[PATCH] Added "admin_session" method.
Nadezhda Ivanova
nadezhda.ivanova at postpath.com
Tue Sep 8 07:01:37 MDT 2009
I will take another look. The change in indent could have happened during merge, because when I merged my patch for final testing there were changes in provision.py, there were some ugly onflicts that I had to resolve by hand. I will take another look and re-send only provision.py again.
Regards,
Nadya
----- Original Message -----
> From: Andrew Bartlett <abartlet at samba.org>
> To: Nadezhda Ivanova <nadezhda.ivanova at postpath.com>
> Cc: samba-technical at samba.org <samba-technical at samba.org>
> Sent: Tuesday, September 8, 2009 12:56:22 PM GMT+0200 Europe;Athens
> Subject: Re: [PATCH] Added "admin_session" method.
> > On Mon, 2009-09-07 at 16:22 +0300, Nadezhda Ivanova wrote:
> > Hi Samba team,
> > As you know, I have been working on implementing AD compatible
> > security descriptor inheritance in Samba 4. Based on documentation
> > regarding the default owner and group of an SD and some
> > experimentation, it appears that in order to get 100% compliance of
> > the security descriptors in the schema, configuration and domain,
> > provisioning has to be done by authenticating as Administrator.
> Maybe
> > during plugfest we can establish if we need Administrator or any
> > member of group Administrators.
>
> This seems very reasonable.
>
> > At this point basically we replace the system_session with
> > admin_session when creating schema, configuration and domain
> > partitions. It does not affect provisioning in any way and does not
> > break any test.
>
> Why do you revert to system_session() at all?
>
> That is, I don't like:
>
> > @@ -997,13 +1001,16 @@ def setup_samdb(path, setup_path,
> session_info,
> > credentials, lp,
> > "KRBTGTPASS_B64": b64encode(krbtgtpass),
> > })
> >
> > - if serverrole == "domain controller":
> > - message("Setting up self join")
> > - setup_self_join(samdb, names=names,
> > invocationid=invocationid,
> > - dnspass=dnspass,
> > - machinepass=machinepass,
> > - domainsid=domainsid,
> > policyguid=policyguid,
> > - setup_path=setup_path,
> > domainControllerFunctionality=domainControllerFunctionality)
> > +#return back to system
> > + samdb.set_session_info(session_info)
> > +
> > + if serverrole == "domain controller":
> > + message("Setting up self join")
> > + setup_self_join(samdb, names=names,
> > invocationid=invocationid,
> > + dnspass=dnspass,
> > + machinepass=machinepass,
> > + domainsid=domainsid,
> > policyguid=policyguid,
> > + setup_path=setup_path,
> > domainControllerFunctionality=domainControllerFunctionality)
> >
>
> You also seem to change the indentation, which rather matters for
> python.
>
> Once I understand why you need this last chunk, I will be very happy
> to
> merge this.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Cisco Inc.
More information about the samba-technical
mailing list