vfs_acl_common: In add_directory_inheritable_components allocate on psd as parent

When we add a new DACL to the security descriptor, we need to use the
SD as the memory context, so we can talloc_move() it as a tree to a
new parent.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov  2 22:16:14 CET 2012 on sn-devel-104

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index ef2dda1b4554b521ce6c6af7fe0cd873017e2ae7..59ced2922f34306e3add9f61c91fa54d558a053b 100644 (file)
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -195,9 +195,21 @@ static NTSTATUS add_directory_inheritable_components(vfs_handle_struct *handle,
        mode_t dir_mode;
        mode_t file_mode;
        mode_t mode;
-       struct security_ace *new_ace_list = talloc_zero_array(talloc_tos(),
-                                               struct security_ace,
-                                               num_aces + 3);
+       struct security_ace *new_ace_list;
+
+       if (psd->dacl) {
+               new_ace_list = talloc_zero_array(psd->dacl,
+                                                struct security_ace,
+                                                num_aces + 3);
+       } else {
+               /*
+                * make_sec_acl() at the bottom of this function
+                * dupliates new_ace_list
+                */
+               new_ace_list = talloc_zero_array(talloc_tos(),
+                                                struct security_ace,
+                                                num_aces + 3);
+       }
 
        if (new_ace_list == NULL) {
                return NT_STATUS_NO_MEMORY;
@@ -256,7 +268,7 @@ static NTSTATUS add_directory_inheritable_components(vfs_handle_struct *handle,
                psd->dacl->aces = new_ace_list;
                psd->dacl->num_aces += 3;
        } else {
-               psd->dacl = make_sec_acl(talloc_tos(),
+               psd->dacl = make_sec_acl(psd,
                                NT4_ACL_REVISION,
                                3,
                                new_ace_list);