diff options
author | Volker Lendecke <vl@samba.org> | 2015-09-01 08:41:04 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2015-09-03 12:14:12 +0200 |
commit | 0befbeb33bf3ebb189639598281e989178efbc4a (patch) | |
tree | d1dadc589ccbc6b4470866cfe1fcd29856b0070d | |
parent | c7d8aca2de88b72e69921558e5cf708177ecd5bc (diff) | |
download | samba-0befbeb33bf3ebb189639598281e989178efbc4a.tar.gz |
samr4: Use <SID=%s> in GetGroupsForUser
This way we avoid quoting problems in user's DNs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 1 23:49:14 CEST 2015 on sn-devel-104
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11488
(cherry picked from commit 841845dea35089a187fd1626c9752d708989ac7b)
Autobuild-User(v4-3-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-3-test): Thu Sep 3 12:14:12 CEST 2015 on sn-devel-104
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index d0c748e1848..9f3bd10f63b 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -3575,17 +3575,23 @@ static NTSTATUS dcesrv_samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, const char * const attrs[2] = { "objectSid", NULL }; struct samr_RidWithAttributeArray *array; int i, count; + char membersidstr[DOM_SID_STR_BUFLEN]; DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER); a_state = h->data; d_state = a_state->domain_state; + dom_sid_string_buf(a_state->account_sid, + membersidstr, sizeof(membersidstr)), + count = samdb_search_domain(a_state->sam_ctx, mem_ctx, d_state->domain_dn, &res, attrs, d_state->domain_sid, - "(&(member=%s)(|(grouptype=%d)(grouptype=%d))(objectclass=group))", - ldb_dn_get_linearized(a_state->account_dn), + "(&(member=<SID=%s>)" + "(|(grouptype=%d)(grouptype=%d))" + "(objectclass=group))", + membersidstr, GTYPE_SECURITY_UNIVERSAL_GROUP, GTYPE_SECURITY_GLOBAL_GROUP); if (count < 0) |