From aa86258fe92ea19a119cc0470a594e22a3c9e378 Mon Sep 17 00:00:00 2001
From: Mario Fetka <mario.fetka@gmail.com>
Date: Tue, 26 May 2026 07:58:27 +0200
Subject: [PATCH] NCP22 trustee rights: map Novell wire mask to internal
 trustee bits

---
 src/nwconn.c | 57 ++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 42 insertions(+), 15 deletions(-)

diff --git a/src/nwconn.c b/src/nwconn.c
index 634ab96..235d01d 100644
--- a/src/nwconn.c
+++ b/src/nwconn.c
@@ -44,6 +44,7 @@
 #include "namspace.h"
 #include "nwshare.h"
 #include "nwconn.h"
+#include "trustee.h"
 
 int act_pid        = 0;
 
@@ -80,18 +81,41 @@ static int trustee_v3_to_ncp22_rights(int rights)
 {
   int ncp22 = 0;
 
-  if (rights & 0x100) ncp22 |= 0x01; /* Supervisor */
-  if (rights & 0x001) ncp22 |= 0x02; /* Read */
-  if (rights & 0x002) ncp22 |= 0x04; /* Write */
-  if (rights & 0x008) ncp22 |= 0x08; /* Create */
-  if (rights & 0x010) ncp22 |= 0x10; /* Erase */
-  if (rights & 0x080) ncp22 |= 0x20; /* Modify */
-  if (rights & 0x040) ncp22 |= 0x40; /* File Scan */
-  if (rights & 0x020) ncp22 |= 0x80; /* Access Control */
+  /*
+   * NCP22 trustee/access masks use the classic Novell order observed
+   * with NPUBLIC\GRANT/RIGHTS:
+   *   R=0x0001 W=0x0002 S=0x0004 C=0x0008
+   *   E=0x0010 M=0x0020 F=0x0040 A=0x0080
+   * MARS internally keeps S at 0x0100 and A/M swapped relative to NCP22.
+   */
+  if (rights & TRUSTEE_R) ncp22 |= 0x0001; /* Read */
+  if (rights & TRUSTEE_W) ncp22 |= 0x0002; /* Write */
+  if (rights & TRUSTEE_S) ncp22 |= 0x0004; /* Supervisor */
+  if (rights & TRUSTEE_C) ncp22 |= 0x0008; /* Create */
+  if (rights & TRUSTEE_E) ncp22 |= 0x0010; /* Erase */
+  if (rights & TRUSTEE_M) ncp22 |= 0x0020; /* Modify */
+  if (rights & TRUSTEE_F) ncp22 |= 0x0040; /* File Scan */
+  if (rights & TRUSTEE_A) ncp22 |= 0x0080; /* Access Control */
 
   return(ncp22);
 }
 
+static int trustee_ncp22_to_v3_rights(int ncp22)
+{
+  int rights = 0;
+
+  if (ncp22 & 0x0001) rights |= TRUSTEE_R; /* Read */
+  if (ncp22 & 0x0002) rights |= TRUSTEE_W; /* Write */
+  if (ncp22 & 0x0004) rights |= TRUSTEE_S; /* Supervisor */
+  if (ncp22 & 0x0008) rights |= TRUSTEE_C; /* Create */
+  if (ncp22 & 0x0010) rights |= TRUSTEE_E; /* Erase */
+  if (ncp22 & 0x0020) rights |= TRUSTEE_M; /* Modify */
+  if (ncp22 & 0x0040) rights |= TRUSTEE_F; /* File Scan */
+  if (ncp22 & 0x0080) rights |= TRUSTEE_A; /* Access Control */
+
+  return(rights);
+}
+
 
 static void ncp23_debug_dump(char *what, uint8 *data, int len)
 {
@@ -778,7 +802,8 @@ static int handle_ncp_serv(void)
                      uint8   path[2];
                    } *input = (struct INPUT *) (ncprequest);
                    uint32 trustee_id = GET_BE32(input->trustee_id);
-                   int trustee_rights = (int)input->trustee_right_mask;
+                   int ncp22_rights = (int)input->trustee_right_mask;
+                   int trustee_rights = trustee_ncp22_to_v3_rights(ncp22_rights);
                    int copylen = input->pathlen;
                    uint8 pathbuf[256];
                    int raw_len = requestlen - (int)((uint8 *)&input->dir_handle - readbuff);
@@ -798,9 +823,9 @@ static int handle_ncp_serv(void)
                        trustee_rights,
                        0);
                    XDPRINTF((5,0,
-                     "NCP22/0D AddTrustee: dh=%d pathlen=%d path=`%s` obj=0x%08lx rights=0x%02x rc=%d",
+                     "NCP22/0D AddTrustee: dh=%d pathlen=%d path=`%s` obj=0x%08lx ncp22=0x%02x rights=0x%03x rc=%d",
                      input->dir_handle, input->pathlen, pathbuf,
-                     (unsigned long)trustee_id, trustee_rights, result));
+                     (unsigned long)trustee_id, ncp22_rights, trustee_rights, result));
                    if (result) completition = (uint8) -result;
                  } 
                  break;
@@ -1161,9 +1186,10 @@ static int handle_ncp_serv(void)
                      memset(xdata, 0, sizeof(*xdata));
                      xdata->entries = result;
                      while(++i < result) {
+                       int ncp22_rights = trustee_v3_to_ncp22_rights(trustees[i]);
                        U32_TO_BE32(ids[i],      idsp);
                        idsp+=4;
-                       U16_TO_16(trustees[i], trp); /* LO - HI */
+                       U16_TO_16(ncp22_rights, trp); /* LO - HI */
                        trp+=2;
                      }
                      data_len = sizeof(struct XDATA);
@@ -1182,7 +1208,8 @@ static int handle_ncp_serv(void)
                      uint8   path[2];
                    } *input = (struct INPUT *) (ncprequest);
                    uint32 trustee_id = GET_BE32(input->trustee_id);
-                   int trustee_rights = GET_16(input->trustee_rights);
+                   int ncp22_rights = GET_16(input->trustee_rights);
+                   int trustee_rights = trustee_ncp22_to_v3_rights(ncp22_rights);
                    int copylen = input->pathlen;
                    uint8 pathbuf[256];
                    int raw_len = requestlen - (int)((uint8 *)&input->dir_handle - readbuff);
@@ -1202,9 +1229,9 @@ static int handle_ncp_serv(void)
                        trustee_rights,
                        1); /* extended */
                    XDPRINTF((5,0,
-                     "NCP22/27 SetTrustee: dh=%d pathlen=%d path=`%s` obj=0x%08lx rights=0x%04x rc=%d",
+                     "NCP22/27 SetTrustee: dh=%d pathlen=%d path=`%s` obj=0x%08lx ncp22=0x%04x rights=0x%03x rc=%d",
                      input->dir_handle, input->pathlen, pathbuf,
-                     (unsigned long)trustee_id, trustee_rights, result));
+                     (unsigned long)trustee_id, ncp22_rights, trustee_rights, result));
                    if (result) completition = (uint8) -result;
                  } 
                  break;