s3/utils: ensure sddl_encode/sddl_decode both use domain_sid

prior to this patch sddl_decode get_global_sam_sid was using
'get_global_sam_sid()' but the reciprocal call to sddl_encode uses
'get_domain_sid()' using the domain_sid (instead of local machine sid)
is 'correct'

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 03866d5626742ba4d62bd84705485599fbf96d31..a9d01a1fd9e160a3a2d275624653a794b4ccfe57 100644 (file)
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -678,7 +678,7 @@ static int cacl_set(struct cli_state *cli, const char *filename,
        struct security_descriptor *sd = NULL;
 
        if (sddl) {
-               sd = sddl_decode(talloc_tos(), the_acl, get_global_sam_sid());
+               sd = sddl_decode(talloc_tos(), the_acl, get_domain_sid(cli));
        } else {
                sd = sec_desc_parse(talloc_tos(), cli, the_acl);
        }
@@ -1100,7 +1100,7 @@ static NTSTATUS prepare_inheritance_propagation(TALLOC_CTX *ctx, char *filename,
        /* parse acl passed on the command line */
        if (sddl) {
                cbstate->aclsd = sddl_decode(ctx, the_acl,
-                                            get_global_sam_sid());
+                                            get_domain_sid(cli));
        } else {
                cbstate->aclsd = sec_desc_parse(ctx, cli, the_acl);
        }