Index: torture/rpc/samlogon.c
===================================================================
--- torture/rpc/samlogon.c	(revision 25707)
+++ torture/rpc/samlogon.c	(working copy)
@@ -1676,7 +1676,32 @@
 				.expected_interactive_error = NT_STATUS_NO_SUCH_USER,
 				.parameter_control = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
 			},
+#if 0
 			{
+				.comment      = "machine service principal name",
+				.domain       = "",
+				.username     = talloc_asprintf(mem_ctx, 
+								"host/%s",
+								cli_credentials_get_workstation(machine_credentials)),
+				.password     = cli_credentials_get_password(machine_credentials),
+				.network_login = True,
+				.expected_interactive_error = NT_STATUS_NO_SUCH_USER,
+				.parameter_control = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
+			},			
+			{
+				.comment      = "machine service principal name (FQDN)",
+				.domain       = NULL,
+				.username     = talloc_asprintf(mem_ctx, 
+								"host/%s.%s",
+								cli_credentials_get_workstation(machine_credentials),
+								strlower_talloc(mem_ctx, cli_credentials_get_realm(machine_credentials))),
+				.password     = cli_credentials_get_password(machine_credentials),
+				.network_login = True,
+				.expected_interactive_error = NT_STATUS_NO_SUCH_USER,
+				.parameter_control = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
+			},			
+#endif
+			{
 				.comment      = "machine domain\\user",
 				.domain       = cli_credentials_get_domain(machine_credentials),
 				.username     = cli_credentials_get_username(machine_credentials),
Index: torture/raw/acls.c
===================================================================
--- torture/raw/acls.c	(revision 25707)
+++ torture/raw/acls.c	(working copy)
@@ -146,7 +146,7 @@
   test using nttrans create to create a file with an initial acl set
 */
 static bool test_nttrans_create(struct torture_context *tctx, 
-								struct smbcli_state *cli)
+				struct smbcli_state *cli)
 {
 	NTSTATUS status;
 	union smb_open io;
@@ -248,7 +248,92 @@
 	} \
 } while (0)
 
+/*
+  test using NTTRANS CREATE to create a file with a null ACL set
+*/
+static bool test_nttrans_create_null_dacl(struct torture_context *tctx, 
+					  struct smbcli_state *cli)
+{
+	NTSTATUS status;
+	union smb_open io;
+	const char *fname = BASEDIR "\\acl3.txt";
+	bool ret = true;
+	int fnum = -1;
+	union smb_fileinfo q;
+	struct security_descriptor *sd = security_descriptor_initialise(tctx);
 
+	printf("TESTING SEC_DESC WITH A NULL DACL\n");
+
+	io.generic.level = RAW_OPEN_NTTRANS_CREATE;
+	io.ntcreatex.in.root_fid = 0;
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	io.ntcreatex.in.create_options = 0;
+	io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+	io.ntcreatex.in.share_access = 
+		NTCREATEX_SHARE_ACCESS_READ | 
+		NTCREATEX_SHARE_ACCESS_WRITE;
+	io.ntcreatex.in.alloc_size = 0;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+	io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+	io.ntcreatex.in.security_flags = 0;
+	io.ntcreatex.in.fname = fname;
+	io.ntcreatex.in.sec_desc = sd;
+	io.ntcreatex.in.ea_list = NULL;
+
+	printf("creating a file with a null dacl\n");
+
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	fnum = io.ntcreatex.out.file.fnum;
+
+	printf("get the original sd\n");
+	q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	q.query_secdesc.in.file.fnum = fnum;
+	q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+	status = smb_raw_fileinfo(cli->tree, tctx, &q);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	if (!security_acl_equal(q.query_secdesc.out.sd->dacl, sd->dacl)) {
+		printf("%s: security descriptors don't match!\n", __location__);
+		printf("got:\n");
+		NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
+		printf("expected:\n");
+		NDR_PRINT_DEBUG(security_descriptor, sd);
+		ret = false;
+	}
+	
+	printf("try open for write\n");
+	io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	printf("try open for read\n");
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.ntcreatex.out.file.fnum, 
+			   SEC_FILE_READ_DATA | 
+			   SEC_FILE_READ_ATTRIBUTE);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+	printf("try open for generic write\n");
+	io.ntcreatex.in.access_mask = SEC_GENERIC_WRITE;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	printf("try open for generic read\n");
+	io.ntcreatex.in.access_mask = SEC_GENERIC_READ;
+	status = smb_raw_open(cli->tree, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_ACCESS_FLAGS(io.ntcreatex.out.file.fnum, SEC_RIGHTS_FILE_READ);
+	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+done:
+	smbcli_close(cli->tree, fnum);	
+	return ret;
+}
+
 /*
   test the behaviour of the well known SID_CREATOR_OWNER sid, and some generic
   mapping bits
@@ -959,7 +1044,7 @@
   test the inheritance of ACL flags onto new files and directories
 */
 static bool test_inheritance(struct torture_context *tctx, 
-							 struct smbcli_state *cli)
+			     struct smbcli_state *cli)
 {
 	NTSTATUS status;
 	union smb_open io;
@@ -1347,6 +1432,7 @@
 	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
 	set.set_secdesc.in.file.fnum = fnum;
 	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+
 	set.set_secdesc.in.sd = sd_orig;
 	status = smb_raw_setfileinfo(cli->tree, &set);
 	CHECK_STATUS(status, NT_STATUS_OK);
@@ -1368,11 +1454,13 @@
 	smbcli_rmdir(cli->tree, dname);
 
 done:
-	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
-	set.set_secdesc.in.file.fnum = fnum;
-	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
-	set.set_secdesc.in.sd = sd_orig;
-	status = smb_raw_setfileinfo(cli->tree, &set);
+	if (sd_orig) {
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.fnum = fnum;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+		set.set_secdesc.in.sd = sd_orig;
+		status = smb_raw_setfileinfo(cli->tree, &set);
+	}
 
 	smbcli_close(cli->tree, fnum);
 	return ret;
@@ -1506,13 +1594,14 @@
 	smbcli_unlink(cli->tree, fname1);
 
 done:
-	printf("put back original sd\n");
-	set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
-	set.set_secdesc.in.file.fnum = fnum;
-	set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
-	set.set_secdesc.in.sd = sd_orig;
-	status = smb_raw_setfileinfo(cli->tree, &set);
-
+	if (sd_orig) {
+		printf("put back original sd\n");
+		set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+		set.set_secdesc.in.file.fnum = fnum;
+		set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+		set.set_secdesc.in.sd = sd_orig;
+		status = smb_raw_setfileinfo(cli->tree, &set);
+	}
 	smbcli_close(cli->tree, fnum);
 	smbcli_rmdir(cli->tree, dname);
 
@@ -1744,6 +1833,7 @@
 
 	ret &= test_sd(tctx, cli);
 	ret &= test_nttrans_create(tctx, cli);
+	ret &= test_nttrans_create_null_dacl(tctx, cli);
 	ret &= test_creator_sid(tctx, cli);
 	ret &= test_generic_bits(tctx, cli);
 	ret &= test_owner_bits(tctx, cli);