1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

ldap: Cut down on string substitution

Constant strings can be inserted directly into format strings, reducing
the amount of string substitution to be performed.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2022-12-16 12:41:03 +13:00 committed by Andrew Bartlett
parent e20067c52d
commit 618d95822e
4 changed files with 64 additions and 101 deletions

View File

@ -2701,11 +2701,9 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
*p_num_members = 0;
filter = talloc_asprintf(mem_ctx,
"(&(objectClass=%s)"
"(objectClass=%s)"
"(&(objectClass="LDAP_OBJ_POSIXGROUP")"
"(objectClass="LDAP_OBJ_GROUPMAP")"
"(sambaSID=%s))",
LDAP_OBJ_POSIXGROUP,
LDAP_OBJ_GROUPMAP,
dom_sid_str_buf(group, &buf));
if (filter == NULL) {
ret = NT_STATUS_NO_MEMORY;
@ -2750,11 +2748,7 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
if ((values != NULL) && (values[0] != NULL)) {
filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(|", LDAP_OBJ_SAMBASAMACCOUNT);
if (filter == NULL) {
ret = NT_STATUS_NO_MEMORY;
goto done;
}
filter = talloc_strdup(mem_ctx, "(&(objectClass="LDAP_OBJ_SAMBASAMACCOUNT")(|");
for (memberuid = values; *memberuid != NULL; memberuid += 1) {
char *escape_memberuid;
@ -2916,8 +2910,7 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
} else {
/* retrieve the users primary gid */
filter = talloc_asprintf(mem_ctx,
"(&(objectClass=%s)(uid=%s))",
LDAP_OBJ_SAMBASAMACCOUNT,
"(&(objectClass="LDAP_OBJ_SAMBASAMACCOUNT")(uid=%s))",
escape_name);
if (filter == NULL) {
ret = NT_STATUS_NO_MEMORY;
@ -2966,8 +2959,8 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
}
filter = talloc_asprintf(mem_ctx,
"(&(objectClass=%s)(|(memberUid=%s)(gidNumber=%u)))",
LDAP_OBJ_POSIXGROUP, escape_name, (unsigned int)primary_gid);
"(&(objectClass="LDAP_OBJ_POSIXGROUP")(|(memberUid=%s)(gidNumber=%u)))",
escape_name, (unsigned int)primary_gid);
if (filter == NULL) {
ret = NT_STATUS_NO_MEMORY;
goto done;
@ -3077,8 +3070,8 @@ static NTSTATUS ldapsam_map_posixgroup(TALLOC_CTX *mem_ctx,
int rc;
filter = talloc_asprintf(mem_ctx,
"(&(objectClass=%s)(gidNumber=%u))",
LDAP_OBJ_POSIXGROUP, (unsigned int)map->gid);
"(&(objectClass="LDAP_OBJ_POSIXGROUP")(gidNumber=%u))",
(unsigned int)map->gid);
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
@ -3299,10 +3292,9 @@ static NTSTATUS ldapsam_update_group_mapping_entry(struct pdb_methods *methods,
/* Make 100% sure that sid, gid and type are not changed by looking up
* exactly the values we're given in LDAP. */
filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)"
filter = talloc_asprintf(mem_ctx, "(&(objectClass="LDAP_OBJ_GROUPMAP")"
"(sambaSid=%s)(gidNumber=%u)"
"(sambaGroupType=%d))",
LDAP_OBJ_GROUPMAP,
dom_sid_str_buf(&map->sid, &buf),
(unsigned int)map->gid, map->sid_name_use);
if (filter == NULL) {
@ -3385,8 +3377,7 @@ static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods,
return NT_STATUS_NO_MEMORY;
}
filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(%s=%s))",
LDAP_OBJ_GROUPMAP, LDAP_ATTRIBUTE_SID,
filter = talloc_asprintf(mem_ctx, "(&(objectClass="LDAP_OBJ_GROUPMAP")("LDAP_ATTRIBUTE_SID"=%s))",
dom_sid_str_buf(&sid, &buf));
if (filter == NULL) {
result = NT_STATUS_NO_MEMORY;
@ -3454,14 +3445,11 @@ static NTSTATUS ldapsam_setsamgrent(struct pdb_methods *my_methods,
{
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)my_methods->private_data;
char *filter = NULL;
const char *filter = NULL;
int rc;
const char **attr_list;
filter = talloc_asprintf(NULL, "(objectclass=%s)", LDAP_OBJ_GROUPMAP);
if (!filter) {
return NT_STATUS_NO_MEMORY;
}
filter = "(objectclass="LDAP_OBJ_GROUPMAP")";
attr_list = get_attr_list( NULL, groupmap_attr_list );
rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter,
@ -3475,12 +3463,9 @@ static NTSTATUS ldapsam_setsamgrent(struct pdb_methods *my_methods,
lp_ldap_suffix(), filter));
ldap_msgfree(ldap_state->result);
ldap_state->result = NULL;
TALLOC_FREE(filter);
return NT_STATUS_UNSUCCESSFUL;
}
TALLOC_FREE(filter);
DEBUG(2, ("ldapsam_setsamgrent: %d entries in the base!\n",
ldap_count_entries(
smbldap_get_ldap(ldap_state->smbldap_state),
@ -3878,8 +3863,8 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
}
filter = talloc_asprintf(mem_ctx,
"(&(objectclass=%s)(sambaGroupType=%d)(|",
LDAP_OBJ_GROUPMAP, type);
"(&(objectclass="LDAP_OBJ_GROUPMAP")(sambaGroupType=%d)(|",
type);
for (i=0; i<num_members; i++) {
struct dom_sid_buf buf;
@ -4018,7 +4003,7 @@ static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods
int count;
int rc;
char **vals = NULL;
char *filter;
const char *filter;
const char *policy_attr = NULL;
struct ldapsam_privates *ldap_state =
@ -4042,14 +4027,10 @@ static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods
attrs[0] = policy_attr;
attrs[1] = NULL;
filter = talloc_asprintf(talloc_tos(), "(objectClass=%s)", LDAP_OBJ_DOMINFO);
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
filter = "(objectClass="LDAP_OBJ_DOMINFO")";
rc = smbldap_search(ldap_state->smbldap_state, ldap_state->domain_dn,
LDAP_SCOPE_BASE, filter, attrs, 0,
&result);
TALLOC_FREE(filter);
if (rc != LDAP_SUCCESS) {
return ntstatus;
}
@ -4208,8 +4189,8 @@ static NTSTATUS ldapsam_lookup_rids(struct pdb_methods *methods,
const char *ldap_attrs[] = { "uid", "sambaSid", NULL };
filter = talloc_asprintf(
mem_ctx, ("(&(objectClass=%s)(|%s))"),
LDAP_OBJ_SAMBASAMACCOUNT, allsids);
mem_ctx, ("(&(objectClass="LDAP_OBJ_SAMBASAMACCOUNT")(|%s))"),
allsids);
if (filter == NULL) {
goto done;
@ -4277,8 +4258,8 @@ static NTSTATUS ldapsam_lookup_rids(struct pdb_methods *methods,
"sambaGroupType", NULL };
filter = talloc_asprintf(
mem_ctx, "(&(objectClass=%s)(|%s))",
LDAP_OBJ_GROUPMAP, allsids);
mem_ctx, "(&(objectClass="LDAP_OBJ_GROUPMAP")(|%s))",
allsids);
if (filter == NULL) {
goto done;
}
@ -4895,9 +4876,8 @@ static bool ldapsam_search_grouptype(struct pdb_methods *methods,
state->base = lp_ldap_suffix();
state->connection = ldap_state->smbldap_state;
state->scope = LDAP_SCOPE_SUBTREE;
state->filter = talloc_asprintf(search, "(&(objectclass=%s)"
state->filter = talloc_asprintf(search, "(&(objectclass="LDAP_OBJ_GROUPMAP")"
"(sambaGroupType=%d)(sambaSID=%s*))",
LDAP_OBJ_GROUPMAP,
type,
dom_sid_str_buf(sid, &tmp));
state->attrs = talloc_attrs(search, "cn", "sambaSid",
@ -5122,9 +5102,8 @@ static bool ldapsam_sid_to_id(struct pdb_methods *methods,
filter = talloc_asprintf(mem_ctx,
"(&(sambaSid=%s)"
"(|(objectClass=%s)(objectClass=%s)))",
dom_sid_str_buf(sid, &buf),
LDAP_OBJ_GROUPMAP, LDAP_OBJ_SAMBASAMACCOUNT);
"(|(objectClass="LDAP_OBJ_GROUPMAP")(objectClass="LDAP_OBJ_SAMBASAMACCOUNT")))",
dom_sid_str_buf(sid, &buf));
if (filter == NULL) {
DEBUG(5, ("talloc_asprintf failed\n"));
goto done;
@ -5218,11 +5197,9 @@ static bool ldapsam_uid_to_sid(struct pdb_methods *methods, uid_t uid,
filter = talloc_asprintf(tmp_ctx,
"(&(uidNumber=%u)"
"(objectClass=%s)"
"(objectClass=%s))",
(unsigned int)uid,
LDAP_OBJ_POSIXACCOUNT,
LDAP_OBJ_SAMBASAMACCOUNT);
"(objectClass="LDAP_OBJ_POSIXACCOUNT")"
"(objectClass="LDAP_OBJ_SAMBASAMACCOUNT"))",
(unsigned int)uid);
if (filter == NULL) {
DEBUG(3, ("talloc_asprintf failed\n"));
goto done;
@ -5287,9 +5264,8 @@ static bool ldapsam_gid_to_sid(struct pdb_methods *methods, gid_t gid,
filter = talloc_asprintf(tmp_ctx,
"(&(gidNumber=%u)"
"(objectClass=%s))",
(unsigned int)gid,
LDAP_OBJ_GROUPMAP);
"(objectClass="LDAP_OBJ_GROUPMAP"))",
(unsigned int)gid);
if (filter == NULL) {
DEBUG(3, ("talloc_asprintf failed\n"));
goto done;
@ -5398,8 +5374,8 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
}
username = escape_ldap_string(talloc_tos(), name);
filter = talloc_asprintf(tmp_ctx, "(&(uid=%s)(objectClass=%s))",
username, LDAP_OBJ_POSIXACCOUNT);
filter = talloc_asprintf(tmp_ctx, "(&(uid=%s)(objectClass="LDAP_OBJ_POSIXACCOUNT"))",
username);
TALLOC_FREE(username);
rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
@ -5618,11 +5594,9 @@ static NTSTATUS ldapsam_delete_user(struct pdb_methods *my_methods, TALLOC_CTX *
filter = talloc_asprintf(tmp_ctx,
"(&(uid=%s)"
"(objectClass=%s)"
"(objectClass=%s))",
pdb_get_username(sam_acct),
LDAP_OBJ_POSIXACCOUNT,
LDAP_OBJ_SAMBASAMACCOUNT);
"(objectClass="LDAP_OBJ_POSIXACCOUNT")"
"(objectClass="LDAP_OBJ_SAMBASAMACCOUNT"))",
pdb_get_username(sam_acct));
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
@ -5724,7 +5698,7 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods,
LDAPMod **mods = NULL;
char *filter;
char *groupname;
char *grouptype;
const char *grouptype;
char *gidstr;
const char *dn = NULL;
struct dom_sid group_sid;
@ -5734,8 +5708,8 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods,
int error = 0;
groupname = escape_ldap_string(talloc_tos(), name);
filter = talloc_asprintf(tmp_ctx, "(&(cn=%s)(objectClass=%s))",
groupname, LDAP_OBJ_POSIXGROUP);
filter = talloc_asprintf(tmp_ctx, "(&(cn=%s)(objectClass="LDAP_OBJ_POSIXGROUP"))",
groupname);
TALLOC_FREE(groupname);
rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
@ -5892,11 +5866,9 @@ static NTSTATUS ldapsam_delete_dom_group(struct pdb_methods *my_methods, TALLOC_
filter = talloc_asprintf(tmp_ctx,
"(&(sambaSID=%s)"
"(objectClass=%s)"
"(objectClass=%s))",
dom_sid_str_buf(&group_sid, &buf),
LDAP_OBJ_POSIXGROUP,
LDAP_OBJ_GROUPMAP);
"(objectClass="LDAP_OBJ_POSIXGROUP")"
"(objectClass="LDAP_OBJ_GROUPMAP"))",
dom_sid_str_buf(&group_sid, &buf));
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
@ -5941,11 +5913,9 @@ static NTSTATUS ldapsam_delete_dom_group(struct pdb_methods *my_methods, TALLOC_
/* check no user have this group marked as primary group */
filter = talloc_asprintf(tmp_ctx,
"(&(gidNumber=%s)"
"(objectClass=%s)"
"(objectClass=%s))",
gidstr,
LDAP_OBJ_POSIXACCOUNT,
LDAP_OBJ_SAMBASAMACCOUNT);
"(objectClass="LDAP_OBJ_POSIXACCOUNT")"
"(objectClass="LDAP_OBJ_SAMBASAMACCOUNT"))",
gidstr);
rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
if (rc != LDAP_SUCCESS) {
@ -6008,11 +5978,9 @@ static NTSTATUS ldapsam_change_groupmem(struct pdb_methods *my_methods,
filter = talloc_asprintf(tmp_ctx,
"(&(sambaSID=%s)"
"(objectClass=%s)"
"(objectClass=%s))",
dom_sid_str_buf(&member_sid, &buf),
LDAP_OBJ_POSIXACCOUNT,
LDAP_OBJ_SAMBASAMACCOUNT);
"(objectClass="LDAP_OBJ_POSIXACCOUNT")"
"(objectClass="LDAP_OBJ_SAMBASAMACCOUNT"))",
dom_sid_str_buf(&member_sid, &buf));
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
@ -6079,11 +6047,9 @@ static NTSTATUS ldapsam_change_groupmem(struct pdb_methods *my_methods,
filter = talloc_asprintf(tmp_ctx,
"(&(sambaSID=%s)"
"(objectClass=%s)"
"(objectClass=%s))",
dom_sid_str_buf(&group_sid, &buf),
LDAP_OBJ_POSIXGROUP,
LDAP_OBJ_GROUPMAP);
"(objectClass="LDAP_OBJ_POSIXGROUP")"
"(objectClass="LDAP_OBJ_GROUPMAP"))",
dom_sid_str_buf(&group_sid, &buf));
/* get the group */
rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
@ -6188,11 +6154,9 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods,
filter = talloc_asprintf(mem_ctx,
"(&(uid=%s)"
"(objectClass=%s)"
"(objectClass=%s))",
escape_username,
LDAP_OBJ_POSIXACCOUNT,
LDAP_OBJ_SAMBASAMACCOUNT);
"(objectClass="LDAP_OBJ_POSIXACCOUNT")"
"(objectClass="LDAP_OBJ_SAMBASAMACCOUNT"))",
escape_username);
TALLOC_FREE(escape_username);
@ -6278,8 +6242,8 @@ static bool get_trusteddom_pw_int(struct ldapsam_privates *ldap_state,
uint32_t num_result;
filter = talloc_asprintf(talloc_tos(),
"(&(objectClass=%s)(sambaDomainName=%s))",
LDAP_OBJ_TRUSTDOM_PASSWORD, domain);
"(&(objectClass="LDAP_OBJ_TRUSTDOM_PASSWORD")(sambaDomainName=%s))",
domain);
trusted_dn = trusteddom_dn(ldap_state, domain);
if (trusted_dn == NULL) {
@ -6493,15 +6457,14 @@ static NTSTATUS ldapsam_enum_trusteddoms(struct pdb_methods *methods,
int rc;
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)methods->private_data;
char *filter;
const char *filter;
int scope = LDAP_SCOPE_SUBTREE;
const char *attrs[] = { "sambaDomainName", "sambaSID", NULL };
int attrsonly = 0; /* 0: return values too */
LDAPMessage *result = NULL;
LDAPMessage *entry = NULL;
filter = talloc_asprintf(talloc_tos(), "(objectClass=%s)",
LDAP_OBJ_TRUSTDOM_PASSWORD);
filter = "(objectClass="LDAP_OBJ_TRUSTDOM_PASSWORD")";
rc = smbldap_search(ldap_state->smbldap_state,
ldap_state->domain_dn,

View File

@ -936,8 +936,7 @@ again:
bidx = idx;
for (i = 0; (i < IDMAP_LDAP_MAX_IDS) && ids[idx]; i++, idx++) {
struct dom_sid_buf buf;
filter = talloc_asprintf_append_buffer(filter, "(%s=%s)",
LDAP_ATTRIBUTE_SID,
filter = talloc_asprintf_append_buffer(filter, "("LDAP_ATTRIBUTE_SID"=%s)",
dom_sid_str_buf(ids[idx]->sid, &buf));
CHECK_ALLOC_DONE(filter);
}

View File

@ -509,9 +509,10 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
*
* Thanks to Ralf Haferkamp for input and testing - Guenther */
filter = talloc_asprintf(mem_ctx, "(&(objectCategory=group)(&(groupType:dn:%s:=%d)(!(groupType:dn:%s:=%d))))",
ADS_LDAP_MATCHING_RULE_BIT_AND, GROUP_TYPE_SECURITY_ENABLED,
ADS_LDAP_MATCHING_RULE_BIT_AND,
filter = talloc_asprintf(mem_ctx, "(&(objectCategory=group)"
"(&(groupType:dn:"ADS_LDAP_MATCHING_RULE_BIT_AND":=%d)"
"(!(groupType:dn:"ADS_LDAP_MATCHING_RULE_BIT_AND":=%d))))",
GROUP_TYPE_SECURITY_ENABLED,
enum_dom_local_groups ? GROUP_TYPE_BUILTIN_LOCAL_GROUP : GROUP_TYPE_RESOURCE_GROUP);
if (filter == NULL) {
@ -686,9 +687,9 @@ static NTSTATUS lookup_usergroups_member(struct winbindd_domain *domain,
}
ldap_exp = talloc_asprintf(mem_ctx,
"(&(member=%s)(objectCategory=group)(groupType:dn:%s:=%d))",
"(&(member=%s)(objectCategory=group)"
"(groupType:dn:"ADS_LDAP_MATCHING_RULE_BIT_AND":=%d))",
escaped_dn,
ADS_LDAP_MATCHING_RULE_BIT_AND,
GROUP_TYPE_SECURITY_ENABLED);
if (!ldap_exp) {
DEBUG(1,("lookup_usergroups(dn=%s) asprintf failed!\n", user_dn));

View File

@ -305,10 +305,10 @@ static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
samdb_partitions_dn(sam_ctx, mem_ctx),
LDB_SCOPE_ONELEVEL,
domain_attrs,
"(&(objectClass=crossRef)(|(dnsRoot=%s)(netbiosName=%s))(systemFlags:%s:=%u))",
"(&(objectClass=crossRef)(|(dnsRoot=%s)(netbiosName=%s))"
"(systemFlags:"LDB_OID_COMPARATOR_AND":=%u))",
ldb_binary_encode_string(mem_ctx, realm),
ldb_binary_encode_string(mem_ctx, realm),
LDB_OID_COMPARATOR_AND,
SYSTEM_FLAG_CR_NTDS_DOMAIN);
TALLOC_FREE(realm);