git.samba.org / metze / samba / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6752bca)
python:descriptor: add missing schema 2019 aces in builtin and dns partition
authorStefan Metzmacher <metze@samba.org>
Mon, 17 Apr 2023 09:22:21 +0000 (09:22 +0000)
committerAndrew Bartlett <abartlet@samba.org>
Fri, 5 May 2023 02:54:30 +0000 (02:54 +0000)
Note 'samba-tool domain functionalprep' won't fix them in the database,
while a fresh provision will add these.

This is needed in order that 'samba-tool dbcheck --reset-well-known-acls'
won't reset them after a modern provision and will fix them on an old
domain.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python/samba/descriptor.py patch | blob | history

diff --git a/python/samba/descriptor.py b/python/samba/descriptor.py
index 5b911685db81e785af6ca14153c45c46f125b6ee..17b995bbcbbfd647bb08b8745867cce576234d47 100644 (file)
--- a/python/samba/descriptor.py
+++ b/python/samba/descriptor.py
@@ -278,6 +278,10 @@ def get_domain_builtin_descriptor(domain_sid, name_map=None):
         "(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
         "(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)" \
         "(OA;CIIO;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)" \
+        "(OA;CIIO;SW;9b026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;CO)" \
+        "(OA;OICI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)" \
+        "(OA;CIIO;SW;9b026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;PS)" \
+        "(OA;CIIO;WP;ea1b7b93-5e48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)" \
         "(A;;RPWPCRCCLCLORCWOWDSW;;;DA)" \
         "(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)" \
         "(A;;RPRC;;;RU)" \
@@ -423,6 +427,10 @@ def get_dns_partition_descriptor(domain_sid, name_map=None):
         "(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
         "(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)" \
         "(OA;CIIO;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)" \
+        "(OA;CIIO;SW;9b026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;CO)" \
+        "(OA;OICI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)" \
+        "(OA;CIIO;SW;9b026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;PS)" \
+        "(OA;CIIO;WP;ea1b7b93-5e48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)" \
         "(A;;RPWPCRCCLCLORCWOWDSW;;;DA)" \
         "(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)" \
         "(A;;RPRC;;;RU)" \
Work in progress branches