[SCM] Samba Shared Repository - branch master updated
Matthias Dieter Wallnöfer
mdw at samba.org
Fri Nov 27 14:33:02 MST 2009
The branch, master has been updated
via f749e22... s4:provision.py - remove hardcoded SIDs and RIDs
via 207067d... s4:security/sddl - rework of the security descriptor abbreviations
via 2e7ccdc... security.idl - Add some more wellknown SIDs/RIDs
from 7d40071... s4:registry/util - Don't include the trailing '\0' in the internal data format but add it on the back-conversion to a string
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f749e22cca79448dbbb338dff30054a87cd5a184
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Nov 27 22:39:52 2009 +0100
s4:provision.py - remove hardcoded SIDs and RIDs
After rework of the SDDL modules this is possible. In future: Never hardcode
them anymore! Always use the abbreviations.
commit 207067d1a862f03d051d4ac3ae1e25b4dbf3bb51
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Nov 27 22:37:52 2009 +0100
s4:security/sddl - rework of the security descriptor abbreviations
- Reoder them
- Add some new ones (needed for the security descriptor in the provision script)
commit 2e7ccdcb661c7c1379a4488ae42359df0563cb7f
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Nov 27 22:36:59 2009 +0100
security.idl - Add some more wellknown SIDs/RIDs
-----------------------------------------------------------------------
Summary of changes:
librpc/gen_ndr/security.h | 3 +
librpc/idl/security.idl | 31 +++++++------
source4/libcli/security/sddl.c | 61 ++++++++++++++------------
source4/scripting/python/samba/provision.py | 6 +-
4 files changed, 56 insertions(+), 45 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/gen_ndr/security.h b/librpc/gen_ndr/security.h
index 03e5098..0dc50c3 100644
--- a/librpc/gen_ndr/security.h
+++ b/librpc/gen_ndr/security.h
@@ -132,7 +132,9 @@
#define SID_BUILTIN_PREW2K ( "S-1-5-32-554" )
#define SID_BUILTIN_REMOTE_DESKTOP_USERS ( "S-1-5-32-555" )
#define SID_BUILTIN_NETWORK_CONF_OPERATORS ( "S-1-5-32-556" )
+#define SID_BUILTIN_INCOMING_FOREST_TRUST ( "S-1-5-32-557" )
#define DOMAIN_RID_LOGON ( 9 )
+#define DOMAIN_RID_ENTERPRISE_READONLY_DCS ( 498 )
#define DOMAIN_RID_ADMINISTRATOR ( 500 )
#define DOMAIN_RID_GUEST ( 501 )
#define DOMAIN_RID_KRBTGT ( 502 )
@@ -145,6 +147,7 @@
#define DOMAIN_RID_SCHEMA_ADMINS ( 518 )
#define DOMAIN_RID_ENTERPRISE_ADMINS ( 519 )
#define DOMAIN_RID_POLICY_ADMINS ( 520 )
+#define DOMAIN_RID_READONLY_DCS ( 521 )
#define DOMAIN_RID_RAS_SERVERS ( 553 )
#define NT4_ACL_REVISION ( SECURITY_ACL_REVISION_NT4 )
#define SD_REVISION ( SECURITY_DESCRIPTOR_REVISION_1 )
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 3c67fa7..b191414 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -262,22 +262,25 @@ interface security
const string SID_BUILTIN_PREW2K = "S-1-5-32-554";
const string SID_BUILTIN_REMOTE_DESKTOP_USERS = "S-1-5-32-555";
const string SID_BUILTIN_NETWORK_CONF_OPERATORS = "S-1-5-32-556";
+ const string SID_BUILTIN_INCOMING_FOREST_TRUST = "S-1-5-32-557";
/* well-known domain RIDs */
- const int DOMAIN_RID_LOGON = 9;
- const int DOMAIN_RID_ADMINISTRATOR = 500;
- const int DOMAIN_RID_GUEST = 501;
- const int DOMAIN_RID_KRBTGT = 502;
- const int DOMAIN_RID_ADMINS = 512;
- const int DOMAIN_RID_USERS = 513;
- const int DOMAIN_RID_GUESTS = 514;
- const int DOMAIN_RID_DOMAIN_MEMBERS = 515;
- const int DOMAIN_RID_DCS = 516;
- const int DOMAIN_RID_CERT_ADMINS = 517;
- const int DOMAIN_RID_SCHEMA_ADMINS = 518;
- const int DOMAIN_RID_ENTERPRISE_ADMINS = 519;
- const int DOMAIN_RID_POLICY_ADMINS = 520;
- const int DOMAIN_RID_RAS_SERVERS = 553;
+ const int DOMAIN_RID_LOGON = 9;
+ const int DOMAIN_RID_ENTERPRISE_READONLY_DCS = 498;
+ const int DOMAIN_RID_ADMINISTRATOR = 500;
+ const int DOMAIN_RID_GUEST = 501;
+ const int DOMAIN_RID_KRBTGT = 502;
+ const int DOMAIN_RID_ADMINS = 512;
+ const int DOMAIN_RID_USERS = 513;
+ const int DOMAIN_RID_GUESTS = 514;
+ const int DOMAIN_RID_DOMAIN_MEMBERS = 515;
+ const int DOMAIN_RID_DCS = 516;
+ const int DOMAIN_RID_CERT_ADMINS = 517;
+ const int DOMAIN_RID_SCHEMA_ADMINS = 518;
+ const int DOMAIN_RID_ENTERPRISE_ADMINS = 519;
+ const int DOMAIN_RID_POLICY_ADMINS = 520;
+ const int DOMAIN_RID_READONLY_DCS = 521;
+ const int DOMAIN_RID_RAS_SERVERS = 553;
/*
diff --git a/source4/libcli/security/sddl.c b/source4/libcli/security/sddl.c
index 7f4a6fd..2244a3d 100644
--- a/source4/libcli/security/sddl.c
+++ b/source4/libcli/security/sddl.c
@@ -65,49 +65,54 @@ static const struct {
const char *sid;
uint32_t rid;
} sid_codes[] = {
- { "AO", SID_BUILTIN_ACCOUNT_OPERATORS },
- { "BA", SID_BUILTIN_ADMINISTRATORS },
- { "RU", SID_BUILTIN_PREW2K },
- { "PO", SID_BUILTIN_PRINT_OPERATORS },
-
- { "AU", SID_NT_AUTHENTICATED_USERS },
- { "SY", SID_NT_SYSTEM },
- { "PS", SID_NT_SELF },
{ "WD", SID_WORLD },
- { "ED", SID_NT_ENTERPRISE_DCS },
{ "CO", SID_CREATOR_OWNER },
{ "CG", SID_CREATOR_GROUP },
- { "AN", SID_NT_ANONYMOUS },
- { "BG", SID_BUILTIN_GUESTS },
- { "BO", SID_BUILTIN_BACKUP_OPERATORS },
- { "BU", SID_BUILTIN_USERS },
+ { "NU", SID_NT_NETWORK },
{ "IU", SID_NT_INTERACTIVE },
+ { "SU", SID_NT_SERVICE },
+ { "AN", SID_NT_ANONYMOUS },
+ { "ED", SID_NT_ENTERPRISE_DCS },
+ { "PS", SID_NT_SELF },
+ { "AU", SID_NT_AUTHENTICATED_USERS },
+ { "RC", SID_NT_RESTRICTED },
+ { "SY", SID_NT_SYSTEM },
{ "LS", SID_NT_LOCAL_SERVICE },
- { "NO", SID_BUILTIN_NETWORK_CONF_OPERATORS },
{ "NS", SID_NT_NETWORK_SERVICE },
- { "NU", SID_NT_NETWORK },
+
+ { "BA", SID_BUILTIN_ADMINISTRATORS },
+ { "BU", SID_BUILTIN_USERS },
+ { "BG", SID_BUILTIN_GUESTS },
{ "PU", SID_BUILTIN_POWER_USERS },
- { "RC", SID_NT_RESTRICTED },
- { "RD", SID_BUILTIN_REMOTE_DESKTOP_USERS },
+ { "AO", SID_BUILTIN_ACCOUNT_OPERATORS },
+ { "SO", SID_BUILTIN_SERVER_OPERATORS },
+ { "PO", SID_BUILTIN_PRINT_OPERATORS },
+ { "BO", SID_BUILTIN_BACKUP_OPERATORS },
{ "RE", SID_BUILTIN_REPLICATOR },
- { "SO", SID_BUILTIN_ACCOUNT_OPERATORS },
- { "SU", SID_NT_SERVICE },
+ { "BR", SID_BUILTIN_RAS_SERVERS },
+ { "RU", SID_BUILTIN_PREW2K },
+ { "RD", SID_BUILTIN_REMOTE_DESKTOP_USERS },
+ { "NO", SID_BUILTIN_NETWORK_CONF_OPERATORS },
+ { "IF", SID_BUILTIN_INCOMING_FOREST_TRUST },
+
+ { "LA", NULL, DOMAIN_RID_ADMINISTRATOR },
+ { "LG", NULL, DOMAIN_RID_GUEST },
+ { "LK", NULL, DOMAIN_RID_KRBTGT },
+ { "ER", NULL, DOMAIN_RID_ENTERPRISE_READONLY_DCS },
{ "DA", NULL, DOMAIN_RID_ADMINS },
- { "EA", NULL, DOMAIN_RID_ENTERPRISE_ADMINS },
- { "DD", NULL, DOMAIN_RID_DCS },
{ "DU", NULL, DOMAIN_RID_USERS },
- { "CA", NULL, DOMAIN_RID_CERT_ADMINS },
-
- { "DC", NULL, DOMAIN_RID_DOMAIN_MEMBERS },
{ "DG", NULL, DOMAIN_RID_GUESTS },
- { "LA", NULL, DOMAIN_RID_ADMINISTRATOR },
- { "LG", NULL, DOMAIN_RID_GUEST },
- { "PA", NULL, DOMAIN_RID_POLICY_ADMINS },
+ { "DC", NULL, DOMAIN_RID_DOMAIN_MEMBERS },
+ { "DD", NULL, DOMAIN_RID_DCS },
+ { "CA", NULL, DOMAIN_RID_CERT_ADMINS },
{ "SA", NULL, DOMAIN_RID_SCHEMA_ADMINS },
- { "RS", NULL, DOMAIN_RID_RAS_SERVERS },
+ { "EA", NULL, DOMAIN_RID_ENTERPRISE_ADMINS },
+ { "PA", NULL, DOMAIN_RID_POLICY_ADMINS },
+ { "RO", NULL, DOMAIN_RID_READONLY_DCS },
+ { "RS", NULL, DOMAIN_RID_RAS_SERVERS }
};
/*
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 0da03f3..af95657 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -91,7 +91,7 @@ def get_config_descriptor(domain_sid):
"(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)" \
"(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \
"(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)" \
- "(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1-5-21-3191434175-1265308384-3577286990-498)" \
+ "(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)" \
"S:(AU;SA;WPWOWD;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)" \
"(OU;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)"
sec = security.descriptor.from_sddl(sddl, domain_sid)
@@ -108,7 +108,7 @@ def get_domain_descriptor(domain_sid):
"(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)" \
"(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)" \
"(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)" \
- "(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1-5-21-832762594-175224951-1765713900-498)" \
+ "(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)" \
"(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)" \
"(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)" \
"(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)" \
@@ -119,7 +119,7 @@ def get_domain_descriptor(domain_sid):
"(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \
"(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \
"(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \
- "(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)" \
+ "(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;IF)" \
"(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)" \
"(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)" \
"(OA;CIIO;RPLCLORC;;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)" \
--
Samba Shared Repository
More information about the samba-cvs
mailing list