From: Anna Popova <popova.anna235@gmail.com>
Date: Fri, 12 Apr 2024 14:32:37 +0000 (+0300)
Subject: s3:utils: Fix Inherit-Only flag being automatically propagated to children
X-Git-Tag: ldb-2.8.1~82
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b00c09bee3bc28e5637fd786122faeb6b200f2c5;p=thirdparty%2Fsamba.git

s3:utils: Fix Inherit-Only flag being automatically propagated to children

Inherit-only flag applies only to the container it was set to and it
shouldn't be automatically propagated to children.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636

Signed-off-by: Anna Popova <popova.anna235@gmail.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Apr 29 10:56:48 UTC 2024 on atb-devel-224

(cherry picked from commit 80159018e411c643fbfe7ef82bd33e30b6147901)

Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Tue May  7 09:31:32 UTC 2024 on atb-devel-224
---

diff --git a/selftest/knownfail.d/smbcacls b/selftest/knownfail.d/smbcacls
deleted file mode 100644
index 5e201dfc9b7..00000000000
--- a/selftest/knownfail.d/smbcacls
+++ /dev/null
@@ -1,6 +0,0 @@
-^samba.tests.blackbox.smbcacls_propagate_inhertance.samba.tests.blackbox.smbcacls_propagate_inhertance.InheritanceSmbCaclsTests.test_simple_iocioi_add
-^samba.tests.blackbox.smbcacls_propagate_inhertance.samba.tests.blackbox.smbcacls_propagate_inhertance.InheritanceSmbCaclsTests.test_simple_ioci_add
-^samba.tests.blackbox.smbcacls_dfs_propagate_inherit\(DFS-msdfs-root\).samba.tests.blackbox.smbcacls_propagate_inhertance.InheritanceSmbCaclsTests.test_simple_iocioi_add
-^samba.tests.blackbox.smbcacls_dfs_propagate_inherit\(DFS-msdfs-root\).samba.tests.blackbox.smbcacls_propagate_inhertance.InheritanceSmbCaclsTests.test_simple_ioci_add
-^samba.tests.blackbox.smbcacls_dfs_propagate_inherit\(DFS-msdfs-root\).samba.tests.blackbox.smbcacls_dfs_propagate_inherit.DfsInheritanceSmbCaclsTests.test_simple_iocioi_add
-^samba.tests.blackbox.smbcacls_dfs_propagate_inherit\(DFS-msdfs-root\).samba.tests.blackbox.smbcacls_dfs_propagate_inherit.DfsInheritanceSmbCaclsTests.test_simple_ioci_add
\ No newline at end of file
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index e3fb60fd884..59913f63b11 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -893,6 +893,10 @@ static uint8_t get_flags_to_propagate(bool is_container,
 	/* Assume we are not propagating the ACE */
 
 	newflags &= ~SEC_ACE_FLAG_INHERITED_ACE;
+
+	/* Inherit-only flag is not propagated to children */
+
+	newflags &= ~SEC_ACE_FLAG_INHERIT_ONLY;
 	/* all children need to have the SEC_ACE_FLAG_INHERITED_ACE set */
 	if (acl_cntrinherit || acl_objinherit) {
 		/*