sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-04 08:22:08 +03:00
Code Activity

s4:provision: set the correct nTSecurityDescriptor on CN=Users,... (bug #9481)

Browse Source 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This commit is contained in:
Stefan Metzmacher
2012-12-11 03:15:26 +01:00
committed by Michael Adam
parent 19b03834f0
commit 8eb359c23c
3 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
source4/scripting/python/samba/provision/__init__.py
View File

@ -85,6 +85,7 @@ from samba.provision.descriptor import (
get_domain_infrastructure_descriptor, get_domain_infrastructure_descriptor,
get_domain_builtin_descriptor, get_domain_builtin_descriptor,
get_domain_computers_descriptor, get_domain_computers_descriptor,
get_domain_users_descriptor,
) )
from samba.provision.common import ( from samba.provision.common import (
setup_path, setup_path,
@ -1286,8 +1287,11 @@ def fill_samdb(samdb, lp, names, logger, domainsid, domainguid, policyguid,
samdb.add_ldif(display_specifiers_ldif) samdb.add_ldif(display_specifiers_ldif)
logger.info("Adding users container") logger.info("Adding users container")
users_desc = b64encode(get_domain_users_descriptor(domainsid))
setup_add_ldif(samdb, setup_path("provision_users_add.ldif"), { setup_add_ldif(samdb, setup_path("provision_users_add.ldif"), {
"DOMAINDN": names.domaindn}) "DOMAINDN": names.domaindn,
"USERS_DESCRIPTOR": users_desc
})
logger.info("Modifying users container") logger.info("Modifying users container")
setup_modify_ldif(samdb, setup_path("provision_users_modify.ldif"), { setup_modify_ldif(samdb, setup_path("provision_users_modify.ldif"), {
"DOMAINDN": names.domaindn}) "DOMAINDN": names.domaindn})

13
source4/scripting/python/samba/provision/descriptor.py
View File

@ -224,6 +224,19 @@ def get_domain_computers_descriptor(domain_sid):
sec = security.descriptor.from_sddl(sddl, domain_sid) sec = security.descriptor.from_sddl(sddl, domain_sid)
return ndr_pack(sec) return ndr_pack(sec)
def get_domain_users_descriptor(domain_sid):
sddl = "D:" \
"(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \
"(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)" \
"(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)" \
"(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)" \
"(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)" \
"(A;;RPLCLORC;;;AU)" \
"(OA;;CCDC;4828cc14-1437-45bc-9b07-ad6f015e5f28;;AO)" \
"S:"
sec = security.descriptor.from_sddl(sddl, domain_sid)
return ndr_pack(sec)
def get_dns_partition_descriptor(domainsid): def get_dns_partition_descriptor(domainsid):
sddl = "O:SYG:BAD:AI" \ sddl = "O:SYG:BAD:AI" \
"(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)" \ "(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)" \

1
source4/setup/provision_users_add.ldif
View File

@ -1,3 +1,4 @@
dn: CN=Users,${DOMAINDN} dn: CN=Users,${DOMAINDN}
objectClass: top objectClass: top
objectClass: container objectClass: container
nTSecurityDescriptor:: ${USERS_DESCRIPTOR}