Make sure that we only propogate the INHERITED flag when we are allowed to.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Fix bug #9747 - When creating a directory Samba allows inherited bit to slip
through.

Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Tue Apr  2 23:07:34 CEST 2013 on sn-devel-104

diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c
index d2c58334927592becd7524c6f73724f84452b817..10d068c3439f4a8171846ab8a3afd680a2d493ff 100644 (file)
--- a/libcli/security/secdesc.c
+++ b/libcli/security/secdesc.c
@@ -614,7 +614,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
                if (!container) {
                        new_flags = 0;
                } else {
-                       new_flags &= ~SEC_ACE_FLAG_INHERIT_ONLY;
+                       new_flags &= ~(SEC_ACE_FLAG_INHERIT_ONLY 
+                                       | SEC_ACE_FLAG_INHERITED_ACE);
 
                        if (!(new_flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) {
                                new_flags |= SEC_ACE_FLAG_INHERIT_ONLY;