sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code

join.py: Set NT ACL on crossRef object for new partition

Browse Source 
Change-Id: Icb1b00697cc5641481370ded26f2f0551a5b2a97
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep  2 14:15:54 CEST 2014 on sn-devel-104
This commit is contained in:
Andrew Bartlett 2014-08-22 14:16:30 +12:00 committed by Stefan Metzmacher
parent eee14f775e
commit b55a91e9d2
2 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
python/samba/descriptor.py
View File

@ -361,6 +361,13 @@ def get_dns_domain_microsoft_dns_descriptor(domain_sid, name_map={}):
"(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)"
return sddl2binary(sddl, domain_sid, name_map)
def get_paritions_crossref_subdomain_descriptor(domain_sid, name_map={}):
sddl = "O:SubdomainAdminsG:SubdomainAdminsD:AI" \
"(A;;RPWPCRCCLCLORCWOWDSW;;;SubdomainAdmins)"
"(A;;RPLCLORC;;;AU)"
"(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)"
return sddl2binary(sddl, domain_sid, name_map)
def get_wellknown_sds(samdb):
# Then subcontainers
@ -427,7 +434,6 @@ def get_wellknown_sds(samdb):
return subcontainers
def chunck_acl(acl):
"""Return separate ACE of an ACL

10
python/samba/join.py
View File

@ -29,6 +29,7 @@ from samba.credentials import Credentials, DONT_USE_KERBEROS
from samba.provision import secretsdb_self_join, provision, provision_fill, FILL_DRS, FILL_SUBDOMAIN
from samba.provision.common import setup_path
from samba.schema import Schema
from samba import descriptor
from samba.net import Net
from samba.provision.sambadns import setup_bind9_dns
from samba import read_and_sub_file
@ -672,8 +673,8 @@ class dc_join(object):
"""add the various objects needed for the join, for subdomains post replication"""
print "Adding %s" % ctx.partition_dn
# NOTE: windows sends a ntSecurityDescriptor here, we
# let it default
name_map = {'SubdomainAdmins': "%s-%s" % (str(ctx.domsid), security.DOMAIN_RID_ADMINS)}
sd_binary = descriptor.get_paritions_crossref_subdomain_descriptor(ctx.forestsid, name_map=name_map)
rec = {
"dn" : ctx.partition_dn,
"objectclass" : "crossRef",
@ -682,7 +683,10 @@ class dc_join(object):
"nETBIOSName" : ctx.domain_name,
"dnsRoot": ctx.dnsdomain,
"trustParent" : ctx.parent_partition_dn,
"systemFlags" : str(samba.dsdb.SYSTEM_FLAG_CR_NTDS_NC|samba.dsdb.SYSTEM_FLAG_CR_NTDS_DOMAIN)}
"systemFlags" : str(samba.dsdb.SYSTEM_FLAG_CR_NTDS_NC|samba.dsdb.SYSTEM_FLAG_CR_NTDS_DOMAIN),
"ntSecurityDescriptor" : sd_binary,
}
if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
rec["msDS-Behavior-Version"] = str(ctx.behavior_version)