[SCM] Samba Shared Repository - branch master updated

Matthias Dieter Wallnöfer mdw at samba.org
Sat Oct 23 14:17:01 MDT 2010


The branch, master has been updated
       via  8b9a08e s4:provision.py - add the correct "CN=Sites" security descriptor
       via  245642a s4:schema.py - reformat and fix the security descriptor
      from  c25afb6 ldb: Support using system pyldb library.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 8b9a08e10f7b984309ba23ca034923c9634b8e46
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Sat Oct 23 21:26:05 2010 +0200

    s4:provision.py - add the correct "CN=Sites" security descriptor
    
    This should help to fix bug #7403.
    
    Autobuild-User: Matthias Dieter Wallnöfer <mdw at samba.org>
    Autobuild-Date: Sat Oct 23 20:16:59 UTC 2010 on sn-devel-104

commit 245642a36b5126d2a481a2aac0b20318ed955732
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Sat Oct 23 20:27:50 2010 +0200

    s4:schema.py - reformat and fix the security descriptor
    
    - Now it matches Windows's order
    - It contained a superfluous entry (an "Administrator" user grant)

-----------------------------------------------------------------------

Summary of changes:
 source4/scripting/python/samba/provision.py |   25 ++++++++++++++---
 source4/scripting/python/samba/schema.py    |   37 ++++++++++++++++----------
 source4/setup/provision_configuration.ldif  |    1 +
 3 files changed, 44 insertions(+), 19 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 80c9bfd..5205ba5 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -81,10 +81,23 @@ def find_setup_dir():
         return ret
     raise Exception("Unable to find setup directory.")
 
-# descriptors of the naming contexts
-# hard coded at this point, but will probably be changed when
-# we enable different fsmo roles
-
+# Descriptors of naming contexts and other important objects
+
+# "get_schema_descriptor" is located in "schema.py"
+
+def get_sites_descriptor(domain_sid):
+    sddl = "O:EAG:EAD:AI(A;;RPLCLORC;;;AU)" \
+           "(A;;RPWPCRCCLCLORCWOWDSW;;;EA)" \
+           "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \
+           "(A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)" \
+           "(A;CIID;RPWPCRCCLCLORCWOWDSDSW;;;DA)" \
+           "S:AI(AU;CISA;CCDCSDDT;;;WD)" \
+           "(OU;CIIOSA;CR;;f0f8ffab-1191-11d0-a060-00aa006c33ed;WD)" \
+           "(OU;CIIOSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967ab3-0de6-11d0-a285-00aa003049e2;WD)" \
+           "(OU;CIIOSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967ab3-0de6-11d0-a285-00aa003049e2;WD)" \
+           "(OU;CIIOSA;WP;3e10944c-c354-11d0-aff8-0000f80367c1;b7b13124-b82e-11d0-afee-0000f80367c1;WD)"
+    sec = security.descriptor.from_sddl(sddl, domain_sid)
+    return ndr_pack(sec)
 
 def get_config_descriptor(domain_sid):
     sddl = "O:EAG:EAD:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
@@ -1163,6 +1176,7 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, names,
         samdb.invocation_id = invocationid
 
         logger.info("Setting up sam.ldb configuration data")
+        descr = b64encode(get_sites_descriptor(domainsid))
         setup_add_ldif(samdb, setup_path("provision_configuration.ldif"), {
             "CONFIGDN": names.configdn,
             "NETBIOSNAME": names.netbiosname,
@@ -1173,7 +1187,8 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, names,
             "DOMAINDN": names.domaindn,
             "SERVERDN": names.serverdn,
             "FOREST_FUNCTIONALITY": str(forestFunctionality),
-            "DOMAIN_FUNCTIONALITY": str(domainFunctionality)
+            "DOMAIN_FUNCTIONALITY": str(domainFunctionality),
+            "SITES_DESCRIPTOR": descr
             })
 
         logger.info("Setting up display specifiers")
diff --git a/source4/scripting/python/samba/schema.py b/source4/scripting/python/samba/schema.py
index 848d4ec..73bc2e4 100644
--- a/source4/scripting/python/samba/schema.py
+++ b/source4/scripting/python/samba/schema.py
@@ -33,20 +33,29 @@ from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL
 import os
 
 def get_schema_descriptor(domain_sid):
-    sddl = "O:SAG:SAD:AI(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c" \
-           ";;ER)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;1131f6ad-9c07-1" \
-           "1d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;SA)(O" \
-           "A;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;1131f6aa-9c07-11d1-f79" \
-           "f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1" \
-           "131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04" \
-           "fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6aa" \
-           "-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2" \
-           ";;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ad-9c07-1" \
-           "1d1-f79f-00c04fc2dcd2;;ED)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;LA)(A;CI;RPWPCRCCLCL" \
-           "ORCWOWDSW;;;SA)(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:(O" \
-           "U;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)(OU;SA;CR;e12b56b6-0a95-11d1" \
-           "-adbb-00c04fd8d5cd;;WD)(AU;SA;CR;;;DU)(AU;SA;CR;;;BA)(AU;SA;WPCCDCWOWDSDDTSW;" \
-           ";;WD)(AU;CISA;WP;;;WD)"
+    sddl = "O:SAG:SAD:AI(OA;;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;SA)" \
+           "(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
+           "(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
+           "(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
+           "(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \
+           "(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \
+           "(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \
+           "(A;CI;RPLCLORC;;;AU)" \
+           "(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)" \
+           "(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \
+           "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
+           "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)" \
+           "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \
+           "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)" \
+           "(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)" \
+           "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;ER)" \
+           "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ER)" \
+           "S:(AU;SA;WPCCDCWOWDSDDTSW;;;WD)" \
+           "(AU;CISA;WP;;;WD)" \
+           "(AU;SA;CR;;;BA)" \
+           "(AU;SA;CR;;;DU)" \
+           "(OU;SA;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;WD)" \
+           "(OU;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)"
     sec = security.descriptor.from_sddl(sddl, domain_sid)
     return ndr_pack(sec)
 
diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
index cb049b0..2ccf6ed 100644
--- a/source4/setup/provision_configuration.ldif
+++ b/source4/setup/provision_configuration.ldif
@@ -1194,6 +1194,7 @@ dn: CN=Sites,${CONFIGDN}
 objectClass: top
 objectClass: sitesContainer
 systemFlags: -2113929216
+nTSecurityDescriptor:: ${SITES_DESCRIPTOR}
 
 dn: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
 objectClass: top


-- 
Samba Shared Repository


More information about the samba-cvs mailing list