samr4: Use <SID=%s> in GetGroupsForUser

This way we avoid quoting problems in user's DNs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep  1 23:49:14 CEST 2015 on sn-devel-104

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11488
(cherry picked from commit 841845dea35089a187fd1626c9752d708989ac7b)

Autobuild-User(v4-1-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-1-test): Tue Sep  8 21:05:56 CEST 2015 on sn-devel-104

1 files changed, 8 insertions, 2 deletions

diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 330e6fbccf6..7441274eee6 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -3572,17 +3572,23 @@ static NTSTATUS dcesrv_samr_GetGroupsForUser(struct dcesrv_call_state *dce_call,
 	const char * const attrs[2] = { "objectSid", NULL };
 	struct samr_RidWithAttributeArray *array;
 	int i, count;
+	char membersidstr[DOM_SID_STR_BUFLEN];
 
 	DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER);
 
 	a_state = h->data;
 	d_state = a_state->domain_state;
 
+	dom_sid_string_buf(a_state->account_sid,
+			   membersidstr, sizeof(membersidstr)),
+
 	count = samdb_search_domain(a_state->sam_ctx, mem_ctx,
 				    d_state->domain_dn, &res,
 				    attrs, d_state->domain_sid,
-				    "(&(member=%s)(|(grouptype=%d)(grouptype=%d))(objectclass=group))",
-				    ldb_dn_get_linearized(a_state->account_dn),
+				    "(&(member=<SID=%s>)"
+				     "(|(grouptype=%d)(grouptype=%d))"
+				     "(objectclass=group))",
+				    membersidstr,
 				    GTYPE_SECURITY_UNIVERSAL_GROUP,
 				    GTYPE_SECURITY_GLOBAL_GROUP);
 	if (count < 0)