From 8507adb8d0087e833d44462d3247e819a9e05860 Mon Sep 17 00:00:00 2001
From: Amitay Isaacs <amitay@gmail.com>
Date: Wed, 16 Nov 2011 11:18:18 +1100
Subject: provision: Set the security descriptor while creating partitions

With Matthieu's patch, the setting of security descriptor on
partition dn at create time works correctly.

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Nov 16 08:54:25 CET 2011 on sn-devel-104
---
 source4/scripting/python/samba/provision/sambadns.py | 14 ++------------
 source4/setup/provision_dnszones_partitions.ldif     |  2 ++
 2 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/source4/scripting/python/samba/provision/sambadns.py b/source4/scripting/python/samba/provision/sambadns.py
index c3725f6da1..37c0dff656 100644
--- a/source4/scripting/python/samba/provision/sambadns.py
+++ b/source4/scripting/python/samba/provision/sambadns.py
@@ -49,13 +49,6 @@ def modify_ldif(ldb, ldif_file, subst_vars, controls=["relax:0"]):
     data = read_and_sub_file(ldif_file_path, subst_vars)
     ldb.modify_ldif(data, controls)
 
-def set_security_descriptor(samdb, dn_str, descriptor):
-    msg = ldb.Message()
-    msg.dn = ldb.Dn(samdb, dn_str)
-    msg["nTSecurityDescriptor"] = ldb.MessageElement(descriptor,
-            ldb.FLAG_MOD_REPLACE, "nTSecurityDescriptor")
-    samdb.modify(msg, controls=["relax:0"])
-
 def setup_ldb(ldb, ldif_path, subst_vars):
     """Import a LDIF a file into a LDB handle, optionally substituting
     variables.
@@ -224,16 +217,13 @@ class SRVRecord(dnsp.DnssrvRpcRecord):
 def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn, serverdn):
     domainzone_dn = "DC=DomainDnsZones,%s" % domaindn
     forestzone_dn = "DC=ForestDnsZones,%s" % forestdn
-
+    descriptor = get_dns_partition_descriptor(domainsid)
     add_ldif(samdb, "provision_dnszones_partitions.ldif", {
         "DOMAINZONE_DN": domainzone_dn,
         "FORESTZONE_DN": forestzone_dn,
+        "SECDESC"      : b64encode(descriptor)
         })
 
-    descriptor = get_dns_partition_descriptor(domainsid)
-    set_security_descriptor(samdb, domainzone_dn, descriptor)
-    set_security_descriptor(samdb, forestzone_dn, descriptor)
-
     domainzone_guid = get_domainguid(samdb, domainzone_dn)
     forestzone_guid = get_domainguid(samdb, forestzone_dn)
 
diff --git a/source4/setup/provision_dnszones_partitions.ldif b/source4/setup/provision_dnszones_partitions.ldif
index bb16332b11..4ab7aedd90 100644
--- a/source4/setup/provision_dnszones_partitions.ldif
+++ b/source4/setup/provision_dnszones_partitions.ldif
@@ -7,6 +7,7 @@ objectClass: domainDNS
 description: Microsoft DNS Directory
 msDS-NcType: 0
 instanceType: 13
+ntSecurityDescriptor:: ${SECDESC}
 
 dn: ${FORESTZONE_DN}
 objectClass: top
@@ -14,3 +15,4 @@ objectClass: domainDNS
 description: Microsoft DNS Directory
 msDS-NcType: 0
 instanceType: 13
+ntSecurityDescriptor:: ${SECDESC}
-- 
cgit