summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source4/scripting/python/samba/provision.py25
-rw-r--r--source4/setup/provision_configuration.ldif1
2 files changed, 21 insertions, 5 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 80c9bfdf48..5205ba5fa5 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -81,10 +81,23 @@ def find_setup_dir():
return ret
raise Exception("Unable to find setup directory.")
-# descriptors of the naming contexts
-# hard coded at this point, but will probably be changed when
-# we enable different fsmo roles
-
+# Descriptors of naming contexts and other important objects
+
+# "get_schema_descriptor" is located in "schema.py"
+
+def get_sites_descriptor(domain_sid):
+ sddl = "O:EAG:EAD:AI(A;;RPLCLORC;;;AU)" \
+ "(A;;RPWPCRCCLCLORCWOWDSW;;;EA)" \
+ "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \
+ "(A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)" \
+ "(A;CIID;RPWPCRCCLCLORCWOWDSDSW;;;DA)" \
+ "S:AI(AU;CISA;CCDCSDDT;;;WD)" \
+ "(OU;CIIOSA;CR;;f0f8ffab-1191-11d0-a060-00aa006c33ed;WD)" \
+ "(OU;CIIOSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967ab3-0de6-11d0-a285-00aa003049e2;WD)" \
+ "(OU;CIIOSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967ab3-0de6-11d0-a285-00aa003049e2;WD)" \
+ "(OU;CIIOSA;WP;3e10944c-c354-11d0-aff8-0000f80367c1;b7b13124-b82e-11d0-afee-0000f80367c1;WD)"
+ sec = security.descriptor.from_sddl(sddl, domain_sid)
+ return ndr_pack(sec)
def get_config_descriptor(domain_sid):
sddl = "O:EAG:EAD:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
@@ -1163,6 +1176,7 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, names,
samdb.invocation_id = invocationid
logger.info("Setting up sam.ldb configuration data")
+ descr = b64encode(get_sites_descriptor(domainsid))
setup_add_ldif(samdb, setup_path("provision_configuration.ldif"), {
"CONFIGDN": names.configdn,
"NETBIOSNAME": names.netbiosname,
@@ -1173,7 +1187,8 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, names,
"DOMAINDN": names.domaindn,
"SERVERDN": names.serverdn,
"FOREST_FUNCTIONALITY": str(forestFunctionality),
- "DOMAIN_FUNCTIONALITY": str(domainFunctionality)
+ "DOMAIN_FUNCTIONALITY": str(domainFunctionality),
+ "SITES_DESCRIPTOR": descr
})
logger.info("Setting up display specifiers")
diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
index cb049b0c1e..2ccf6eded0 100644
--- a/source4/setup/provision_configuration.ldif
+++ b/source4/setup/provision_configuration.ldif
@@ -1194,6 +1194,7 @@ dn: CN=Sites,${CONFIGDN}
objectClass: top
objectClass: sitesContainer
systemFlags: -2113929216
+nTSecurityDescriptor:: ${SITES_DESCRIPTOR}
dn: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
objectClass: top
generated by cgit (git 2.34.1) at 2024-11-23 20:28:27 +0000