4 files changed, 15 insertions, 11 deletions

diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index 9d54622758..d314d06d71 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -38,7 +38,6 @@
 #define SEC_RIGHTS_FULL_CONTROL   0x000f003f
 #define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000
 
-
 #define SEC_ACE_TYPE_ACCESS_ALLOWED	0x0
 #define SEC_ACE_TYPE_ACCESS_DENIED	0x1
 #define SEC_ACE_TYPE_SYSTEM_AUDIT	0x2
@@ -102,10 +101,12 @@ typedef struct security_ace_info
 
 #define MAX_SEC_ACES 16
 
+#define ACL_REVISION 0x3
+
 /* SEC_ACL */
 typedef struct security_acl_info
 {
-	uint16 revision; /* 0x0002 */
+	uint16 revision; /* 0x0003 */
 	uint16 size; /* size in bytes of the entire ACL structure */
 	uint32 num_aces; /* number of Access Control Entries */
 
@@ -113,6 +114,7 @@ typedef struct security_acl_info
 
 } SEC_ACL;
 
+#define SEC_DESC_REVISION 0x1
 
 /* SEC_DESC */
 typedef struct security_descriptor_info
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 991f66a8ac..f9365b481d 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -1493,20 +1493,22 @@ uint32 nt_printing_setsec(char *printername, SEC_DESC_BUF *secdesc_ctr)
 static SEC_DESC_BUF *construct_default_printer_sdb(void)
 {
 	extern DOM_SID global_sid_World; 
-	SEC_ACE ace;
+	SEC_ACE ace[2];
 	SEC_ACCESS sa;
 	SEC_ACL *psa = NULL;
 	SEC_DESC_BUF *sdb = NULL;
 	SEC_DESC *psd = NULL;
 	size_t sd_size;
 
-	init_sec_access(&sa,PRINTER_ALL_ACCESS);
-	init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
+	init_sec_access(&sa,PRINTER_MANAGE_DOCUMENTS);
+	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
+					sa, SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_INHERIT_ONLY);
+	init_sec_ace(&ace[1], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
+					sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
 
-	if ((psa = make_sec_acl( 3, 1, &ace)) != NULL) {
-		psd = make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
-									&global_sid_World, &global_sid_World,
-									NULL, psa, &sd_size);
+	if ((psa = make_sec_acl( ACL_REVISION, 2, &ace)) != NULL) {
+		psd = make_sec_desc(SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
+									&global_sid_World, &global_sid_World, NULL, psa, &sd_size);
 		free_sec_acl(&psa);
 	}
 
diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c
index 25450e0b19..4a7db6d7c2 100644
--- a/source3/rpc_parse/parse_sec.c
+++ b/source3/rpc_parse/parse_sec.c
@@ -411,7 +411,7 @@ void free_sec_desc(SEC_DESC **ppsd)
 SEC_DESC *make_standard_sec_desc(DOM_SID *owner_sid, DOM_SID *grp_sid,
 				 SEC_ACL *dacl, size_t *sd_size)
 {
-	return make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
+	return make_sec_desc(SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
 			     owner_sid, grp_sid, NULL, dacl, sd_size);
 }
 
diff --git a/source3/smbd/unix_acls.c b/source3/smbd/unix_acls.c
index 40bb281c74..7a2dc6ab6e 100644
--- a/source3/smbd/unix_acls.c
+++ b/source3/smbd/unix_acls.c
@@ -423,7 +423,7 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
     }
 
     if(num_acls)
-      if((psa = make_sec_acl( 3, num_acls, ace_list)) == NULL) {
+      if((psa = make_sec_acl( ACL_REVISION, num_acls, ace_list)) == NULL) {
         DEBUG(0,("get_nt_acl: Unable to malloc space for acl.\n"));
         return 0;
       }