summaryrefslogtreecommitdiff
path: root/source4/scripting/python
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-01-09 20:54:16 +1100
committerAndrew Tridgell <tridge@samba.org>2010-01-09 21:59:33 +1100
commit8a09dc12660dcc62926c3a41cacd4970f46f9210 (patch)
treecd338fd0f989f8714f1c4ba41a5c91f13eb567ce /source4/scripting/python
parent45f49d0a58f19c2b0e9d01d635d2dd28701c7cf8 (diff)
downloadsamba-8a09dc12660dcc62926c3a41cacd4970f46f9210.tar.gz
samba-8a09dc12660dcc62926c3a41cacd4970f46f9210.tar.bz2
samba-8a09dc12660dcc62926c3a41cacd4970f46f9210.zip
s4-schema: fixed the SDDL for the schema root security descriptor
This was preventing a DCPROMO client from allowing outgoing replication
Diffstat (limited to 'source4/scripting/python')
-rw-r--r--source4/scripting/python/samba/schema.py24
1 files changed, 14 insertions, 10 deletions
diff --git a/source4/scripting/python/samba/schema.py b/source4/scripting/python/samba/schema.py
index 67c48e8e58..f702e9829f 100644
--- a/source4/scripting/python/samba/schema.py
+++ b/source4/scripting/python/samba/schema.py
@@ -35,16 +35,20 @@ from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE
import os
def get_schema_descriptor(domain_sid):
- sddl = "O:SAG:SAD:(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)" \
- "(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \
- "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
- "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)" \
- "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \
- "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)" \
- "S:(AU;SA;WPCCDCWOWDSDDTSW;;;WD)" \
- "(AU;CISA;WP;;;WD)(AU;SA;CR;;;BA)" \
- "(AU;SA;CR;;;DU)(OU;SA;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;WD)" \
- "(OU;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)"
+ sddl = "O:SAG:SAD:AI(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c" \
+ ";;ER)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;1131f6ad-9c07-1" \
+ "1d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;SA)(O" \
+ "A;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;1131f6aa-9c07-11d1-f79" \
+ "f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1" \
+ "131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04" \
+ "fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6aa" \
+ "-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2" \
+ ";;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ad-9c07-1" \
+ "1d1-f79f-00c04fc2dcd2;;ED)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;LA)(A;CI;RPWPCRCCLCL" \
+ "ORCWOWDSW;;;SA)(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:(O" \
+ "U;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)(OU;SA;CR;e12b56b6-0a95-11d1" \
+ "-adbb-00c04fd8d5cd;;WD)(AU;SA;CR;;;DU)(AU;SA;CR;;;BA)(AU;SA;WPCCDCWOWDSDDTSW;" \
+ ";;WD)(AU;CISA;WP;;;WD)"
sec = security.descriptor.from_sddl(sddl, domain_sid)
return ndr_pack(sec)