git.samba.org / metze / samba / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b08e7b7)
s4:python/ntacl: change dsacl2fsacl() to match a windows client
authorStefan Metzmacher <metze@samba.org>
Thu, 29 Nov 2012 08:57:44 +0000 (09:57 +0100)
committerStefan Metzmacher <metze@samba.org>
Mon, 18 Feb 2019 10:31:19 +0000 (11:31 +0100)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
python/samba/ntacls.py patch | blob | history

diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py
index 5bf646caf9f1704bcb0ab7ff069ee1097e6e4b3b..fa2ce0216001f4bc150adda586e3e7d8d4b3fc95 100644 (file)
--- a/python/samba/ntacls.py
+++ b/python/samba/ntacls.py
@@ -297,18 +297,27 @@ def dsacl2fsacl(dssddl, sid, as_sddl=True):
     fdescr.owner_sid = ref.owner_sid
     fdescr.group_sid = ref.group_sid
     fdescr.type = ref.type
+    fdescr.type |= security.SEC_DESC_DACL_AUTO_INHERITED
     fdescr.revision = ref.revision
     aces = ref.dacl.aces
     for i in range(0, len(aces)):
         ace = aces[i]
-        if not ace.type & security.SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT and str(ace.trustee) != security.SID_BUILTIN_PREW2K:
-           #    if fdescr.type & security.SEC_DESC_DACL_AUTO_INHERITED:
-            ace.flags = ace.flags | security.SEC_ACE_FLAG_OBJECT_INHERIT | security.SEC_ACE_FLAG_CONTAINER_INHERIT
-            if str(ace.trustee) == security.SID_CREATOR_OWNER:
-                # For Creator/Owner the IO flag is set as this ACE has only a sense for child objects
-                ace.flags = ace.flags | security.SEC_ACE_FLAG_INHERIT_ONLY
-            ace.access_mask = ldapmask2filemask(ace.access_mask)
-            fdescr.dacl_add(ace)
+        if ace.type == security.SEC_ACE_TYPE_ACCESS_ALLOWED:
+            pass
+        elif ace.type == security.SEC_ACE_TYPE_ACCESS_DENIED:
+            pass
+        else:
+            continue
+
+        if str(ace.trustee) == security.SID_BUILTIN_PREW2K:
+            continue
+
+        ace.flags |= security.SEC_ACE_FLAG_CONTAINER_INHERIT
+        ace.flags |= security.SEC_ACE_FLAG_OBJECT_INHERIT
+
+        ace.access_mask = ldapmask2filemask(ace.access_mask)
+
+        fdescr.dacl_add(ace)
 
     if not as_sddl:
         return fdescr
Work in progress branches