PATCHS: manipulation of NT ACL in command line

Jelmer Vernooij jelmer at
Wed Nov 18 12:00:08 MST 2009

Hi Matthieu,

Some quick comments.

On Tue, 2009-11-10 at 00:29 +0300, Matthieu Patou wrote: 
> Please find attached a huge serie of patchs related to NTACL 
> manipulation in command line or in python scripts.
> 0001-s4-utils-recreate-setntacl-and-improve-setntacl.patch: Creation of 
> the setntacl utils which allow to set the NTACL from commandline from 
> its SDDL representation. It also add the option to export the NTACL as a 
> 0002-s4-Create-torture-test-for-samba-utils.patch: This patch a simple 
> torture test for getntacl and setntacl.
> 0003-S4-Allow-an-optional-parameter-in-generated-python-b.patch: This 
> patch for the PIDL generator. With this patch the generated python code 
> allow the specification of a "notallflag" so that either 
> ndr_pull_struct_blob or ndr_pull_struct_blob_all can be used. This patch 
> follow the talk that I had with metze today on IRC about on how to 
> workaround the wrong calculation of consumed bytes when unpacking an 
> xattr.NTACL object
Please do this in a separate function that also returns how much data
was left rather than abusing the existing function that is supposed to
parse the full text.

> 0004-s4-Create-a-library-for-xattr-python-bindings.patch: This patch 
> allow to create a .so with the python binding generated code for xattr.idl

> 0005-s4-add-python-bindings-for-wrap_-s-g-etxattr.patch: This patch add 
> the python bindings for wrap_getxattr and wrap_setxattr
Please put the xattr stuff in a separate python module. pyglue is a big
hack and catchall for things not appropriate elsewhere, it shouldn't be
increased in size unless really necessary.

> 0006-s4-Create-unit-tests-for-python-glue-module.patch: This patch add 
> torture test for the
Please add your own copyright for code you have written, not mine :-)

> 0007-s4-regroup-gpo-modification-in-one-function-set-acl-.patch: This 
> patch regroup GPO related stuff in provision (and remove them from setup 
> samdb) it also make provision to set NT ACL on GPO files with rights 
> synchronized with those in the AD.
> Please let me know ...
> Matthieu.

More information about the samba-technical mailing list