diff options
Diffstat (limited to 'libcli/security/secdesc.c')
-rw-r--r-- | libcli/security/secdesc.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c index 84128e4acd..a3db1b6729 100644 --- a/libcli/security/secdesc.c +++ b/libcli/security/secdesc.c @@ -571,6 +571,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, struct security_acl *new_dacl = NULL, *the_acl = NULL; struct security_ace *new_ace_list = NULL; unsigned int new_ace_list_ndx = 0, i; + bool set_inherited_flags = (parent_ctr->type & SEC_DESC_DACL_AUTO_INHERITED); TALLOC_CTX *frame; @@ -637,7 +638,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, /* First add the regular ACE entry. */ init_sec_ace(new_ace, ptrustee, ace->type, - ace->access_mask, 0); + ace->access_mask, + set_inherited_flags ? SEC_ACE_FLAG_INHERITED_ACE : 0); DEBUG(5,("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x" " inherited as %s:%d/0x%02x/0x%08x\n", @@ -661,7 +663,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, } init_sec_ace(new_ace, ptrustee, ace->type, - ace->access_mask, new_flags); + ace->access_mask, new_flags | + (set_inherited_flags ? SEC_ACE_FLAG_INHERITED_ACE : 0)); DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x " " inherited as %s:%d/0x%02x/0x%08x\n", @@ -690,7 +693,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, *ppsd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, - SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, + SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT| + (set_inherited_flags ? SEC_DESC_DACL_AUTO_INHERITED : 0), owner_sid, group_sid, NULL, |