From 1207cbd123375f0ff1bfc51403af5d611a621091 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 23 Jan 2013 10:51:10 +0100 Subject: [PATCH] provision: add get_{config,domain}_delete_protected*_descriptor() Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- .../scripting/python/samba/provision/__init__.py | 5 ++++ .../scripting/python/samba/provision/descriptor.py | 35 ++++++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index 169b2d912a1..100b841b0d4 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -81,12 +81,17 @@ from samba.provision.descriptor import ( get_config_descriptor, get_config_partitions_descriptor, get_config_sites_descriptor, + get_config_delete_protected1_descriptor, + get_config_delete_protected1wd_descriptor, + get_config_delete_protected2_descriptor, get_domain_descriptor, get_domain_infrastructure_descriptor, get_domain_builtin_descriptor, get_domain_computers_descriptor, get_domain_users_descriptor, get_domain_controllers_descriptor, + get_domain_delete_protected1_descriptor, + get_domain_delete_protected2_descriptor, get_dns_partition_descriptor, ) from samba.provision.common import ( diff --git a/source4/scripting/python/samba/provision/descriptor.py b/source4/scripting/python/samba/provision/descriptor.py index ade6e174213..6b03d21ad2c 100644 --- a/source4/scripting/python/samba/provision/descriptor.py +++ b/source4/scripting/python/samba/provision/descriptor.py @@ -95,6 +95,27 @@ def get_config_sites_descriptor(domain_sid, name_map={}): "(OU;CIIOSA;WP;3e10944c-c354-11d0-aff8-0000f80367c1;b7b13124-b82e-11d0-afee-0000f80367c1;WD)" return sddl2binary(sddl, domain_sid, name_map) +def get_config_delete_protected1_descriptor(domain_sid, name_map={}): + sddl = "D:AI" \ + "(A;;RPLCLORC;;;AU)" \ + "(A;;RPWPCRCCLCLORCWOWDSW;;;EA)" \ + "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" + return sddl2binary(sddl, domain_sid, name_map) + +def get_config_delete_protected1wd_descriptor(domain_sid, name_map={}): + sddl = "D:AI" \ + "(A;;RPLCLORC;;;WD)" \ + "(A;;RPWPCRCCLCLORCWOWDSW;;;EA)" \ + "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" + return sddl2binary(sddl, domain_sid, name_map) + +def get_config_delete_protected2_descriptor(domain_sid, name_map={}): + sddl = "D:AI" \ + "(A;;RPLCLORC;;;AU)" \ + "(A;;RPWPCRCCDCLCLORCWOWDSW;;;EA)" \ + "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" + return sddl2binary(sddl, domain_sid, name_map) + def get_domain_descriptor(domain_sid, name_map={}): sddl= "O:BAG:BAD:AI(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)" \ "(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)" \ @@ -248,6 +269,20 @@ def get_domain_controllers_descriptor(domain_sid, name_map={}): "(AU;CISA;WP;;;WD)" return sddl2binary(sddl, domain_sid, name_map) +def get_domain_delete_protected1_descriptor(domain_sid, name_map={}): + sddl = "D:AI" \ + "(A;;RPLCLORC;;;AU)" \ + "(A;;RPWPCRCCLCLORCWOWDSW;;;DA)" \ + "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" + return sddl2binary(sddl, domain_sid, name_map) + +def get_domain_delete_protected2_descriptor(domain_sid, name_map={}): + sddl = "D:AI" \ + "(A;;RPLCLORC;;;AU)" \ + "(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)" \ + "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" + return sddl2binary(sddl, domain_sid, name_map) + def get_dns_partition_descriptor(domain_sid, name_map={}): sddl = "O:SYG:BAD:AI" \ "(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)" \ -- 2.11.4.GIT