[Patch] add --as-sddl option to getntacl and create setntacl
Matthieu Patou
mat+Informatique.Samba at matws.net
Wed Oct 28 01:35:21 MDT 2009
On 10/28/2009 08:57 AM, Andrew Bartlett wrote:
> On Mon, 2009-10-26 at 00:33 +0300, Matthieu Patou wrote:
>
>> Hello,
>>
>> Find attach 2 patchs, the first one for creating the setntacl tool and
>> for improving command line parsing in getntacl.
>> The second one is an improvement of the provision to put all the GPO
>> stuff together (and out of setup_samdb). It also include calls to
>> setntacl for setting ACL on files as they are in the AD so that GPMC
>> will be more happy.
>>
> The tools look good, but need tests (otherwise they will shortly
> break).
>
I'll provide some of them, it's not gonna be very difficult I guess.
> The changes to provision however still need work - I really don't like
> the idea of shelling out to setntacl like that. Can we instead have
> what that tool does put into a library and then wrapped with python
> bindings?
>
>
I was pretty sure that you'll make this objection.
Appart from the command line stuff, it's mosty library calls as we are
transforming a sddl string into a SD and then transforming it into a
blob (ndr_push) and this blob is written as an extended attribute.
The first part has already python binding, the ndr_push I think also,
I'm not sure for the last part but it's even more just an I/O stuff.
So basicaly I can make a python function that takes a SDDL in entry an
that write it into a file and wrote 1/2 tests for it.
Matthieu.
More information about the samba-technical
mailing list