python: Do not interpret 16 character group names as GUIDs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15854

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Baumbach <bb@samba.org>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Mon Jun 16 22:22:27 UTC 2025 on atb-devel-224

Author: douglasbagnall

python/samba/samdb.py

@@ -35,6 +35,7 @@
 from samba.common import get_bytes, cmp
 from samba.dcerpc import security
 from samba import is_ad_dc_built
+from samba import string_is_guid
 from samba import NTSTATUSError, ntstatus
 import binascii
 
@@ -388,6 +389,13 @@ def add_remove_group_members(self, group, members,
 
         partial_groupfilter = None
 
+        # If <group> looks like a SID, GUID, or DN, we use it
+        # accordingly, otherwise as a name.
+        #
+        # Because misc.GUID() will read any 16 byte sequence as a
+        # binary guid, we need to be careful not to read 16 character
+        # names as GUIDs.
+
         group_sid = None
         try:
             group_sid = security.dom_sid(group)
@@ -397,7 +405,7 @@ def add_remove_group_members(self, group, members,
             partial_groupfilter = "(objectClass=*)"
 
         group_guid = None
-        if partial_groupfilter is None:
+        if partial_groupfilter is None and string_is_guid(group):
             try:
                 group_guid = misc.GUID(group)
             except NTSTATUSError as e: