s4-provision: Remove hard coded SD for CN=Sites container

With the fix introduced by Nadya in changeset
622ef6aed82a2f2f7748c2a88535486af77487de we are now able to generate
correct SD (at least the same as W2k3R2 with a Forest Level of 2003), so
there is no need for this fix anymore as it makes SDs for Forest Level
2003 and lower incorrect.

diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index 7c9f223d11159f45fde04fa9c30675b3c86e1d6d..5aabd36c1a8e6b6a79bef4d6ff3f0fbd7ea31bcb 100644 (file)
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -94,19 +94,6 @@ def setup_path(file):
 
 # "get_schema_descriptor" is located in "schema.py"
 
-def get_sites_descriptor(domain_sid):
-    sddl = "D:(A;;RPLCLORC;;;AU)" \
-           "(A;;RPWPCRCCLCLORCWOWDSW;;;EA)" \
-           "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \
-           "S:AI(AU;CISA;CCDCSDDT;;;WD)" \
-           "(OU;CIIOSA;CR;;f0f8ffab-1191-11d0-a060-00aa006c33ed;WD)" \
-           "(OU;CIIOSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967ab3-0de6-11d0-a285-00aa003049e2;WD)" \
-           "(OU;CIIOSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967ab3-0de6-11d0-a285-00aa003049e2;WD)" \
-           "(OU;CIIOSA;WP;3e10944c-c354-11d0-aff8-0000f80367c1;b7b13124-b82e-11d0-afee-0000f80367c1;WD)"
-    sec = security.descriptor.from_sddl(sddl, domain_sid)
-    return ndr_pack(sec)
-
-
 def get_config_descriptor(domain_sid):
     sddl = "O:EAG:EAD:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
            "(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
@@ -1318,7 +1305,6 @@ def setup_samdb(path, session_info, provision_backend, lp, names,
         samdb.invocation_id = invocationid
 
         logger.info("Setting up sam.ldb configuration data")
-        descr = b64encode(get_sites_descriptor(domainsid))
         setup_add_ldif(samdb, setup_path("provision_configuration.ldif"), {
             "CONFIGDN": names.configdn,
             "NETBIOSNAME": names.netbiosname,
@@ -1330,7 +1316,6 @@ def setup_samdb(path, session_info, provision_backend, lp, names,
             "SERVERDN": names.serverdn,
             "FOREST_FUNCTIONALITY": str(forestFunctionality),
             "DOMAIN_FUNCTIONALITY": str(domainFunctionality),
-            "SITES_DESCRIPTOR": descr
             })
 
         logger.info("Setting up display specifiers")

diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
index 2ccf6eded002e2cf17ba603f465a5fcc51a9fd83..cb049b0c1e1c5ce454bdc3f668c0444430dc89a0 100644 (file)
--- a/source4/setup/provision_configuration.ldif
+++ b/source4/setup/provision_configuration.ldif
@@ -1194,7 +1194,6 @@ dn: CN=Sites,${CONFIGDN}
 objectClass: top
 objectClass: sitesContainer
 systemFlags: -2113929216
-nTSecurityDescriptor:: ${SITES_DESCRIPTOR}
 
 dn: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
 objectClass: top