From d20c46a520a7e39dd87476cd81edab56b5543892 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 11 Dec 2012 03:17:42 +0100
Subject: libcli/security: calculate the correct inherited_object GUID

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
---
 libcli/security/create_descriptor.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'libcli/security')

diff --git a/libcli/security/create_descriptor.c b/libcli/security/create_descriptor.c
index 1456d84e57..42ca1a7ecc 100644
--- a/libcli/security/create_descriptor.c
+++ b/libcli/security/create_descriptor.c
@@ -186,7 +186,13 @@ static struct security_acl *calculate_inherited_from_parent(TALLOC_CTX *mem_ctx,
 
 			if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
 			    ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) {
-				if (!object_in_list(object_list, &ace->object.object.type.type)) {
+				struct GUID inherited_object = GUID_zero();
+
+				if (ace->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
+					inherited_object = ace->object.object.inherited_type.inherited_type;
+				}
+
+				if (!object_in_list(object_list, &inherited_object)) {
 					tmp_acl->aces[tmp_acl->num_aces].flags |= SEC_ACE_FLAG_INHERIT_ONLY;
 				}
 
-- 
cgit