sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00
Code

s4-provision: added the default privileges db

Browse Source 
privileges are now stored in a separate database
This commit is contained in:
Andrew Tridgell 2009-10-16 18:01:35 +11:00
parent cc3e1d9022
commit f794e8d43d
2 changed files with 99 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
source4/scripting/python/samba/provision.py
View File

@ -369,6 +369,7 @@ def provision_paths_from_lp(lp, dnsdomain):
paths.samdb = os.path.join(paths.private_dir, lp.get("sam database") or "samdb.ldb") paths.samdb = os.path.join(paths.private_dir, lp.get("sam database") or "samdb.ldb")
paths.idmapdb = os.path.join(paths.private_dir, lp.get("idmap database") or "idmap.ldb") paths.idmapdb = os.path.join(paths.private_dir, lp.get("idmap database") or "idmap.ldb")
paths.secrets = os.path.join(paths.private_dir, lp.get("secrets database") or "secrets.ldb") paths.secrets = os.path.join(paths.private_dir, lp.get("secrets database") or "secrets.ldb")
paths.privilege = os.path.join(paths.private_dir, "privilege.ldb")
paths.dns = os.path.join(paths.private_dir, dnsdomain + ".zone") paths.dns = os.path.join(paths.private_dir, dnsdomain + ".zone")
paths.namedconf = os.path.join(paths.private_dir, "named.conf") paths.namedconf = os.path.join(paths.private_dir, "named.conf")
paths.namedtxt = os.path.join(paths.private_dir, "named.txt") paths.namedtxt = os.path.join(paths.private_dir, "named.txt")
@ -830,6 +831,23 @@ def setup_secretsdb(path, setup_path, session_info, credentials, lp):
return secrets_ldb return secrets_ldb
def setup_privileges(path, setup_path, session_info, lp):
"""Setup the privileges database.
:param path: Path to the privileges database.
:param setup_path: Get the path to a setup file.
:param session_info: Session info.
:param credentials: Credentials
:param lp: Loadparm context
:return: LDB handle for the created secrets database
"""
if os.path.exists(path):
os.unlink(path)
privilege_ldb = Ldb(path, session_info=session_info, lp=lp)
privilege_ldb.erase()
privilege_ldb.load_ldif_file_add(setup_path("provision_privilege.ldif"))
def setup_registry(path, setup_path, session_info, lp): def setup_registry(path, setup_path, session_info, lp):
"""Setup the registry. """Setup the registry.
@ -1301,6 +1319,9 @@ def provision(setup_dir, message, session_info,
setup_registry(paths.hklm, setup_path, session_info, setup_registry(paths.hklm, setup_path, session_info,
lp=lp) lp=lp)
message("Setting up the privileges database")
setup_privileges(paths.privilege, setup_path, session_info, lp=lp)
message("Setting up idmap db") message("Setting up idmap db")
idmap = setup_idmapdb(paths.idmapdb, setup_path, session_info=session_info, idmap = setup_idmapdb(paths.idmapdb, setup_path, session_info=session_info,
lp=lp) lp=lp)

78
source4/setup/provision_privilege.ldif Normal file
View File

@ -0,0 +1,78 @@
# default privileges - more can be added via LSA or ldbedit
dn: @ATTRIBUTES
comment: CASE_INSENSITIVE
privilege: CASE_INSENSITIVE
dn: @INDEXLIST
@IDXATTR: objectSid
@IDXATTR: privilege
dn: sid=S-1-5-32-544
objectClass: privilege
comment: Administrators
objectSid: S-1-5-32-544
privilege: SeSecurityPrivilege
privilege: SeBackupPrivilege
privilege: SeRestorePrivilege
privilege: SeSystemtimePrivilege
privilege: SeShutdownPrivilege
privilege: SeRemoteShutdownPrivilege
privilege: SeTakeOwnershipPrivilege
privilege: SeDebugPrivilege
privilege: SeSystemEnvironmentPrivilege
privilege: SeSystemProfilePrivilege
privilege: SeProfileSingleProcessPrivilege
privilege: SeIncreaseBasePriorityPrivilege
privilege: SeLoadDriverPrivilege
privilege: SeCreatePagefilePrivilege
privilege: SeIncreaseQuotaPrivilege
privilege: SeChangeNotifyPrivilege
privilege: SeUndockPrivilege
privilege: SeManageVolumePrivilege
privilege: SeImpersonatePrivilege
privilege: SeCreateGlobalPrivilege
privilege: SeEnableDelegationPrivilege
privilege: SeInteractiveLogonRight
privilege: SeNetworkLogonRight
privilege: SeRemoteInteractiveLogonRight
dn: sid=S-1-5-32-550
objectClass: privilege
comment: Print Operators
objectSid: S-1-5-32-550
privilege: SeLoadDriverPrivilege
privilege: SeShutdownPrivilege
privilege: SeInteractiveLogonRight
dn: sid=S-1-5-32-551
objectClass: privilege
comment: Backup Operators
objectSid: S-1-5-32-551
privilege: SeBackupPrivilege
privilege: SeRestorePrivilege
privilege: SeShutdownPrivilege
privilege: SeInteractiveLogonRight
dn: sid=S-1-5-32-549
objectClass: privilege
comment: Server Operators
objectSid: S-1-5-32-549
privilege: SeBackupPrivilege
privilege: SeSystemtimePrivilege
privilege: SeRemoteShutdownPrivilege
privilege: SeRestorePrivilege
privilege: SeShutdownPrivilege
privilege: SeInteractiveLogonRight
dn: sid=S-1-5-32-548
objectClass: privilege
comment: Account Operators
objectSid: S-1-5-32-548
privilege: SeInteractiveLogonRight
dn: sid=S-1-5-32-554
objectClass: privilege
comment: Pre-Windows 2000 Compatible Access
objectSid: S-1-5-32-554
privilege: SeRemoteInteractiveLogonRight
privilege: SeChangeNotifyPrivilege