- if not ace.type & security.SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT and str(ace.trustee) != security.SID_BUILTIN_PREW2K:
- # if fdescr.type & security.SEC_DESC_DACL_AUTO_INHERITED:
- ace.flags = ace.flags | security.SEC_ACE_FLAG_OBJECT_INHERIT | security.SEC_ACE_FLAG_CONTAINER_INHERIT
- if str(ace.trustee) == security.SID_CREATOR_OWNER:
- # For Creator/Owner the IO flag is set as this ACE has only a sense for child objects
- ace.flags = ace.flags | security.SEC_ACE_FLAG_INHERIT_ONLY
- ace.access_mask = ldapmask2filemask(ace.access_mask)
- fdescr.dacl_add(ace)
+ if ace.type == security.SEC_ACE_TYPE_ACCESS_ALLOWED:
+ pass
+ elif ace.type == security.SEC_ACE_TYPE_ACCESS_DENIED:
+ pass
+ else:
+ continue
+
+ if str(ace.trustee) == security.SID_BUILTIN_PREW2K:
+ continue
+
+ ace.flags |= security.SEC_ACE_FLAG_CONTAINER_INHERIT
+ ace.flags |= security.SEC_ACE_FLAG_OBJECT_INHERIT
+
+ ace.access_mask = ldapmask2filemask(ace.access_mask)
+
+ fdescr.dacl_add(ace)