2 backend code for upgrading from Samba3
3 Copyright Jelmer Vernooij 2005
4 Released under the GNU GPL v2 or later
9 function regkey_to_dn(name)
14 var as = split("/", name);
18 dn = sprintf("key=%s,", as[i]) + dn;
25 /* Where prefix is any of:
33 function upgrade_registry(regdb,prefix)
35 assert(regdb != undefined);
36 var prefix_up = strupper(prefix);
40 for (var i in regdb.keys) {
41 var rk = regdb.keys[i];
42 var pts = split("/", rk.name);
44 /* Only handle selected hive */
45 if (strupper(pts[0]) != prefix_up) {
49 var keydn = regkey_to_dn(rk.name);
51 var pts = split("/", rk.name);
53 /* Convert key name to dn */
54 ldif = ldif + sprintf("
60 for (var j in rk.values) {
61 var rv = rk.values[j];
63 ldif = ldif + sprintf("
67 data:: %s", keydn, rv.value, rv.type, base64(rv.data));
74 function upgrade_sam_policy(samba3,dn)
85 samba3ResetCountMinutes: %d
86 samba3UserMustLogonToChangePassword: %d
87 samba3BadLockoutMinutes: %d
88 samba3DisconnectTime: %d
89 samba3RefuseMachinePwdChange: %d
91 ", dn, samba3.policy.min_password_length,
92 samba3.policy.password_history, samba3.policy.minimum_password_age,
93 samba3.policy.maximum_password_age, samba3.policy.lockout_duration,
94 samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password,
95 samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time,
96 samba3.policy.refuse_machine_password_change
102 function upgrade_sam_account(acc,domaindn)
122 samba3LogonScript: %s
123 samba3ProfilePath: %s
124 samba3Workstations: %s
125 samba3KickOffTime: %d
127 samba3PassLastSetTime: %d
128 samba3PassCanChangeTime: %d
129 samba3PassMustChangeTime: %d
132 ", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username,
133 acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
134 acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script,
135 acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time,
136 acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc.user_rid);
138 /* FIXME: Passwords */
143 function upgrade_sam_group(grp,domaindn)
154 ", grp.nt_name, domaindn,
155 grp.comment, grp.nt_name, grp.sid, grp.sid_name_use);
160 function upgrade_winbind(samba3,domaindn)
168 ", samba3.idmap.user_hwm, samba3.idmap.group_hwm);
170 for (var i in samba3.idmap.mappings) {
171 var m = samba3.idmap.mappings[i];
172 ldif = ldif + sprintf("
176 unixID: %d", m.sid, domaindn, m.sid, m.type, m.unix_id);
183 function upgrade_wins(samba3)
186 for (i in samba3.winsentries) {
187 var e = samba3.winsentries[i];
189 ldif = ldif + sprintf("
195 ", e.type, e.name, e.name, e.type, e.nb_flags, sys.ldaptime(e.ttl));
197 for (var i in e.ips) {
198 ldif = ldif + sprintf("address: %s\n", e.ips[i]);
205 function upgrade_provision(samba3)
207 var subobj = new Object();
208 var nss = nss_init();
209 var lp = loadparm_init();
212 var domainname = samba3.get_param("global", "workgroup");
214 if (domainname == undefined) {
215 domainname = samba3.secrets.domains[0].name;
216 println("No domain specified in smb.conf file, assuming '" + domainname + "'");
219 var domsec = samba3.find_domainsecrets(domainname);
220 var hostsec = samba3.find_domainsecrets(hostname());
221 var realm = samba3.get_param("global", "realm");
223 if (realm == undefined) {
225 println("No realm specified in smb.conf file, assuming '" + realm + "'");
229 subobj.REALM = realm;
230 subobj.DOMAIN = domainname;
231 subobj.HOSTNAME = hostname();
233 assert(subobj.REALM);
234 assert(subobj.DOMAIN);
235 assert(subobj.HOSTNAME);
237 subobj.HOSTIP = hostip();
238 if (domsec != undefined) {
239 subobj.DOMAINGUID = domsec.guid;
240 subobj.DOMAINSID = domsec.sid;
242 println("Can't find domain secrets for '" + domainname + "'; using random SID and GUID");
243 subobj.DOMAINGUID = randguid();
244 subobj.DOMAINSID = randguid();
248 subobj.HOSTGUID = hostsec.guid;
250 subobj.HOSTGUID = randguid();
252 subobj.INVOCATIONID = randguid();
253 subobj.KRBTGTPASS = randpass(12);
254 subobj.MACHINEPASS = randpass(12);
255 subobj.ADMINPASS = randpass(12);
256 subobj.DEFAULTSITE = "Default-First-Site-Name";
257 subobj.NEWGUID = randguid;
258 subobj.NTTIME = nttime;
259 subobj.LDAPTIME = ldaptime;
260 subobj.DATESTRING = datestring;
261 subobj.USN = nextusn;
262 subobj.ROOT = findnss(nss.getpwnam, "root");
263 subobj.NOBODY = findnss(nss.getpwnam, "nobody");
264 subobj.NOGROUP = findnss(nss.getgrnam, "nogroup", "nobody");
265 subobj.WHEEL = findnss(nss.getgrnam, "wheel", "root");
266 subobj.USERS = findnss(nss.getgrnam, "users", "guest", "other");
267 subobj.DNSDOMAIN = strlower(subobj.REALM);
268 subobj.DNSNAME = sprintf("%s.%s",
269 strlower(subobj.HOSTNAME),
271 subobj.BASEDN = "DC=" + join(",DC=", split(".", subobj.REALM));
272 rdn_list = split(".", subobj.REALM);
273 subobj.RDN_DC = rdn_list[0];
277 var keep = new Array(
291 "bind interfaces only",
296 "obey pam restrictions",
307 "client NTLMv2 auth",
308 "client lanman auth",
309 "client plaintext auth",
340 "name resolve order",
350 "paranoid server security",
353 "case insensitive filesystem",
391 "winbind separator");
393 function upgrade_smbconf(samba3)
398 function upgrade(subobj, samba3, message)
400 var samdb = ldb_init();
401 var ok = samdb.connect("sam.ldb");
404 message("Importing account policies\n");
405 var ldif = upgrade_sam_policy(samba3,subobj.BASEDN);
407 ok = samdb.modify(ldif);
410 // FIXME: Enable samba3sam module if original passdb backend was ldap
412 message("Importing users\n");
413 for (var i in samba3.samaccounts) {
414 message("Importing user '" + samba3.samaccounts[i].username + "'\n");
415 var ldif = upgrade_sam_account(samba3.samaccounts[i],subobj.BASEDN);
417 ok = samdb.add(ldif);
421 message("Importing groups\n");
422 for (var i in samba3.groupmappings) {
423 message("Importing group '" + samba3.groupmappings[i].username + "'\n");
424 var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN);
426 ok = samdb.add(ldif);
430 message("Importing registry data\n");
431 var hives = new Array("hkcr","hkcu","hklm","hkpd");
432 for (var i in hives) {
433 println("... " + hives[i]);
434 var regdb = ldb_init();
435 ok = regdb.connect(hives[i] + ".ldb");
437 var ldif = upgrade_registry(samba3.registry, hives[i]);
439 ok = regdb.add(ldif);
443 message("Importing WINS data\n");
444 var winsdb = ldb_init();
445 ok = winsdb.connect("wins.ldb");
448 var ldif = upgrade_wins(samba3);
450 ok = winsdb.add(ldif);