get_config_descriptor,
get_config_partitions_descriptor,
get_config_sites_descriptor,
- get_domain_descriptor
+ get_domain_descriptor,
+ get_domain_infrastructure_descriptor,
)
from samba.provision.common import (
setup_path,
setup_path("provision_computers_modify.ldif"), {
"DOMAINDN": names.domaindn})
logger.info("Setting up sam.ldb data")
+ infrastructure_desc = b64encode(get_domain_infrastructure_descriptor(domainsid))
setup_add_ldif(samdb, setup_path("provision.ldif"), {
"CREATTIME": str(samba.unix2nttime(int(time.time()))),
"DOMAINDN": names.domaindn,
"CONFIGDN": names.configdn,
"SERVERDN": names.serverdn,
"RIDAVAILABLESTART": str(next_rid + 600),
- "POLICYGUID_DC": policyguid_dc
+ "POLICYGUID_DC": policyguid_dc,
+ "INFRASTRUCTURE_DESCRIPTOR": infrastructure_desc,
})
# If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
sec = security.descriptor.from_sddl(sddl, domain_sid)
return ndr_pack(sec)
+def get_domain_infrastructure_descriptor(domain_sid):
+ sddl = "D:" \
+ "(A;;RPLCLORC;;;AU)" \
+ "(A;;RPWPCRCCLCLORCWOWDSW;;;DA)" \
+ "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \
+ "S:" \
+ "(AU;SA;WPCR;;;WD)"
+ sec = security.descriptor.from_sddl(sddl, domain_sid)
+ return ndr_pack(sec)
def get_dns_partition_descriptor(domainsid):
sddl = "O:SYG:BAD:AI" \
objectClass: infrastructureUpdate
systemFlags: -1946157056
isCriticalSystemObject: TRUE
+nTSecurityDescriptor:: ${INFRASTRUCTURE_DESCRIPTOR}
dn: CN=LostAndFound,${DOMAINDN}
objectClass: top
git.samba.org / samba.git / commitdiff