From: Noel Power <noel.power@suse.com>
Date: Fri, 26 Aug 2022 13:17:07 +0000 (+0100)
Subject: s3/utils: ensure sddl_encode/sddl_decode both use domain_sid
X-Git-Tag: talloc-2.4.2~772
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8ead28b26b8a83018448a81d52e5a8e7117b7673;p=thirdparty%2Fsamba.git

s3/utils: ensure sddl_encode/sddl_decode both use domain_sid

prior to this patch sddl_decode get_global_sam_sid was using
'get_global_sam_sid()' but the reciprocal call to sddl_encode uses
'get_domain_sid()' using the domain_sid (instead of local machine sid)
is 'correct'

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 03866d56267..a9d01a1fd9e 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -678,7 +678,7 @@ static int cacl_set(struct cli_state *cli, const char *filename,
 	struct security_descriptor *sd = NULL;
 
 	if (sddl) {
-		sd = sddl_decode(talloc_tos(), the_acl, get_global_sam_sid());
+		sd = sddl_decode(talloc_tos(), the_acl, get_domain_sid(cli));
 	} else {
 		sd = sec_desc_parse(talloc_tos(), cli, the_acl);
 	}
@@ -1100,7 +1100,7 @@ static NTSTATUS prepare_inheritance_propagation(TALLOC_CTX *ctx, char *filename,
 	/* parse acl passed on the command line */
 	if (sddl) {
 		cbstate->aclsd = sddl_decode(ctx, the_acl,
-					     get_global_sam_sid());
+					     get_domain_sid(cli));
 	} else {
 		cbstate->aclsd = sec_desc_parse(ctx, cli, the_acl);
 	}