python:descriptor: add missing schema 2019 aces in builtin and dns partition

Note 'samba-tool domain functionalprep' won't fix them in the database,
while a fresh provision will add these.

This is needed in order that 'samba-tool dbcheck --reset-well-known-acls'
won't reset them after a modern provision and will fix them on an old
domain.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python/samba/descriptor.py

@@ -278,6 +278,10 @@ def get_domain_builtin_descriptor(domain_sid, name_map=None):
         "(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
         "(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)" \
         "(OA;CIIO;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)" \
+        "(OA;CIIO;SW;9b026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;CO)" \
+        "(OA;OICI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)" \
+        "(OA;CIIO;SW;9b026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;PS)" \
+        "(OA;CIIO;WP;ea1b7b93-5e48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)" \
         "(A;;RPWPCRCCLCLORCWOWDSW;;;DA)" \
         "(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)" \
         "(A;;RPRC;;;RU)" \
@@ -423,6 +427,10 @@ def get_dns_partition_descriptor(domain_sid, name_map=None):
         "(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
         "(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)" \
         "(OA;CIIO;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)" \
+        "(OA;CIIO;SW;9b026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;CO)" \
+        "(OA;OICI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)" \
+        "(OA;CIIO;SW;9b026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;PS)" \
+        "(OA;CIIO;WP;ea1b7b93-5e48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)" \
         "(A;;RPWPCRCCLCLORCWOWDSW;;;DA)" \
         "(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)" \
         "(A;;RPRC;;;RU)" \