diff options
Diffstat (limited to 'source3/lib/secdesc.c')
-rw-r--r-- | source3/lib/secdesc.c | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index 1da2b3ec93..df85336603 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -529,7 +529,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, /* First add the regular ACE entry. */ init_sec_ace(new_ace, ptrustee, ace->type, - ace->access_mask, SEC_ACE_FLAG_INHERITED_ACE); + ace->access_mask, 0); DEBUG(5,("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x" " inherited as %s:%d/0x%02x/0x%08x\n", @@ -546,10 +546,13 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, ptrustee = creator; new_flags |= SEC_ACE_FLAG_INHERIT_ONLY; + } else if (container && + !(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) { + ptrustee = &ace->trustee; } init_sec_ace(new_ace, ptrustee, ace->type, - ace->access_mask, new_flags | SEC_ACE_FLAG_INHERITED_ACE); + ace->access_mask, new_flags); DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x " " inherited as %s:%d/0x%02x/0x%08x\n", @@ -563,19 +566,20 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, } /* Create child security descriptor to return */ - - new_dacl = make_sec_acl(ctx, - ACL_REVISION, + if (new_ace_list_ndx) { + new_dacl = make_sec_acl(ctx, + NT4_ACL_REVISION, new_ace_list_ndx, new_ace_list); - if (!new_dacl) { - return NT_STATUS_NO_MEMORY; + if (!new_dacl) { + return NT_STATUS_NO_MEMORY; + } } + *ppsd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, - SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT| - SEC_DESC_DACL_DEFAULTED, + SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, owner_sid, group_sid, NULL, |