vfs_acl_common: In add_directory_inheritable_components allocate on psd as parent

When we add a new DACL to the security descriptor, we need to use the
SD as the memory context, so we can talloc_move() it as a tree to a
new parent.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov  2 22:16:14 CET 2012 on sn-devel-104

1 files changed, 16 insertions, 4 deletions

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index ef2dda1b45..59ced2922f 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -195,9 +195,21 @@ static NTSTATUS add_directory_inheritable_components(vfs_handle_struct *handle,
 	mode_t dir_mode;
 	mode_t file_mode;
 	mode_t mode;
-	struct security_ace *new_ace_list = talloc_zero_array(talloc_tos(),
-						struct security_ace,
-						num_aces + 3);
+	struct security_ace *new_ace_list;
+
+	if (psd->dacl) {
+		new_ace_list = talloc_zero_array(psd->dacl,
+						 struct security_ace,
+						 num_aces + 3);
+	} else {
+		/*
+		 * make_sec_acl() at the bottom of this function
+		 * dupliates new_ace_list
+		 */
+		new_ace_list = talloc_zero_array(talloc_tos(),
+						 struct security_ace,
+						 num_aces + 3);
+	}
 
 	if (new_ace_list == NULL) {
 		return NT_STATUS_NO_MEMORY;
@@ -256,7 +268,7 @@ static NTSTATUS add_directory_inheritable_components(vfs_handle_struct *handle,
 		psd->dacl->aces = new_ace_list;
 		psd->dacl->num_aces += 3;
 	} else {
-		psd->dacl = make_sec_acl(talloc_tos(),
+		psd->dacl = make_sec_acl(psd,
 				NT4_ACL_REVISION,
 				3,
 				new_ace_list);