smbcacls domain sid issue

[Björn Baumbach]

Hey,

I think I've detected a bug.

First of all I place a file "file" as Administator on a share which uses 
the acl_xattr vfs module.

# testparm -s --section-name=xattr
[xattr]
         path = /share
         printing = cups
         read only = No
         vfs objects = acl_xattr

The ACLs looks like this:
# samba-tool ntacl get file --as-sddl --service=xattr --use-ntvfs
O:LAG:DUD:(A;;0x001f01ff;;;LA)(A;;0x001200a9;;;DU)(A;;0x001200a9;;;WD)

When I now use the smbcacls tool to set the ACLs again:
# smbcacls --sddl 
-S="O:LAG:DUD:(A;;0x001f01ff;;;LA)(A;;0x001200a9;;;DU)(A;;0x001200a9;;;WD)" 
-UAdministrator%Passw0rd //dm3.temp.test/xattr

the SDDL ACL looks like this:
# samba-tool ntacl get file --as-sddl --service=xattr --use-ntvfs
O:S-1-5-21-3367907150-2849503042-2089288414-500G:S-1-5-21-3367907150-2849503042-2089288414-513D:(A;;0x001200a9;;;WD)(A;;0x001f01ff;;;S-1-5-21-3367907150-2849503042-2089288414-500)(A;;0x001200a9;;;S-1-5-21-3367907150-2849503042-2089288414-513)

Is seems that wrongly the local SID (instead of domain sid) is used here:
# net getdomainsid
SID for local machine DM3 is: S-1-5-21-3367907150-2849503042-2089288414
SID for domain TEMP is: S-1-5-21-4063336984-1021020757-935970304

What do you think? I'm not sure whats the source of the issue. I've 
verified that setting the ACL in the SDDL format via "samba-tool ntacl 
set ..." works fine, so it might be an issue with the smbcacls tool:

# samba-tool ntacl set 
'O:LAG:DUD:(A;;0x001f01ff;;;LA)(A;;0x001200a9;;;DU)(A;;0x001200a9;;;WD)' 
file --service=xattr

# samba-tool ntacl get file --as-sddl --service=xattr --use-ntvfs
O:LAG:DUD:(A;;0x001f01ff;;;LA)(A;;0x001200a9;;;DU)(A;;0x001200a9;;;WD)

Best regards,
Björn

-- 
SerNet GmbH - Bahnhofsallee 1b - 37081 Goettingen
phone: +49.551.370000.0 - web: https://sernet.com
http://www.sernet.com - mailto:contact at sernet.com
AG Goettingen HRB2816, CEO: J.Loxen, CFO: R. Jung
data privacy policy https://www.sernet.de/privacy