libcli/security: calculate the correct inherited_object GUID

[kai/samba.git] / libcli / security / create_descriptor.c

diff --git a/libcli/security/create_descriptor.c b/libcli/security/create_descriptor.c
index 1456d84e57d85a458eab2f0023ea9df875befa27..42ca1a7ecc6052544b403511f0abaca44704ad35 100644 (file)
--- a/libcli/security/create_descriptor.c
+++ b/libcli/security/create_descriptor.c
@@ -186,7 +186,13 @@ static struct security_acl *calculate_inherited_from_parent(TALLOC_CTX *mem_ctx,
 
                        if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
                            ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) {
-                               if (!object_in_list(object_list, &ace->object.object.type.type)) {
+                               struct GUID inherited_object = GUID_zero();
+
+                               if (ace->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
+                                       inherited_object = ace->object.object.inherited_type.inherited_type;
+                               }
+
+                               if (!object_in_list(object_list, &inherited_object)) {
                                        tmp_acl->aces[tmp_acl->num_aces].flags |= SEC_ACE_FLAG_INHERIT_ONLY;
                                }