From 1de5c2f78544385d2fe270d766fc1ca6726d71fb Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 23 Jan 2013 16:27:17 +0100
Subject: provision: fix nTSecurityDescriptor of
 CN={LostAndFound,System},${DOMAINDN} (bug #9481)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/scripting/python/samba/provision/__init__.py | 4 ++++
 source4/setup/provision.ldif                         | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index 4aff6f68a0..cd29e0c95c 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -1344,6 +1344,8 @@ def fill_samdb(samdb, lp, names, logger, domainsid, domainguid, policyguid,
                 "DOMAINDN": names.domaindn})
         logger.info("Setting up sam.ldb data")
         infrastructure_desc = b64encode(get_domain_infrastructure_descriptor(domainsid))
+        lostandfound_desc = b64encode(get_domain_delete_protected2_descriptor(domainsid))
+        system_desc = b64encode(get_domain_delete_protected1_descriptor(domainsid))
         builtin_desc = b64encode(get_domain_builtin_descriptor(domainsid))
         controllers_desc = b64encode(get_domain_controllers_descriptor(domainsid))
         setup_add_ldif(samdb, setup_path("provision.ldif"), {
@@ -1356,6 +1358,8 @@ def fill_samdb(samdb, lp, names, logger, domainsid, domainguid, policyguid,
             "RIDAVAILABLESTART": str(next_rid + 600),
             "POLICYGUID_DC": policyguid_dc,
             "INFRASTRUCTURE_DESCRIPTOR": infrastructure_desc,
+            "LOSTANDFOUND_DESCRIPTOR": lostandfound_desc,
+            "SYSTEM_DESCRIPTOR": system_desc,
             "BUILTIN_DESCRIPTOR": builtin_desc,
             "DOMAIN_CONTROLLERS_DESCRIPTOR": controllers_desc,
             })
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index 51e56ff2a6..61d735cb2c 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -73,6 +73,7 @@ objectClass: lostAndFound
 description: Default container for orphaned objects
 systemFlags: -1946157056
 isCriticalSystemObject: TRUE
+nTSecurityDescriptor:: ${LOSTANDFOUND_DESCRIPTOR}
 
 dn: CN=NTDS Quotas,${DOMAINDN}
 objectClass: top
@@ -98,6 +99,7 @@ objectClass: container
 description: Builtin system settings
 systemFlags: -1946157056
 isCriticalSystemObject: TRUE
+nTSecurityDescriptor:: ${SYSTEM_DESCRIPTOR}
 
 dn: CN=AdminSDHolder,CN=System,${DOMAINDN}
 objectClass: top
-- 
cgit