PATCHS: manipulation of NT ACL in command line

Stefan (metze) Metzmacher metze at
Tue Nov 10 02:33:32 MST 2009

Matthieu Patou schrieb:
> Dear all,
> Please find attached a huge serie of patchs related to NTACL
> manipulation in command line or in python scripts.
> 0001-s4-utils-recreate-setntacl-and-improve-setntacl.patch: Creation of
> the setntacl utils which allow to set the NTACL from commandline from
> its SDDL representation. It also add the option to export the NTACL as a
> 0002-s4-Create-torture-test-for-samba-utils.patch: This patch a simple
> torture test for getntacl and setntacl.

This one contains unneeded includes as comment.
and it uses unistd.h directly, you should use "system/filesys.h"
from libreplace instead.

> 0003-S4-Allow-an-optional-parameter-in-generated-python-b.patch: This
> patch for the PIDL generator. With this patch the generated python code
> allow the specification of a "notallflag" so that either
> ndr_pull_struct_blob or ndr_pull_struct_blob_all can be used. This patch
> follow the talk that I had with metze today on IRC about on how to
> workaround the wrong calculation of consumed bytes when unpacking an
> xattr.NTACL object

I didn't noticed we already have a $got_relative variable there,
I think the real problem is that we didn't detect that relative pointers
are used...

We could fix that (maybe impossible because we reference types defined
in other idl files) or remove this check completely and always let the
caller pass in the not all flag (I'd prefer this one).

I'd like the callers to use keywords, something like this:
obj.ndr_unpack(blob, notall=true)
instead of obj.ndr_unpack(blob, true)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list