summaryrefslogtreecommitdiff
path: root/libcli/security
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2012-08-29 13:44:57 -0700
committerJeremy Allison <jra@samba.org>2012-08-30 10:08:50 -0700
commitcf29863c69b36224564c27ef1610010b943857c0 (patch)
tree4e7ee2102808b408a47b94d8cb075f13653e38a7 /libcli/security
parent3d34406c7bd70576b1705e98b4b3901ac75537c9 (diff)
downloadsamba-cf29863c69b36224564c27ef1610010b943857c0.tar.gz
samba-cf29863c69b36224564c27ef1610010b943857c0.tar.bz2
samba-cf29863c69b36224564c27ef1610010b943857c0.zip
Fix bug #9124 - Samba fails to set "inherited" bit on inherited ACE's.
Change se_create_child_secdesc() to handle inheritance correctly.
Diffstat (limited to 'libcli/security')
-rw-r--r--libcli/security/secdesc.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c
index 84128e4acd..a3db1b6729 100644
--- a/libcli/security/secdesc.c
+++ b/libcli/security/secdesc.c
@@ -571,6 +571,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
struct security_acl *new_dacl = NULL, *the_acl = NULL;
struct security_ace *new_ace_list = NULL;
unsigned int new_ace_list_ndx = 0, i;
+ bool set_inherited_flags = (parent_ctr->type & SEC_DESC_DACL_AUTO_INHERITED);
TALLOC_CTX *frame;
@@ -637,7 +638,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
/* First add the regular ACE entry. */
init_sec_ace(new_ace, ptrustee, ace->type,
- ace->access_mask, 0);
+ ace->access_mask,
+ set_inherited_flags ? SEC_ACE_FLAG_INHERITED_ACE : 0);
DEBUG(5,("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x"
" inherited as %s:%d/0x%02x/0x%08x\n",
@@ -661,7 +663,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
}
init_sec_ace(new_ace, ptrustee, ace->type,
- ace->access_mask, new_flags);
+ ace->access_mask, new_flags |
+ (set_inherited_flags ? SEC_ACE_FLAG_INHERITED_ACE : 0));
DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
" inherited as %s:%d/0x%02x/0x%08x\n",
@@ -690,7 +693,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
*ppsd = make_sec_desc(ctx,
SECURITY_DESCRIPTOR_REVISION_1,
- SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
+ SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT|
+ (set_inherited_flags ? SEC_DESC_DACL_AUTO_INHERITED : 0),
owner_sid,
group_sid,
NULL,