From: Stefan Metzmacher Date: Thu, 29 Nov 2012 08:57:44 +0000 (+0100) Subject: s4:python/ntacl: change dsacl2fsacl() to match a windows client X-Git-Url: http://git.samba.org/?p=metze%2Fsamba%2Fwip.git;a=commitdiff_plain;h=4de5bb9288eeb2291a95f1131b95a39205a20e1e s4:python/ntacl: change dsacl2fsacl() to match a windows client Signed-off-by: Stefan Metzmacher --- diff --git a/source4/scripting/python/samba/ntacls.py b/source4/scripting/python/samba/ntacls.py index 53438d84bffb..65cafc056a34 100644 --- a/source4/scripting/python/samba/ntacls.py +++ b/source4/scripting/python/samba/ntacls.py @@ -221,18 +221,27 @@ def dsacl2fsacl(dssddl, sid, as_sddl=True): fdescr.owner_sid = ref.owner_sid fdescr.group_sid = ref.group_sid fdescr.type = ref.type + fdescr.type |= security.SEC_DESC_DACL_AUTO_INHERITED fdescr.revision = ref.revision aces = ref.dacl.aces for i in range(0, len(aces)): ace = aces[i] - if not ace.type & security.SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT and str(ace.trustee) != security.SID_BUILTIN_PREW2K: - # if fdescr.type & security.SEC_DESC_DACL_AUTO_INHERITED: - ace.flags = ace.flags | security.SEC_ACE_FLAG_OBJECT_INHERIT | security.SEC_ACE_FLAG_CONTAINER_INHERIT - if str(ace.trustee) == security.SID_CREATOR_OWNER: - # For Creator/Owner the IO flag is set as this ACE has only a sense for child objects - ace.flags = ace.flags | security.SEC_ACE_FLAG_INHERIT_ONLY - ace.access_mask = ldapmask2filemask(ace.access_mask) - fdescr.dacl_add(ace) + if ace.type == security.SEC_ACE_TYPE_ACCESS_ALLOWED: + pass + elif ace.type == security.SEC_ACE_TYPE_ACCESS_DENIED: + pass + else: + continue + + if str(ace.trustee) == security.SID_BUILTIN_PREW2K: + continue + + ace.flags |= security.SEC_ACE_FLAG_CONTAINER_INHERIT + ace.flags |= security.SEC_ACE_FLAG_OBJECT_INHERIT + + ace.access_mask = ldapmask2filemask(ace.access_mask) + + fdescr.dacl_add(ace) if not as_sddl: return fdescr