From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Thu, 15 Dec 2022 23:45:29 +0000 (+1300)
Subject: s4-dsdb: Simplify search expression
X-Git-Tag: talloc-2.4.1~1656
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=24512accc7a2cca572ae834d54b8f4f6da5a2efe;p=thirdparty%2Fsamba.git

s4-dsdb: Simplify search expression

We want to find objects for which the groupType attribute has at least
one of GROUP_TYPE_ACCOUNT_GROUP and GROUP_TYPE_UNIVERSAL_GROUP set. For
this the OR comparator is perfectly suited. It produces a true result if
at least one set bit is shared between both operands.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index 16853fbf49d..f58aa688ba2 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -197,11 +197,9 @@ static int get_group_sids(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
 		filter = talloc_asprintf(mem_ctx,
 					 "(&(objectClass=group)"
 					 "(groupType:"LDB_OID_COMPARATOR_AND":=%u)"
-					 "(|(groupType:"LDB_OID_COMPARATOR_AND":=%u)"
-					 "(groupType:"LDB_OID_COMPARATOR_AND":=%u)))",
+					 "(groupType:"LDB_OID_COMPARATOR_OR":=%u))",
 					 GROUP_TYPE_SECURITY_ENABLED,
-					 GROUP_TYPE_ACCOUNT_GROUP,
-					 GROUP_TYPE_UNIVERSAL_GROUP);
+					 GROUP_TYPE_ACCOUNT_GROUP | GROUP_TYPE_UNIVERSAL_GROUP);
 		break;
 	case TOKEN_GROUPS_NO_GC_ACCEPTABLE:
 	case TOKEN_GROUPS: