samr4: Use <SID=%s> in GetGroupsForUser

This way we avoid quoting problems in user's DNs Signed-off-by: Volker Lendecke <[email protected]> Reviewed-by: Jeremy Allison <[email protected]> Autobuild-User(master): Jeremy Allison <[email protected]> Autobuild-Date(master): Tue Sep 1 23:49:14 CEST 2015 on sn-devel-104
kamenim · Sep 1, 2015 · 841845d · 841845d
1 parent b3f906f
commit 841845d
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
@@ -3575,17 +3575,23 @@ static NTSTATUS dcesrv_samr_GetGroupsForUser(struct dcesrv_call_state *dce_call,
 	const char * const attrs[2] = { "objectSid", NULL };
 	struct samr_RidWithAttributeArray *array;
 	int i, count;
+	char membersidstr[DOM_SID_STR_BUFLEN];
 
 	DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER);
 
 	a_state = h->data;
 	d_state = a_state->domain_state;
 
+	dom_sid_string_buf(a_state->account_sid,
+			   membersidstr, sizeof(membersidstr)),
+
 	count = samdb_search_domain(a_state->sam_ctx, mem_ctx,
 				    d_state->domain_dn, &res,
 				    attrs, d_state->domain_sid,
-				    "(&(member=%s)(|(grouptype=%d)(grouptype=%d))(objectclass=group))",
-				    ldb_dn_get_linearized(a_state->account_dn),
+				    "(&(member=<SID=%s>)"
+				     "(|(grouptype=%d)(grouptype=%d))"
+				     "(objectclass=group))",
+				    membersidstr,
 				    GTYPE_SECURITY_UNIVERSAL_GROUP,
 				    GTYPE_SECURITY_GLOBAL_GROUP);
 	if (count < 0)