3 # backend code for upgrading from Samba3
4 # Copyright Jelmer Vernooij 2005-2007
5 # Released under the GNU GPL v3 or later
8 """Support code for upgrading from Samba 3 to Samba 4."""
10 from provision import findnss, provision, FILL_DRS
18 from samba.samdb import SamDB
20 def import_sam_policy(samldb, samba3_policy, domaindn):
21 """Import a Samba 3 policy database."""
22 samldb.modify_ldif("""
31 samba3ResetCountMinutes: %d
32 samba3UserMustLogonToChangePassword: %d
33 samba3BadLockoutMinutes: %d
34 samba3DisconnectTime: %d
36 """ % (dn, policy.min_password_length,
37 policy.password_history, policy.minimum_password_age,
38 policy.maximum_password_age, policy.lockout_duration,
39 policy.reset_count_minutes, policy.user_must_logon_to_change_password,
40 policy.bad_lockout_minutes, policy.disconnect_time))
43 def import_sam_account(samldb,acc,domaindn,domainsid):
44 """Import a Samba 3 SAM account.
46 :param samldb: Samba 4 SAM Database handle
47 :param acc: Samba 3 account
48 :param domaindn: Domain DN
49 :param domainsid: Domain SID."""
50 if acc.nt_username is None or acc.nt_username == "":
51 acc.nt_username = acc.username
53 if acc.fullname is None:
55 acc.fullname = pwd.getpwnam(acc.username)[4].split(",")[0]
59 if acc.fullname is None:
60 acc.fullname = acc.username
62 assert acc.fullname is not None
63 assert acc.nt_username is not None
66 "dn": "cn=%s,%s" % (acc.fullname, domaindn),
67 "objectClass": ["top", "user"],
68 "lastLogon": str(acc.logon_time),
69 "lastLogoff": str(acc.logoff_time),
70 "unixName": acc.username,
71 "sAMAccountName": acc.nt_username,
72 "cn": acc.nt_username,
73 "description": acc.acct_desc,
74 "primaryGroupID": str(acc.group_rid),
75 "badPwdcount": str(acc.bad_password_count),
76 "logonCount": str(acc.logon_count),
77 "samba3Domain": acc.domain,
78 "samba3DirDrive": acc.dir_drive,
79 "samba3MungedDial": acc.munged_dial,
80 "samba3Homedir": acc.homedir,
81 "samba3LogonScript": acc.logon_script,
82 "samba3ProfilePath": acc.profile_path,
83 "samba3Workstations": acc.workstations,
84 "samba3KickOffTime": str(acc.kickoff_time),
85 "samba3BadPwdTime": str(acc.bad_password_time),
86 "samba3PassLastSetTime": str(acc.pass_last_set_time),
87 "samba3PassCanChangeTime": str(acc.pass_can_change_time),
88 "samba3PassMustChangeTime": str(acc.pass_must_change_time),
89 "objectSid": "%s-%d" % (domainsid, acc.user_rid),
90 "lmPwdHash:": acc.lm_password,
91 "ntPwdHash:": acc.nt_password,
95 def import_sam_group(samldb, sid, gid, sid_name_use, nt_name, comment, domaindn):
96 """Upgrade a SAM group.
98 :param samldb: SAM database.
100 :param sid_name_use: SID name use
101 :param nt_name: NT Group Name
102 :param comment: NT Group Comment
103 :param domaindn: Domain DN
106 if sid_name_use == 5: # Well-known group
109 if nt_name in ("Domain Guests", "Domain Users", "Domain Admins"):
113 gr = grp.getgrnam(nt_name)
115 gr = grp.getgrgid(gid)
120 unixname = gr.gr_name
122 assert unixname is not None
125 "dn": "cn=%s,%s" % (nt_name, domaindn),
126 "objectClass": ["top", "group"],
127 "description": comment,
130 "unixName": unixname,
131 "samba3SidNameUse": str(sid_name_use)
135 def import_idmap(samdb,samba3_idmap,domaindn):
136 """Import idmap data.
138 :param samdb: SamDB handle.
139 :param samba3_idmap: Samba 3 IDMAP database to import from
140 :param domaindn: Domain DN.
144 "userHwm": str(samba3_idmap.get_user_hwm()),
145 "groupHwm": str(samba3_idmap.get_group_hwm())})
147 for uid in samba3_idmap.uids():
148 samdb.add({"dn": "SID=%s,%s" % (samba3_idmap.get_user_sid(uid), domaindn),
149 "SID": samba3_idmap.get_user_sid(uid),
153 for gid in samba3_idmap.uids():
154 samdb.add({"dn": "SID=%s,%s" % (samba3_idmap.get_group_sid(gid), domaindn),
155 "SID": samba3_idmap.get_group_sid(gid),
160 def import_wins(samba4_winsdb, samba3_winsdb):
161 """Import settings from a Samba3 WINS database.
163 :param samba4_winsdb: WINS database to import to
164 :param samba3_winsdb: WINS database to import from
168 for (name, (ttl, ips, nb_flags)) in samba3_winsdb.items():
171 type = int(name.split("#", 1)[1], 16)
186 if ttl > time.time():
187 rState = 0x0 # active
189 rState = 0x1 # released
191 nType = ((nb_flags & 0x60)>>5)
193 samba4_winsdb.add({"dn": "name=%s,type=0x%s" % tuple(name.split("#")),
194 "type": name.split("#")[1],
195 "name": name.split("#")[0],
196 "objectClass": "winsRecord",
197 "recordType": str(rType),
198 "recordState": str(rState),
199 "nodeType": str(nType),
200 "expireTime": ldb.timestring(ttl),
202 "versionID": str(version_id),
205 samba4_winsdb.add({"dn": "cn=VERSION",
207 "objectClass": "winsMaxVersion",
208 "maxVersion": str(version_id)})
210 def upgrade_provision(samba3, setup_dir, message, credentials, session_info, lp, paths):
211 oldconf = samba3.get_conf()
213 if oldconf.get("domain logons") == "True":
214 serverrole = "domain controller"
216 if oldconf.get("security") == "user":
217 serverrole = "standalone"
219 serverrole = "member server"
221 domainname = oldconf.get("workgroup")
223 domainname = str(domainname)
224 realm = oldconf.get("realm")
225 netbiosname = oldconf.get("netbios name")
227 secrets_db = samba3.get_secrets_db()
229 if domainname is None:
230 domainname = secrets_db.domains()[0]
231 message("No domain specified in smb.conf file, assuming '%s'" % domainname)
234 realm = domainname.lower()
235 message("No realm specified in smb.conf file, assuming '%s'\n" % realm)
237 domainguid = secrets_db.get_domain_guid(domainname)
238 domainsid = secrets_db.get_sid(domainname)
239 if domainsid is None:
240 message("Can't find domain secrets for '%s'; using random SID\n" % domainname)
242 if netbiosname is not None:
243 machinepass = secrets_db.get_machine_password(netbiosname)
247 domaindn = provision(setup_dir=setup_dir, message=message,
248 samdb_fill=FILL_DRS, paths=paths, session_info=session_info,
249 credentials=credentials, realm=realm,
250 domain=domainname, domainsid=domainsid, domainguid=domainguid,
251 machinepass=machinepass, serverrole=serverrole)
253 samdb = SamDB(paths.samdb, credentials=credentials, lp=lp, session_info=session_info)
255 import_wins(Ldb(paths.winsdb), samba3.get_wins_db())
257 # FIXME: import_registry(registry.Registry(), samba3.get_registry())
259 # FIXME: import_idmap(samdb,samba3.get_idmap_db(),domaindn)
261 groupdb = samba3.get_groupmapping_db()
262 for sid in groupdb.groupsids():
263 (gid, sid_name_use, nt_name, comment) = groupdb.get_group(sid)
264 # FIXME: import_sam_group(samdb, sid, gid, sid_name_use, nt_name, comment, domaindn)
268 passdb = samba3.get_sam_db()
271 #FIXME: import_sam_account(samdb, user, domaindn, domainsid)
273 if hasattr(passdb, 'ldap_url'):
274 message("Enabling Samba3 LDAP mappings for SAM database")
276 enable_samba3sam(samdb, passdb.ldap_url)
279 def enable_samba3sam(samdb, ldapurl):
280 """Enable Samba 3 LDAP URL database.
282 :param samdb: SAM Database.
283 :param ldapurl: Samba 3 LDAP URL
285 samdb.modify_ldif("""
289 @LIST: samldb,operational,objectguid,rdn_name,samba3sam
292 samdb.add({"dn": "@MAP=samba3sam", "@MAP_URL": ldapurl})
309 "bind interfaces only",
314 "obey pam restrictions",
322 "client NTLMv2 auth",
323 "client lanman auth",
324 "client plaintext auth",
344 "name resolve order",
353 "paranoid server security",
389 def upgrade_smbconf(oldconf,mark):
390 """Remove configuration variables not present in Samba4
392 :param oldconf: Old configuration structure
393 :param mark: Whether removed configuration variables should be
394 kept in the new configuration as "samba3:<name>"
396 data = oldconf.data()
397 newconf = param_init()
402 for k in smbconf_keep:
403 if smbconf_keep[k] == p:
408 newconf.set(s, p, oldconf.get(s, p))
410 newconf.set(s, "samba3:"+p, oldconf.get(s,p))
414 SAMBA3_PREDEF_NAMES = {
415 'HKLM': registry.HKEY_LOCAL_MACHINE,
418 def import_registry(samba4_registry, samba3_regdb):
419 """Import a Samba 3 registry database into the Samba 4 registry.
421 :param samba4_registry: Samba 4 registry handle.
422 :param samba3_regdb: Samba 3 registry database handle.
424 def ensure_key_exists(keypath):
425 (predef_name, keypath) = keypath.split("/", 1)
426 predef_id = SAMBA3_PREDEF_NAMES[predef_name]
427 keypath = keypath.replace("/", "\\")
428 return samba4_registry.create_key(predef_id, keypath)
430 for key in samba3_regdb.keys():
431 key_handle = ensure_key_exists(key)
432 for subkey in samba3_regdb.subkeys(key):
433 ensure_key_exists(subkey)
434 for (value_name, (value_type, value_data)) in samba3_regdb.values(key).items():
435 key_handle.set_value(value_name, value_type, value_data)