fdescr.owner_sid = ref.owner_sid
fdescr.group_sid = ref.group_sid
fdescr.type = ref.type
+ fdescr.type |= security.SEC_DESC_DACL_AUTO_INHERITED
fdescr.revision = ref.revision
aces = ref.dacl.aces
for i in range(0, len(aces)):
ace = aces[i]
- if not ace.type & security.SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT and str(ace.trustee) != security.SID_BUILTIN_PREW2K:
- # if fdescr.type & security.SEC_DESC_DACL_AUTO_INHERITED:
- ace.flags = ace.flags | security.SEC_ACE_FLAG_OBJECT_INHERIT | security.SEC_ACE_FLAG_CONTAINER_INHERIT
- if str(ace.trustee) == security.SID_CREATOR_OWNER:
- # For Creator/Owner the IO flag is set as this ACE has only a sense for child objects
- ace.flags = ace.flags | security.SEC_ACE_FLAG_INHERIT_ONLY
- ace.access_mask = ldapmask2filemask(ace.access_mask)
- fdescr.dacl_add(ace)
+ if ace.type == security.SEC_ACE_TYPE_ACCESS_ALLOWED:
+ pass
+ elif ace.type == security.SEC_ACE_TYPE_ACCESS_DENIED:
+ pass
+ else:
+ continue
+
+ if str(ace.trustee) == security.SID_BUILTIN_PREW2K:
+ continue
+
+ ace.flags |= security.SEC_ACE_FLAG_CONTAINER_INHERIT
+ ace.flags |= security.SEC_ACE_FLAG_OBJECT_INHERIT
+
+ ace.access_mask = ldapmask2filemask(ace.access_mask)
+
+ fdescr.dacl_add(ace)
if not as_sddl:
return fdescr