From: Douglas Bagnall Date: Fri, 13 Jun 2025 00:29:02 +0000 (+1200) Subject: python: Do not interpret 16 character group names as GUIDs X-Git-Tag: tevent-0.17.0~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7c99658e22c6761ccf9abbdea588553a46af7453;p=thirdparty%2Fsamba.git python: Do not interpret 16 character group names as GUIDs BUG: https://bugzilla.samba.org/show_bug.cgi?id=15854 Signed-off-by: Douglas Bagnall Reviewed-by: Björn Baumbach Autobuild-User(master): Douglas Bagnall Autobuild-Date(master): Mon Jun 16 22:22:27 UTC 2025 on atb-devel-224 --- diff --git a/python/samba/samdb.py b/python/samba/samdb.py index ab3d40d70aa..6d1f3f0da3c 100644 --- a/python/samba/samdb.py +++ b/python/samba/samdb.py @@ -35,6 +35,7 @@ from samba.common import normalise_int32 from samba.common import get_bytes, cmp from samba.dcerpc import security from samba import is_ad_dc_built +from samba import string_is_guid from samba import NTSTATUSError, ntstatus import binascii @@ -388,6 +389,13 @@ lockoutTime: 0 partial_groupfilter = None + # If looks like a SID, GUID, or DN, we use it + # accordingly, otherwise as a name. + # + # Because misc.GUID() will read any 16 byte sequence as a + # binary guid, we need to be careful not to read 16 character + # names as GUIDs. + group_sid = None try: group_sid = security.dom_sid(group) @@ -397,7 +405,7 @@ lockoutTime: 0 partial_groupfilter = "(objectClass=*)" group_guid = None - if partial_groupfilter is None: + if partial_groupfilter is None and string_is_guid(group): try: group_guid = misc.GUID(group) except NTSTATUSError as e: diff --git a/selftest/knownfail.d/samba-tool-group-addmember b/selftest/knownfail.d/samba-tool-group-addmember deleted file mode 100644 index ddc6021a5ae..00000000000 --- a/selftest/knownfail.d/samba-tool-group-addmember +++ /dev/null @@ -1 +0,0 @@ -^samba.tests.samba_tool.group.+GroupCmdTestCase.test_addmember