mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
scripting: Move the list of well known SDs to samba.provision.descriptor
This will allow us to call this from dbcheck. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
parent
afe9343880
commit
3da89b01fa
@ -28,6 +28,7 @@
|
|||||||
|
|
||||||
from samba.dcerpc import security
|
from samba.dcerpc import security
|
||||||
from samba.ndr import ndr_pack
|
from samba.ndr import ndr_pack
|
||||||
|
from samba.schema import get_schema_descriptor
|
||||||
|
|
||||||
# Descriptors of naming contexts and other important objects
|
# Descriptors of naming contexts and other important objects
|
||||||
|
|
||||||
@ -357,3 +358,60 @@ def get_dns_domain_microsoft_dns_descriptor(domain_sid, name_map={}):
|
|||||||
"(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \
|
"(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \
|
||||||
"(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)"
|
"(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)"
|
||||||
return sddl2binary(sddl, domain_sid, name_map)
|
return sddl2binary(sddl, domain_sid, name_map)
|
||||||
|
|
||||||
|
def get_wellknown_sds(names):
|
||||||
|
|
||||||
|
# Then subcontainers
|
||||||
|
subcontainers = [
|
||||||
|
("%s" % str(names.domaindn), get_domain_descriptor),
|
||||||
|
("CN=LostAndFound,%s" % str(names.domaindn), get_domain_delete_protected2_descriptor),
|
||||||
|
("CN=System,%s" % str(names.domaindn), get_domain_delete_protected1_descriptor),
|
||||||
|
("CN=Infrastructure,%s" % str(names.domaindn), get_domain_infrastructure_descriptor),
|
||||||
|
("CN=Builtin,%s" % str(names.domaindn), get_domain_builtin_descriptor),
|
||||||
|
("CN=Computers,%s" % str(names.domaindn), get_domain_computers_descriptor),
|
||||||
|
("CN=Users,%s" % str(names.domaindn), get_domain_users_descriptor),
|
||||||
|
("OU=Domain Controllers,%s" % str(names.domaindn), get_domain_controllers_descriptor),
|
||||||
|
("CN=MicrosoftDNS,CN=System,%s" % str(names.domaindn), get_dns_domain_microsoft_dns_descriptor),
|
||||||
|
|
||||||
|
("%s" % str(names.configdn), get_config_descriptor),
|
||||||
|
("CN=NTDS Quotas,%s" % str(names.configdn), get_config_ntds_quotas_descriptor),
|
||||||
|
("CN=LostAndFoundConfig,%s" % str(names.configdn), get_config_delete_protected1wd_descriptor),
|
||||||
|
("CN=Services,%s" % str(names.configdn), get_config_delete_protected1_descriptor),
|
||||||
|
("CN=Physical Locations,%s" % str(names.configdn), get_config_delete_protected1wd_descriptor),
|
||||||
|
("CN=WellKnown Security Principals,%s" % str(names.configdn), get_config_delete_protected1wd_descriptor),
|
||||||
|
("CN=ForestUpdates,%s" % str(names.configdn), get_config_delete_protected1wd_descriptor),
|
||||||
|
("CN=DisplaySpecifiers,%s" % str(names.configdn), get_config_delete_protected2_descriptor),
|
||||||
|
("CN=Extended-Rights,%s" % str(names.configdn), get_config_delete_protected2_descriptor),
|
||||||
|
("CN=Partitions,%s" % str(names.configdn), get_config_partitions_descriptor),
|
||||||
|
("CN=Sites,%s" % str(names.configdn), get_config_sites_descriptor),
|
||||||
|
|
||||||
|
("%s" % str(names.schemadn), get_schema_descriptor),
|
||||||
|
]
|
||||||
|
|
||||||
|
if names.dnsforestdn is not None:
|
||||||
|
c = ("%s" % str(names.dnsforestdn), get_dns_partition_descriptor)
|
||||||
|
subcontainers.append(c)
|
||||||
|
c = ("CN=Infrastructure,%s" % str(names.dnsforestdn),
|
||||||
|
get_domain_delete_protected1_descriptor)
|
||||||
|
subcontainers.append(c)
|
||||||
|
c = ("CN=LostAndFound,%s" % str(names.dnsforestdn),
|
||||||
|
get_domain_delete_protected2_descriptor)
|
||||||
|
subcontainers.append(c)
|
||||||
|
c = ("CN=MicrosoftDNS,%s" % str(names.dnsforestdn),
|
||||||
|
get_dns_forest_microsoft_dns_descriptor)
|
||||||
|
subcontainers.append(c)
|
||||||
|
|
||||||
|
if names.dnsdomaindn is not None:
|
||||||
|
c = ("%s" % str(names.dnsdomaindn), get_dns_partition_descriptor)
|
||||||
|
subcontainers.append(c)
|
||||||
|
c = ("CN=Infrastructure,%s" % str(names.dnsdomaindn),
|
||||||
|
get_domain_delete_protected1_descriptor)
|
||||||
|
subcontainers.append(c)
|
||||||
|
c = ("CN=LostAndFound,%s" % str(names.dnsdomaindn),
|
||||||
|
get_domain_delete_protected2_descriptor)
|
||||||
|
subcontainers.append(c)
|
||||||
|
c = ("CN=MicrosoftDNS,%s" % str(names.dnsdomaindn),
|
||||||
|
get_dns_domain_microsoft_dns_descriptor)
|
||||||
|
subcontainers.append(c)
|
||||||
|
|
||||||
|
return subcontainers
|
||||||
|
@ -46,26 +46,8 @@ from ldb import (SCOPE_SUBTREE, SCOPE_BASE,
|
|||||||
MessageElement, Message, Dn, LdbError)
|
MessageElement, Message, Dn, LdbError)
|
||||||
from samba import param, dsdb, Ldb
|
from samba import param, dsdb, Ldb
|
||||||
from samba.common import confirm
|
from samba.common import confirm
|
||||||
|
from samba.provision.descriptor import get_wellknown_sds, get_empty_descriptor
|
||||||
from samba.provision import (find_provision_key_parameters,
|
from samba.provision import (find_provision_key_parameters,
|
||||||
get_empty_descriptor,
|
|
||||||
get_config_descriptor,
|
|
||||||
get_config_partitions_descriptor,
|
|
||||||
get_config_sites_descriptor,
|
|
||||||
get_config_ntds_quotas_descriptor,
|
|
||||||
get_config_delete_protected1_descriptor,
|
|
||||||
get_config_delete_protected1wd_descriptor,
|
|
||||||
get_config_delete_protected2_descriptor,
|
|
||||||
get_domain_descriptor,
|
|
||||||
get_domain_infrastructure_descriptor,
|
|
||||||
get_domain_builtin_descriptor,
|
|
||||||
get_domain_computers_descriptor,
|
|
||||||
get_domain_users_descriptor,
|
|
||||||
get_domain_controllers_descriptor,
|
|
||||||
get_domain_delete_protected1_descriptor,
|
|
||||||
get_domain_delete_protected2_descriptor,
|
|
||||||
get_dns_partition_descriptor,
|
|
||||||
get_dns_forest_microsoft_dns_descriptor,
|
|
||||||
get_dns_domain_microsoft_dns_descriptor,
|
|
||||||
ProvisioningError, get_last_provision_usn,
|
ProvisioningError, get_last_provision_usn,
|
||||||
get_max_usn, update_provision_usn, setup_path)
|
get_max_usn, update_provision_usn, setup_path)
|
||||||
from samba.schema import get_linked_attributes, Schema, get_schema_descriptor
|
from samba.schema import get_linked_attributes, Schema, get_schema_descriptor
|
||||||
@ -1229,58 +1211,7 @@ def fix_wellknown_sd(samdb, names):
|
|||||||
|
|
||||||
list_wellknown_dns = []
|
list_wellknown_dns = []
|
||||||
|
|
||||||
# Then subcontainers
|
subcontainers = get_wellknown_sds(names)
|
||||||
subcontainers = [
|
|
||||||
("%s" % str(names.domaindn), get_domain_descriptor),
|
|
||||||
("CN=LostAndFound,%s" % str(names.domaindn), get_domain_delete_protected2_descriptor),
|
|
||||||
("CN=System,%s" % str(names.domaindn), get_domain_delete_protected1_descriptor),
|
|
||||||
("CN=Infrastructure,%s" % str(names.domaindn), get_domain_infrastructure_descriptor),
|
|
||||||
("CN=Builtin,%s" % str(names.domaindn), get_domain_builtin_descriptor),
|
|
||||||
("CN=Computers,%s" % str(names.domaindn), get_domain_computers_descriptor),
|
|
||||||
("CN=Users,%s" % str(names.domaindn), get_domain_users_descriptor),
|
|
||||||
("OU=Domain Controllers,%s" % str(names.domaindn), get_domain_controllers_descriptor),
|
|
||||||
("CN=MicrosoftDNS,CN=System,%s" % str(names.domaindn), get_dns_domain_microsoft_dns_descriptor),
|
|
||||||
|
|
||||||
("%s" % str(names.configdn), get_config_descriptor),
|
|
||||||
("CN=NTDS Quotas,%s" % str(names.configdn), get_config_ntds_quotas_descriptor),
|
|
||||||
("CN=LostAndFoundConfig,%s" % str(names.configdn), get_config_delete_protected1wd_descriptor),
|
|
||||||
("CN=Services,%s" % str(names.configdn), get_config_delete_protected1_descriptor),
|
|
||||||
("CN=Physical Locations,%s" % str(names.configdn), get_config_delete_protected1wd_descriptor),
|
|
||||||
("CN=WellKnown Security Principals,%s" % str(names.configdn), get_config_delete_protected1wd_descriptor),
|
|
||||||
("CN=ForestUpdates,%s" % str(names.configdn), get_config_delete_protected1wd_descriptor),
|
|
||||||
("CN=DisplaySpecifiers,%s" % str(names.configdn), get_config_delete_protected2_descriptor),
|
|
||||||
("CN=Extended-Rights,%s" % str(names.configdn), get_config_delete_protected2_descriptor),
|
|
||||||
("CN=Partitions,%s" % str(names.configdn), get_config_partitions_descriptor),
|
|
||||||
("CN=Sites,%s" % str(names.configdn), get_config_sites_descriptor),
|
|
||||||
|
|
||||||
("%s" % str(names.schemadn), get_schema_descriptor),
|
|
||||||
]
|
|
||||||
|
|
||||||
if names.dnsforestdn is not None:
|
|
||||||
c = ("%s" % str(names.dnsforestdn), get_dns_partition_descriptor)
|
|
||||||
subcontainers.append(c)
|
|
||||||
c = ("CN=Infrastructure,%s" % str(names.dnsforestdn),
|
|
||||||
get_domain_delete_protected1_descriptor)
|
|
||||||
subcontainers.append(c)
|
|
||||||
c = ("CN=LostAndFound,%s" % str(names.dnsforestdn),
|
|
||||||
get_domain_delete_protected2_descriptor)
|
|
||||||
subcontainers.append(c)
|
|
||||||
c = ("CN=MicrosoftDNS,%s" % str(names.dnsforestdn),
|
|
||||||
get_dns_forest_microsoft_dns_descriptor)
|
|
||||||
subcontainers.append(c)
|
|
||||||
|
|
||||||
if names.dnsdomaindn is not None:
|
|
||||||
c = ("%s" % str(names.dnsdomaindn), get_dns_partition_descriptor)
|
|
||||||
subcontainers.append(c)
|
|
||||||
c = ("CN=Infrastructure,%s" % str(names.dnsdomaindn),
|
|
||||||
get_domain_delete_protected1_descriptor)
|
|
||||||
subcontainers.append(c)
|
|
||||||
c = ("CN=LostAndFound,%s" % str(names.dnsdomaindn),
|
|
||||||
get_domain_delete_protected2_descriptor)
|
|
||||||
subcontainers.append(c)
|
|
||||||
c = ("CN=MicrosoftDNS,%s" % str(names.dnsdomaindn),
|
|
||||||
get_dns_domain_microsoft_dns_descriptor)
|
|
||||||
subcontainers.append(c)
|
|
||||||
|
|
||||||
for [strdn, descriptor_fn] in subcontainers:
|
for [strdn, descriptor_fn] in subcontainers:
|
||||||
dn = Dn(samdb, strdn)
|
dn = Dn(samdb, strdn)
|
||||||
|
Loading…
Reference in New Issue
Block a user