provision: Set the security descriptor while creating partitions

author Amitay Isaacs <amitay@gmail.com>

Wed, 16 Nov 2011 00:18:18 +0000 (11:18 +1100)

committer Amitay Isaacs <amitay@samba.org>

Wed, 16 Nov 2011 07:54:25 +0000 (08:54 +0100)
author Amitay Isaacs <amitay@gmail.com>
Wed, 16 Nov 2011 00:18:18 +0000 (11:18 +1100)
committer Amitay Isaacs <amitay@samba.org>
Wed, 16 Nov 2011 07:54:25 +0000 (08:54 +0100)
diff --git a/source4/scripting/python/samba/provision/sambadns.py b/source4/scripting/python/samba/provision/sambadns.py

index c3725f6da1790ddf5b82eadf99acd5ed4d7ef9eb..37c0dff6565e5200079c5f9cd311fc0b8e4327d4 100644 (file)
--- a/source4/scripting/python/samba/provision/sambadns.py
+++ b/source4/scripting/python/samba/provision/sambadns.py
@@ -49,13 +49,6 @@ def modify_ldif(ldb, ldif_file, subst_vars, controls=["relax:0"]):
      data = read_and_sub_file(ldif_file_path, subst_vars)
      ldb.modify_ldif(data, controls)
  
-def set_security_descriptor(samdb, dn_str, descriptor):
-    msg = ldb.Message()
-    msg.dn = ldb.Dn(samdb, dn_str)
-    msg["nTSecurityDescriptor"] = ldb.MessageElement(descriptor,
-            ldb.FLAG_MOD_REPLACE, "nTSecurityDescriptor")
-    samdb.modify(msg, controls=["relax:0"])
-
  def setup_ldb(ldb, ldif_path, subst_vars):
      """Import a LDIF a file into a LDB handle, optionally substituting
      variables.
@@ -224,16 +217,13 @@ class SRVRecord(dnsp.DnssrvRpcRecord):
  def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn, serverdn):
      domainzone_dn = "DC=DomainDnsZones,%s" % domaindn
      forestzone_dn = "DC=ForestDnsZones,%s" % forestdn
-
+    descriptor = get_dns_partition_descriptor(domainsid)
      add_ldif(samdb, "provision_dnszones_partitions.ldif", {
          "DOMAINZONE_DN": domainzone_dn,
          "FORESTZONE_DN": forestzone_dn,
+        "SECDESC"      : b64encode(descriptor)
          })
  
-    descriptor = get_dns_partition_descriptor(domainsid)
-    set_security_descriptor(samdb, domainzone_dn, descriptor)
-    set_security_descriptor(samdb, forestzone_dn, descriptor)
-
      domainzone_guid = get_domainguid(samdb, domainzone_dn)
      forestzone_guid = get_domainguid(samdb, forestzone_dn)
  
diff --git a/source4/setup/provision_dnszones_partitions.ldif b/source4/setup/provision_dnszones_partitions.ldif

index bb16332b117374d236d626945225a8ee0278166f..4ab7aedd90132375df572b2d81b04578ec388358 100644 (file)
--- a/source4/setup/provision_dnszones_partitions.ldif
+++ b/source4/setup/provision_dnszones_partitions.ldif
@@ -7,6 +7,7 @@ objectClass: domainDNS
  description: Microsoft DNS Directory
  msDS-NcType: 0
  instanceType: 13
+ntSecurityDescriptor:: ${SECDESC}
  
  dn: ${FORESTZONE_DN}
  objectClass: top
@@ -14,3 +15,4 @@ objectClass: domainDNS
  description: Microsoft DNS Directory
  msDS-NcType: 0
  instanceType: 13
+ntSecurityDescriptor:: ${SECDESC}
author	Amitay Isaacs <amitay@gmail.com>
	Wed, 16 Nov 2011 00:18:18 +0000 (11:18 +1100)
committer	Amitay Isaacs <amitay@samba.org>
	Wed, 16 Nov 2011 07:54:25 +0000 (08:54 +0100)
source4/scripting/python/samba/provision/sambadns.py		patch \| blob \| history
source4/setup/provision_dnszones_partitions.ldif		patch \| blob \| history