[Patch] add --as-sddl option to getntacl and create setntacl

Matthieu Patou mat+Informatique.Samba at matws.net
Mon Jan 11 10:49:37 MST 2010

I am pushing one more time this pile of patch to you for some review here:

Comparing to last email differences starts at ntalc_step1 and go to

The major differences are:

* reimplementation of set/getntacl in python and move to net acl 
* use of multiple backends for storing/querying the ntacl (native fs 
xattr or tdb file)

Please comments.
Please also note that I didn't have the time yet to make full 
regressions tests so I am mostly waiting for your comments (tests are in 


On 28/10/2009 10:35, Matthieu Patou wrote:
> On 10/28/2009 08:57 AM, Andrew Bartlett wrote:
>> On Mon, 2009-10-26 at 00:33 +0300, Matthieu Patou wrote:
>>> Hello,
>>> Find attach 2 patchs, the first one for creating the setntacl tool and
>>> for improving command line parsing in getntacl.
>>> The second one is an improvement of the provision to put all the GPO
>>> stuff together (and out of setup_samdb). It also include calls to
>>> setntacl for setting ACL on files as they are in the AD so that GPMC
>>> will be more happy.
>> The tools look good, but need tests (otherwise they will shortly
>> break).
> I'll provide some of them, it's not gonna be very difficult I guess.
>> The changes to provision however still need work - I really don't like
>> the idea of shelling out to setntacl like that. Can we instead have
>> what that tool does put into a library and then wrapped with python
>> bindings?
> I was pretty sure that you'll make this objection.
> Appart from the command line stuff, it's mosty library calls as we are
> transforming a sddl string into a SD and then transforming it into a
> blob (ndr_push) and this blob is written as an extended attribute.
> The first part has already python binding, the ndr_push I think also,
> I'm not sure for the last part but it's even more just an I/O stuff.
> So basicaly I can make a python function that takes a SDDL in entry an
> that write it into a file and wrote 1/2 tests for it.
> Matthieu.

More information about the samba-technical mailing list