From 3da89b01faebba669434b07db344c203a4521ca2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 20 Mar 2013 14:12:26 +1100 Subject: scripting: Move the list of well known SDs to samba.provision.descriptor This will allow us to call this from dbcheck. Andrew Bartlett Reviewed-by: Stefan Metzmacher --- python/samba/provision/descriptor.py | 58 ++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) (limited to 'python') diff --git a/python/samba/provision/descriptor.py b/python/samba/provision/descriptor.py index 32e91ed2b5..df541c2012 100644 --- a/python/samba/provision/descriptor.py +++ b/python/samba/provision/descriptor.py @@ -28,6 +28,7 @@ from samba.dcerpc import security from samba.ndr import ndr_pack +from samba.schema import get_schema_descriptor # Descriptors of naming contexts and other important objects @@ -357,3 +358,60 @@ def get_dns_domain_microsoft_dns_descriptor(domain_sid, name_map={}): "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \ "(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)" return sddl2binary(sddl, domain_sid, name_map) + +def get_wellknown_sds(names): + + # Then subcontainers + subcontainers = [ + ("%s" % str(names.domaindn), get_domain_descriptor), + ("CN=LostAndFound,%s" % str(names.domaindn), get_domain_delete_protected2_descriptor), + ("CN=System,%s" % str(names.domaindn), get_domain_delete_protected1_descriptor), + ("CN=Infrastructure,%s" % str(names.domaindn), get_domain_infrastructure_descriptor), + ("CN=Builtin,%s" % str(names.domaindn), get_domain_builtin_descriptor), + ("CN=Computers,%s" % str(names.domaindn), get_domain_computers_descriptor), + ("CN=Users,%s" % str(names.domaindn), get_domain_users_descriptor), + ("OU=Domain Controllers,%s" % str(names.domaindn), get_domain_controllers_descriptor), + ("CN=MicrosoftDNS,CN=System,%s" % str(names.domaindn), get_dns_domain_microsoft_dns_descriptor), + + ("%s" % str(names.configdn), get_config_descriptor), + ("CN=NTDS Quotas,%s" % str(names.configdn), get_config_ntds_quotas_descriptor), + ("CN=LostAndFoundConfig,%s" % str(names.configdn), get_config_delete_protected1wd_descriptor), + ("CN=Services,%s" % str(names.configdn), get_config_delete_protected1_descriptor), + ("CN=Physical Locations,%s" % str(names.configdn), get_config_delete_protected1wd_descriptor), + ("CN=WellKnown Security Principals,%s" % str(names.configdn), get_config_delete_protected1wd_descriptor), + ("CN=ForestUpdates,%s" % str(names.configdn), get_config_delete_protected1wd_descriptor), + ("CN=DisplaySpecifiers,%s" % str(names.configdn), get_config_delete_protected2_descriptor), + ("CN=Extended-Rights,%s" % str(names.configdn), get_config_delete_protected2_descriptor), + ("CN=Partitions,%s" % str(names.configdn), get_config_partitions_descriptor), + ("CN=Sites,%s" % str(names.configdn), get_config_sites_descriptor), + + ("%s" % str(names.schemadn), get_schema_descriptor), + ] + + if names.dnsforestdn is not None: + c = ("%s" % str(names.dnsforestdn), get_dns_partition_descriptor) + subcontainers.append(c) + c = ("CN=Infrastructure,%s" % str(names.dnsforestdn), + get_domain_delete_protected1_descriptor) + subcontainers.append(c) + c = ("CN=LostAndFound,%s" % str(names.dnsforestdn), + get_domain_delete_protected2_descriptor) + subcontainers.append(c) + c = ("CN=MicrosoftDNS,%s" % str(names.dnsforestdn), + get_dns_forest_microsoft_dns_descriptor) + subcontainers.append(c) + + if names.dnsdomaindn is not None: + c = ("%s" % str(names.dnsdomaindn), get_dns_partition_descriptor) + subcontainers.append(c) + c = ("CN=Infrastructure,%s" % str(names.dnsdomaindn), + get_domain_delete_protected1_descriptor) + subcontainers.append(c) + c = ("CN=LostAndFound,%s" % str(names.dnsdomaindn), + get_domain_delete_protected2_descriptor) + subcontainers.append(c) + c = ("CN=MicrosoftDNS,%s" % str(names.dnsdomaindn), + get_dns_domain_microsoft_dns_descriptor) + subcontainers.append(c) + + return subcontainers -- cgit