generic mapping inherit

diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 03a7dca4adf899d9e72c1d0c52645db32aa17989..5cf4fc7ca78476241210f21811529d00318eb458 100644 (file)
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -73,6 +73,9 @@ void security_acl_map_generic(struct security_acl *sa,
        }
 
        for (i = 0; i < sa->num_aces; i++) {
+               if (sa->aces[i].flags & SEC_ACE_FLAG_INHERIT_ONLY) {
+                       continue;
+               }
                se_map_generic(&sa->aces[i].access_mask, mapping);
        }
 }

diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c
index 53e0e023a7b9186aef87f84df821ed3e5a1bf085..9b59634e97c46443206261f285ce4a95a9827f10 100644 (file)
--- a/libcli/security/secdesc.c
+++ b/libcli/security/secdesc.c
@@ -522,6 +522,11 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
                        }
                }
 
+               if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
+                       creator = &ace->trustee;
+                       ptrustee = &ace->trustee;
+               }
+
                /* The CREATOR sids are special when inherited */
                if (dom_sid_equal(ptrustee, &global_sid_Creator_Owner)) {
                        creator = &global_sid_Creator_Owner;
@@ -623,6 +628,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
                }
        }
 
+       security_acl_map_generic(new_dacl, &file_generic_mapping);
+
        *ppsd = make_sec_desc(ctx,
                        SECURITY_DESCRIPTOR_REVISION_1,
                        SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT|