diff options
author | Jeremy Allison <jra@samba.org> | 2012-08-29 13:44:57 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2012-08-30 10:08:50 -0700 |
commit | cf29863c69b36224564c27ef1610010b943857c0 (patch) | |
tree | 4e7ee2102808b408a47b94d8cb075f13653e38a7 /libcli/security | |
parent | 3d34406c7bd70576b1705e98b4b3901ac75537c9 (diff) | |
download | samba-cf29863c69b36224564c27ef1610010b943857c0.tar.gz samba-cf29863c69b36224564c27ef1610010b943857c0.tar.bz2 samba-cf29863c69b36224564c27ef1610010b943857c0.zip |
Fix bug #9124 - Samba fails to set "inherited" bit on inherited ACE's.
Change se_create_child_secdesc() to handle inheritance correctly.
Diffstat (limited to 'libcli/security')
-rw-r--r-- | libcli/security/secdesc.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c index 84128e4acd..a3db1b6729 100644 --- a/libcli/security/secdesc.c +++ b/libcli/security/secdesc.c @@ -571,6 +571,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, struct security_acl *new_dacl = NULL, *the_acl = NULL; struct security_ace *new_ace_list = NULL; unsigned int new_ace_list_ndx = 0, i; + bool set_inherited_flags = (parent_ctr->type & SEC_DESC_DACL_AUTO_INHERITED); TALLOC_CTX *frame; @@ -637,7 +638,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, /* First add the regular ACE entry. */ init_sec_ace(new_ace, ptrustee, ace->type, - ace->access_mask, 0); + ace->access_mask, + set_inherited_flags ? SEC_ACE_FLAG_INHERITED_ACE : 0); DEBUG(5,("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x" " inherited as %s:%d/0x%02x/0x%08x\n", @@ -661,7 +663,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, } init_sec_ace(new_ace, ptrustee, ace->type, - ace->access_mask, new_flags); + ace->access_mask, new_flags | + (set_inherited_flags ? SEC_ACE_FLAG_INHERITED_ACE : 0)); DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x " " inherited as %s:%d/0x%02x/0x%08x\n", @@ -690,7 +693,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, *ppsd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, - SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, + SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT| + (set_inherited_flags ? SEC_DESC_DACL_AUTO_INHERITED : 0), owner_sid, group_sid, NULL, |