2 backend code for upgrading from Samba3
3 Copyright Jelmer Vernooij 2005
4 Released under the GNU GPL v2 or later
9 function regkey_to_dn(name)
14 var as = split("/", name);
18 dn = sprintf("key=%s,", as[i]) + dn;
25 /* Where prefix is any of:
33 function upgrade_registry(regdb,prefix)
35 assert(regdb != undefined);
36 var prefix_up = strupper(prefix);
37 var ldif = new Array();
39 for (var i in regdb.keys) {
40 var rk = regdb.keys[i];
41 var pts = split("/", rk.name);
43 /* Only handle selected hive */
44 if (strupper(pts[0]) != prefix_up) {
48 var keydn = regkey_to_dn(rk.name);
50 var pts = split("/", rk.name);
52 /* Convert key name to dn */
53 ldif[rk.name] = sprintf("
59 for (var j in rk.values) {
60 var rv = rk.values[j];
62 ldif[rk.name + " (" + rv.name + ")"] = sprintf("
66 data:: %s", keydn, rv.value, rv.type, base64(rv.data));
73 function upgrade_sam_policy(samba3,dn)
84 samba3ResetCountMinutes: %d
85 samba3UserMustLogonToChangePassword: %d
86 samba3BadLockoutMinutes: %d
87 samba3DisconnectTime: %d
88 samba3RefuseMachinePwdChange: %d
90 ", dn, samba3.policy.min_password_length,
91 samba3.policy.password_history, samba3.policy.minimum_password_age,
92 samba3.policy.maximum_password_age, samba3.policy.lockout_duration,
93 samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password,
94 samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time,
95 samba3.policy.refuse_machine_password_change
101 function upgrade_sam_account(acc,domaindn)
103 var ldb = ldb_init();
122 samba3LogonScript: %s
123 samba3ProfilePath: %s
124 samba3Workstations: %s
125 samba3KickOffTime: %d
127 samba3PassLastSetTime: %d
128 samba3PassCanChangeTime: %d
129 samba3PassMustChangeTime: %d
134 ", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username,
135 acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
136 acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script,
137 acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time,
138 acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc.user_rid,
139 ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw));
144 function upgrade_sam_group(grp,domaindn)
155 ", grp.nt_name, domaindn,
156 grp.comment, grp.nt_name, grp.sid, grp.sid_name_use);
161 function upgrade_winbind(samba3,domaindn)
169 ", samba3.idmap.user_hwm, samba3.idmap.group_hwm);
171 for (var i in samba3.idmap.mappings) {
172 var m = samba3.idmap.mappings[i];
173 ldif = ldif + sprintf("
177 unixID: %d", m.sid, domaindn, m.sid, m.type, m.unix_id);
184 function upgrade_wins(samba3)
187 for (i in samba3.winsentries) {
188 var e = samba3.winsentries[i];
190 ldif = ldif + sprintf("
196 ", e.type, e.name, e.name, e.type, e.nb_flags, sys.ldaptime(e.ttl));
198 for (var i in e.ips) {
199 ldif = ldif + sprintf("address: %s\n", e.ips[i]);
206 function upgrade_provision(samba3)
208 var subobj = new Object();
209 var nss = nss_init();
210 var lp = loadparm_init();
213 var domainname = samba3.get_param("global", "workgroup");
215 if (domainname == undefined) {
216 domainname = samba3.secrets.domains[0].name;
217 println("No domain specified in smb.conf file, assuming '" + domainname + "'");
220 var domsec = samba3.find_domainsecrets(domainname);
221 var hostsec = samba3.find_domainsecrets(hostname());
222 var realm = samba3.get_param("global", "realm");
224 if (realm == undefined) {
226 println("No realm specified in smb.conf file, assuming '" + realm + "'");
230 subobj.REALM = realm;
231 subobj.DOMAIN = domainname;
232 subobj.HOSTNAME = hostname();
234 assert(subobj.REALM);
235 assert(subobj.DOMAIN);
236 assert(subobj.HOSTNAME);
238 subobj.HOSTIP = hostip();
239 if (domsec != undefined) {
240 subobj.DOMAINGUID = domsec.guid;
241 subobj.DOMAINSID = domsec.sid;
243 println("Can't find domain secrets for '" + domainname + "'; using random SID and GUID");
244 subobj.DOMAINGUID = randguid();
245 subobj.DOMAINSID = randsid();
249 subobj.HOSTGUID = hostsec.guid;
251 subobj.HOSTGUID = randguid();
253 subobj.INVOCATIONID = randguid();
254 subobj.KRBTGTPASS = randpass(12);
255 subobj.MACHINEPASS = randpass(12);
256 subobj.ADMINPASS = randpass(12);
257 subobj.DEFAULTSITE = "Default-First-Site-Name";
258 subobj.NEWGUID = randguid;
259 subobj.NTTIME = nttime;
260 subobj.LDAPTIME = ldaptime;
261 subobj.DATESTRING = datestring;
262 subobj.USN = nextusn;
263 subobj.ROOT = findnss(nss.getpwnam, "root");
264 subobj.NOBODY = findnss(nss.getpwnam, "nobody");
265 subobj.NOGROUP = findnss(nss.getgrnam, "nogroup", "nobody");
266 subobj.WHEEL = findnss(nss.getgrnam, "wheel", "root");
267 subobj.USERS = findnss(nss.getgrnam, "users", "guest", "other");
268 subobj.DNSDOMAIN = strlower(subobj.REALM);
269 subobj.DNSNAME = sprintf("%s.%s",
270 strlower(subobj.HOSTNAME),
272 subobj.BASEDN = "DC=" + join(",DC=", split(".", subobj.REALM));
273 rdn_list = split(".", subobj.REALM);
277 var keep = new Array(
291 "bind interfaces only",
296 "obey pam restrictions",
304 "client NTLMv2 auth",
305 "client lanman auth",
306 "client plaintext auth",
326 "name resolve order",
335 "paranoid server security",
372 "winbind separator");
374 function upgrade_smbconf(samba3)
379 function save_smbconf(path,smbconf)
382 # Generated by upgrade.js";
384 for (var i in smbconf.shares) {
385 var s = smbconf.shares[i];
386 data = data + "\n[" + s.name + "]\n";
387 for (var j in s.parameters) {
388 var p = s.parameters[j];
389 data = data + "\t" + p.name + " = " + p + "\n";
393 sys.file_save(path,data);
396 function upgrade(subobj, samba3, message)
399 var samdb = ldb_init();
400 var ok = samdb.connect("sam.ldb");
403 message("Importing account policies\n");
404 var ldif = upgrade_sam_policy(samba3,subobj.BASEDN);
405 ok = samdb.modify(ldif);
408 var ldapurl = undefined;
410 // FIXME: figure out ldapurl
412 // Enable samba3sam module if original passdb backend was ldap
413 if (ldapurl != undefined) {
416 @MAP_URL: %s", ldapurl);
419 samdb.modify("dn: @MODULES
420 @LIST: samldb,timestamps,objectguid,rdn_name");
423 message("Importing users\n");
424 for (var i in samba3.samaccounts) {
425 message("... " + samba3.samaccounts[i].username);
426 var ldif = upgrade_sam_account(samba3.samaccounts[i],subobj.BASEDN);
427 ok = samdb.add(ldif);
429 message("... error: " + samdb.errstring());
435 message("Importing groups\n");
436 for (var i in samba3.groupmappings) {
437 message("... " + samba3.groupmappings[i].nt_name);
438 var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN);
439 ok = samdb.add(ldif);
441 message("... error: " + samdb.errstring());
447 message("Importing registry data\n");
448 var hives = new Array("hkcr","hkcu","hklm","hkpd","hku","hkpt");
449 for (var i in hives) {
450 message("... " + hives[i] + "\n");
451 var regdb = ldb_init();
452 ok = regdb.connect(hives[i] + ".ldb");
454 var ldif = upgrade_registry(samba3.registry, hives[i]);
455 for (var j in ldif) {
456 message("... ... " + j);
457 ok = regdb.add(ldif[j]);
459 message("... error: " + regdb.errstring());
466 message("Importing WINS data\n");
467 var winsdb = ldb_init();
468 ok = winsdb.connect("wins.ldb");
472 var ldif = upgrade_wins(samba3);
473 ok = winsdb.add(ldif);