4 files changed, 48 insertions, 72 deletions

diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index 9b2b7c15806..b8665234325 100644
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -510,7 +510,7 @@ static NTSTATUS idmap_ldap_set_mapping(struct idmap_domain *dom,
 	LDAPMod **mods = NULL;
 	const char *type;
 	char *id_str;
-	char *sid;
+	struct dom_sid_buf sid;
 	char *dn;
 	int rc = -1;
 
@@ -545,12 +545,9 @@ static NTSTATUS idmap_ldap_set_mapping(struct idmap_domain *dom,
 	id_str = talloc_asprintf(memctx, "%lu", (unsigned long)map->xid.id);
 	CHECK_ALLOC_DONE(id_str);
 
-	sid = talloc_strdup(memctx, sid_string_talloc(memctx, map->sid));
-	CHECK_ALLOC_DONE(sid);
-
 	dn = talloc_asprintf(memctx, "%s=%s,%s",
 			get_attr_key2string(sidmap_attr_list, LDAP_ATTR_SID),
-			sid,
+			dom_sid_str_buf(map->sid, &sid),
 			ctx->suffix);
 	CHECK_ALLOC_DONE(dn);
 
@@ -562,7 +559,7 @@ static NTSTATUS idmap_ldap_set_mapping(struct idmap_domain *dom,
 
 	smbldap_make_mod(smbldap_get_ldap(ctx->smbldap_state), entry, &mods,
 			 get_attr_key2string(sidmap_attr_list, LDAP_ATTR_SID),
-			 sid);
+			 sid.buf);
 
 	if ( ! mods) {
 		DEBUG(2, ("ERROR: No mods?\n"));
@@ -574,7 +571,7 @@ static NTSTATUS idmap_ldap_set_mapping(struct idmap_domain *dom,
 
 	smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SID_ENTRY);
 
-	DEBUG(10, ("Set DN %s (%s -> %s)\n", dn, sid, id_str));
+	DEBUG(10, ("Set DN %s (%s -> %s)\n", dn, sid.buf, id_str));
 
 	rc = smbldap_add(ctx->smbldap_state, dn, mods);
 	ldap_mods_free(mods, True);
@@ -584,7 +581,7 @@ static NTSTATUS idmap_ldap_set_mapping(struct idmap_domain *dom,
 		ldap_get_option(smbldap_get_ldap(ctx->smbldap_state),
 				LDAP_OPT_ERROR_STRING, &ld_error);
 		DEBUG(0,("ldap_set_mapping_internals: Failed to add %s to %lu "
-			 "mapping [%s]\n", sid,
+			 "mapping [%s]\n", sid.buf,
 			 (unsigned long)map->xid.id, type));
 		DEBUG(0, ("ldap_set_mapping_internals: Error was: %s (%s)\n",
 			ld_error ? ld_error : "(NULL)", ldap_err2string (rc)));
@@ -596,7 +593,7 @@ static NTSTATUS idmap_ldap_set_mapping(struct idmap_domain *dom,
 	}
 
 	DEBUG(10,("ldap_set_mapping: Successfully created mapping from %s to "
-		  "%lu [%s]\n",	sid, (unsigned long)map->xid.id, type));
+		  "%lu [%s]\n",	sid.buf, (unsigned long)map->xid.id, type));
 
 	ret = NT_STATUS_OK;
 
@@ -877,12 +874,13 @@ static NTSTATUS idmap_ldap_sids_to_unixids(struct idmap_domain *dom,
 	attr_list = get_attr_list(memctx, sidmap_attr_list);
 
 	if ( ! ids[1]) {
+		struct dom_sid_buf buf;
 		/* if we are requested just one mapping use the simple filter */
 
 		filter = talloc_asprintf(memctx, "(&(objectClass=%s)(%s=%s))",
 				LDAP_OBJ_IDMAP_ENTRY,
 				LDAP_ATTRIBUTE_SID,
-				sid_string_talloc(memctx, ids[0]->sid));
+				dom_sid_str_buf(ids[0]->sid, &buf));
 		CHECK_ALLOC_DONE(filter);
 		DEBUG(10, ("Filter: [%s]\n", filter));
 	} else {
@@ -905,10 +903,10 @@ again:
 
 		bidx = idx;
 		for (i = 0; (i < IDMAP_LDAP_MAX_IDS) && ids[idx]; i++, idx++) {
+			struct dom_sid_buf buf;
 			filter = talloc_asprintf_append_buffer(filter, "(%s=%s)",
 					LDAP_ATTRIBUTE_SID,
-					sid_string_talloc(memctx,
-							  ids[idx]->sid));
+					dom_sid_str_buf(ids[idx]->sid, &buf));
 			CHECK_ALLOC_DONE(filter);
 		}
 		filter = talloc_asprintf_append_buffer(filter, "))");
diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c
index 4d423907ae3..3ae309e5e5b 100644
--- a/source3/winbindd/idmap_tdb2.c
+++ b/source3/winbindd/idmap_tdb2.c
@@ -183,7 +183,8 @@ static NTSTATUS idmap_tdb2_set_mapping(struct idmap_domain *dom, const struct id
 {
 	struct idmap_tdb2_context *ctx;
 	NTSTATUS ret;
-	char *ksidstr, *kidstr;
+	char *kidstr;
+	struct dom_sid_buf sid_str;
 	struct idmap_tdb_common_context *commonctx;
 	struct idmap_tdb2_set_mapping_context state;
 
@@ -191,7 +192,7 @@ static NTSTATUS idmap_tdb2_set_mapping(struct idmap_domain *dom, const struct id
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	ksidstr = kidstr = NULL;
+	kidstr = NULL;
 
 	/* TODO: should we filter a set_mapping using low/high filters ? */
 
@@ -222,21 +223,13 @@ static NTSTATUS idmap_tdb2_set_mapping(struct idmap_domain *dom, const struct id
 		goto done;
 	}
 
-	ksidstr = sid_string_talloc(ctx, map->sid);
-	if (ksidstr == NULL) {
-		DEBUG(0, ("Out of memory!\n"));
-		ret = NT_STATUS_NO_MEMORY;
-		goto done;
-	}
-
-	state.ksidstr = ksidstr;
+	state.ksidstr = dom_sid_str_buf(map->sid, &sid_str);
 	state.kidstr = kidstr;
 
 	ret = dbwrap_trans_do(commonctx->db, idmap_tdb2_set_mapping_action,
 			      &state);
 
 done:
-	talloc_free(ksidstr);
 	talloc_free(kidstr);
 	return ret;
 }
@@ -374,7 +367,7 @@ static NTSTATUS idmap_tdb2_id_to_sid(struct idmap_domain *dom, struct id_map *ma
 	status = dbwrap_fetch_bystring(commonctx->db, keystr, keystr, &data);
 
 	if (!NT_STATUS_IS_OK(status)) {
-		char *sidstr;
+		struct dom_sid_buf sidstr;
 		struct idmap_tdb2_set_mapping_context store_state;
 
 		DEBUG(10,("Record %s not found\n", keystr));
@@ -388,13 +381,7 @@ static NTSTATUS idmap_tdb2_id_to_sid(struct idmap_domain *dom, struct id_map *ma
 			goto done;
 		}
 
-		sidstr = sid_string_talloc(keystr, map->sid);
-		if (!sidstr) {
-			ret = NT_STATUS_NO_MEMORY;
-			goto done;
-		}
-
-		store_state.ksidstr = sidstr;
+		store_state.ksidstr = dom_sid_str_buf(map->sid, &sidstr);
 		store_state.kidstr = keystr;
 
 		ret = dbwrap_trans_do(commonctx->db,
@@ -426,7 +413,7 @@ static NTSTATUS idmap_tdb2_sid_to_id(struct idmap_domain *dom, struct id_map *ma
 {
 	NTSTATUS ret;
 	TDB_DATA data;
-	char *keystr;
+	struct dom_sid_buf keystr;
 	unsigned long rec_id = 0;
 	struct idmap_tdb_common_context *commonctx;
 	struct idmap_tdb2_context *ctx;
@@ -441,29 +428,24 @@ static NTSTATUS idmap_tdb2_sid_to_id(struct idmap_domain *dom, struct id_map *ma
 	ctx = talloc_get_type(commonctx->private_data,
 			      struct idmap_tdb2_context);
 
-	keystr = sid_string_talloc(tmp_ctx, map->sid);
-	if (keystr == NULL) {
-		DEBUG(0, ("Out of memory!\n"));
-		ret = NT_STATUS_NO_MEMORY;
-		goto done;
-	}
+	dom_sid_str_buf(map->sid, &keystr);
 
-	DEBUG(10,("Fetching record %s\n", keystr));
+	DEBUG(10, ("Fetching record %s\n", keystr.buf));
 
 	/* Check if sid is present in database */
-	ret = dbwrap_fetch_bystring(commonctx->db, tmp_ctx, keystr, &data);
+	ret = dbwrap_fetch_bystring(commonctx->db, tmp_ctx, keystr.buf, &data);
 	if (!NT_STATUS_IS_OK(ret)) {
 		char *idstr;
 		struct idmap_tdb2_set_mapping_context store_state;
 
-		DEBUG(10,(__location__ " Record %s not found\n", keystr));
+		DBG_DEBUG("Record %s not found\n", keystr.buf);
 
 		if (ctx->script == NULL) {
 			ret = NT_STATUS_NONE_MAPPED;
 			goto done;
 		}
 
-		ret = idmap_tdb2_script(ctx, map, "SIDTOID %s", keystr);
+		ret = idmap_tdb2_script(ctx, map, "SIDTOID %s", keystr.buf);
 		if (!NT_STATUS_IS_OK(ret)) {
 			goto done;
 		}
@@ -485,7 +467,7 @@ static NTSTATUS idmap_tdb2_sid_to_id(struct idmap_domain *dom, struct id_map *ma
 			goto done;
 		}
 
-		store_state.ksidstr = keystr;
+		store_state.ksidstr = keystr.buf;
 		store_state.kidstr = idstr;
 
 		ret = dbwrap_trans_do(commonctx->db,
@@ -498,17 +480,23 @@ static NTSTATUS idmap_tdb2_sid_to_id(struct idmap_domain *dom, struct id_map *ma
 	if (sscanf((const char *)data.dptr, "UID %lu", &rec_id) == 1) { /* Try a UID record. */
 		map->xid.id = rec_id;
 		map->xid.type = ID_TYPE_UID;
-		DEBUG(10,("Found uid record %s -> %s \n", keystr, (const char *)data.dptr ));
+		DBG_DEBUG("Found uid record %s -> %s \n",
+			  keystr.buf,
+			  (const char *)data.dptr );
 		ret = NT_STATUS_OK;
 
 	} else if (sscanf((const char *)data.dptr, "GID %lu", &rec_id) == 1) { /* Try a GID record. */
 		map->xid.id = rec_id;
 		map->xid.type = ID_TYPE_GID;
-		DEBUG(10,("Found gid record %s -> %s \n", keystr, (const char *)data.dptr ));
+		DBG_DEBUG("Found gid record %s -> %s \n",
+			  keystr.buf,
+			  (const char *)data.dptr );
 		ret = NT_STATUS_OK;
 
 	} else { /* Unknown record type ! */
-		DEBUG(2, ("Found INVALID record %s -> %s\n", keystr, (const char *)data.dptr));
+		DBG_WARNING("Found INVALID record %s -> %s\n",
+			    keystr.buf,
+			    (const char *)data.dptr);
 		ret = NT_STATUS_INTERNAL_DB_ERROR;
 		goto done;
 	}
diff --git a/source3/winbindd/idmap_tdb_common.c b/source3/winbindd/idmap_tdb_common.c
index ceb663c0ddd..e130be08245 100644
--- a/source3/winbindd/idmap_tdb_common.c
+++ b/source3/winbindd/idmap_tdb_common.c
@@ -221,7 +221,7 @@ NTSTATUS idmap_tdb_common_set_mapping(struct idmap_domain * dom,
 	struct idmap_tdb_common_context *ctx;
 	struct idmap_tdb_common_set_mapping_context state;
 	NTSTATUS ret;
-	char *ksidstr = NULL;
+	struct dom_sid_buf ksidstr;
 	char *kidstr = NULL;
 
 	if (!map || !map->sid) {
@@ -257,21 +257,13 @@ NTSTATUS idmap_tdb_common_set_mapping(struct idmap_domain * dom,
 		goto done;
 	}
 
-	ksidstr = sid_string_talloc(ctx, map->sid);
-	if (ksidstr == NULL) {
-		DEBUG(0, ("Out of memory!\n"));
-		ret = NT_STATUS_NO_MEMORY;
-		goto done;
-	}
-
-	state.ksidstr = ksidstr;
+	state.ksidstr = dom_sid_str_buf(map->sid, &ksidstr);
 	state.kidstr = kidstr;
 
 	ret = dbwrap_trans_do(ctx->db, idmap_tdb_common_set_mapping_action,
 			      &state);
 
       done:
-	talloc_free(ksidstr);
 	talloc_free(kidstr);
 	return ret;
 }
@@ -455,7 +447,7 @@ NTSTATUS idmap_tdb_common_sid_to_unixid(struct idmap_domain * dom,
 {
 	NTSTATUS ret;
 	TDB_DATA data;
-	char *keystr;
+	struct dom_sid_buf keystr;
 	unsigned long rec_id = 0;
 	struct idmap_tdb_common_context *ctx;
 	TALLOC_CTX *tmp_ctx = talloc_stackframe();
@@ -469,19 +461,14 @@ NTSTATUS idmap_tdb_common_sid_to_unixid(struct idmap_domain * dom,
 	    talloc_get_type_abort(dom->private_data,
 				  struct idmap_tdb_common_context);
 
-	keystr = sid_string_talloc(tmp_ctx, map->sid);
-	if (keystr == NULL) {
-		DEBUG(0, ("Out of memory!\n"));
-		ret = NT_STATUS_NO_MEMORY;
-		goto done;
-	}
+	dom_sid_str_buf(map->sid, &keystr);
 
-	DEBUG(10, ("Fetching record %s\n", keystr));
+	DEBUG(10, ("Fetching record %s\n", keystr.buf));
 
 	/* Check if sid is present in database */
-	ret = dbwrap_fetch_bystring(ctx->db, tmp_ctx, keystr, &data);
+	ret = dbwrap_fetch_bystring(ctx->db, tmp_ctx, keystr.buf, &data);
 	if (!NT_STATUS_IS_OK(ret)) {
-		DEBUG(10, ("Record %s not found\n", keystr));
+		DEBUG(10, ("Record %s not found\n", keystr.buf));
 		ret = NT_STATUS_NONE_MAPPED;
 		goto done;
 	}
@@ -492,7 +479,7 @@ NTSTATUS idmap_tdb_common_sid_to_unixid(struct idmap_domain * dom,
 		map->xid.id = rec_id;
 		map->xid.type = ID_TYPE_UID;
 		DEBUG(10,
-		      ("Found uid record %s -> %s \n", keystr,
+		      ("Found uid record %s -> %s \n", keystr.buf,
 		       (const char *)data.dptr));
 		ret = NT_STATUS_OK;
 
@@ -501,13 +488,13 @@ NTSTATUS idmap_tdb_common_sid_to_unixid(struct idmap_domain * dom,
 		map->xid.id = rec_id;
 		map->xid.type = ID_TYPE_GID;
 		DEBUG(10,
-		      ("Found gid record %s -> %s \n", keystr,
+		      ("Found gid record %s -> %s \n", keystr.buf,
 		       (const char *)data.dptr));
 		ret = NT_STATUS_OK;
 
 	} else {		/* Unknown record type ! */
 		DEBUG(2,
-		      ("Found INVALID record %s -> %s\n", keystr,
+		      ("Found INVALID record %s -> %s\n", keystr.buf,
 		       (const char *)data.dptr));
 		ret = NT_STATUS_INTERNAL_DB_ERROR;
 		goto done;
diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c
index df817126447..cc0701e597a 100644
--- a/source3/winbindd/winbindd_misc.c
+++ b/source3/winbindd/winbindd_misc.c
@@ -230,6 +230,7 @@ bool winbindd_list_trusted_domains(struct winbindd_cli_state *state)
 		bool is_online = true;		
 		struct winbindd_tdc_domain *d = NULL;
 		char *trust_type = NULL;
+		struct dom_sid_buf buf;
 
 		d = &dom_list[i];
 		domain = find_domain_from_name_noinit(d->domain_name);
@@ -247,7 +248,7 @@ bool winbindd_list_trusted_domains(struct winbindd_cli_state *state)
 			"%s\\%s\\%s\\%s\\%s\\%s\\%s\\%s\n",
 			d->domain_name,
 			d->dns_name ? d->dns_name : "",
-			sid_string_talloc(state->mem_ctx, &d->sid),
+			dom_sid_str_buf(&d->sid, &buf),
 			trust_type,
 			trust_is_transitive(d) ? "Yes" : "No",
 			trust_is_inbound(d) ? "Yes" : "No",
@@ -300,6 +301,7 @@ enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *
 	extra_data = talloc_strdup(state->mem_ctx, "");
 
 	for (i=0; i<trusts.count; i++) {
+		struct dom_sid_buf buf;
 
 		if (trusts.array[i].sid == NULL) {
 			continue;
@@ -311,7 +313,7 @@ enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *
 		extra_data = talloc_asprintf_append_buffer(
 		    extra_data, "%s\\%s\\%s\\%u\\%u\\%u\n",
 		    trusts.array[i].netbios_name, trusts.array[i].dns_name,
-		    sid_string_talloc(state->mem_ctx, trusts.array[i].sid),
+		    dom_sid_str_buf(trusts.array[i].sid, &buf),
 		    trusts.array[i].trust_flags,
 		    (uint32_t)trusts.array[i].trust_type,
 		    trusts.array[i].trust_attributes);
@@ -327,12 +329,13 @@ enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *
 	}
 
 	if (state->request->data.list_all_domains && !have_own_domain) {
+		struct dom_sid_buf buf;
 		extra_data = talloc_asprintf_append_buffer(
 			extra_data, "%s\\%s\\%s\n", domain->name,
 			domain->alt_name != NULL ?
 				domain->alt_name :
 				domain->name,
-			sid_string_talloc(state->mem_ctx, &domain->sid));
+			dom_sid_str_buf(&domain->sid, &buf));
 	}
 
 	extra_data_len = strlen(extra_data);