[Patch] add --as-sddl option to getntacl and create setntacl

Matthieu Patou mat+Informatique.Samba at matws.net
Mon Jan 11 17:57:45 MST 2010

So patches have been reworked a little bit to comply with andrew B and 
jelmer remarks.

make test is also good (not worse than without the patches ;-)

Let me know


On 11/01/2010 20:49, Matthieu Patou wrote:
> Hello,
> I am pushing one more time this pile of patch to you for some review here:
> http://repo.or.cz/w/Samba/ekacnet.git/shortlog/refs/heads/ntacls-review
> Comparing to last email differences starts at ntalc_step1 and go to
> ntacl_step2.
> The major differences are:
> * reimplementation of set/getntacl in python and move to net acl
> subcommands
> * use of multiple backends for storing/querying the ntacl (native fs
> xattr or tdb file)
> Please comments.
> Please also note that I didn't have the time yet to make full
> regressions tests so I am mostly waiting for your comments (tests are in
> process).
> Matthieu.
> On 28/10/2009 10:35, Matthieu Patou wrote:
>> On 10/28/2009 08:57 AM, Andrew Bartlett wrote:
>>> On Mon, 2009-10-26 at 00:33 +0300, Matthieu Patou wrote:
>>>> Hello,
>>>> Find attach 2 patchs, the first one for creating the setntacl tool and
>>>> for improving command line parsing in getntacl.
>>>> The second one is an improvement of the provision to put all the GPO
>>>> stuff together (and out of setup_samdb). It also include calls to
>>>> setntacl for setting ACL on files as they are in the AD so that GPMC
>>>> will be more happy.
>>> The tools look good, but need tests (otherwise they will shortly
>>> break).
>> I'll provide some of them, it's not gonna be very difficult I guess.
>>> The changes to provision however still need work - I really don't like
>>> the idea of shelling out to setntacl like that. Can we instead have
>>> what that tool does put into a library and then wrapped with python
>>> bindings?
>> I was pretty sure that you'll make this objection.
>> Appart from the command line stuff, it's mosty library calls as we are
>> transforming a sddl string into a SD and then transforming it into a
>> blob (ndr_push) and this blob is written as an extended attribute.
>> The first part has already python binding, the ndr_push I think also,
>> I'm not sure for the last part but it's even more just an I/O stuff.
>> So basicaly I can make a python function that takes a SDDL in entry an
>> that write it into a file and wrote 1/2 tests for it.
>> Matthieu.

More information about the samba-technical mailing list