Set PRESENT flag when returning NULL [SD]ACL like Windows does.

This could also be handled inside each ACL VFS module, by setting the PRESENT
flag when a NULL [SD]ACL is created.

diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 18dd7d5c26e78bd0a52cac145bcf1f0bed48e8de..777073e6ba7d1296d3cee776caf2220bd35fc611 100644 (file)
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1587,12 +1587,20 @@ static void call_nt_transact_query_security_desc(connection_struct *conn,
                status = SMB_VFS_FGET_NT_ACL(
                        fsp, security_info_wanted, &psd);
        }
-
        if (!NT_STATUS_IS_OK(status)) {
                reply_nterror(req, status);
                return;
        }
 
+       /* If the SACL/DACL is NULL, but was requested, we mark that it is
+        * present in the reply to match Windows behavior */
+       if (psd->sacl == NULL &&
+           security_info_wanted & SACL_SECURITY_INFORMATION)
+               psd->type |= SEC_DESC_SACL_PRESENT;
+       if (psd->dacl == NULL &&
+           security_info_wanted & DACL_SECURITY_INFORMATION)
+               psd->type |= SEC_DESC_DACL_PRESENT;
+
        sd_size = ndr_size_security_descriptor(psd, 0);
 
        DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size));