diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 548ce3c4874..46ba5e9a773 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -2701,11 +2701,9 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods, *p_num_members = 0; filter = talloc_asprintf(mem_ctx, - "(&(objectClass=%s)" - "(objectClass=%s)" + "(&(objectClass="LDAP_OBJ_POSIXGROUP")" + "(objectClass="LDAP_OBJ_GROUPMAP")" "(sambaSID=%s))", - LDAP_OBJ_POSIXGROUP, - LDAP_OBJ_GROUPMAP, dom_sid_str_buf(group, &buf)); if (filter == NULL) { ret = NT_STATUS_NO_MEMORY; @@ -2750,11 +2748,7 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods, if ((values != NULL) && (values[0] != NULL)) { - filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(|", LDAP_OBJ_SAMBASAMACCOUNT); - if (filter == NULL) { - ret = NT_STATUS_NO_MEMORY; - goto done; - } + filter = talloc_strdup(mem_ctx, "(&(objectClass="LDAP_OBJ_SAMBASAMACCOUNT")(|"); for (memberuid = values; *memberuid != NULL; memberuid += 1) { char *escape_memberuid; @@ -2916,8 +2910,7 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods, } else { /* retrieve the users primary gid */ filter = talloc_asprintf(mem_ctx, - "(&(objectClass=%s)(uid=%s))", - LDAP_OBJ_SAMBASAMACCOUNT, + "(&(objectClass="LDAP_OBJ_SAMBASAMACCOUNT")(uid=%s))", escape_name); if (filter == NULL) { ret = NT_STATUS_NO_MEMORY; @@ -2966,8 +2959,8 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods, } filter = talloc_asprintf(mem_ctx, - "(&(objectClass=%s)(|(memberUid=%s)(gidNumber=%u)))", - LDAP_OBJ_POSIXGROUP, escape_name, (unsigned int)primary_gid); + "(&(objectClass="LDAP_OBJ_POSIXGROUP")(|(memberUid=%s)(gidNumber=%u)))", + escape_name, (unsigned int)primary_gid); if (filter == NULL) { ret = NT_STATUS_NO_MEMORY; goto done; @@ -3077,8 +3070,8 @@ static NTSTATUS ldapsam_map_posixgroup(TALLOC_CTX *mem_ctx, int rc; filter = talloc_asprintf(mem_ctx, - "(&(objectClass=%s)(gidNumber=%u))", - LDAP_OBJ_POSIXGROUP, (unsigned int)map->gid); + "(&(objectClass="LDAP_OBJ_POSIXGROUP")(gidNumber=%u))", + (unsigned int)map->gid); if (filter == NULL) { return NT_STATUS_NO_MEMORY; } @@ -3299,10 +3292,9 @@ static NTSTATUS ldapsam_update_group_mapping_entry(struct pdb_methods *methods, /* Make 100% sure that sid, gid and type are not changed by looking up * exactly the values we're given in LDAP. */ - filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)" + filter = talloc_asprintf(mem_ctx, "(&(objectClass="LDAP_OBJ_GROUPMAP")" "(sambaSid=%s)(gidNumber=%u)" "(sambaGroupType=%d))", - LDAP_OBJ_GROUPMAP, dom_sid_str_buf(&map->sid, &buf), (unsigned int)map->gid, map->sid_name_use); if (filter == NULL) { @@ -3385,8 +3377,7 @@ static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods, return NT_STATUS_NO_MEMORY; } - filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(%s=%s))", - LDAP_OBJ_GROUPMAP, LDAP_ATTRIBUTE_SID, + filter = talloc_asprintf(mem_ctx, "(&(objectClass="LDAP_OBJ_GROUPMAP")("LDAP_ATTRIBUTE_SID"=%s))", dom_sid_str_buf(&sid, &buf)); if (filter == NULL) { result = NT_STATUS_NO_MEMORY; @@ -3454,14 +3445,11 @@ static NTSTATUS ldapsam_setsamgrent(struct pdb_methods *my_methods, { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; - char *filter = NULL; + const char *filter = NULL; int rc; const char **attr_list; - filter = talloc_asprintf(NULL, "(objectclass=%s)", LDAP_OBJ_GROUPMAP); - if (!filter) { - return NT_STATUS_NO_MEMORY; - } + filter = "(objectclass="LDAP_OBJ_GROUPMAP")"; attr_list = get_attr_list( NULL, groupmap_attr_list ); rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix(), LDAP_SCOPE_SUBTREE, filter, @@ -3475,12 +3463,9 @@ static NTSTATUS ldapsam_setsamgrent(struct pdb_methods *my_methods, lp_ldap_suffix(), filter)); ldap_msgfree(ldap_state->result); ldap_state->result = NULL; - TALLOC_FREE(filter); return NT_STATUS_UNSUCCESSFUL; } - TALLOC_FREE(filter); - DEBUG(2, ("ldapsam_setsamgrent: %d entries in the base!\n", ldap_count_entries( smbldap_get_ldap(ldap_state->smbldap_state), @@ -3878,8 +3863,8 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, } filter = talloc_asprintf(mem_ctx, - "(&(objectclass=%s)(sambaGroupType=%d)(|", - LDAP_OBJ_GROUPMAP, type); + "(&(objectclass="LDAP_OBJ_GROUPMAP")(sambaGroupType=%d)(|", + type); for (i=0; ismbldap_state, ldap_state->domain_dn, LDAP_SCOPE_BASE, filter, attrs, 0, &result); - TALLOC_FREE(filter); if (rc != LDAP_SUCCESS) { return ntstatus; } @@ -4208,8 +4189,8 @@ static NTSTATUS ldapsam_lookup_rids(struct pdb_methods *methods, const char *ldap_attrs[] = { "uid", "sambaSid", NULL }; filter = talloc_asprintf( - mem_ctx, ("(&(objectClass=%s)(|%s))"), - LDAP_OBJ_SAMBASAMACCOUNT, allsids); + mem_ctx, ("(&(objectClass="LDAP_OBJ_SAMBASAMACCOUNT")(|%s))"), + allsids); if (filter == NULL) { goto done; @@ -4277,8 +4258,8 @@ static NTSTATUS ldapsam_lookup_rids(struct pdb_methods *methods, "sambaGroupType", NULL }; filter = talloc_asprintf( - mem_ctx, "(&(objectClass=%s)(|%s))", - LDAP_OBJ_GROUPMAP, allsids); + mem_ctx, "(&(objectClass="LDAP_OBJ_GROUPMAP")(|%s))", + allsids); if (filter == NULL) { goto done; } @@ -4895,9 +4876,8 @@ static bool ldapsam_search_grouptype(struct pdb_methods *methods, state->base = lp_ldap_suffix(); state->connection = ldap_state->smbldap_state; state->scope = LDAP_SCOPE_SUBTREE; - state->filter = talloc_asprintf(search, "(&(objectclass=%s)" + state->filter = talloc_asprintf(search, "(&(objectclass="LDAP_OBJ_GROUPMAP")" "(sambaGroupType=%d)(sambaSID=%s*))", - LDAP_OBJ_GROUPMAP, type, dom_sid_str_buf(sid, &tmp)); state->attrs = talloc_attrs(search, "cn", "sambaSid", @@ -5122,9 +5102,8 @@ static bool ldapsam_sid_to_id(struct pdb_methods *methods, filter = talloc_asprintf(mem_ctx, "(&(sambaSid=%s)" - "(|(objectClass=%s)(objectClass=%s)))", - dom_sid_str_buf(sid, &buf), - LDAP_OBJ_GROUPMAP, LDAP_OBJ_SAMBASAMACCOUNT); + "(|(objectClass="LDAP_OBJ_GROUPMAP")(objectClass="LDAP_OBJ_SAMBASAMACCOUNT")))", + dom_sid_str_buf(sid, &buf)); if (filter == NULL) { DEBUG(5, ("talloc_asprintf failed\n")); goto done; @@ -5218,11 +5197,9 @@ static bool ldapsam_uid_to_sid(struct pdb_methods *methods, uid_t uid, filter = talloc_asprintf(tmp_ctx, "(&(uidNumber=%u)" - "(objectClass=%s)" - "(objectClass=%s))", - (unsigned int)uid, - LDAP_OBJ_POSIXACCOUNT, - LDAP_OBJ_SAMBASAMACCOUNT); + "(objectClass="LDAP_OBJ_POSIXACCOUNT")" + "(objectClass="LDAP_OBJ_SAMBASAMACCOUNT"))", + (unsigned int)uid); if (filter == NULL) { DEBUG(3, ("talloc_asprintf failed\n")); goto done; @@ -5287,9 +5264,8 @@ static bool ldapsam_gid_to_sid(struct pdb_methods *methods, gid_t gid, filter = talloc_asprintf(tmp_ctx, "(&(gidNumber=%u)" - "(objectClass=%s))", - (unsigned int)gid, - LDAP_OBJ_GROUPMAP); + "(objectClass="LDAP_OBJ_GROUPMAP"))", + (unsigned int)gid); if (filter == NULL) { DEBUG(3, ("talloc_asprintf failed\n")); goto done; @@ -5398,8 +5374,8 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods, } username = escape_ldap_string(talloc_tos(), name); - filter = talloc_asprintf(tmp_ctx, "(&(uid=%s)(objectClass=%s))", - username, LDAP_OBJ_POSIXACCOUNT); + filter = talloc_asprintf(tmp_ctx, "(&(uid=%s)(objectClass="LDAP_OBJ_POSIXACCOUNT"))", + username); TALLOC_FREE(username); rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result); @@ -5618,11 +5594,9 @@ static NTSTATUS ldapsam_delete_user(struct pdb_methods *my_methods, TALLOC_CTX * filter = talloc_asprintf(tmp_ctx, "(&(uid=%s)" - "(objectClass=%s)" - "(objectClass=%s))", - pdb_get_username(sam_acct), - LDAP_OBJ_POSIXACCOUNT, - LDAP_OBJ_SAMBASAMACCOUNT); + "(objectClass="LDAP_OBJ_POSIXACCOUNT")" + "(objectClass="LDAP_OBJ_SAMBASAMACCOUNT"))", + pdb_get_username(sam_acct)); if (filter == NULL) { return NT_STATUS_NO_MEMORY; } @@ -5724,7 +5698,7 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods, LDAPMod **mods = NULL; char *filter; char *groupname; - char *grouptype; + const char *grouptype; char *gidstr; const char *dn = NULL; struct dom_sid group_sid; @@ -5734,8 +5708,8 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods, int error = 0; groupname = escape_ldap_string(talloc_tos(), name); - filter = talloc_asprintf(tmp_ctx, "(&(cn=%s)(objectClass=%s))", - groupname, LDAP_OBJ_POSIXGROUP); + filter = talloc_asprintf(tmp_ctx, "(&(cn=%s)(objectClass="LDAP_OBJ_POSIXGROUP"))", + groupname); TALLOC_FREE(groupname); rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result); @@ -5892,11 +5866,9 @@ static NTSTATUS ldapsam_delete_dom_group(struct pdb_methods *my_methods, TALLOC_ filter = talloc_asprintf(tmp_ctx, "(&(sambaSID=%s)" - "(objectClass=%s)" - "(objectClass=%s))", - dom_sid_str_buf(&group_sid, &buf), - LDAP_OBJ_POSIXGROUP, - LDAP_OBJ_GROUPMAP); + "(objectClass="LDAP_OBJ_POSIXGROUP")" + "(objectClass="LDAP_OBJ_GROUPMAP"))", + dom_sid_str_buf(&group_sid, &buf)); if (filter == NULL) { return NT_STATUS_NO_MEMORY; } @@ -5941,11 +5913,9 @@ static NTSTATUS ldapsam_delete_dom_group(struct pdb_methods *my_methods, TALLOC_ /* check no user have this group marked as primary group */ filter = talloc_asprintf(tmp_ctx, "(&(gidNumber=%s)" - "(objectClass=%s)" - "(objectClass=%s))", - gidstr, - LDAP_OBJ_POSIXACCOUNT, - LDAP_OBJ_SAMBASAMACCOUNT); + "(objectClass="LDAP_OBJ_POSIXACCOUNT")" + "(objectClass="LDAP_OBJ_SAMBASAMACCOUNT"))", + gidstr); rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result); if (rc != LDAP_SUCCESS) { @@ -6008,11 +5978,9 @@ static NTSTATUS ldapsam_change_groupmem(struct pdb_methods *my_methods, filter = talloc_asprintf(tmp_ctx, "(&(sambaSID=%s)" - "(objectClass=%s)" - "(objectClass=%s))", - dom_sid_str_buf(&member_sid, &buf), - LDAP_OBJ_POSIXACCOUNT, - LDAP_OBJ_SAMBASAMACCOUNT); + "(objectClass="LDAP_OBJ_POSIXACCOUNT")" + "(objectClass="LDAP_OBJ_SAMBASAMACCOUNT"))", + dom_sid_str_buf(&member_sid, &buf)); if (filter == NULL) { return NT_STATUS_NO_MEMORY; } @@ -6079,11 +6047,9 @@ static NTSTATUS ldapsam_change_groupmem(struct pdb_methods *my_methods, filter = talloc_asprintf(tmp_ctx, "(&(sambaSID=%s)" - "(objectClass=%s)" - "(objectClass=%s))", - dom_sid_str_buf(&group_sid, &buf), - LDAP_OBJ_POSIXGROUP, - LDAP_OBJ_GROUPMAP); + "(objectClass="LDAP_OBJ_POSIXGROUP")" + "(objectClass="LDAP_OBJ_GROUPMAP"))", + dom_sid_str_buf(&group_sid, &buf)); /* get the group */ rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result); @@ -6188,11 +6154,9 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods, filter = talloc_asprintf(mem_ctx, "(&(uid=%s)" - "(objectClass=%s)" - "(objectClass=%s))", - escape_username, - LDAP_OBJ_POSIXACCOUNT, - LDAP_OBJ_SAMBASAMACCOUNT); + "(objectClass="LDAP_OBJ_POSIXACCOUNT")" + "(objectClass="LDAP_OBJ_SAMBASAMACCOUNT"))", + escape_username); TALLOC_FREE(escape_username); @@ -6278,8 +6242,8 @@ static bool get_trusteddom_pw_int(struct ldapsam_privates *ldap_state, uint32_t num_result; filter = talloc_asprintf(talloc_tos(), - "(&(objectClass=%s)(sambaDomainName=%s))", - LDAP_OBJ_TRUSTDOM_PASSWORD, domain); + "(&(objectClass="LDAP_OBJ_TRUSTDOM_PASSWORD")(sambaDomainName=%s))", + domain); trusted_dn = trusteddom_dn(ldap_state, domain); if (trusted_dn == NULL) { @@ -6493,15 +6457,14 @@ static NTSTATUS ldapsam_enum_trusteddoms(struct pdb_methods *methods, int rc; struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)methods->private_data; - char *filter; + const char *filter; int scope = LDAP_SCOPE_SUBTREE; const char *attrs[] = { "sambaDomainName", "sambaSID", NULL }; int attrsonly = 0; /* 0: return values too */ LDAPMessage *result = NULL; LDAPMessage *entry = NULL; - filter = talloc_asprintf(talloc_tos(), "(objectClass=%s)", - LDAP_OBJ_TRUSTDOM_PASSWORD); + filter = "(objectClass="LDAP_OBJ_TRUSTDOM_PASSWORD")"; rc = smbldap_search(ldap_state->smbldap_state, ldap_state->domain_dn, diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c index 7ad5ff47acf..d86c082bcb0 100644 --- a/source3/winbindd/idmap_ldap.c +++ b/source3/winbindd/idmap_ldap.c @@ -936,8 +936,7 @@ again: bidx = idx; for (i = 0; (i < IDMAP_LDAP_MAX_IDS) && ids[idx]; i++, idx++) { struct dom_sid_buf buf; - filter = talloc_asprintf_append_buffer(filter, "(%s=%s)", - LDAP_ATTRIBUTE_SID, + filter = talloc_asprintf_append_buffer(filter, "("LDAP_ATTRIBUTE_SID"=%s)", dom_sid_str_buf(ids[idx]->sid, &buf)); CHECK_ALLOC_DONE(filter); } diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index 942159f5df8..814dd52cdfd 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -509,9 +509,10 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, * * Thanks to Ralf Haferkamp for input and testing - Guenther */ - filter = talloc_asprintf(mem_ctx, "(&(objectCategory=group)(&(groupType:dn:%s:=%d)(!(groupType:dn:%s:=%d))))", - ADS_LDAP_MATCHING_RULE_BIT_AND, GROUP_TYPE_SECURITY_ENABLED, - ADS_LDAP_MATCHING_RULE_BIT_AND, + filter = talloc_asprintf(mem_ctx, "(&(objectCategory=group)" + "(&(groupType:dn:"ADS_LDAP_MATCHING_RULE_BIT_AND":=%d)" + "(!(groupType:dn:"ADS_LDAP_MATCHING_RULE_BIT_AND":=%d))))", + GROUP_TYPE_SECURITY_ENABLED, enum_dom_local_groups ? GROUP_TYPE_BUILTIN_LOCAL_GROUP : GROUP_TYPE_RESOURCE_GROUP); if (filter == NULL) { @@ -686,9 +687,9 @@ static NTSTATUS lookup_usergroups_member(struct winbindd_domain *domain, } ldap_exp = talloc_asprintf(mem_ctx, - "(&(member=%s)(objectCategory=group)(groupType:dn:%s:=%d))", + "(&(member=%s)(objectCategory=group)" + "(groupType:dn:"ADS_LDAP_MATCHING_RULE_BIT_AND":=%d))", escaped_dn, - ADS_LDAP_MATCHING_RULE_BIT_AND, GROUP_TYPE_SECURITY_ENABLED); if (!ldap_exp) { DEBUG(1,("lookup_usergroups(dn=%s) asprintf failed!\n", user_dn)); diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index 4852a0ef9bd..af8730bd7e2 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -305,10 +305,10 @@ static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, samdb_partitions_dn(sam_ctx, mem_ctx), LDB_SCOPE_ONELEVEL, domain_attrs, - "(&(objectClass=crossRef)(|(dnsRoot=%s)(netbiosName=%s))(systemFlags:%s:=%u))", + "(&(objectClass=crossRef)(|(dnsRoot=%s)(netbiosName=%s))" + "(systemFlags:"LDB_OID_COMPARATOR_AND":=%u))", ldb_binary_encode_string(mem_ctx, realm), ldb_binary_encode_string(mem_ctx, realm), - LDB_OID_COMPARATOR_AND, SYSTEM_FLAG_CR_NTDS_DOMAIN); TALLOC_FREE(realm);