From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 1 Dec 2012 16:25:44 +0000 (+0100)
Subject: generic mapping inherit
X-Git-Url: http://git.samba.org/?p=metze%2Fsamba%2Fwip.git;a=commitdiff_plain;h=fdc654b76370103bf978dc989c625784c9009a77

generic mapping inherit
---

diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 936ffca242e6..7f50d464da95 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -73,6 +73,9 @@ void security_acl_map_generic(struct security_acl *sa,
 	}
 
 	for (i = 0; i < sa->num_aces; i++) {
+		if (sa->aces[i].flags & SEC_ACE_FLAG_INHERIT_ONLY) {
+			continue;
+		}
 		se_map_generic(&sa->aces[i].access_mask, mapping);
 	}
 }
diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c
index d2c583349275..67b9893fd6c2 100644
--- a/libcli/security/secdesc.c
+++ b/libcli/security/secdesc.c
@@ -624,6 +624,11 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
 			}
 		}
 
+		if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
+			creator = &ace->trustee;
+			ptrustee = &ace->trustee;
+		}
+
 		/* The CREATOR sids are special when inherited */
 		if (dom_sid_equal(ptrustee, &global_sid_Creator_Owner)) {
 			creator = &global_sid_Creator_Owner;
@@ -725,6 +730,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
 		}
 	}
 
+	security_acl_map_generic(new_dacl, &file_generic_mapping);
+
 	*ppsd = make_sec_desc(ctx,
 			SECURITY_DESCRIPTOR_REVISION_1,
 			SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT|