Fix bug #7812 - vfs_acl_xattr/vfs_acl_tdb: ACL inheritance cannot be disabled

We were losing the incoming security descriptor revision number and
most importantly the "type" field as sent by the client. Ensure we
correctly store these in the xattr object.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 24 00:18:57 CET 2010 on sn-devel-104

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 5fbf686e6b7dffb9b22cb31c234c8adeee98b069..3296ddc55ce3571ae807b816310fc9b5a0a08861 100644 (file)
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -726,6 +726,10 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
                return status;
        }
 
+       psd->revision = orig_psd->revision;
+       /* All our SD's are self relative. */
+       psd->type = orig_psd->type | SEC_DESC_SELF_RELATIVE;
+
        if ((security_info_sent & SECINFO_OWNER) && (orig_psd->owner_sid != NULL)) {
                psd->owner_sid = orig_psd->owner_sid;
        }
@@ -734,9 +738,11 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
        }
        if (security_info_sent & SECINFO_DACL) {
                psd->dacl = orig_psd->dacl;
+               psd->type |= SEC_DESC_DACL_PRESENT;
        }
        if (security_info_sent & SECINFO_SACL) {
                psd->sacl = orig_psd->sacl;
+               psd->type |= SEC_DESC_SACL_PRESENT;
        }
 
        status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);