From 1bb5d205ecc071a98ce5717e2e009fb1875aeae2 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 29 Aug 2012 16:55:21 -0700
Subject: [PATCH] Fix bug #9124 - Samba fails to set "inherited" bit on
 inherited ACE's.

Change se_create_child_secdesc() to handle inheritance correctly.
---
 source3/lib/secdesc.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index 007e097ec31..b7c9fc52936 100644
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -563,6 +563,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
 	struct security_acl *new_dacl = NULL, *the_acl = NULL;
 	struct security_ace *new_ace_list = NULL;
 	unsigned int new_ace_list_ndx = 0, i;
+	bool set_inherited_flags = (parent_ctr->type & SEC_DESC_DACL_AUTO_INHERITED);
 
 	*ppsd = NULL;
 	*psize = 0;
@@ -625,7 +626,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
 
 			/* First add the regular ACE entry. */
 			init_sec_ace(new_ace, ptrustee, ace->type,
-			     	ace->access_mask, 0);
+				ace->access_mask,
+				set_inherited_flags ? SEC_ACE_FLAG_INHERITED_ACE : 0);
 
 			DEBUG(5,("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x"
 				" inherited as %s:%d/0x%02x/0x%08x\n",
@@ -648,7 +650,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
 		}
 
 		init_sec_ace(new_ace, ptrustee, ace->type,
-			     ace->access_mask, new_flags);
+				ace->access_mask, new_flags |
+				(set_inherited_flags ? SEC_ACE_FLAG_INHERITED_ACE : 0));
 
 		DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
 			  " inherited as %s:%d/0x%02x/0x%08x\n",
@@ -675,7 +678,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
 
 	*ppsd = make_sec_desc(ctx,
 			SECURITY_DESCRIPTOR_REVISION_1,
-			SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
+			SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT|
+			(set_inherited_flags ? SEC_DESC_DACL_AUTO_INHERITED : 0),
 			owner_sid,
 			group_sid,
 			NULL,
-- 
2.11.4.GIT