samba-tool: gpo: Fix creation of filesystem ACL from directory ACL

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Jun 21 03:25:57 CEST 2012 on sn-devel-104

diff --git a/source4/scripting/python/samba/netcmd/gpo.py b/source4/scripting/python/samba/netcmd/gpo.py
index 82ea3db8b9a36fc0a3e9293cbcd2a87bfc7a4ecd..88c76227b2971f0d7ec375f57612b1d11624ff33 100644 (file)
--- a/source4/scripting/python/samba/netcmd/gpo.py
+++ b/source4/scripting/python/samba/netcmd/gpo.py
@@ -910,10 +910,16 @@ class cmd_create(Command):
             ds_sd = ndr_unpack(security.descriptor, ds_sd_ndr).as_sddl()
 
             # Create a file system security descriptor
-            fs_sd = security.descriptor(dsacl2fsacl(ds_sd, self.samdb.get_domain_sid()))
+            domain_sid = self.samdb.get_domain_sid()
+            sddl = dsacl2fsacl(ds_sd, domain_sid)
+            fs_sd = security.descriptor.from_sddl(sddl, security.dom_sid(domain_sid))
 
             # Set ACL
-            conn.set_acl(sharepath, fs_sd)
+            sio = ( security.SECINFO_OWNER |
+                    security.SECINFO_GROUP |
+                    security.SECINFO_DACL |
+                    security.SECINFO_PROTECTED_DACL )
+            conn.set_acl(sharepath, fs_sd, sio)
         except:
             self.samdb.transaction_cancel()
             raise