From 6e720ecd259742d274d6281088c5052070c955e6 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Mon, 13 Sep 2010 22:41:06 +0200 Subject: s4:SID handling - always encode the SID using "ldap_encode_ndr_dom_sid" for LDAP filters This makes also lookups through special backends as "samba3sam" work. --- source4/lib/policy/gp_ldap.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source4/lib/policy') diff --git a/source4/lib/policy/gp_ldap.c b/source4/lib/policy/gp_ldap.c index 87fde9dbd7..d612cf8769 100644 --- a/source4/lib/policy/gp_ldap.c +++ b/source4/lib/policy/gp_ldap.c @@ -28,6 +28,7 @@ #include "../librpc/gen_ndr/ndr_security.h" #include "../libcli/security/dom_sid.h" #include "libcli/security/security.h" +#include "libcli/ldap/ldap_ndr.h" #include "../lib/talloc/talloc.h" #include "lib/policy/policy.h" @@ -425,7 +426,7 @@ NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, c TALLOC_CTX *mem_ctx; const char **gpos; struct ldb_result *result; - const char *sid; + char *sid; struct ldb_dn *dn; struct ldb_message_element *element; bool inherit; @@ -443,7 +444,9 @@ NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, c mem_ctx = talloc_new(gp_ctx); NT_STATUS_HAVE_NO_MEMORY(mem_ctx); - sid = dom_sid_string(mem_ctx, &token->sids[PRIMARY_USER_SID_INDEX]); + sid = ldap_encode_ndr_dom_sid(mem_ctx, + &token->sids[PRIMARY_USER_SID_INDEX]); + NT_STATUS_HAVE_NO_MEMORY(sid); /* Find the user DN and objectclass via the sid from the security token */ rv = ldb_search(gp_ctx->ldb_ctx, -- cgit