1 files changed, 119 insertions, 0 deletions
diff --git a/source4/scripting/python/samba/netcmd/ntacl.py b/source4/scripting/python/samba/netcmd/ntacl.py
new file mode 100644
index 0000000000..a96593ef0c
--- /dev/null
+++ b/source4/scripting/python/samba/netcmd/ntacl.py
@@ -0,0 +1,119 @@
+#!/usr/bin/python
+#
+# Manipulate file NT ACLs
+#
+# Copyright Matthieu Patou 2010 <mat@matws.net>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+from samba.credentials import DONT_USE_KERBEROS
+import samba.getopt as options
+from samba.dcerpc import security
+from samba.ntacls import setntacl, getntacl
+from samba import Ldb
+from samba.ndr import ndr_unpack
+
+from ldb import SCOPE_BASE
+import ldb
+import os
+import sys
+
+from samba.auth import system_session
+from samba.netcmd import (
+    Command,
+	SuperCommand,
+    CommandError,
+    Option,
+    )
+
+class cmd_acl_set(Command):
+    """Set ACLs on a file"""
+    synopsis = "%prog set <acl> <file> [--xattr-backend=native|tdb] [--eadb-file=file] [options]"
+
+    takes_optiongroups = {
+        "sambaopts": options.SambaOptions,
+        "credopts": options.CredentialsOptions,
+        "versionopts": options.VersionOptions,
+        }
+
+    takes_options = [
+        Option("--quiet", help="Be quiet", action="store_true"),
+        Option("--xattr-backend", type="choice", help="xattr backend type (native fs or tdb)",
+               choices=["native","tdb"]),
+        Option("--eadb-file", help="Name of the tdb file where attributes are stored", type="string"),
+		]
+
+    takes_args = ["acl","file"]
+
+    def run(self, acl, file, quiet=False,xattr_backend=None,eadb_file=None,
+            credopts=None, sambaopts=None, versionopts=None):
+		lp = sambaopts.get_loadparm()
+		creds = credopts.get_credentials(lp)
+		path = os.path.join(lp.get("private dir"), lp.get("sam database") or "samdb.ldb")
+		creds = credopts.get_credentials(lp)
+		creds.set_kerberos_state(DONT_USE_KERBEROS)
+		try:
+			ldb = Ldb(path, session_info=system_session(), credentials=creds,lp=lp)
+		except:
+			print "Unable to read domain SID from configuration files"
+			sys.exit(1)
+		attrs = ["objectSid"]
+		print lp.get("realm")
+		res = ldb.search(expression="(objectClass=*)",base="DC=%s"%lp.get("realm").lower().replace(".",",DC="), scope=SCOPE_BASE, attrs=attrs)
+		if len(res) !=0:
+			domainsid = ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
+			setntacl(lp,file,acl,str(domainsid),xattr_backend,eadb_file)
+		else:
+			print "Unable to read domain SID from configuration files"
+			sys.exit(1)
+
+class cmd_acl_get(Command):
+    """Set ACLs on a file"""
+    synopsis = "%prog get <file> [--as-sddl] [--xattr-backend=native|tdb] [--eadb-file=file] [options]"
+
+    takes_optiongroups = {
+        "sambaopts": options.SambaOptions,
+        "credopts": options.CredentialsOptions,
+        "versionopts": options.VersionOptions,
+        }
+
+    takes_options = [
+        Option("--as-sddl", help="Output ACL in the SDDL format", action="store_true"),
+        Option("--xattr-backend", type="choice", help="xattr backend type (native fs or tdb)",
+               choices=["native","tdb"]),
+        Option("--eadb-file", help="Name of the tdb file where attributes are stored", type="string"),
+        ]
+
+    takes_args = ["file"]
+
+    def run(self, file, as_sddl=False,xattr_backend=None,eadb_file=None,
+            credopts=None, sambaopts=None, versionopts=None):
+        lp = sambaopts.get_loadparm()
+        creds = credopts.get_credentials(lp)
+	acl = getntacl(lp,file,xattr_backend,eadb_file)
+        if as_sddl:
+            anysid=security.dom_sid(security.SID_NT_SELF)
+            print acl.info.as_sddl(anysid)
+        else:
+            acl.dump()
+
+
+class cmd_acl(SuperCommand):
+    """NT ACLs manipulation"""
+
+    subcommands = {}
+    subcommands["set"] = cmd_acl_set()
+    subcommands["get"] = cmd_acl_get()
+