diff options
| author | Stefan Metzmacher <metze@samba.org> | 2012-12-11 03:15:26 +0100 |
|---|---|---|
| committer | Michael Adam <obnox@samba.org> | 2012-12-11 07:05:39 +0100 |
| commit | 914a61d9e5b7a182592f3afe60f4dad1cd342fc4 (patch) | |
| tree | 0c8dab74eb301d8666798da1ab86df19eb5cdfc1 /source4/scripting/python | |
| parent | 8eb359c23c6379be1ccc32e27fd2316d77a7c7b3 (diff) | |
| download | samba-914a61d9e5b7a182592f3afe60f4dad1cd342fc4.tar.gz samba-914a61d9e5b7a182592f3afe60f4dad1cd342fc4.tar.bz2 samba-914a61d9e5b7a182592f3afe60f4dad1cd342fc4.zip | |
s4:provision: set the correct nTSecurityDescriptor on CN=Domain Controllers,... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Dec 11 07:05:39 CET 2012 on sn-devel-104
Diffstat (limited to 'source4/scripting/python')
| -rw-r--r-- | source4/scripting/python/samba/provision/__init__.py | 3 | ||||
| -rw-r--r-- | source4/scripting/python/samba/provision/descriptor.py | 12 |
2 files changed, 15 insertions, 0 deletions
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index c5a8b397ab..e6ea855b57 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -86,6 +86,7 @@ from samba.provision.descriptor import ( get_domain_builtin_descriptor, get_domain_computers_descriptor, get_domain_users_descriptor, + get_domain_controllers_descriptor ) from samba.provision.common import ( setup_path, @@ -1308,6 +1309,7 @@ def fill_samdb(samdb, lp, names, logger, domainsid, domainguid, policyguid, logger.info("Setting up sam.ldb data") infrastructure_desc = b64encode(get_domain_infrastructure_descriptor(domainsid)) builtin_desc = b64encode(get_domain_builtin_descriptor(domainsid)) + controllers_desc = b64encode(get_domain_controllers_descriptor(domainsid)) setup_add_ldif(samdb, setup_path("provision.ldif"), { "CREATTIME": str(samba.unix2nttime(int(time.time()))), "DOMAINDN": names.domaindn, @@ -1319,6 +1321,7 @@ def fill_samdb(samdb, lp, names, logger, domainsid, domainguid, policyguid, "POLICYGUID_DC": policyguid_dc, "INFRASTRUCTURE_DESCRIPTOR": infrastructure_desc, "BUILTIN_DESCRIPTOR": builtin_desc, + "DOMAIN_CONTROLLERS_DESCRIPTOR": controllers_desc, }) # If we are setting up a subdomain, then this has been replicated in, so we don't need to add it diff --git a/source4/scripting/python/samba/provision/descriptor.py b/source4/scripting/python/samba/provision/descriptor.py index 2a98168a5e..adf75797cc 100644 --- a/source4/scripting/python/samba/provision/descriptor.py +++ b/source4/scripting/python/samba/provision/descriptor.py @@ -237,6 +237,18 @@ def get_domain_users_descriptor(domain_sid): sec = security.descriptor.from_sddl(sddl, domain_sid) return ndr_pack(sec) +def get_domain_controllers_descriptor(domain_sid): + sddl = "D:" \ + "(A;;RPLCLORC;;;AU)" \ + "(A;;RPWPCRCCLCLORCWOWDSW;;;DA)" \ + "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \ + "(A;;RPLCLORC;;;ED)" \ + "S:" \ + "(AU;SA;CCDCWOWDSDDT;;;WD)" \ + "(AU;CISA;WP;;;WD)" + sec = security.descriptor.from_sddl(sddl, domain_sid) + return ndr_pack(sec) + def get_dns_partition_descriptor(domainsid): sddl = "O:SYG:BAD:AI" \ "(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)" \ |