diff options
| author | Richard Sharpe <realrichardsharpe@gmail.com> | 2013-04-02 06:48:03 -0700 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2013-04-02 20:05:13 +0200 |
| commit | 50e0060091e008ad93fcfbb68cbbb81da5dec067 (patch) | |
| tree | 11932bbaeae0644e8af8129ba3940272d481b5a0 | |
| parent | 5e9195756e7f0355a022b00f9d1cbfd8e761e006 (diff) | |
| download | samba-50e0060091e008ad93fcfbb68cbbb81da5dec067.tar.gz samba-50e0060091e008ad93fcfbb68cbbb81da5dec067.tar.bz2 samba-50e0060091e008ad93fcfbb68cbbb81da5dec067.zip | |
Add a comment about why we are removing the INHERITED bit so people understand.
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 2 20:05:13 CEST 2013 on sn-devel-104
| -rw-r--r-- | libcli/security/secdesc.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c index a7e99005eb..8570334f36 100644 --- a/libcli/security/secdesc.c +++ b/libcli/security/secdesc.c @@ -614,6 +614,15 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, if (!container) { new_flags = 0; } else { + /* + * We need to remove SEC_ACE_FLAG_INHERITED_ACE here + * if present because it should only be set if the + * parent has the AUTO_INHERITED bit set in the + * type/control field. If we don't it will slip through + * and create DACLs with incorrectly ordered ACEs + * when there are CREATOR_OWNER or CREATOR_GROUP + * ACEs. + */ new_flags &= ~(SEC_ACE_FLAG_INHERIT_ONLY | SEC_ACE_FLAG_INHERITED_ACE); |