mirror of
https://github.com/samba-team/samba.git
synced 2025-01-10 01:18:15 +03:00
s4-provision: added the default privileges db
privileges are now stored in a separate database
This commit is contained in:
Andrew Tridgell
parent
cc3e1d9022
commit
f794e8d43d
@ -369,6 +369,7 @@ def provision_paths_from_lp(lp, dnsdomain):
|
||||
paths.samdb = os.path.join(paths.private_dir, lp.get("sam database") or "samdb.ldb")
|
||||
paths.idmapdb = os.path.join(paths.private_dir, lp.get("idmap database") or "idmap.ldb")
|
||||
paths.secrets = os.path.join(paths.private_dir, lp.get("secrets database") or "secrets.ldb")
|
||||
paths.privilege = os.path.join(paths.private_dir, "privilege.ldb")
|
||||
paths.dns = os.path.join(paths.private_dir, dnsdomain + ".zone")
|
||||
paths.namedconf = os.path.join(paths.private_dir, "named.conf")
|
||||
paths.namedtxt = os.path.join(paths.private_dir, "named.txt")
|
||||
@ -830,6 +831,23 @@ def setup_secretsdb(path, setup_path, session_info, credentials, lp):
|
||||
|
||||
return secrets_ldb
|
||||
|
||||
def setup_privileges(path, setup_path, session_info, lp):
|
||||
"""Setup the privileges database.
|
||||
|
||||
:param path: Path to the privileges database.
|
||||
:param setup_path: Get the path to a setup file.
|
||||
:param session_info: Session info.
|
||||
:param credentials: Credentials
|
||||
:param lp: Loadparm context
|
||||
:return: LDB handle for the created secrets database
|
||||
"""
|
||||
if os.path.exists(path):
|
||||
os.unlink(path)
|
||||
privilege_ldb = Ldb(path, session_info=session_info, lp=lp)
|
||||
privilege_ldb.erase()
|
||||
privilege_ldb.load_ldif_file_add(setup_path("provision_privilege.ldif"))
|
||||
|
||||
|
||||
def setup_registry(path, setup_path, session_info, lp):
|
||||
"""Setup the registry.
|
||||
|
||||
@ -1301,6 +1319,9 @@ def provision(setup_dir, message, session_info,
|
||||
setup_registry(paths.hklm, setup_path, session_info,
|
||||
lp=lp)
|
||||
|
||||
message("Setting up the privileges database")
|
||||
setup_privileges(paths.privilege, setup_path, session_info, lp=lp)
|
||||
|
||||
message("Setting up idmap db")
|
||||
idmap = setup_idmapdb(paths.idmapdb, setup_path, session_info=session_info,
|
||||
lp=lp)
|
||||
|
||||
78
source4/setup/provision_privilege.ldif
Normal file
78
source4/setup/provision_privilege.ldif
Normal file
@ -0,0 +1,78 @@
|
||||
# default privileges - more can be added via LSA or ldbedit
|
||||
dn: @ATTRIBUTES
|
||||
comment: CASE_INSENSITIVE
|
||||
privilege: CASE_INSENSITIVE
|
||||
|
||||
dn: @INDEXLIST
|
||||
@IDXATTR: objectSid
|
||||
@IDXATTR: privilege
|
||||
|
||||
dn: sid=S-1-5-32-544
|
||||
objectClass: privilege
|
||||
comment: Administrators
|
||||
objectSid: S-1-5-32-544
|
||||
privilege: SeSecurityPrivilege
|
||||
privilege: SeBackupPrivilege
|
||||
privilege: SeRestorePrivilege
|
||||
privilege: SeSystemtimePrivilege
|
||||
privilege: SeShutdownPrivilege
|
||||
privilege: SeRemoteShutdownPrivilege
|
||||
privilege: SeTakeOwnershipPrivilege
|
||||
privilege: SeDebugPrivilege
|
||||
privilege: SeSystemEnvironmentPrivilege
|
||||
privilege: SeSystemProfilePrivilege
|
||||
privilege: SeProfileSingleProcessPrivilege
|
||||
privilege: SeIncreaseBasePriorityPrivilege
|
||||
privilege: SeLoadDriverPrivilege
|
||||
privilege: SeCreatePagefilePrivilege
|
||||
privilege: SeIncreaseQuotaPrivilege
|
||||
privilege: SeChangeNotifyPrivilege
|
||||
privilege: SeUndockPrivilege
|
||||
privilege: SeManageVolumePrivilege
|
||||
privilege: SeImpersonatePrivilege
|
||||
privilege: SeCreateGlobalPrivilege
|
||||
privilege: SeEnableDelegationPrivilege
|
||||
privilege: SeInteractiveLogonRight
|
||||
privilege: SeNetworkLogonRight
|
||||
privilege: SeRemoteInteractiveLogonRight
|
||||
|
||||
dn: sid=S-1-5-32-550
|
||||
objectClass: privilege
|
||||
comment: Print Operators
|
||||
objectSid: S-1-5-32-550
|
||||
privilege: SeLoadDriverPrivilege
|
||||
privilege: SeShutdownPrivilege
|
||||
privilege: SeInteractiveLogonRight
|
||||
|
||||
dn: sid=S-1-5-32-551
|
||||
objectClass: privilege
|
||||
comment: Backup Operators
|
||||
objectSid: S-1-5-32-551
|
||||
privilege: SeBackupPrivilege
|
||||
privilege: SeRestorePrivilege
|
||||
privilege: SeShutdownPrivilege
|
||||
privilege: SeInteractiveLogonRight
|
||||
|
||||
dn: sid=S-1-5-32-549
|
||||
objectClass: privilege
|
||||
comment: Server Operators
|
||||
objectSid: S-1-5-32-549
|
||||
privilege: SeBackupPrivilege
|
||||
privilege: SeSystemtimePrivilege
|
||||
privilege: SeRemoteShutdownPrivilege
|
||||
privilege: SeRestorePrivilege
|
||||
privilege: SeShutdownPrivilege
|
||||
privilege: SeInteractiveLogonRight
|
||||
|
||||
dn: sid=S-1-5-32-548
|
||||
objectClass: privilege
|
||||
comment: Account Operators
|
||||
objectSid: S-1-5-32-548
|
||||
privilege: SeInteractiveLogonRight
|
||||
|
||||
dn: sid=S-1-5-32-554
|
||||
objectClass: privilege
|
||||
comment: Pre-Windows 2000 Compatible Access
|
||||
objectSid: S-1-5-32-554
|
||||
privilege: SeRemoteInteractiveLogonRight
|
||||
privilege: SeChangeNotifyPrivilege
|
||||
Loading…
Reference in New Issue
Block a user