[Patch] add --as-sddl option to getntacl and create setntacl

[Matthieu Patou]

On 10/28/2009 08:57 AM, Andrew Bartlett wrote:
> On Mon, 2009-10-26 at 00:33 +0300, Matthieu Patou wrote:
>    
>> Hello,
>>
>> Find attach 2 patchs, the first one for creating the setntacl tool and
>> for improving command line parsing in getntacl.
>> The second one is an improvement of the provision to put all the GPO
>> stuff together (and out of setup_samdb). It also include calls to
>> setntacl for  setting ACL on files as they are in the AD so that GPMC
>> will be more happy.
>>      
> The tools look good, but need tests (otherwise they will shortly
> break).
>    
I'll provide some of them, it's not gonna be very difficult I guess.

> The changes to provision however still need work - I really don't like
> the idea of shelling out to setntacl like that.  Can we instead have
> what that tool does put into a library and then wrapped with python
> bindings?
>
>    
I was pretty sure that you'll make this objection.

Appart from the command line stuff, it's mosty library calls as we are 
transforming a sddl string into a SD and then transforming it into a 
blob  (ndr_push) and this blob is written as an extended attribute.
The first part has already python binding, the ndr_push I think also, 
I'm not sure for the last part but it's even more just an I/O stuff.

So basicaly I can make a python function that takes a SDDL in entry an 
that write it into a file and wrote 1/2 tests for it.

Matthieu.