Fix bug #7812 - vfs_acl_xattr/vfs_acl_tdb: ACL inheritance cannot be disabled

We were losing the incoming security descriptor revision number and
most importantly the "type" field as sent by the client. Ensure we
correctly store these in the xattr object.

Jeremy.

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index c91765caa5697f452dfc939aa1dc2a4a6c48269f..f1884f5a1070695ade7b1599e496b7c71470caf3 100644 (file)
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -723,6 +723,10 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
                return status;
        }
 
+       psd->revision = orig_psd->revision;
+       /* All our SD's are self relative. */
+       psd->type = orig_psd->type | SEC_DESC_SELF_RELATIVE;
+
        if ((security_info_sent & SECINFO_OWNER) && (orig_psd->owner_sid != NULL)) {
                psd->owner_sid = orig_psd->owner_sid;
        }
@@ -731,9 +735,11 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
        }
        if (security_info_sent & SECINFO_DACL) {
                psd->dacl = orig_psd->dacl;
+               psd->type |= SEC_DESC_DACL_PRESENT;
        }
        if (security_info_sent & SECINFO_SACL) {
                psd->sacl = orig_psd->sacl;
+               psd->type |= SEC_DESC_SACL_PRESENT;
        }
 
        status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);