2 backend code for upgrading from Samba3
3 Copyright Jelmer Vernooij 2005
4 Released under the GNU GPL v2 or later
9 function regkey_to_dn(name)
14 var as = split("/", name);
18 dn = sprintf("key=%s,", as[i]) + dn;
25 /* Where prefix is any of:
33 function upgrade_registry(regdb,prefix,ldb)
35 assert(regdb != undefined);
36 var prefix_up = strupper(prefix);
37 var ldif = new Array();
39 for (var i in regdb.keys) {
40 var rk = regdb.keys[i];
41 var pts = split("/", rk.name);
43 /* Only handle selected hive */
44 if (strupper(pts[0]) != prefix_up) {
48 var keydn = regkey_to_dn(rk.name);
50 var pts = split("/", rk.name);
52 /* Convert key name to dn */
53 ldif[rk.name] = sprintf("
59 for (var j in rk.values) {
60 var rv = rk.values[j];
62 ldif[rk.name + " (" + rv.name + ")"] = sprintf("
66 data:: %s", keydn, rv.name, rv.name, rv.type, ldb.encode(rv.data));
73 function upgrade_sam_policy(samba3,dn)
84 samba3ResetCountMinutes: %d
85 samba3UserMustLogonToChangePassword: %d
86 samba3BadLockoutMinutes: %d
87 samba3DisconnectTime: %d
88 samba3RefuseMachinePwdChange: %d
90 ", dn, samba3.policy.min_password_length,
91 samba3.policy.password_history, samba3.policy.minimum_password_age,
92 samba3.policy.maximum_password_age, samba3.policy.lockout_duration,
93 samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password,
94 samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time,
95 samba3.policy.refuse_machine_password_change
101 function upgrade_sam_account(acc,domaindn)
103 var ldb = ldb_init();
120 samba3LogonScript: %s
121 samba3ProfilePath: %s
122 samba3Workstations: %s
123 samba3KickOffTime: %d
125 samba3PassLastSetTime: %d
126 samba3PassCanChangeTime: %d
127 samba3PassMustChangeTime: %d
132 ", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username,
133 acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
134 acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script,
135 acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time,
136 acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc.user_rid,
137 ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw));
142 function upgrade_sam_group(grp,domaindn)
153 ", grp.nt_name, domaindn,
154 grp.comment, grp.nt_name, grp.sid, grp.sid_name_use);
159 function upgrade_winbind(samba3,domaindn)
167 ", samba3.idmap.user_hwm, samba3.idmap.group_hwm);
169 for (var i in samba3.idmap.mappings) {
170 var m = samba3.idmap.mappings[i];
171 ldif = ldif + sprintf("
175 unixID: %d", m.sid, domaindn, m.sid, m.type, m.unix_id);
182 function upgrade_wins(samba3)
185 for (i in samba3.winsentries) {
186 var e = samba3.winsentries[i];
188 ldif = ldif + sprintf("
194 ", e.type, e.name, e.name, e.type, e.nb_flags, sys.ldaptime(e.ttl));
196 for (var i in e.ips) {
197 ldif = ldif + sprintf("address: %s\n", e.ips[i]);
204 function upgrade_provision(samba3)
206 var subobj = new Object();
207 var nss = nss_init();
208 var lp = loadparm_init();
211 var domainname = samba3.configuration.get("workgroup");
213 if (domainname == undefined) {
214 domainname = samba3.secrets.domains[0].name;
215 println("No domain specified in smb.conf file, assuming '" + domainname + "'");
218 var domsec = samba3.find_domainsecrets(domainname);
219 var hostsec = samba3.find_domainsecrets(hostname());
220 var realm = samba3.configuration.get("realm");
222 if (realm == undefined) {
224 println("No realm specified in smb.conf file, assuming '" + realm + "'");
228 subobj.REALM = realm;
229 subobj.DOMAIN = domainname;
230 subobj.HOSTNAME = hostname();
232 assert(subobj.REALM);
233 assert(subobj.DOMAIN);
234 assert(subobj.HOSTNAME);
236 subobj.HOSTIP = hostip();
237 if (domsec != undefined) {
238 subobj.DOMAINGUID = domsec.guid;
239 subobj.DOMAINSID = domsec.sid;
241 println("Can't find domain secrets for '" + domainname + "'; using random SID and GUID");
242 subobj.DOMAINGUID = randguid();
243 subobj.DOMAINSID = randsid();
247 subobj.HOSTGUID = hostsec.guid;
249 subobj.HOSTGUID = randguid();
251 subobj.INVOCATIONID = randguid();
252 subobj.KRBTGTPASS = randpass(12);
253 subobj.MACHINEPASS = randpass(12);
254 subobj.ADMINPASS = randpass(12);
255 subobj.DEFAULTSITE = "Default-First-Site-Name";
256 subobj.NEWGUID = randguid;
257 subobj.NTTIME = nttime;
258 subobj.LDAPTIME = ldaptime;
259 subobj.DATESTRING = datestring;
260 subobj.USN = nextusn;
261 subobj.ROOT = findnss(nss.getpwnam, "root");
262 subobj.NOBODY = findnss(nss.getpwnam, "nobody");
263 subobj.NOGROUP = findnss(nss.getgrnam, "nogroup", "nobody");
264 subobj.WHEEL = findnss(nss.getgrnam, "wheel", "root");
265 subobj.USERS = findnss(nss.getgrnam, "users", "guest", "other");
266 subobj.DNSDOMAIN = strlower(subobj.REALM);
267 subobj.DNSNAME = sprintf("%s.%s",
268 strlower(subobj.HOSTNAME),
270 subobj.BASEDN = "DC=" + join(",DC=", split(".", subobj.REALM));
271 rdn_list = split(".", subobj.REALM);
275 smbconf_keep = new Array(
289 "bind interfaces only",
294 "obey pam restrictions",
302 "client NTLMv2 auth",
303 "client lanman auth",
304 "client plaintext auth",
324 "name resolve order",
333 "paranoid server security",
370 "winbind separator");
373 Remove configuration variables not present in Samba4
374 oldconf: Old configuration structure
375 mark: Whether removed configuration variables should be
376 kept in the new configuration as "samba3:<name>"
378 function upgrade_smbconf(oldconf,mark)
380 var data = oldconf.data();
381 var newconf = param_init();
383 for (var s in data) {
384 for (var p in data[s]) {
386 for (var k in smbconf_keep) {
387 if (smbconf_keep[k] == p) {
394 newconf.set(s, p, oldconf.get(s, p));
396 newconf.set(s, "samba3:"+p, oldconf.get(s,p));
404 function upgrade(subobj, samba3, message, paths)
407 var lp = loadparm_init();
408 var samdb = ldb_init();
409 var ok = samdb.connect(paths.samdb);
412 message("Writing configuration\n");
413 var newconf = upgrade_smbconf(samba3.configuration,true);
414 newconf.save(paths.smbconf);
416 message("Importing account policies\n");
417 var ldif = upgrade_sam_policy(samba3,subobj.BASEDN);
418 ok = samdb.modify(ldif);
421 // figure out ldapurl, if applicable
422 var ldapurl = undefined;
423 var pdb = samba3.configuration.get_list("passdb backend");
424 if (pdb != undefined) {
426 if (substr(pdb[b], 0, 7) == "ldapsam") {
427 ldapurl = substr(pdb[b], 8);
432 // URL was not specified in passdb backend but ldap /is/ used
434 ldapurl = "ldap://" + samba3.configuration.get("ldap server");
437 // Enable samba3sam module if original passdb backend was ldap
438 if (ldapurl != undefined) {
439 message("Enabling Samba3 LDAP mappings for SAM database\n");
442 @MAP_URL: %s", ldapurl);
445 samdb.modify("dn: @MODULES
446 @LIST: samldb,timestamps,objectguid,rdn_name,samba3sam");
449 message("Importing users\n");
450 for (var i in samba3.samaccounts) {
451 var msg = "... " + samba3.samaccounts[i].username;
452 var ldif = upgrade_sam_account(samba3.samaccounts[i],subobj.BASEDN);
453 ok = samdb.add(ldif);
455 msg = msg + "... error: " + samdb.errstring();
461 message("Importing groups\n");
462 for (var i in samba3.groupmappings) {
463 var msg = "... " + samba3.groupmappings[i].nt_name;
464 var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN);
465 ok = samdb.add(ldif);
467 msg = msg + "... error: " + samdb.errstring();
473 message("Importing registry data\n");
474 var hives = new Array("hkcr","hkcu","hklm","hkpd","hku","hkpt");
475 for (var i in hives) {
477 message("... " + hn + "\n");
478 var regdb = ldb_init();
479 ok = regdb.connect(paths[hn]);
481 var ldif = upgrade_registry(samba3.registry, hn, regdb);
482 for (var j in ldif) {
483 var msg = "... ... " + j;
484 ok = regdb.add(ldif[j]);
486 msg = msg + "... error: " + regdb.errstring();
493 message("Importing WINS data\n");
494 var winsdb = ldb_init();
495 ok = winsdb.connect(paths.winsdb);
499 var ldif = upgrade_wins(samba3);
500 ok = winsdb.add(ldif);
506 function upgrade_verify(subobj, samba3,paths,message)
508 message("Verifying account policies\n");
509 var samldb = ldb_init();
512 var ok = samldb.connect(paths.samdb);