[Patch] add --as-sddl option to getntacl and create setntacl
Matthieu Patou
mat+Informatique.Samba at matws.net
Mon Jan 11 17:57:45 MST 2010
So patches have been reworked a little bit to comply with andrew B and
jelmer remarks.
make test is also good (not worse than without the patches ;-)
Let me know
Matthieu.
On 11/01/2010 20:49, Matthieu Patou wrote:
> Hello,
> I am pushing one more time this pile of patch to you for some review here:
> http://repo.or.cz/w/Samba/ekacnet.git/shortlog/refs/heads/ntacls-review
>
> Comparing to last email differences starts at ntalc_step1 and go to
> ntacl_step2.
>
> The major differences are:
>
> * reimplementation of set/getntacl in python and move to net acl
> subcommands
> * use of multiple backends for storing/querying the ntacl (native fs
> xattr or tdb file)
>
> Please comments.
> Please also note that I didn't have the time yet to make full
> regressions tests so I am mostly waiting for your comments (tests are in
> process).
>
> Matthieu.
>
>
>
> On 28/10/2009 10:35, Matthieu Patou wrote:
>> On 10/28/2009 08:57 AM, Andrew Bartlett wrote:
>>> On Mon, 2009-10-26 at 00:33 +0300, Matthieu Patou wrote:
>>>> Hello,
>>>>
>>>> Find attach 2 patchs, the first one for creating the setntacl tool and
>>>> for improving command line parsing in getntacl.
>>>> The second one is an improvement of the provision to put all the GPO
>>>> stuff together (and out of setup_samdb). It also include calls to
>>>> setntacl for setting ACL on files as they are in the AD so that GPMC
>>>> will be more happy.
>>> The tools look good, but need tests (otherwise they will shortly
>>> break).
>> I'll provide some of them, it's not gonna be very difficult I guess.
>>
>>> The changes to provision however still need work - I really don't like
>>> the idea of shelling out to setntacl like that. Can we instead have
>>> what that tool does put into a library and then wrapped with python
>>> bindings?
>>>
>> I was pretty sure that you'll make this objection.
>>
>> Appart from the command line stuff, it's mosty library calls as we are
>> transforming a sddl string into a SD and then transforming it into a
>> blob (ndr_push) and this blob is written as an extended attribute.
>> The first part has already python binding, the ndr_push I think also,
>> I'm not sure for the last part but it's even more just an I/O stuff.
>>
>> So basicaly I can make a python function that takes a SDDL in entry an
>> that write it into a file and wrote 1/2 tests for it.
>>
>> Matthieu.
>
More information about the samba-technical
mailing list