Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 2 20:05:13 CEST 2013 on sn-devel-104
if (!container) {
new_flags = 0;
} else {
+ /*
+ * We need to remove SEC_ACE_FLAG_INHERITED_ACE here
+ * if present because it should only be set if the
+ * parent has the AUTO_INHERITED bit set in the
+ * type/control field. If we don't it will slip through
+ * and create DACLs with incorrectly ordered ACEs
+ * when there are CREATOR_OWNER or CREATOR_GROUP
+ * ACEs.
+ */
new_flags &= ~(SEC_ACE_FLAG_INHERIT_ONLY
| SEC_ACE_FLAG_INHERITED_ACE);