2 backend code for upgrading from Samba3
3 Copyright Jelmer Vernooij 2005
4 Released under the GNU GPL v2 or later
9 function regkey_to_dn(name)
14 var as = split("/", name);
18 dn = sprintf("key=%s,", as[i]) + dn;
25 /* Where prefix is any of:
33 function upgrade_registry(regdb,prefix)
35 assert(regdb != undefined);
36 var prefix_up = strupper(prefix);
37 var ldif = new Array();
39 for (var i in regdb.keys) {
40 var rk = regdb.keys[i];
41 var pts = split("/", rk.name);
43 /* Only handle selected hive */
44 if (strupper(pts[0]) != prefix_up) {
48 var keydn = regkey_to_dn(rk.name);
50 var pts = split("/", rk.name);
52 /* Convert key name to dn */
53 ldif[rk.name] = sprintf("
59 for (var j in rk.values) {
60 var rv = rk.values[j];
62 ldif[rk.name + " (" + rv.name + ")"] = sprintf("
66 data:: %s", keydn, rv.value, rv.type, base64(rv.data));
73 function upgrade_sam_policy(samba3,dn)
84 samba3ResetCountMinutes: %d
85 samba3UserMustLogonToChangePassword: %d
86 samba3BadLockoutMinutes: %d
87 samba3DisconnectTime: %d
88 samba3RefuseMachinePwdChange: %d
90 ", dn, samba3.policy.min_password_length,
91 samba3.policy.password_history, samba3.policy.minimum_password_age,
92 samba3.policy.maximum_password_age, samba3.policy.lockout_duration,
93 samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password,
94 samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time,
95 samba3.policy.refuse_machine_password_change
101 function upgrade_sam_account(acc,domaindn)
103 var ldb = ldb_init();
122 samba3LogonScript: %s
123 samba3ProfilePath: %s
124 samba3Workstations: %s
125 samba3KickOffTime: %d
127 samba3PassLastSetTime: %d
128 samba3PassCanChangeTime: %d
129 samba3PassMustChangeTime: %d
134 ", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username,
135 acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
136 acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script,
137 acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time,
138 acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc.user_rid,
139 ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw));
144 function upgrade_sam_group(grp,domaindn)
155 ", grp.nt_name, domaindn,
156 grp.comment, grp.nt_name, grp.sid, grp.sid_name_use);
161 function upgrade_winbind(samba3,domaindn)
169 ", samba3.idmap.user_hwm, samba3.idmap.group_hwm);
171 for (var i in samba3.idmap.mappings) {
172 var m = samba3.idmap.mappings[i];
173 ldif = ldif + sprintf("
177 unixID: %d", m.sid, domaindn, m.sid, m.type, m.unix_id);
184 function upgrade_wins(samba3)
187 for (i in samba3.winsentries) {
188 var e = samba3.winsentries[i];
190 ldif = ldif + sprintf("
196 ", e.type, e.name, e.name, e.type, e.nb_flags, sys.ldaptime(e.ttl));
198 for (var i in e.ips) {
199 ldif = ldif + sprintf("address: %s\n", e.ips[i]);
206 function upgrade_provision(samba3)
208 var subobj = new Object();
209 var nss = nss_init();
210 var lp = loadparm_init();
213 var domainname = samba3.configuration.get("workgroup");
215 if (domainname == undefined) {
216 domainname = samba3.secrets.domains[0].name;
217 println("No domain specified in smb.conf file, assuming '" + domainname + "'");
220 var domsec = samba3.find_domainsecrets(domainname);
221 var hostsec = samba3.find_domainsecrets(hostname());
222 var realm = samba3.configuration.get("realm");
224 if (realm == undefined) {
226 println("No realm specified in smb.conf file, assuming '" + realm + "'");
230 subobj.REALM = realm;
231 subobj.DOMAIN = domainname;
232 subobj.HOSTNAME = hostname();
234 assert(subobj.REALM);
235 assert(subobj.DOMAIN);
236 assert(subobj.HOSTNAME);
238 subobj.HOSTIP = hostip();
239 if (domsec != undefined) {
240 subobj.DOMAINGUID = domsec.guid;
241 subobj.DOMAINSID = domsec.sid;
243 println("Can't find domain secrets for '" + domainname + "'; using random SID and GUID");
244 subobj.DOMAINGUID = randguid();
245 subobj.DOMAINSID = randsid();
249 subobj.HOSTGUID = hostsec.guid;
251 subobj.HOSTGUID = randguid();
253 subobj.INVOCATIONID = randguid();
254 subobj.KRBTGTPASS = randpass(12);
255 subobj.MACHINEPASS = randpass(12);
256 subobj.ADMINPASS = randpass(12);
257 subobj.DEFAULTSITE = "Default-First-Site-Name";
258 subobj.NEWGUID = randguid;
259 subobj.NTTIME = nttime;
260 subobj.LDAPTIME = ldaptime;
261 subobj.DATESTRING = datestring;
262 subobj.USN = nextusn;
263 subobj.ROOT = findnss(nss.getpwnam, "root");
264 subobj.NOBODY = findnss(nss.getpwnam, "nobody");
265 subobj.NOGROUP = findnss(nss.getgrnam, "nogroup", "nobody");
266 subobj.WHEEL = findnss(nss.getgrnam, "wheel", "root");
267 subobj.USERS = findnss(nss.getgrnam, "users", "guest", "other");
268 subobj.DNSDOMAIN = strlower(subobj.REALM);
269 subobj.DNSNAME = sprintf("%s.%s",
270 strlower(subobj.HOSTNAME),
272 subobj.BASEDN = "DC=" + join(",DC=", split(".", subobj.REALM));
273 rdn_list = split(".", subobj.REALM);
277 smbconf_keep = new Array(
291 "bind interfaces only",
296 "obey pam restrictions",
304 "client NTLMv2 auth",
305 "client lanman auth",
306 "client plaintext auth",
326 "name resolve order",
335 "paranoid server security",
372 "winbind separator");
375 Remove configuration variables not present in Samba4
376 oldconf: Old configuration structure
377 mark: Whether removed configuration variables should be
378 kept in the new configuration as "samba3:<name>"
380 function upgrade_smbconf(oldconf,mark)
382 var data = oldconf.data();
383 var newconf = param_init();
385 for (var s in data) {
386 for (var p in data[s]) {
388 for (var k in smbconf_keep) {
389 if (smbconf_keep[k] == p) {
396 newconf.set(s, p, oldconf.get(s, p));
398 newconf.set(s, "samba3:"+p, oldconf.get(s,p));
406 function upgrade(subobj, samba3, message, paths)
409 var lp = loadparm_init();
410 var samdb = ldb_init();
411 var ok = samdb.connect(paths.samdb);
414 message("Writing configuration\n");
415 var newconf = upgrade_smbconf(samba3.configuration,true);
416 newconf.save(paths.smbconf);
418 message("Importing account policies\n");
419 var ldif = upgrade_sam_policy(samba3,subobj.BASEDN);
420 ok = samdb.modify(ldif);
423 // figure out ldapurl, if applicable
424 var ldapurl = undefined;
425 var pdb = samba3.configuration.get_list("passdb backend");
426 if (pdb != undefined) {
428 if (substr(pdb[b], 0, 7) == "ldapsam") {
429 ldapurl = substr(pdb[b], 8);
434 // URL was not specified in passdb backend but ldap /is/ used
436 ldapurl = "ldap://" + samba3.configuration.get("ldap server");
439 // Enable samba3sam module if original passdb backend was ldap
440 if (ldapurl != undefined) {
441 message("Enabling Samba3 LDAP mappings for SAM database\n");
444 @MAP_URL: %s", ldapurl);
447 samdb.modify("dn: @MODULES
448 @LIST: samldb,timestamps,objectguid,rdn_name,samba3sam");
451 message("Importing users\n");
452 for (var i in samba3.samaccounts) {
453 message("... " + samba3.samaccounts[i].username);
454 var ldif = upgrade_sam_account(samba3.samaccounts[i],subobj.BASEDN);
455 ok = samdb.add(ldif);
457 message("... error: " + samdb.errstring());
463 message("Importing groups\n");
464 for (var i in samba3.groupmappings) {
465 message("... " + samba3.groupmappings[i].nt_name);
466 var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN);
467 ok = samdb.add(ldif);
469 message("... error: " + samdb.errstring());
475 message("Importing registry data\n");
476 var hives = new Array("hkcr","hkcu","hklm","hkpd","hku","hkpt");
477 for (var i in hives) {
479 message("... " + hn + "\n");
480 var regdb = ldb_init();
481 ok = regdb.connect(paths[hn]);
483 var ldif = upgrade_registry(samba3.registry, hn);
484 for (var j in ldif) {
485 message("... ... " + j);
486 ok = regdb.add(ldif[j]);
488 message("... error: " + regdb.errstring());
495 message("Importing WINS data\n");
496 var winsdb = ldb_init();
497 ok = winsdb.connect(paths.winsdb);
501 var ldif = upgrade_wins(samba3);
502 ok = winsdb.add(ldif);
git.samba.org / kai / samba.git / blob