diff options
author | Volker Lendecke <vl@samba.org> | 2015-09-01 08:41:04 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2015-09-08 21:05:56 +0200 |
commit | 18e3ebae79e4eea683d1ded5f42c2c82c1e37ec7 (patch) | |
tree | 8fcfd5e4caad2cf9bbb8c2d28b47b3c60f935a0d | |
parent | 64305df6c55b1f4092013b25a0be7f9d1d9a9e7d (diff) | |
download | samba-18e3ebae79e4eea683d1ded5f42c2c82c1e37ec7.tar.gz |
samr4: Use <SID=%s> in GetGroupsForUser
This way we avoid quoting problems in user's DNs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 1 23:49:14 CEST 2015 on sn-devel-104
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11488
(cherry picked from commit 841845dea35089a187fd1626c9752d708989ac7b)
Autobuild-User(v4-1-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-1-test): Tue Sep 8 21:05:56 CEST 2015 on sn-devel-104
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 330e6fbccf6..7441274eee6 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -3572,17 +3572,23 @@ static NTSTATUS dcesrv_samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, const char * const attrs[2] = { "objectSid", NULL }; struct samr_RidWithAttributeArray *array; int i, count; + char membersidstr[DOM_SID_STR_BUFLEN]; DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER); a_state = h->data; d_state = a_state->domain_state; + dom_sid_string_buf(a_state->account_sid, + membersidstr, sizeof(membersidstr)), + count = samdb_search_domain(a_state->sam_ctx, mem_ctx, d_state->domain_dn, &res, attrs, d_state->domain_sid, - "(&(member=%s)(|(grouptype=%d)(grouptype=%d))(objectclass=group))", - ldb_dn_get_linearized(a_state->account_dn), + "(&(member=<SID=%s>)" + "(|(grouptype=%d)(grouptype=%d))" + "(objectclass=group))", + membersidstr, GTYPE_SECURITY_UNIVERSAL_GROUP, GTYPE_SECURITY_GLOBAL_GROUP); if (count < 0) |