diff options
| author | Amitay Isaacs <amitay@gmail.com> | 2011-11-16 11:18:18 +1100 |
|---|---|---|
| committer | Amitay Isaacs <amitay@samba.org> | 2011-11-16 08:54:25 +0100 |
| commit | 8507adb8d0087e833d44462d3247e819a9e05860 (patch) | |
| tree | 682d5d27fe6ac53f57b1f8b82a4c8b2e11f95c53 /source4 | |
| parent | b91dd516b5cba8fd3f78256c4d86b304214ab9fc (diff) | |
| download | samba-8507adb8d0087e833d44462d3247e819a9e05860.tar.gz samba-8507adb8d0087e833d44462d3247e819a9e05860.tar.bz2 samba-8507adb8d0087e833d44462d3247e819a9e05860.zip | |
provision: Set the security descriptor while creating partitions
With Matthieu's patch, the setting of security descriptor on
partition dn at create time works correctly.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Nov 16 08:54:25 CET 2011 on sn-devel-104
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/scripting/python/samba/provision/sambadns.py | 14 | ||||
| -rw-r--r-- | source4/setup/provision_dnszones_partitions.ldif | 2 |
2 files changed, 4 insertions, 12 deletions
diff --git a/source4/scripting/python/samba/provision/sambadns.py b/source4/scripting/python/samba/provision/sambadns.py index c3725f6da1..37c0dff656 100644 --- a/source4/scripting/python/samba/provision/sambadns.py +++ b/source4/scripting/python/samba/provision/sambadns.py @@ -49,13 +49,6 @@ def modify_ldif(ldb, ldif_file, subst_vars, controls=["relax:0"]): data = read_and_sub_file(ldif_file_path, subst_vars) ldb.modify_ldif(data, controls) -def set_security_descriptor(samdb, dn_str, descriptor): - msg = ldb.Message() - msg.dn = ldb.Dn(samdb, dn_str) - msg["nTSecurityDescriptor"] = ldb.MessageElement(descriptor, - ldb.FLAG_MOD_REPLACE, "nTSecurityDescriptor") - samdb.modify(msg, controls=["relax:0"]) - def setup_ldb(ldb, ldif_path, subst_vars): """Import a LDIF a file into a LDB handle, optionally substituting variables. @@ -224,16 +217,13 @@ class SRVRecord(dnsp.DnssrvRpcRecord): def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn, serverdn): domainzone_dn = "DC=DomainDnsZones,%s" % domaindn forestzone_dn = "DC=ForestDnsZones,%s" % forestdn - + descriptor = get_dns_partition_descriptor(domainsid) add_ldif(samdb, "provision_dnszones_partitions.ldif", { "DOMAINZONE_DN": domainzone_dn, "FORESTZONE_DN": forestzone_dn, + "SECDESC" : b64encode(descriptor) }) - descriptor = get_dns_partition_descriptor(domainsid) - set_security_descriptor(samdb, domainzone_dn, descriptor) - set_security_descriptor(samdb, forestzone_dn, descriptor) - domainzone_guid = get_domainguid(samdb, domainzone_dn) forestzone_guid = get_domainguid(samdb, forestzone_dn) diff --git a/source4/setup/provision_dnszones_partitions.ldif b/source4/setup/provision_dnszones_partitions.ldif index bb16332b11..4ab7aedd90 100644 --- a/source4/setup/provision_dnszones_partitions.ldif +++ b/source4/setup/provision_dnszones_partitions.ldif @@ -7,6 +7,7 @@ objectClass: domainDNS description: Microsoft DNS Directory msDS-NcType: 0 instanceType: 13 +ntSecurityDescriptor:: ${SECDESC} dn: ${FORESTZONE_DN} objectClass: top @@ -14,3 +15,4 @@ objectClass: domainDNS description: Microsoft DNS Directory msDS-NcType: 0 instanceType: 13 +ntSecurityDescriptor:: ${SECDESC} |