From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 30 Nov 2012 21:44:58 +0000 (+0100)
Subject: TODO breaks tests libcli/security: fix the CREATOR_OWNER order in calculate_inherited... 
X-Git-Url: http://git.samba.org/?p=metze%2Fsamba%2Fwip.git;a=commitdiff_plain;h=23df7d8583dd3edc4a293e79697ce6ef1e17902d

TODO breaks tests libcli/security: fix the CREATOR_OWNER order in calculate_inherited_from_parent()

The inherited object/container specific CREATOR_OWNER ace should be inserted
before the generic CREATOR_OWNER ace.

This also matches the behavior of a Windows (2008R2) DC
for active directory SDs and also matches the logic for filesystem SDs,
see se_create_child_secdesc().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/libcli/security/create_descriptor.c b/libcli/security/create_descriptor.c
index ef60d847033f..c138ae985f40 100644
--- a/libcli/security/create_descriptor.c
+++ b/libcli/security/create_descriptor.c
@@ -215,10 +215,10 @@ static struct security_acl *calculate_inherited_from_parent(TALLOC_CTX *mem_ctx,
 						    return NULL;
 					    }
 					    tmp_acl->aces[tmp_acl->num_aces] = *ace;
-					    desc_expand_generic(&tmp_acl->aces[tmp_acl->num_aces],
+					    desc_expand_generic(&tmp_acl->aces[tmp_acl->num_aces-1],
 								owner,
 								group);
-					    tmp_acl->aces[tmp_acl->num_aces].flags = SEC_ACE_FLAG_INHERITED_ACE;
+					    tmp_acl->aces[tmp_acl->num_aces-1].flags = SEC_ACE_FLAG_INHERITED_ACE;
 					    tmp_acl->num_aces++;
 				}
 			}