s3: vfs_fruit. If the security descriptor was modified, ensure we set the flags corre...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 4f383bc990d45d02ae103f413e2bb8dc558773bc..8909bcc7c3797801726ca9f7acfd0632844adeb2 100644 (file)
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -5776,6 +5776,11 @@ static NTSTATUS fruit_fset_nt_acl(vfs_handle_struct *handle,
        mode_t ms_nfs_mode = 0;
        int result;
        struct security_descriptor *psd = NULL;
+       uint32_t orig_num_aces = 0;
+
+       if (orig_psd->dacl != NULL) {
+               orig_num_aces = orig_psd->dacl->num_aces;
+       }
 
        psd = security_descriptor_copy(talloc_tos(), orig_psd);
        if (psd == NULL) {
@@ -5791,6 +5796,22 @@ static NTSTATUS fruit_fset_nt_acl(vfs_handle_struct *handle,
                return status;
        }
 
+       /*
+        * If only ms_nfs ACE entries were sent, ensure we set the DACL
+        * sent/present flags correctly now we've removed them.
+        */
+
+       if (orig_num_aces != 0) {
+               /*
+                * Are there any ACE's left ?
+                */
+               if (psd->dacl->num_aces == 0) {
+                       /* No - clear the DACL sent/present flags. */
+                       security_info_sent &= ~SECINFO_DACL;
+                       psd->type &= ~SEC_DESC_DACL_PRESENT;
+               }
+       }
+
        status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(1, ("fruit_fset_nt_acl: SMB_VFS_NEXT_FSET_NT_ACL failed%s\n", fsp_str_dbg(fsp)));