2 backend code for upgrading from Samba3
3 Copyright Jelmer Vernooij 2005
4 Released under the GNU GPL v2 or later
9 function regkey_to_dn(name)
14 var as = split("/", name);
18 dn = sprintf("key=%s,", as[i]) + dn;
25 /* Where prefix is any of:
33 function upgrade_registry(regdb,prefix)
35 var prefix_up = strupper(prefix);
39 for (var i in regdb.keys) {
40 var rk = regdb.keys[i];
41 /* Only handle selected hive */
42 if (strncmp(prefix_up, rk.name, strlen(prefix_up)) != 0) {
46 var keydn = regkey_to_dn(rk.name);
48 var pts = split("/", rk.name);
50 /* Convert key name to dn */
51 ldif = ldif + sprintf("
57 for (var j in rk.values) {
58 var rv = rk.values[j];
60 ldif = ldif + sprintf("
64 data:: %s", keydn, rv.value, rv.type, base64(rv.data));
71 function upgrade_sam_policy(samba3,dn)
80 samba3ResetCountMinutes: %d
81 samba3UserMustLogonToChangePassword: %d
82 samba3BadLockoutMinutes: %d
83 samba3DisconnectTime: %d
84 samba3RefuseMachinePwdChange: %d
86 ", dn, samba3.policy.min_password_length,
87 samba3.policy.password_history, samba3.policy.minimum_password_age,
88 samba3.policy.maximum_password_age, samba3.policy.lockout_duration,
89 samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password,
90 samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time,
91 samba3.policy.refuse_machine_password_change
97 function upgrade_sam_account(acc,domaindn)
117 samba3LogonScript: %s
118 samba3ProfilePath: %s
119 samba3Workstations: %s
120 samba3KickOffTime: %d
122 samba3PassLastSetTime: %d
123 samba3PassCanChangeTime: %d
124 samba3PassMustChangeTime: %d
127 ", acc.fullname, domaindn, sam.logon_time, acc.logoff_time, acc.username, acc.nt_username,
128 acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
129 acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script,
130 acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time,
131 acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc.user_rid);
133 /* FIXME: Passwords */
138 function upgrade_sam_group(grp,domaindn)
148 samba3SidNameUse: %d", grp.nt_name, domaindn,
149 grp.comment, grp.nt_name, grp.sid, grp.sid_name_use);
154 function upgrade_winbind(samba3,domaindn)
162 ", samba3.idmap.user_hwm, samba3.idmap.group_hwm);
164 for (var i in samba3.idmap.mappings) {
165 var m = samba3.idmap.mappings[i];
166 ldif = ldif + sprintf("
170 unixID: %d", m.sid, domaindn, m.sid, m.type, m.unix_id);
177 function upgrade_wins(samba3)
180 for (i in samba3.winsentries) {
181 var e = samba3.winsentries[i];
183 ldif = ldif + sprintf("
188 expires: %s", e.type, e.name, e.name, e.type, e.nb_flags, sys.ldap_time(e.ttl));
190 for (var i in e.ips) {
191 ldif = ldif + sprintf("address: %s\n", e.ips[i]);
198 function upgrade_provision(samba3)
200 var subobj = new Object();
201 var nss = nss_init();
202 var lp = loadparm_init();
205 var domainname = samba3.get_param("global", "workgroup");
206 var domsec = samba3.find_domainsecrets(domainname);
207 var hostsec = samba3.find_domainsecrets(hostname());
208 var realm = samba3.get_param("global", "realm");
211 subobj.REALM = realm;
212 subobj.DOMAIN = domainname;
213 subobj.HOSTNAME = hostname();
215 assert(subobj.REALM);
216 assert(subobj.DOMAIN);
217 assert(subobj.HOSTNAME);
219 subobj.HOSTIP = hostip();
220 subobj.DOMAINGUID = domsec.guid;
221 subobj.DOMAINSID = domsec.sid;
222 subobj.HOSTGUID = hostsec.guid;
223 subobj.INVOCATIONID = randguid();
224 subobj.KRBTGTPASS = randpass(12);
225 subobj.MACHINEPASS = randpass(12);
226 subobj.ADMINPASS = randpass(12);
227 subobj.DEFAULTSITE = "Default-First-Site-Name";
228 subobj.NEWGUID = randguid;
229 subobj.NTTIME = nttime;
230 subobj.LDAPTIME = ldaptime;
231 subobj.DATESTRING = datestring;
232 subobj.USN = nextusn;
233 subobj.ROOT = findnss(nss.getpwnam, split(samba3.get_param("global", "admin users")));
234 subobj.NOBODY = findnss(nss.getpwnam, "nobody");
235 subobj.NOGROUP = findnss(nss.getgrnam, "nogroup", "nobody");
236 subobj.WHEEL = findnss(nss.getgrnam, "wheel", "root");
237 subobj.USERS = findnss(nss.getgrnam, "users", "guest", "other");
238 subobj.DNSDOMAIN = strlower(subobj.REALM);
239 subobj.DNSNAME = sprintf("%s.%s",
240 strlower(subobj.HOSTNAME),
242 subobj.BASEDN = "DC=" + join(",DC=", split(".", subobj.REALM));
243 rdn_list = split(".", subobj.REALM);
244 subobj.RDN_DC = rdn_list[0];
248 var keep = new Array(
262 "bind interfaces only",
267 "obey pam restrictions",
278 "client NTLMv2 auth",
279 "client lanman auth",
280 "client plaintext auth",
311 "name resolve order",
321 "paranoid server security",
324 "case insensitive filesystem",
362 "winbind separator");
364 function upgrade_smbconf(samba3)