Revert "TODO: SEC_DEFAULT_DESCRIPTOR..." breaks provision... ntacl...

This reverts commit 1955c58f096f7bb92f4aa7d244afe1d59381639a.

diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index ed33aa1c94b1f87290d597ff855d7a49958b37fc..0a262885d8c4030ef2eba8a0286eceded8f10444 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -229,7 +229,6 @@ static DATA_BLOB *get_new_descriptor(struct ldb_module *module,
        char *sddl_sd;
        struct dom_sid *default_owner;
        struct dom_sid *default_group;
-       uint32_t inherit_flags = SEC_DACL_AUTO_INHERIT|SEC_SACL_AUTO_INHERIT;
 
        if (object) {
                user_descriptor = talloc(mem_ctx, struct security_descriptor);
@@ -245,8 +244,6 @@ static DATA_BLOB *get_new_descriptor(struct ldb_module *module,
                        return NULL;
                }
        } else {
-               inherit_flags |= SEC_DEFAULT_DESCRIPTOR;
-
                user_descriptor = get_sd_unpacked(module, mem_ctx, objectclass);
        }
 
@@ -284,7 +281,7 @@ static DATA_BLOB *get_new_descriptor(struct ldb_module *module,
                                       session_info->security_token, ldb);
        default_group = get_default_group(mem_ctx, ldb, default_owner);
        new_sd = create_security_descriptor(mem_ctx, parent_descriptor, user_descriptor, true,
-                                           NULL, inherit_flags,
+                                           NULL, SEC_DACL_AUTO_INHERIT|SEC_SACL_AUTO_INHERIT,
                                            session_info->security_token,
                                            default_owner, default_group,
                                            map_generic_rights_ds);