provision: add get_{config,domain}_delete_protected*_descriptor()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index 169b2d912a1922bd45f464303d723b391597339a..100b841b0d438dd2a03e04a17cb4cc3ed4b40e5d 100644 (file)
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -81,12 +81,17 @@ from samba.provision.descriptor import (
     get_config_descriptor,
     get_config_partitions_descriptor,
     get_config_sites_descriptor,
+    get_config_delete_protected1_descriptor,
+    get_config_delete_protected1wd_descriptor,
+    get_config_delete_protected2_descriptor,
     get_domain_descriptor,
     get_domain_infrastructure_descriptor,
     get_domain_builtin_descriptor,
     get_domain_computers_descriptor,
     get_domain_users_descriptor,
     get_domain_controllers_descriptor,
+    get_domain_delete_protected1_descriptor,
+    get_domain_delete_protected2_descriptor,
     get_dns_partition_descriptor,
     )
 from samba.provision.common import (

diff --git a/source4/scripting/python/samba/provision/descriptor.py b/source4/scripting/python/samba/provision/descriptor.py
index ade6e1742134f6b90e2ad149f8031d01e52c2433..6b03d21ad2ce8b867e42f4952205805721c79b74 100644 (file)
--- a/source4/scripting/python/samba/provision/descriptor.py
+++ b/source4/scripting/python/samba/provision/descriptor.py
@@ -95,6 +95,27 @@ def get_config_sites_descriptor(domain_sid, name_map={}):
     "(OU;CIIOSA;WP;3e10944c-c354-11d0-aff8-0000f80367c1;b7b13124-b82e-11d0-afee-0000f80367c1;WD)"
     return sddl2binary(sddl, domain_sid, name_map)
 
+def get_config_delete_protected1_descriptor(domain_sid, name_map={}):
+    sddl = "D:AI" \
+    "(A;;RPLCLORC;;;AU)" \
+    "(A;;RPWPCRCCLCLORCWOWDSW;;;EA)" \
+    "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)"
+    return sddl2binary(sddl, domain_sid, name_map)
+
+def get_config_delete_protected1wd_descriptor(domain_sid, name_map={}):
+    sddl = "D:AI" \
+    "(A;;RPLCLORC;;;WD)" \
+    "(A;;RPWPCRCCLCLORCWOWDSW;;;EA)" \
+    "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)"
+    return sddl2binary(sddl, domain_sid, name_map)
+
+def get_config_delete_protected2_descriptor(domain_sid, name_map={}):
+    sddl = "D:AI" \
+    "(A;;RPLCLORC;;;AU)" \
+    "(A;;RPWPCRCCDCLCLORCWOWDSW;;;EA)" \
+    "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)"
+    return sddl2binary(sddl, domain_sid, name_map)
+
 def get_domain_descriptor(domain_sid, name_map={}):
     sddl= "O:BAG:BAD:AI(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)" \
         "(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)" \
@@ -248,6 +269,20 @@ def get_domain_controllers_descriptor(domain_sid, name_map={}):
     "(AU;CISA;WP;;;WD)"
     return sddl2binary(sddl, domain_sid, name_map)
 
+def get_domain_delete_protected1_descriptor(domain_sid, name_map={}):
+    sddl = "D:AI" \
+    "(A;;RPLCLORC;;;AU)" \
+    "(A;;RPWPCRCCLCLORCWOWDSW;;;DA)" \
+    "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)"
+    return sddl2binary(sddl, domain_sid, name_map)
+
+def get_domain_delete_protected2_descriptor(domain_sid, name_map={}):
+    sddl = "D:AI" \
+    "(A;;RPLCLORC;;;AU)" \
+    "(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)" \
+    "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)"
+    return sddl2binary(sddl, domain_sid, name_map)
+
 def get_dns_partition_descriptor(domain_sid, name_map={}):
     sddl = "O:SYG:BAD:AI" \
     "(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)" \