diff options
| author | Stefan Metzmacher <metze@samba.org> | 2012-12-10 11:32:07 +0100 |
|---|---|---|
| committer | Michael Adam <obnox@samba.org> | 2012-12-11 05:04:48 +0100 |
| commit | 19b03834f08c2a6645a31fe18121534c692c18d1 (patch) | |
| tree | 91697173a96d711947274bcb12de2c97212e43fd | |
| parent | e1301fef735b305736db0b6db335c37aa9fea832 (diff) | |
| download | samba-19b03834f08c2a6645a31fe18121534c692c18d1.tar.gz | |
s4:provision: set the correct nTSecurityDescriptor on CN=Computers,... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
| -rw-r--r-- | source4/scripting/python/samba/provision/__init__.py | 6 | ||||
| -rw-r--r-- | source4/scripting/python/samba/provision/descriptor.py | 14 | ||||
| -rw-r--r-- | source4/setup/provision_computers_add.ldif | 1 |
3 files changed, 20 insertions, 1 deletions
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index a081cea4951..52dacdec32c 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -84,6 +84,7 @@ from samba.provision.descriptor import ( get_domain_descriptor, get_domain_infrastructure_descriptor, get_domain_builtin_descriptor, + get_domain_computers_descriptor, ) from samba.provision.common import ( setup_path, @@ -1291,8 +1292,11 @@ def fill_samdb(samdb, lp, names, logger, domainsid, domainguid, policyguid, setup_modify_ldif(samdb, setup_path("provision_users_modify.ldif"), { "DOMAINDN": names.domaindn}) logger.info("Adding computers container") + computers_desc = b64encode(get_domain_computers_descriptor(domainsid)) setup_add_ldif(samdb, setup_path("provision_computers_add.ldif"), { - "DOMAINDN": names.domaindn}) + "DOMAINDN": names.domaindn, + "COMPUTERS_DESCRIPTOR": computers_desc + }) logger.info("Modifying computers container") setup_modify_ldif(samdb, setup_path("provision_computers_modify.ldif"), { diff --git a/source4/scripting/python/samba/provision/descriptor.py b/source4/scripting/python/samba/provision/descriptor.py index d37e2cdeaf8..8d71969cfd5 100644 --- a/source4/scripting/python/samba/provision/descriptor.py +++ b/source4/scripting/python/samba/provision/descriptor.py @@ -210,6 +210,20 @@ def get_domain_builtin_descriptor(domain_sid): sec = security.descriptor.from_sddl(sddl, domain_sid) return ndr_pack(sec) +def get_domain_computers_descriptor(domain_sid): + sddl = "D:" \ + "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \ + "(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)" \ + "(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)" \ + "(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)" \ + "(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)" \ + "(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)" \ + "(A;;RPLCLORC;;;AU)" \ + "(OA;;CCDC;4828cc14-1437-45bc-9b07-ad6f015e5f28;;AO)" \ + "S:" + sec = security.descriptor.from_sddl(sddl, domain_sid) + return ndr_pack(sec) + def get_dns_partition_descriptor(domainsid): sddl = "O:SYG:BAD:AI" \ "(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)" \ diff --git a/source4/setup/provision_computers_add.ldif b/source4/setup/provision_computers_add.ldif index 6db3f415241..45e2aa423f3 100644 --- a/source4/setup/provision_computers_add.ldif +++ b/source4/setup/provision_computers_add.ldif @@ -1,3 +1,4 @@ dn: CN=Computers,${DOMAINDN} objectClass: top objectClass: container +nTSecurityDescriptor:: ${COMPUTERS_DESCRIPTOR} |