git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 735ec75)
Fix bug #9124 - Samba fails to set "inherited" bit on inherited ACE's.
authorJeremy Allison <jra@samba.org>
Wed, 29 Aug 2012 23:55:21 +0000 (16:55 -0700)
committerKarolin Seeger <kseeger@samba.org>
Thu, 13 Sep 2012 09:19:50 +0000 (11:19 +0200)
Change se_create_child_secdesc() to handle inheritance correctly.
(cherry picked from commit 1bb5d205ecc071a98ce5717e2e009fb1875aeae2)

source3/lib/secdesc.c patch | blob | history

diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index 007e097ec31dd6fe357e40be6f682f06d2a43f94..b7c9fc52936e67dea9272911ae105d5cd88059b9 100644 (file)
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -563,6 +563,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
        struct security_acl *new_dacl = NULL, *the_acl = NULL;
        struct security_ace *new_ace_list = NULL;
        unsigned int new_ace_list_ndx = 0, i;
+       bool set_inherited_flags = (parent_ctr->type & SEC_DESC_DACL_AUTO_INHERITED);
 
        *ppsd = NULL;
        *psize = 0;
@@ -625,7 +626,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
 
                        /* First add the regular ACE entry. */
                        init_sec_ace(new_ace, ptrustee, ace->type,
-                               ace->access_mask, 0);
+                               ace->access_mask,
+                               set_inherited_flags ? SEC_ACE_FLAG_INHERITED_ACE : 0);
 
                        DEBUG(5,("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x"
                                " inherited as %s:%d/0x%02x/0x%08x\n",
@@ -648,7 +650,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
                }
 
                init_sec_ace(new_ace, ptrustee, ace->type,
-                            ace->access_mask, new_flags);
+                               ace->access_mask, new_flags |
+                               (set_inherited_flags ? SEC_ACE_FLAG_INHERITED_ACE : 0));
 
                DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
                          " inherited as %s:%d/0x%02x/0x%08x\n",
@@ -675,7 +678,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
 
        *ppsd = make_sec_desc(ctx,
                        SECURITY_DESCRIPTOR_REVISION_1,
-                       SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
+                       SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT|
+                       (set_inherited_flags ? SEC_DESC_DACL_AUTO_INHERITED : 0),
                        owner_sid,
                        group_sid,
                        NULL,
Samba Shared Repository