2 backend code for upgrading from Samba3
3 Copyright Jelmer Vernooij 2005
4 Released under the GNU GPL v2 or later
9 function regkey_to_dn(name)
14 var as = split("/", name);
18 dn = sprintf("key=%s,", as[i]) + dn;
25 /* Where prefix is any of:
33 function upgrade_registry(regdb,prefix)
35 assert(regdb != undefined);
36 var prefix_up = strupper(prefix);
40 for (var i in regdb.keys) {
41 var rk = regdb.keys[i];
42 var pts = split("/", rk.name);
44 /* Only handle selected hive */
45 if (strupper(pts[0]) != prefix_up) {
49 var keydn = regkey_to_dn(rk.name);
51 var pts = split("/", rk.name);
53 /* Convert key name to dn */
54 ldif = ldif + sprintf("
60 for (var j in rk.values) {
61 var rv = rk.values[j];
63 ldif = ldif + sprintf("
67 data:: %s", keydn, rv.value, rv.type, base64(rv.data));
74 function upgrade_sam_policy(samba3,dn)
85 samba3ResetCountMinutes: %d
86 samba3UserMustLogonToChangePassword: %d
87 samba3BadLockoutMinutes: %d
88 samba3DisconnectTime: %d
89 samba3RefuseMachinePwdChange: %d
91 ", dn, samba3.policy.min_password_length,
92 samba3.policy.password_history, samba3.policy.minimum_password_age,
93 samba3.policy.maximum_password_age, samba3.policy.lockout_duration,
94 samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password,
95 samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time,
96 samba3.policy.refuse_machine_password_change
102 function upgrade_sam_account(acc,domaindn)
104 var ldb = ldb_init();
125 samba3LogonScript: %s
126 samba3ProfilePath: %s
127 samba3Workstations: %s
128 samba3KickOffTime: %d
130 samba3PassLastSetTime: %d
131 samba3PassCanChangeTime: %d
132 samba3PassMustChangeTime: %d
135 ", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username,
136 acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
137 acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script,
138 acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time,
139 acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc.user_rid,
140 ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw));
145 function upgrade_sam_group(grp,domaindn)
156 ", grp.nt_name, domaindn,
157 grp.comment, grp.nt_name, grp.sid, grp.sid_name_use);
162 function upgrade_winbind(samba3,domaindn)
170 ", samba3.idmap.user_hwm, samba3.idmap.group_hwm);
172 for (var i in samba3.idmap.mappings) {
173 var m = samba3.idmap.mappings[i];
174 ldif = ldif + sprintf("
178 unixID: %d", m.sid, domaindn, m.sid, m.type, m.unix_id);
185 function upgrade_wins(samba3)
188 for (i in samba3.winsentries) {
189 var e = samba3.winsentries[i];
191 ldif = ldif + sprintf("
197 ", e.type, e.name, e.name, e.type, e.nb_flags, sys.ldaptime(e.ttl));
199 for (var i in e.ips) {
200 ldif = ldif + sprintf("address: %s\n", e.ips[i]);
207 function upgrade_provision(samba3)
209 var subobj = new Object();
210 var nss = nss_init();
211 var lp = loadparm_init();
214 var domainname = samba3.get_param("global", "workgroup");
216 if (domainname == undefined) {
217 domainname = samba3.secrets.domains[0].name;
218 println("No domain specified in smb.conf file, assuming '" + domainname + "'");
221 var domsec = samba3.find_domainsecrets(domainname);
222 var hostsec = samba3.find_domainsecrets(hostname());
223 var realm = samba3.get_param("global", "realm");
225 if (realm == undefined) {
227 println("No realm specified in smb.conf file, assuming '" + realm + "'");
231 subobj.REALM = realm;
232 subobj.DOMAIN = domainname;
233 subobj.HOSTNAME = hostname();
235 assert(subobj.REALM);
236 assert(subobj.DOMAIN);
237 assert(subobj.HOSTNAME);
239 subobj.HOSTIP = hostip();
240 if (domsec != undefined) {
241 subobj.DOMAINGUID = domsec.guid;
242 subobj.DOMAINSID = domsec.sid;
244 println("Can't find domain secrets for '" + domainname + "'; using random SID and GUID");
245 subobj.DOMAINGUID = randguid();
246 subobj.DOMAINSID = randsid();
250 subobj.HOSTGUID = hostsec.guid;
252 subobj.HOSTGUID = randguid();
254 subobj.INVOCATIONID = randguid();
255 subobj.KRBTGTPASS = randpass(12);
256 subobj.MACHINEPASS = randpass(12);
257 subobj.ADMINPASS = randpass(12);
258 subobj.DEFAULTSITE = "Default-First-Site-Name";
259 subobj.NEWGUID = randguid;
260 subobj.NTTIME = nttime;
261 subobj.LDAPTIME = ldaptime;
262 subobj.DATESTRING = datestring;
263 subobj.USN = nextusn;
264 subobj.ROOT = findnss(nss.getpwnam, "root");
265 subobj.NOBODY = findnss(nss.getpwnam, "nobody");
266 subobj.NOGROUP = findnss(nss.getgrnam, "nogroup", "nobody");
267 subobj.WHEEL = findnss(nss.getgrnam, "wheel", "root");
268 subobj.USERS = findnss(nss.getgrnam, "users", "guest", "other");
269 subobj.DNSDOMAIN = strlower(subobj.REALM);
270 subobj.DNSNAME = sprintf("%s.%s",
271 strlower(subobj.HOSTNAME),
273 subobj.BASEDN = "DC=" + join(",DC=", split(".", subobj.REALM));
274 rdn_list = split(".", subobj.REALM);
278 var keep = new Array(
292 "bind interfaces only",
297 "obey pam restrictions",
305 "client NTLMv2 auth",
306 "client lanman auth",
307 "client plaintext auth",
327 "name resolve order",
336 "paranoid server security",
373 "winbind separator");
375 function upgrade_smbconf(samba3)
380 function save_smbconf(path,smbconf)
383 # Generated by upgrade.js";
385 for (var i in smbconf.shares) {
386 var s = smbconf.shares[i];
387 data = data + "\n[" + s.name + "]\n";
388 for (var j in s.parameters) {
389 var p = s.parameters[j];
390 data = data + "\t" + p.name + " = " + p + "\n";
394 sys.file_save(path,data);
397 function upgrade(subobj, samba3, message)
399 var samdb = ldb_init();
400 var ok = samdb.connect("sam.ldb");
403 message("Importing account policies\n");
404 var ldif = upgrade_sam_policy(samba3,subobj.BASEDN);
405 ok = samdb.modify(ldif);
408 var ldapurl = undefined;
410 // FIXME: figure out ldapurl
412 // Enable samba3sam module if original passdb backend was ldap
413 if (ldapurl != undefined) {
416 @MAP_URL: %s", ldapurl);
419 samdb.modify("dn: @MODULES
420 @LIST: samldb,timestamps,objectguid,rdn_name");
423 message("Importing users\n");
424 for (var i in samba3.samaccounts) {
425 message("... " + samba3.samaccounts[i].username + "\n");
426 var ldif = upgrade_sam_account(samba3.samaccounts[i],subobj.BASEDN);
427 ok = samdb.add(ldif);
431 message("Importing groups\n");
432 for (var i in samba3.groupmappings) {
433 message("... " + samba3.groupmappings[i].nt_name + "\n");
434 var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN);
435 ok = samdb.add(ldif);
439 message("Importing registry data\n");
440 var hives = new Array("hkcr","hkcu","hklm","hkpd","hku","hkpt");
441 for (var i in hives) {
442 message("... " + hives[i] + "\n");
443 var regdb = ldb_init();
444 ok = regdb.connect(hives[i] + ".ldb");
446 var ldif = upgrade_registry(samba3.registry, hives[i]);
447 ok = regdb.add(ldif);
451 message("Importing WINS data\n");
452 var winsdb = ldb_init();
453 ok = winsdb.connect("wins.ldb");
456 var ldif = upgrade_wins(samba3);
457 ok = winsdb.add(ldif);