From e754ec1d8a52ac717d0d511b28c8556d43eb2f86 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 15 Jan 2007 10:10:15 +0000 Subject: r20799: if any ace has the optional sub object, the acl revision needs to be SECURITY_ACL_REVISION_ADS (4) metze (This used to be commit a67bb4365958f4bfadbf47b2231992e2aadd26a1) --- source4/libcli/security/sddl.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source4') diff --git a/source4/libcli/security/sddl.c b/source4/libcli/security/sddl.c index 423ccc92e9..2746ed8f81 100644 --- a/source4/libcli/security/sddl.c +++ b/source4/libcli/security/sddl.c @@ -312,6 +312,14 @@ static struct security_acl *sddl_decode_acl(struct security_descriptor *sd, talloc_free(acl); return NULL; } + switch (acl->aces[acl->num_aces].type) { + case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: + case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: + case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT: + case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT: + acl->revision = SECURITY_ACL_REVISION_ADS; + break; + } talloc_free(astr); sddl += len+2; acl->num_aces++; -- cgit