7 files changed, 54 insertions, 52 deletions

diff --git a/source3/include/proto.h b/source3/include/proto.h
index f887b4e796..c0f4dc10d8 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -554,7 +554,7 @@ void init_ldap_debugging(void);
 
 /* The following definitions come from lib/ldap_escape.c  */
 
-char *escape_ldap_string_alloc(const char *s);
+char *escape_ldap_string(TALLOC_CTX *mem_ctx, const char *s);
 char *escape_rdn_val_string_alloc(const char *s);
 
 /* The following definitions come from lib/module.c  */
diff --git a/source3/lib/ldap_escape.c b/source3/lib/ldap_escape.c
index d101bc5ecd..a731cb9864 100644
--- a/source3/lib/ldap_escape.c
+++ b/source3/lib/ldap_escape.c
@@ -32,10 +32,10 @@
  * and to be free()ed by the caller.
  **/
 
-char *escape_ldap_string_alloc(const char *s)
+char *escape_ldap_string(TALLOC_CTX *mem_ctx, const char *s)
 {
 	size_t len = strlen(s)+1;
-	char *output = (char *)SMB_MALLOC(len);
+	char *output = talloc_array(mem_ctx, char, len);
 	const char *sub;
 	int i = 0;
 	char *p = output;
@@ -43,7 +43,7 @@ char *escape_ldap_string_alloc(const char *s)
 	if (output == NULL) {
 		return NULL;
 	}
-	
+
 	while (*s)
 	{
 		switch (*s)
@@ -64,14 +64,17 @@ char *escape_ldap_string_alloc(const char *s)
 			sub = NULL;
 			break;
 		}
-		
+
 		if (sub) {
+			char *tmp;
 			len = len + 3;
-			output = (char *)SMB_REALLOC(output, len);
-			if (!output) { 
+			tmp = talloc_realloc(mem_ctx, output, char, len);
+			if (tmp == NULL) {
+				TALLOC_FREE(output);
 				return NULL;
 			}
-			
+			output = tmp;
+
 			p = &output[i];
 			strncpy (p, sub, 3);
 			p += 3;
@@ -84,7 +87,7 @@ char *escape_ldap_string_alloc(const char *s)
 		}
 		s++;
 	}
-	
+
 	*p = '\0';
 	return output;
 }
@@ -101,7 +104,7 @@ char *escape_rdn_val_string_alloc(const char *s)
 	}
 
 	p = output;
-	
+
 	while (*s)
 	{
 		switch (*s)
@@ -122,10 +125,10 @@ char *escape_rdn_val_string_alloc(const char *s)
 			*p = *s;
 			p++;
 		}
-		
+
 		s++;
 	}
-	
+
 	*p = '\0';
 
 	/* resize the string to the actual final size */
diff --git a/source3/lib/smbldap_util.c b/source3/lib/smbldap_util.c
index 66aef6ba66..478a3d24ca 100644
--- a/source3/lib/smbldap_util.c
+++ b/source3/lib/smbldap_util.c
@@ -126,7 +126,7 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state,
 	char *escape_domain_name;
 
 	/* escape for filter */
-	escape_domain_name = escape_ldap_string_alloc(domain_name);
+	escape_domain_name = escape_ldap_string(talloc_tos(), domain_name);
 	if (!escape_domain_name) {
 		DEBUG(0, ("Out of memory!\n"));
 		return NT_STATUS_NO_MEMORY;
@@ -135,11 +135,11 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state,
 	if (asprintf(&filter, "(&(%s=%s)(objectclass=%s))",
 		get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
 			escape_domain_name, LDAP_OBJ_DOMINFO) < 0) {
-		SAFE_FREE(escape_domain_name);
+		TALLOC_FREE(escape_domain_name);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	SAFE_FREE(escape_domain_name);
+	TALLOC_FREE(escape_domain_name);
 
 	attr_list = get_attr_list(NULL, dominfo_attr_list );
 	rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result);
@@ -258,7 +258,7 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state,
 	int count;
 	char *escape_domain_name;
 
-	escape_domain_name = escape_ldap_string_alloc(domain_name);
+	escape_domain_name = escape_ldap_string(talloc_tos(), domain_name);
 	if (!escape_domain_name) {
 		DEBUG(0, ("Out of memory!\n"));
 		return NT_STATUS_NO_MEMORY;
@@ -268,11 +268,11 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state,
 		LDAP_OBJ_DOMINFO,
 		get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
 		escape_domain_name) < 0) {
-		SAFE_FREE(escape_domain_name);
+		TALLOC_FREE(escape_domain_name);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	SAFE_FREE(escape_domain_name);
+	TALLOC_FREE(escape_domain_name);
 
 	DEBUG(2, ("smbldap_search_domain_info: Searching for:[%s]\n", filter));
 
diff --git a/source3/libads/ldap_user.c b/source3/libads/ldap_user.c
index eecd9045e5..69dc05335e 100644
--- a/source3/libads/ldap_user.c
+++ b/source3/libads/ldap_user.c
@@ -30,18 +30,18 @@
 	ADS_STATUS status;
 	char *ldap_exp;
 	const char *attrs[] = {"*", NULL};
-	char *escaped_user = escape_ldap_string_alloc(user);
+	char *escaped_user = escape_ldap_string(talloc_tos(), user);
 	if (!escaped_user) {
 		return ADS_ERROR(LDAP_NO_MEMORY);
 	}
 
 	if (asprintf(&ldap_exp, "(samAccountName=%s)", escaped_user) == -1) {
-		SAFE_FREE(escaped_user);
+		TALLOC_FREE(escaped_user);
 		return ADS_ERROR(LDAP_NO_MEMORY);
 	}
 	status = ads_search(ads, res, ldap_exp, attrs);
 	SAFE_FREE(ldap_exp);
-	SAFE_FREE(escaped_user);
+	TALLOC_FREE(escaped_user);
 	return status;
 }
 
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 3579325769..173298561f 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -336,7 +336,7 @@ int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
 					  const char **attr)
 {
 	char *filter = NULL;
-	char *escape_user = escape_ldap_string_alloc(user);
+	char *escape_user = escape_ldap_string(talloc_tos(), user);
 	int ret = -1;
 
 	if (!escape_user) {
@@ -350,7 +350,7 @@ int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
 	filter = talloc_asprintf(talloc_tos(), "(&%s%s)", "(uid=%u)",
 		get_objclass_filter(ldap_state->schema_ver));
 	if (!filter) {
-		SAFE_FREE(escape_user);
+		TALLOC_FREE(escape_user);
 		return LDAP_NO_MEMORY;
 	}
 	/*
@@ -360,7 +360,7 @@ int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
 
 	filter = talloc_all_string_sub(talloc_tos(),
 				filter, "%u", escape_user);
-	SAFE_FREE(escape_user);
+	TALLOC_FREE(escape_user);
 	if (!filter) {
 		return LDAP_NO_MEMORY;
 	}
@@ -2120,18 +2120,18 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, struct s
 	/* does the entry already exist but without a samba attributes?
 	   we need to return the samba attributes here */
 
-	escape_user = escape_ldap_string_alloc( username );
+	escape_user = escape_ldap_string(talloc_tos(), username);
 	filter = talloc_strdup(attr_list, "(uid=%u)");
 	if (!filter) {
 		status = NT_STATUS_NO_MEMORY;
 		goto fn_exit;
 	}
 	filter = talloc_all_string_sub(attr_list, filter, "%u", escape_user);
+	TALLOC_FREE(escape_user);
 	if (!filter) {
 		status = NT_STATUS_NO_MEMORY;
 		goto fn_exit;
 	}
-	SAFE_FREE(escape_user);
 
 	rc = smbldap_search_suffix(ldap_state->smbldap_state,
 				   filter, attr_list, &result);
@@ -2278,7 +2278,6 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, struct s
   fn_exit:
 
 	TALLOC_FREE(ctx);
-	SAFE_FREE(escape_user);
 	if (result) {
 		ldap_msgfree(result);
 	}
@@ -2528,7 +2527,7 @@ static NTSTATUS ldapsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
 				 const char *name)
 {
 	char *filter = NULL;
-	char *escape_name = escape_ldap_string_alloc(name);
+	char *escape_name = escape_ldap_string(talloc_tos(), name);
 	NTSTATUS status;
 
 	if (!escape_name) {
@@ -2540,11 +2539,11 @@ static NTSTATUS ldapsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
 		get_attr_key2string(groupmap_attr_list, LDAP_ATTR_DISPLAY_NAME), escape_name,
 		get_attr_key2string(groupmap_attr_list, LDAP_ATTR_CN),
 		escape_name) < 0) {
-		SAFE_FREE(escape_name);
+		TALLOC_FREE(escape_name);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	SAFE_FREE(escape_name);
+	TALLOC_FREE(escape_name);
 	status = ldapsam_getgroup(methods, filter, map);
 	SAFE_FREE(filter);
 	return status;
@@ -2665,20 +2664,19 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
 		for (memberuid = values; *memberuid != NULL; memberuid += 1) {
 			char *escape_memberuid;
 
-			escape_memberuid = escape_ldap_string_alloc(*memberuid);
+			escape_memberuid = escape_ldap_string(talloc_tos(),
+							      *memberuid);
 			if (escape_memberuid == NULL) {
 				ret = NT_STATUS_NO_MEMORY;
 				goto done;
 			}
 
 			filter = talloc_asprintf_append_buffer(filter, "(uid=%s)", escape_memberuid);
+			TALLOC_FREE(escape_memberuid);
 			if (filter == NULL) {
-				SAFE_FREE(escape_memberuid);
 				ret = NT_STATUS_NO_MEMORY;
 				goto done;
 			}
-
-			SAFE_FREE(escape_memberuid);
 		}
 
 		filter = talloc_asprintf_append_buffer(filter, "))");
@@ -2812,7 +2810,7 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	escape_name = escape_ldap_string_alloc(pdb_get_username(user));
+	escape_name = escape_ldap_string(talloc_tos(), pdb_get_username(user));
 	if (escape_name == NULL)
 		return NT_STATUS_NO_MEMORY;
 
@@ -2950,7 +2948,7 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
 
  done:
 
-	SAFE_FREE(escape_name);
+	TALLOC_FREE(escape_name);
 	return ret;
 }
 
@@ -4185,14 +4183,14 @@ static char *get_ldap_filter(TALLOC_CTX *mem_ctx, const char *username)
 		goto done;
 	}
 
-	escaped = escape_ldap_string_alloc(username);
+	escaped = escape_ldap_string(talloc_tos(), username);
 	if (escaped == NULL) goto done;
 
 	result = talloc_string_sub(mem_ctx, filter, "%u", username);
 
  done:
 	SAFE_FREE(filter);
-	SAFE_FREE(escaped);
+	TALLOC_FREE(escaped);
 
 	return result;
 }
@@ -4994,10 +4992,10 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
 		is_machine = True;
 	}
 
-	username = escape_ldap_string_alloc(name);
+	username = escape_ldap_string(talloc_tos(), name);
 	filter = talloc_asprintf(tmp_ctx, "(&(uid=%s)(objectClass=%s))",
 				 username, LDAP_OBJ_POSIXACCOUNT);
-	SAFE_FREE(username);
+	TALLOC_FREE(username);
 
 	rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
 	if (rc != LDAP_SUCCESS) {
@@ -5270,10 +5268,10 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods,
 	gid_t gid = -1;
 	int rc;
 
-	groupname = escape_ldap_string_alloc(name);
+	groupname = escape_ldap_string(talloc_tos(), name);
 	filter = talloc_asprintf(tmp_ctx, "(&(cn=%s)(objectClass=%s))",
 				 groupname, LDAP_OBJ_POSIXGROUP);
-	SAFE_FREE(groupname);
+	TALLOC_FREE(groupname);
 
 	rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
 	if (rc != LDAP_SUCCESS) {
@@ -5702,7 +5700,8 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	escape_username = escape_ldap_string_alloc(pdb_get_username(sampass));
+	escape_username = escape_ldap_string(talloc_tos(),
+					     pdb_get_username(sampass));
 	if (escape_username== NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -5715,7 +5714,7 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods,
 				 LDAP_OBJ_POSIXACCOUNT,
 				 LDAP_OBJ_SAMBASAMACCOUNT);
 
-	SAFE_FREE(escape_username);
+	TALLOC_FREE(escape_username);
 
 	if (filter == NULL) {
 		return NT_STATUS_NO_MEMORY;
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index d82715eb45..f746fc6bd5 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -521,7 +521,7 @@ static int ads_user_info(struct net_context *c, int argc, const char **argv)
 		return net_ads_user_usage(c, argc, argv);
 	}
 
-	escaped_user = escape_ldap_string_alloc(argv[0]);
+	escaped_user = escape_ldap_string(talloc_tos(), argv[0]);
 
 	if (!escaped_user) {
 		d_fprintf(stderr, "ads_user_info: failed to escape user %s\n", argv[0]);
@@ -529,12 +529,12 @@ static int ads_user_info(struct net_context *c, int argc, const char **argv)
 	}
 
 	if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
-		SAFE_FREE(escaped_user);
+		TALLOC_FREE(escaped_user);
 		return -1;
 	}
 
 	if (asprintf(&searchstring, "(sAMAccountName=%s)", escaped_user) == -1) {
-		SAFE_FREE(escaped_user);
+		TALLOC_FREE(escaped_user);
 		return -1;
 	}
 	rc = ads_search(ads, &res, searchstring, attrs);
@@ -543,7 +543,7 @@ static int ads_user_info(struct net_context *c, int argc, const char **argv)
 	if (!ADS_ERR_OK(rc)) {
 		d_fprintf(stderr, "ads_search: %s\n", ads_errstr(rc));
 		ads_destroy(&ads);
-		SAFE_FREE(escaped_user);
+		TALLOC_FREE(escaped_user);
 		return -1;
 	}
 
@@ -563,7 +563,7 @@ static int ads_user_info(struct net_context *c, int argc, const char **argv)
 
 	ads_msgfree(ads, res);
 	ads_destroy(&ads);
-	SAFE_FREE(escaped_user);
+	TALLOC_FREE(escaped_user);
 	return 0;
 }
 
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 0f40419a0e..edd70667c0 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -608,7 +608,7 @@ static NTSTATUS lookup_usergroups_member(struct winbindd_domain *domain,
 		goto done;
 	}
 
-	if (!(escaped_dn = escape_ldap_string_alloc(user_dn))) {
+	if (!(escaped_dn = escape_ldap_string(talloc_tos(), user_dn))) {
 		status = NT_STATUS_NO_MEMORY;
 		goto done;
 	}
@@ -620,12 +620,12 @@ static NTSTATUS lookup_usergroups_member(struct winbindd_domain *domain,
 		GROUP_TYPE_SECURITY_ENABLED);
 	if (!ldap_exp) {
 		DEBUG(1,("lookup_usergroups(dn=%s) asprintf failed!\n", user_dn));
-		SAFE_FREE(escaped_dn);
+		TALLOC_FREE(escaped_dn);
 		status = NT_STATUS_NO_MEMORY;
 		goto done;
 	}
 
-	SAFE_FREE(escaped_dn);
+	TALLOC_FREE(escaped_dn);
 
 	rc = ads_search_retry(ads, &res, ldap_exp, group_attrs);