diff options
author | Andrew Bartlett <abartlet@samba.org> | 2013-03-20 14:12:26 +1100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2013-03-25 10:27:58 +0100 |
commit | 3da89b01faebba669434b07db344c203a4521ca2 (patch) | |
tree | 0e4af13239c513aec130156be13ea26058171aeb /python | |
parent | afe9343880ee27cf9fe937c6379c469435ef20d6 (diff) | |
download | samba-3da89b01faebba669434b07db344c203a4521ca2.tar.gz samba-3da89b01faebba669434b07db344c203a4521ca2.tar.bz2 samba-3da89b01faebba669434b07db344c203a4521ca2.zip |
scripting: Move the list of well known SDs to samba.provision.descriptor
This will allow us to call this from dbcheck.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/provision/descriptor.py | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/python/samba/provision/descriptor.py b/python/samba/provision/descriptor.py index 32e91ed2b5..df541c2012 100644 --- a/python/samba/provision/descriptor.py +++ b/python/samba/provision/descriptor.py @@ -28,6 +28,7 @@ from samba.dcerpc import security from samba.ndr import ndr_pack +from samba.schema import get_schema_descriptor # Descriptors of naming contexts and other important objects @@ -357,3 +358,60 @@ def get_dns_domain_microsoft_dns_descriptor(domain_sid, name_map={}): "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \ "(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)" return sddl2binary(sddl, domain_sid, name_map) + +def get_wellknown_sds(names): + + # Then subcontainers + subcontainers = [ + ("%s" % str(names.domaindn), get_domain_descriptor), + ("CN=LostAndFound,%s" % str(names.domaindn), get_domain_delete_protected2_descriptor), + ("CN=System,%s" % str(names.domaindn), get_domain_delete_protected1_descriptor), + ("CN=Infrastructure,%s" % str(names.domaindn), get_domain_infrastructure_descriptor), + ("CN=Builtin,%s" % str(names.domaindn), get_domain_builtin_descriptor), + ("CN=Computers,%s" % str(names.domaindn), get_domain_computers_descriptor), + ("CN=Users,%s" % str(names.domaindn), get_domain_users_descriptor), + ("OU=Domain Controllers,%s" % str(names.domaindn), get_domain_controllers_descriptor), + ("CN=MicrosoftDNS,CN=System,%s" % str(names.domaindn), get_dns_domain_microsoft_dns_descriptor), + + ("%s" % str(names.configdn), get_config_descriptor), + ("CN=NTDS Quotas,%s" % str(names.configdn), get_config_ntds_quotas_descriptor), + ("CN=LostAndFoundConfig,%s" % str(names.configdn), get_config_delete_protected1wd_descriptor), + ("CN=Services,%s" % str(names.configdn), get_config_delete_protected1_descriptor), + ("CN=Physical Locations,%s" % str(names.configdn), get_config_delete_protected1wd_descriptor), + ("CN=WellKnown Security Principals,%s" % str(names.configdn), get_config_delete_protected1wd_descriptor), + ("CN=ForestUpdates,%s" % str(names.configdn), get_config_delete_protected1wd_descriptor), + ("CN=DisplaySpecifiers,%s" % str(names.configdn), get_config_delete_protected2_descriptor), + ("CN=Extended-Rights,%s" % str(names.configdn), get_config_delete_protected2_descriptor), + ("CN=Partitions,%s" % str(names.configdn), get_config_partitions_descriptor), + ("CN=Sites,%s" % str(names.configdn), get_config_sites_descriptor), + + ("%s" % str(names.schemadn), get_schema_descriptor), + ] + + if names.dnsforestdn is not None: + c = ("%s" % str(names.dnsforestdn), get_dns_partition_descriptor) + subcontainers.append(c) + c = ("CN=Infrastructure,%s" % str(names.dnsforestdn), + get_domain_delete_protected1_descriptor) + subcontainers.append(c) + c = ("CN=LostAndFound,%s" % str(names.dnsforestdn), + get_domain_delete_protected2_descriptor) + subcontainers.append(c) + c = ("CN=MicrosoftDNS,%s" % str(names.dnsforestdn), + get_dns_forest_microsoft_dns_descriptor) + subcontainers.append(c) + + if names.dnsdomaindn is not None: + c = ("%s" % str(names.dnsdomaindn), get_dns_partition_descriptor) + subcontainers.append(c) + c = ("CN=Infrastructure,%s" % str(names.dnsdomaindn), + get_domain_delete_protected1_descriptor) + subcontainers.append(c) + c = ("CN=LostAndFound,%s" % str(names.dnsdomaindn), + get_domain_delete_protected2_descriptor) + subcontainers.append(c) + c = ("CN=MicrosoftDNS,%s" % str(names.dnsdomaindn), + get_dns_domain_microsoft_dns_descriptor) + subcontainers.append(c) + + return subcontainers |