2 backend code for upgrading from Samba3
3 Copyright Jelmer Vernooij 2005
4 Released under the GNU GPL v2 or later
9 function regkey_to_dn(name)
14 var as = split("/", name);
18 dn = sprintf("key=%s,", as[i]) + dn;
25 /* Where prefix is any of:
33 function upgrade_registry(regdb,prefix)
35 assert(regdb != undefined);
36 var prefix_up = strupper(prefix);
37 var ldif = new Array();
39 for (var i in regdb.keys) {
40 var rk = regdb.keys[i];
41 var pts = split("/", rk.name);
43 /* Only handle selected hive */
44 if (strupper(pts[0]) != prefix_up) {
48 var keydn = regkey_to_dn(rk.name);
50 var pts = split("/", rk.name);
52 /* Convert key name to dn */
53 ldif[rk.name] = sprintf("
59 for (var j in rk.values) {
60 var rv = rk.values[j];
62 ldif[rk.name + " (" + rv.name + ")"] = sprintf("
66 data:: %s", keydn, rv.value, rv.type, base64(rv.data));
73 function upgrade_sam_policy(samba3,dn)
84 samba3ResetCountMinutes: %d
85 samba3UserMustLogonToChangePassword: %d
86 samba3BadLockoutMinutes: %d
87 samba3DisconnectTime: %d
88 samba3RefuseMachinePwdChange: %d
90 ", dn, samba3.policy.min_password_length,
91 samba3.policy.password_history, samba3.policy.minimum_password_age,
92 samba3.policy.maximum_password_age, samba3.policy.lockout_duration,
93 samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password,
94 samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time,
95 samba3.policy.refuse_machine_password_change
101 function upgrade_sam_account(acc,domaindn)
103 var ldb = ldb_init();
122 samba3LogonScript: %s
123 samba3ProfilePath: %s
124 samba3Workstations: %s
125 samba3KickOffTime: %d
127 samba3PassLastSetTime: %d
128 samba3PassCanChangeTime: %d
129 samba3PassMustChangeTime: %d
134 ", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username,
135 acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
136 acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script,
137 acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time,
138 acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc.user_rid,
139 ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw));
144 function upgrade_sam_group(grp,domaindn)
155 ", grp.nt_name, domaindn,
156 grp.comment, grp.nt_name, grp.sid, grp.sid_name_use);
161 function upgrade_winbind(samba3,domaindn)
169 ", samba3.idmap.user_hwm, samba3.idmap.group_hwm);
171 for (var i in samba3.idmap.mappings) {
172 var m = samba3.idmap.mappings[i];
173 ldif = ldif + sprintf("
177 unixID: %d", m.sid, domaindn, m.sid, m.type, m.unix_id);
184 function upgrade_wins(samba3)
187 for (i in samba3.winsentries) {
188 var e = samba3.winsentries[i];
190 ldif = ldif + sprintf("
196 ", e.type, e.name, e.name, e.type, e.nb_flags, sys.ldaptime(e.ttl));
198 for (var i in e.ips) {
199 ldif = ldif + sprintf("address: %s\n", e.ips[i]);
206 function upgrade_provision(samba3)
208 var subobj = new Object();
209 var nss = nss_init();
210 var lp = loadparm_init();
213 var domainname = samba3.configuration.get("workgroup");
215 if (domainname == undefined) {
216 domainname = samba3.secrets.domains[0].name;
217 println("No domain specified in smb.conf file, assuming '" + domainname + "'");
220 var domsec = samba3.find_domainsecrets(domainname);
221 var hostsec = samba3.find_domainsecrets(hostname());
222 var realm = samba3.configuration.get("realm");
224 if (realm == undefined) {
226 println("No realm specified in smb.conf file, assuming '" + realm + "'");
230 subobj.REALM = realm;
231 subobj.DOMAIN = domainname;
232 subobj.HOSTNAME = hostname();
234 assert(subobj.REALM);
235 assert(subobj.DOMAIN);
236 assert(subobj.HOSTNAME);
238 subobj.HOSTIP = hostip();
239 if (domsec != undefined) {
240 subobj.DOMAINGUID = domsec.guid;
241 subobj.DOMAINSID = domsec.sid;
243 println("Can't find domain secrets for '" + domainname + "'; using random SID and GUID");
244 subobj.DOMAINGUID = randguid();
245 subobj.DOMAINSID = randsid();
249 subobj.HOSTGUID = hostsec.guid;
251 subobj.HOSTGUID = randguid();
253 subobj.INVOCATIONID = randguid();
254 subobj.KRBTGTPASS = randpass(12);
255 subobj.MACHINEPASS = randpass(12);
256 subobj.ADMINPASS = randpass(12);
257 subobj.DEFAULTSITE = "Default-First-Site-Name";
258 subobj.NEWGUID = randguid;
259 subobj.NTTIME = nttime;
260 subobj.LDAPTIME = ldaptime;
261 subobj.DATESTRING = datestring;
262 subobj.USN = nextusn;
263 subobj.ROOT = findnss(nss.getpwnam, "root");
264 subobj.NOBODY = findnss(nss.getpwnam, "nobody");
265 subobj.NOGROUP = findnss(nss.getgrnam, "nogroup", "nobody");
266 subobj.WHEEL = findnss(nss.getgrnam, "wheel", "root");
267 subobj.USERS = findnss(nss.getgrnam, "users", "guest", "other");
268 subobj.DNSDOMAIN = strlower(subobj.REALM);
269 subobj.DNSNAME = sprintf("%s.%s",
270 strlower(subobj.HOSTNAME),
272 subobj.BASEDN = "DC=" + join(",DC=", split(".", subobj.REALM));
273 rdn_list = split(".", subobj.REALM);
277 smbconf_keep = new Array(
291 "bind interfaces only",
296 "obey pam restrictions",
304 "client NTLMv2 auth",
305 "client lanman auth",
306 "client plaintext auth",
326 "name resolve order",
335 "paranoid server security",
372 "winbind separator");
375 Remove configuration variables not present in Samba4
376 oldconf: Old configuration structure
377 mark: Whether removed configuration variables should be
378 kept in the new configuration as "samba3:<name>"
380 function upgrade_smbconf(oldconf,mark)
382 var data = oldconf.data();
383 var newconf = param_init();
385 for (var s in data) {
386 for (var p in data[s]) {
388 for (var k in smbconf_keep) {
389 if (smbconf_keep[k] == p) {
396 newconf.set(s, p, oldconf.get(s, p));
398 newconf.set(s, "samba3:"+p, oldconf.get(s,p));
406 function upgrade(subobj, samba3, message)
409 var lp = loadparm_init();
410 var samdb = ldb_init();
411 var ok = samdb.connect("sam.ldb");
414 message("Writing configuration\n");
415 var newconf = upgrade_smbconf(samba3.configuration,true);
416 newconf.save(lp.get("config file"));
418 message("Importing account policies\n");
419 var ldif = upgrade_sam_policy(samba3,subobj.BASEDN);
420 ok = samdb.modify(ldif);
423 // figure out ldapurl, if applicable
424 var ldapurl = undefined;
425 var pdb = samba3.configuration.get_list("passdb backends");
426 if (pdb != undefined) {
428 if (substr(pdb[b], 0, 7) == "ldapsam") {
429 ldapurl = substr(pdb[b], 8);
434 // URL was not specified in passdb backend but ldap /is/ used
436 ldapurl = "ldap://" + samba3.configuration.get("ldap server");
439 // Enable samba3sam module if original passdb backend was ldap
440 if (ldapurl != undefined) {
443 @MAP_URL: %s", ldapurl);
446 samdb.modify("dn: @MODULES
447 @LIST: samldb,timestamps,objectguid,rdn_name,samba3sam");
450 message("Importing users\n");
451 for (var i in samba3.samaccounts) {
452 message("... " + samba3.samaccounts[i].username);
453 var ldif = upgrade_sam_account(samba3.samaccounts[i],subobj.BASEDN);
454 ok = samdb.add(ldif);
456 message("... error: " + samdb.errstring());
462 message("Importing groups\n");
463 for (var i in samba3.groupmappings) {
464 message("... " + samba3.groupmappings[i].nt_name);
465 var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN);
466 ok = samdb.add(ldif);
468 message("... error: " + samdb.errstring());
474 message("Importing registry data\n");
475 var hives = new Array("hkcr","hkcu","hklm","hkpd","hku","hkpt");
476 for (var i in hives) {
477 message("... " + hives[i] + "\n");
478 var regdb = ldb_init();
479 ok = regdb.connect(hives[i] + ".ldb");
481 var ldif = upgrade_registry(samba3.registry, hives[i]);
482 for (var j in ldif) {
483 message("... ... " + j);
484 ok = regdb.add(ldif[j]);
486 message("... error: " + regdb.errstring());
493 message("Importing WINS data\n");
494 var winsdb = ldb_init();
495 ok = winsdb.connect("wins.ldb");
499 var ldif = upgrade_wins(samba3);
500 ok = winsdb.add(ldif);
503 message("Reloading smb.conf\n");