summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/auth/gensec/schannel_state.c14
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c17
-rw-r--r--source4/kdc/hdb-ldb.c18
-rw-r--r--source4/lib/ldb/include/ldb.h3
-rw-r--r--source4/lib/ldb/tools/ad2oLschema.c12
-rw-r--r--source4/param/share_ldb.c12
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c18
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c22
8 files changed, 41 insertions, 75 deletions
diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c
index 4969e9aeaa..466df33b67 100644
--- a/source4/auth/gensec/schannel_state.c
+++ b/source4/auth/gensec/schannel_state.c
@@ -183,27 +183,19 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx,
struct ldb_result *res;
int ret;
const struct ldb_val *val;
- char *expr=NULL;
*creds = talloc_zero(mem_ctx, struct creds_CredentialState);
if (!*creds) {
return NT_STATUS_NO_MEMORY;
}
- expr = talloc_asprintf(mem_ctx, "(&(computerName=%s)(flatname=%s))",
- computer_name, domain);
- if (expr == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res);
- talloc_free(expr);
+ ret = ldb_search_exp_fmt(ldb, mem_ctx, &res,
+ NULL, LDB_SCOPE_SUBTREE, NULL,
+ "(&(computerName=%s)(flatname=%s))", computer_name, domain);
if (ret != LDB_SUCCESS) {
DEBUG(3,("schannel: Failed to find a record for client %s: %s\n", computer_name, ldb_errstring(ldb)));
- talloc_free(res);
return NT_STATUS_INVALID_HANDLE;
}
- talloc_steal(mem_ctx, res);
if (res->count != 1) {
DEBUG(3,("schannel: Failed to find a record for client: %s (found %d records)\n", computer_name, res->count));
talloc_free(res);
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index c62c7dcf71..26560c361e 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -297,14 +297,11 @@ int samldb_notice_sid(struct ldb_module *module,
struct ldb_result *dom_res;
struct ldb_result *res;
uint32_t old_rid;
- char *filter;
/* find if this SID already exists */
-
- filter = talloc_asprintf(mem_ctx, "(objectSid=%s)",
- ldap_encode_ndr_dom_sid(mem_ctx, sid));
-
- ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, filter, attrs, &res);
+ ret = ldb_search_exp_fmt(module->ldb, mem_ctx, &res,
+ NULL, LDB_SCOPE_SUBTREE, attrs,
+ "(objectSid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, sid));
if (ret == LDB_SUCCESS) {
if (res->count > 0) {
talloc_free(res);
@@ -332,13 +329,11 @@ int samldb_notice_sid(struct ldb_module *module,
dom_sid->num_auths--;
/* find the domain DN */
-
- filter = talloc_asprintf(mem_ctx, "(&(objectSid=%s)(objectclass=domain))",
+ ret = ldb_search_exp_fmt(module->ldb, mem_ctx, &dom_res,
+ NULL, LDB_SCOPE_SUBTREE, attrs,
+ "(&(objectSid=%s)(objectclass=domain))",
ldap_encode_ndr_dom_sid(mem_ctx, dom_sid));
-
- ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, filter, attrs, &dom_res);
if (ret == LDB_SUCCESS) {
- talloc_steal(mem_ctx, dom_res);
if (dom_res->count == 0) {
talloc_free(dom_res);
/* This isn't an operation on a domain we know about, so nothing to update */
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c
index 7ba9a4692e..f7bbbb9a9b 100644
--- a/source4/kdc/hdb-ldb.c
+++ b/source4/kdc/hdb-ldb.c
@@ -525,26 +525,20 @@ static krb5_error_code LDB_lookup_realm(krb5_context context, struct ldb_context
struct ldb_message ***pmsg)
{
int ret;
- char *cross_ref_filter;
struct ldb_result *cross_ref_res;
struct ldb_dn *partitions_basedn = samdb_partitions_dn(ldb_ctx, mem_ctx);
- cross_ref_filter = talloc_asprintf(mem_ctx,
- "(&(&(|(&(dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*))",
- realm, realm);
- if (!cross_ref_filter) {
- krb5_set_error_string(context, "asprintf: out of memory");
- return ENOMEM;
- }
-
- ret = ldb_search(ldb_ctx, partitions_basedn, LDB_SCOPE_SUBTREE, cross_ref_filter, realm_ref_attrs, &cross_ref_res);
+ ret = ldb_search_exp_fmt(ldb_ctx, mem_ctx, &cross_ref_res,
+ partitions_basedn, LDB_SCOPE_SUBTREE, realm_ref_attrs,
+ "(&(&(|(&(dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*))",
+ realm, realm);
if (ret != LDB_SUCCESS) {
- DEBUG(3, ("Failed to search for %s: %s\n", cross_ref_filter, ldb_errstring(ldb_ctx)));
+ DEBUG(3, ("Failed to search to lookup realm(%s): %s\n", realm, ldb_errstring(ldb_ctx)));
talloc_free(cross_ref_res);
return HDB_ERR_NOENTRY;
} else if (cross_ref_res->count == 0 || cross_ref_res->count > 1) {
- DEBUG(3, ("Failed find a single entry for %s: got %d\n", cross_ref_filter, cross_ref_res->count));
+ DEBUG(3, ("Failed find a single entry for realm %s: got %d\n", realm, cross_ref_res->count));
talloc_free(cross_ref_res);
return HDB_ERR_NOENTRY;
}
diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h
index 9d48810078..dfa447b534 100644
--- a/source4/lib/ldb/include/ldb.h
+++ b/source4/lib/ldb/include/ldb.h
@@ -989,6 +989,9 @@ int ldb_search(struct ldb_context *ldb,
const char *expression,
const char * const *attrs, struct ldb_result **res);
+int ldb_search_exp_fmt(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_result **result,
+ struct ldb_dn *base, enum ldb_scope scope, const char * const *attrs,
+ const char *exp_fmt, ...);
/*
like ldb_search() but takes a parse tree
*/
diff --git a/source4/lib/ldb/tools/ad2oLschema.c b/source4/lib/ldb/tools/ad2oLschema.c
index 49c4fa1fd6..875882659b 100644
--- a/source4/lib/ldb/tools/ad2oLschema.c
+++ b/source4/lib/ldb/tools/ad2oLschema.c
@@ -120,20 +120,16 @@ static int fetch_oc_recursive(struct ldb_context *ldb, struct ldb_dn *schemadn,
struct ldb_result *res;
const char *name = ldb_msg_find_attr_as_string(search_from->msgs[i],
"lDAPDisplayname", NULL);
- char *filter = talloc_asprintf(mem_ctx, "(&(&(objectClass=classSchema)(subClassOf=%s))(!(lDAPDisplayName=%s)))",
- name, name);
- ret = ldb_search(ldb, schemadn, LDB_SCOPE_SUBTREE,
- filter,
- oc_attrs, &res);
- talloc_free(filter);
+ ret = ldb_search_exp_fmt(ldb, mem_ctx, &res,
+ schemadn, LDB_SCOPE_SUBTREE, oc_attrs,
+ "(&(&(objectClass=classSchema)(subClassOf=%s))(!(lDAPDisplayName=%s)))",
+ name, name);
if (ret != LDB_SUCCESS) {
printf("Search failed: %s\n", ldb_errstring(ldb));
return ret;
}
- talloc_steal(mem_ctx, res);
-
res_list->msgs = talloc_realloc(res_list, res_list->msgs,
struct ldb_message *, res_list->count + 2);
if (!res_list->msgs) {
diff --git a/source4/param/share_ldb.c b/source4/param/share_ldb.c
index 8db3a02f1c..451d003a0d 100644
--- a/source4/param/share_ldb.c
+++ b/source4/param/share_ldb.c
@@ -211,7 +211,6 @@ static NTSTATUS sldb_get_config(TALLOC_CTX *mem_ctx,
struct ldb_context *ldb;
struct ldb_result *res;
TALLOC_CTX *tmp_ctx;
- char *filter;
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
@@ -221,14 +220,9 @@ static NTSTATUS sldb_get_config(TALLOC_CTX *mem_ctx,
ldb = talloc_get_type(ctx->priv_data, struct ldb_context);
- filter = talloc_asprintf(tmp_ctx,"(name=%s)", name);
- if (!filter) {
- DEBUG(0,("ERROR: Out of memory!\n"));
- talloc_free(tmp_ctx);
- return NT_STATUS_NO_MEMORY;
- }
- ret = ldb_search(ldb, ldb_dn_new(tmp_ctx, ldb, "CN=SHARES"), LDB_SCOPE_SUBTREE, filter, NULL, &res);
- talloc_steal(tmp_ctx, res);
+ ret = ldb_search_exp_fmt(ldb, tmp_ctx, &res,
+ ldb_dn_new(tmp_ctx, ldb, "CN=SHARES"), LDB_SCOPE_SUBTREE, NULL,
+ "(name=%s)", name);
if (ret != LDB_SUCCESS || res->count != 1) {
talloc_free(tmp_ctx);
return NT_STATUS_BAD_NETWORK_NAME;
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index beae1e340a..0b2c5a0cfb 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -285,7 +285,6 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
"dnsRoot",
NULL
};
- char *ref_filter;
int ret;
state = talloc(mem_ctx, struct lsa_policy_state);
@@ -337,31 +336,30 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_
talloc_free(dom_res);
- ref_filter = talloc_asprintf(state, "(&(objectclass=crossRef)(ncName=%s))",
- ldb_dn_get_linearized(state->domain_dn));
- if (!ref_filter) {
- return NT_STATUS_NO_MEMORY;
- }
-
- ret = ldb_search(state->sam_ldb, partitions_basedn, LDB_SCOPE_SUBTREE, ref_filter, ref_attrs, &ref_res);
- talloc_steal(state, ref_res);
- talloc_free(ref_filter);
+ ret = ldb_search_exp_fmt(state->sam_ldb, state, &ref_res,
+ partitions_basedn, LDB_SCOPE_SUBTREE, ref_attrs,
+ "(&(objectclass=crossRef)(ncName=%s))",
+ ldb_dn_get_linearized(state->domain_dn));
if (ret != LDB_SUCCESS) {
+ talloc_free(ref_res);
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
if (ref_res->count != 1) {
+ talloc_free(ref_res);
return NT_STATUS_NO_SUCH_DOMAIN;
}
state->domain_name = ldb_msg_find_attr_as_string(ref_res->msgs[0], "nETBIOSName", NULL);
if (!state->domain_name) {
+ talloc_free(ref_res);
return NT_STATUS_NO_SUCH_DOMAIN;
}
talloc_steal(state, state->domain_name);
state->domain_dns = ldb_msg_find_attr_as_string(ref_res->msgs[0], "dnsRoot", NULL);
if (!state->domain_dns) {
+ talloc_free(ref_res);
return NT_STATUS_NO_SUCH_DOMAIN;
}
talloc_steal(state, state->domain_dns);
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 398d347b07..bc85e4e665 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -2093,7 +2093,6 @@ static NTSTATUS samr_AddGroupMember(struct dcesrv_call_state *dce_call, TALLOC_C
const char *memberdn;
struct ldb_result *res;
const char * const attrs[] = { NULL };
- const char *filter;
int ret;
DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP);
@@ -2105,18 +2104,16 @@ static NTSTATUS samr_AddGroupMember(struct dcesrv_call_state *dce_call, TALLOC_C
if (membersid == NULL)
return NT_STATUS_NO_MEMORY;
- filter = talloc_asprintf(mem_ctx, "(&(objectSid=%s)(objectclass=user))",
- ldap_encode_ndr_dom_sid(mem_ctx, membersid));
-
/* In native mode, AD can also nest domain groups. Not sure yet
* whether this is also available via RPC. */
- ret = ldb_search(d_state->sam_ctx, d_state->domain_dn, LDB_SCOPE_SUBTREE,
- filter, attrs, &res);
+ ret = ldb_search_exp_fmt(d_state->sam_ctx, mem_ctx, &res,
+ d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs,
+ "(&(objectSid=%s)(objectclass=user))",
+ ldap_encode_ndr_dom_sid(mem_ctx, membersid));
if (ret != 0) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- talloc_steal(mem_ctx, res);
if (res->count == 0) {
return NT_STATUS_NO_SUCH_USER;
@@ -2198,7 +2195,6 @@ static NTSTATUS samr_DeleteGroupMember(struct dcesrv_call_state *dce_call, TALLO
const char *memberdn;
struct ldb_result *res;
const char * const attrs[] = { NULL };
- const char *filter;
int ret;
DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP);
@@ -2210,18 +2206,16 @@ static NTSTATUS samr_DeleteGroupMember(struct dcesrv_call_state *dce_call, TALLO
if (membersid == NULL)
return NT_STATUS_NO_MEMORY;
- filter = talloc_asprintf(mem_ctx, "(&(objectSid=%s)(objectclass=user))",
- ldap_encode_ndr_dom_sid(mem_ctx, membersid));
-
/* In native mode, AD can also nest domain groups. Not sure yet
* whether this is also available via RPC. */
- ret = ldb_search(d_state->sam_ctx, d_state->domain_dn, LDB_SCOPE_SUBTREE,
- filter, attrs, &res);
+ ret = ldb_search_exp_fmt(d_state->sam_ctx, mem_ctx, &res,
+ d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs,
+ "(&(objectSid=%s)(objectclass=user))",
+ ldap_encode_ndr_dom_sid(mem_ctx, membersid));
if (ret != 0) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- talloc_steal(mem_ctx, res);
if (res->count == 0) {
return NT_STATUS_NO_SUCH_USER;