Fix bug #5052 - not work cancel inheritance on share. We were

using the parent security descriptor type and flags instead
of using the passed in SD.
Jeremy.
(This used to be commit 0d824d7188518aaa7b4e890885e6bc42e94397c5)

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 427cfc9a0d341524d179c5235e3ec800fe41e65e..7479aea0762d3144424d69306a6890698658bbe4 100644 (file)
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3398,10 +3398,17 @@ static NTSTATUS append_parent_acl(files_struct *fsp,
                        parent_name));
        }
 
-       parent_sd->dacl->aces = new_ace;
-       parent_sd->dacl->num_aces = i;
+       /* This sucks. psd should be const and we should
+        * be doing a deep-copy here. We're getting away
+        * with is as we know parent_sd is talloced off
+        * talloc_tos() as well as psd. JRA. */
 
-       *pp_new_sd = parent_sd;
+       psd->dacl->aces = new_ace;
+       psd->dacl->num_aces = i;
+       psd->type &= ~(SE_DESC_DACL_AUTO_INHERITED|
+                         SE_DESC_DACL_AUTO_INHERIT_REQ);
+
+       *pp_new_sd = psd;
        return status;
 }