1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

Add a comment about why we are removing the INHERITED bit so people understand.

Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr  2 20:05:13 CEST 2013 on sn-devel-104
This commit is contained in:
Richard Sharpe 2013-04-02 06:48:03 -07:00 committed by Andreas Schneider
parent 5e9195756e
commit 50e0060091

View File

@ -614,6 +614,15 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
if (!container) {
new_flags = 0;
} else {
/*
* We need to remove SEC_ACE_FLAG_INHERITED_ACE here
* if present because it should only be set if the
* parent has the AUTO_INHERITED bit set in the
* type/control field. If we don't it will slip through
* and create DACLs with incorrectly ordered ACEs
* when there are CREATOR_OWNER or CREATOR_GROUP
* ACEs.
*/
new_flags &= ~(SEC_ACE_FLAG_INHERIT_ONLY
| SEC_ACE_FLAG_INHERITED_ACE);