0) { return NT_STATUS_NO_SUCH_USER; @@ -2198,7 +2195,6 @@ static NTSTATUS samr_DeleteGroupMember(struct dcesrv_call_state *dce_call, TALLO const char *memberdn; struct ldb_result *res; const char * const attrs[] = { NULL }; - const char *filter; int ret; DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP); @@ -2210,18 +2206,16 @@ static NTSTATUS samr_DeleteGroupMember(struct dcesrv_call_state *dce_call, TALLO if (membersid == NULL) return NT_STATUS_NO_MEMORY; - filter = talloc_asprintf(mem_ctx, "(&(objectSid=%s)(objectclass=user))", - ldap_encode_ndr_dom_sid(mem_ctx, membersid)); - /* In native mode, AD can also nest domain groups. Not sure yet * whether this is also available via RPC. */ - ret = ldb_search(d_state->sam_ctx, d_state->domain_dn, LDB_SCOPE_SUBTREE, - filter, attrs, &res); + ret = ldb_search_exp_fmt(d_state->sam_ctx, mem_ctx, &res, + d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs, + "(&(objectSid=%s)(objectclass=user))", + ldap_encode_ndr_dom_sid(mem_ctx, membersid)); if (ret != 0) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } - talloc_steal(mem_ctx, res); if (res->count == 0) { return NT_STATUS_NO_SUCH_USER; |