Fix bug #7812 - vfs_acl_xattr/vfs_acl_tdb: ACL inheritance cannot be disabled

We were losing the incoming security descriptor revision number and
most importantly the "type" field as sent by the client. Ensure we
correctly store these in the xattr object.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 24 00:18:57 CET 2010 on sn-devel-104

1 files changed, 6 insertions, 0 deletions

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 5fbf686e6b..3296ddc55c 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -726,6 +726,10 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
 		return status;
 	}
 
+	psd->revision = orig_psd->revision;
+	/* All our SD's are self relative. */
+	psd->type = orig_psd->type | SEC_DESC_SELF_RELATIVE;
+
 	if ((security_info_sent & SECINFO_OWNER) && (orig_psd->owner_sid != NULL)) {
 		psd->owner_sid = orig_psd->owner_sid;
 	}
@@ -734,9 +738,11 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
 	}
 	if (security_info_sent & SECINFO_DACL) {
 		psd->dacl = orig_psd->dacl;
+		psd->type |= SEC_DESC_DACL_PRESENT;
 	}
 	if (security_info_sent & SECINFO_SACL) {
 		psd->sacl = orig_psd->sacl;
+		psd->type |= SEC_DESC_SACL_PRESENT;
 	}
 
 	status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);