2025-02-22 05:57:43 +03:00 · 2013-01-23 16:27:17 +01:00 · 2013-01-23 16:27:17 +01:00 · a477649e56
commit a477649e56
parent 1de5c2f785
4 changed files with 34 additions and 0 deletions
--- a/source4/scripting/python/samba/provision/init.py
+++ b/source4/scripting/python/samba/provision/init.py
@ -1298,8 +1298,14 @@ def fill_samdb(samdb, lp, names, logger, domainsid, domainguid, policyguid,
        # If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
        if fill == FILL_FULL:
            logger.info("Setting up sam.ldb configuration data")
+
            partitions_descr = b64encode(get_config_partitions_descriptor(domainsid))
            sites_descr = b64encode(get_config_sites_descriptor(domainsid))
+            ntdsquotas_descr = b64encode(get_config_ntds_quotas_descriptor(domainsid))
+            protected1_descr = b64encode(get_config_delete_protected1_descriptor(domainsid))
+            protected1wd_descr = b64encode(get_config_delete_protected1wd_descriptor(domainsid))
+            protected2_descr = b64encode(get_config_delete_protected2_descriptor(domainsid))
+
            setup_add_ldif(samdb, setup_path("provision_configuration.ldif"), {
                    "CONFIGDN": names.configdn,
                    "NETBIOSNAME": names.netbiosname,
@ -1311,6 +1317,12 @@ def fill_samdb(samdb, lp, names, logger, domainsid, domainguid, policyguid,
                    "SERVERDN": names.serverdn,
                    "FOREST_FUNCTIONALITY": str(forestFunctionality),
                    "DOMAIN_FUNCTIONALITY": str(domainFunctionality),
+                    "NTDSQUOTAS_DESCRIPTOR": ntdsquotas_descr,
+                    "LOSTANDFOUND_DESCRIPTOR": protected1wd_descr,
+                    "SERVICES_DESCRIPTOR": protected1_descr,
+                    "PHYSICALLOCATIONS_DESCRIPTOR": protected1wd_descr,
+                    "FORESTUPDATES_DESCRIPTOR": protected1wd_descr,
+                    "EXTENDEDRIGHTS_DESCRIPTOR": protected2_descr,
                    "PARTITIONS_DESCRIPTOR": partitions_descr,
                    "SITES_DESCRIPTOR": sites_descr,
                    })
@ -1323,6 +1335,13 @@ def fill_samdb(samdb, lp, names, logger, domainsid, domainguid, policyguid,
            check_all_substituted(display_specifiers_ldif)
            samdb.add_ldif(display_specifiers_ldif)

+            logger.info("Modifying display specifiers")
+            setup_modify_ldif(samdb,
+                setup_path("provision_configuration_modify.ldif"), {
+                "CONFIGDN": names.configdn,
+                "DISPLAYSPECIFIERS_DESCRIPTOR": protected2_descr
+                })
+
        logger.info("Adding users container")
        users_desc = b64encode(get_domain_users_descriptor(domainsid))
        setup_add_ldif(samdb, setup_path("provision_users_add.ldif"), {
@ -1372,8 +1391,10 @@ def fill_samdb(samdb, lp, names, logger, domainsid, domainguid, policyguid,
                    "SCHEMADN": names.schemadn})

            logger.info("Setting up well known security principals")
+            protected1wd_descr = b64encode(get_config_delete_protected1wd_descriptor(domainsid))
            setup_add_ldif(samdb, setup_path("provision_well_known_sec_princ.ldif"), {
                "CONFIGDN": names.configdn,
+                "WELLKNOWNPRINCIPALS_DESCRIPTOR": protected1wd_descr,
                })

        if fill == FILL_FULL or fill == FILL_SUBDOMAIN:
--- a/source4/setup/provision_configuration.ldif
+++ b/source4/setup/provision_configuration.ldif
@ -21,6 +21,7 @@ dn: CN=Extended-Rights,${CONFIGDN}
 objectClass: top
 objectClass: container
 systemFlags: -2147483648
+nTSecurityDescriptor:: ${EXTENDEDRIGHTS_DESCRIPTOR}

 dn: CN=Change-Rid-Master,CN=Extended-Rights,${CONFIGDN}
 objectClass: top
@ -706,6 +707,7 @@ validAccesses: 48
 dn: CN=ForestUpdates,${CONFIGDN}
 objectClass: top
 objectClass: container
+nTSecurityDescriptor:: ${FORESTUPDATES_DESCRIPTOR}

 dn: CN=ActiveDirectoryRodcUpdate,CN=ForestUpdates,${CONFIGDN}
 objectClass: top
@ -1001,6 +1003,7 @@ dn: CN=LostAndFoundConfig,${CONFIGDN}
 objectClass: top
 objectClass: lostAndFound
 systemFlags: -2147483648
+nTSecurityDescriptor:: ${LOSTANDFOUND_DESCRIPTOR}

 dn: CN=NTDS Quotas,${CONFIGDN}
 objectClass: top
@ -1009,6 +1012,7 @@ description: Quota specifications container
 isCriticalSystemObject: TRUE
 msDS-TombstoneQuotaFactor: 100
 systemFlags: -2147483648
+nTSecurityDescriptor:: ${NTDSQUOTAS_DESCRIPTOR}

 # Partitions

@ -1053,6 +1057,7 @@ objectClass: top
 objectClass: locality
 objectClass: physicalLocation
 l: Physical Locations tree root
+nTSecurityDescriptor:: ${PHYSICALLOCATIONS_DESCRIPTOR}

 # Schema located in "ad-schema/*.txt"

@ -1062,6 +1067,7 @@ dn: CN=Services,${CONFIGDN}
 objectClass: top
 objectClass: container
 systemFlags: -2147483648
+nTSecurityDescriptor:: ${SERVICES_DESCRIPTOR}

 dn: CN=MsmqServices,CN=Services,${CONFIGDN}
 objectClass: top
--- a/source4/setup/provision_configuration_modify.ldif
+++ b/source4/setup/provision_configuration_modify.ldif
@ -0,0 +1,6 @@
+dn: CN=DisplaySpecifiers,${CONFIGDN}
+changetype: modify
+-
+replace: nTSecurityDescriptor
+nTSecurityDescriptor:: ${DISPLAYSPECIFIERS_DESCRIPTOR}
+-
--- a/source4/setup/provision_well_known_sec_princ.ldif
+++ b/source4/setup/provision_well_known_sec_princ.ldif
@ -4,6 +4,7 @@ dn: CN=WellKnown Security Principals,${CONFIGDN}
 objectClass: top
 objectClass: container
 systemFlags: -2147483648
+nTSecurityDescriptor:: ${WELLKNOWNPRINCIPALS_DESCRIPTOR}

 dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
 objectClass: top