2 backend code for upgrading from Samba3
3 Copyright Jelmer Vernooij 2005
4 Released under the GNU GPL v2 or later
9 function regkey_to_dn(name)
14 var as = split("/", name);
18 dn = sprintf("key=%s,", as[i]) + dn;
25 /* Where prefix is any of:
33 function upgrade_registry(regdb,prefix)
35 assert(regdb != undefined);
36 var prefix_up = strupper(prefix);
40 for (var i in regdb.keys) {
41 var rk = regdb.keys[i];
42 var pts = split("/", rk.name);
44 /* Only handle selected hive */
45 if (strupper(pts[0]) != prefix_up) {
49 var keydn = regkey_to_dn(rk.name);
51 var pts = split("/", rk.name);
53 /* Convert key name to dn */
54 ldif = ldif + sprintf("
60 for (var j in rk.values) {
61 var rv = rk.values[j];
63 ldif = ldif + sprintf("
67 data:: %s", keydn, rv.value, rv.type, base64(rv.data));
74 function upgrade_sam_policy(samba3,dn)
85 samba3ResetCountMinutes: %d
86 samba3UserMustLogonToChangePassword: %d
87 samba3BadLockoutMinutes: %d
88 samba3DisconnectTime: %d
89 samba3RefuseMachinePwdChange: %d
91 ", dn, samba3.policy.min_password_length,
92 samba3.policy.password_history, samba3.policy.minimum_password_age,
93 samba3.policy.maximum_password_age, samba3.policy.lockout_duration,
94 samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password,
95 samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time,
96 samba3.policy.refuse_machine_password_change
102 function upgrade_sam_account(acc,domaindn)
122 samba3LogonScript: %s
123 samba3ProfilePath: %s
124 samba3Workstations: %s
125 samba3KickOffTime: %d
127 samba3PassLastSetTime: %d
128 samba3PassCanChangeTime: %d
129 samba3PassMustChangeTime: %d
132 ", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username,
133 acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
134 acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script,
135 acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time,
136 acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc.user_rid);
138 /* FIXME: Passwords */
143 function upgrade_sam_group(grp,domaindn)
154 ", grp.nt_name, domaindn,
155 grp.comment, grp.nt_name, grp.sid, grp.sid_name_use);
160 function upgrade_winbind(samba3,domaindn)
168 ", samba3.idmap.user_hwm, samba3.idmap.group_hwm);
170 for (var i in samba3.idmap.mappings) {
171 var m = samba3.idmap.mappings[i];
172 ldif = ldif + sprintf("
176 unixID: %d", m.sid, domaindn, m.sid, m.type, m.unix_id);
183 function upgrade_wins(samba3)
186 for (i in samba3.winsentries) {
187 var e = samba3.winsentries[i];
189 ldif = ldif + sprintf("
195 ", e.type, e.name, e.name, e.type, e.nb_flags, sys.ldaptime(e.ttl));
197 for (var i in e.ips) {
198 ldif = ldif + sprintf("address: %s\n", e.ips[i]);
205 function upgrade_provision(samba3)
207 var subobj = new Object();
208 var nss = nss_init();
209 var lp = loadparm_init();
212 var domainname = samba3.get_param("global", "workgroup");
214 if (domainname == undefined) {
215 domainname = samba3.secrets.domains[0].name;
216 println("No domain specified in smb.conf file, assuming '" + domainname + "'");
219 var domsec = samba3.find_domainsecrets(domainname);
220 var hostsec = samba3.find_domainsecrets(hostname());
221 var realm = samba3.get_param("global", "realm");
223 if (realm == undefined) {
225 println("No realm specified in smb.conf file, assuming '" + realm + "'");
229 subobj.REALM = realm;
230 subobj.DOMAIN = domainname;
231 subobj.HOSTNAME = hostname();
233 assert(subobj.REALM);
234 assert(subobj.DOMAIN);
235 assert(subobj.HOSTNAME);
237 subobj.HOSTIP = hostip();
238 if (domsec != undefined) {
239 subobj.DOMAINGUID = domsec.guid;
240 subobj.DOMAINSID = domsec.sid;
242 println("Can't find domain secrets for '" + domainname + "'; using random SID and GUID");
243 subobj.DOMAINGUID = randguid();
244 subobj.DOMAINSID = randsid();
248 subobj.HOSTGUID = hostsec.guid;
250 subobj.HOSTGUID = randguid();
252 subobj.INVOCATIONID = randguid();
253 subobj.KRBTGTPASS = randpass(12);
254 subobj.MACHINEPASS = randpass(12);
255 subobj.ADMINPASS = randpass(12);
256 subobj.DEFAULTSITE = "Default-First-Site-Name";
257 subobj.NEWGUID = randguid;
258 subobj.NTTIME = nttime;
259 subobj.LDAPTIME = ldaptime;
260 subobj.DATESTRING = datestring;
261 subobj.USN = nextusn;
262 subobj.ROOT = findnss(nss.getpwnam, "root");
263 subobj.NOBODY = findnss(nss.getpwnam, "nobody");
264 subobj.NOGROUP = findnss(nss.getgrnam, "nogroup", "nobody");
265 subobj.WHEEL = findnss(nss.getgrnam, "wheel", "root");
266 subobj.USERS = findnss(nss.getgrnam, "users", "guest", "other");
267 subobj.DNSDOMAIN = strlower(subobj.REALM);
268 subobj.DNSNAME = sprintf("%s.%s",
269 strlower(subobj.HOSTNAME),
271 subobj.BASEDN = "DC=" + join(",DC=", split(".", subobj.REALM));
272 rdn_list = split(".", subobj.REALM);
276 var keep = new Array(
290 "bind interfaces only",
295 "obey pam restrictions",
306 "client NTLMv2 auth",
307 "client lanman auth",
308 "client plaintext auth",
339 "name resolve order",
349 "paranoid server security",
352 "case insensitive filesystem",
390 "winbind separator");
392 function upgrade_smbconf(samba3)
397 function upgrade(subobj, samba3, message)
399 var samdb = ldb_init();
400 var ok = samdb.connect("sam.ldb");
403 message("Importing account policies\n");
404 var ldif = upgrade_sam_policy(samba3,subobj.BASEDN);
405 ok = samdb.modify(ldif);
408 // FIXME: Enable samba3sam module if original passdb backend was ldap
410 message("Importing users\n");
411 for (var i in samba3.samaccounts) {
412 message("... " + samba3.samaccounts[i].username + "\n");
413 var ldif = upgrade_sam_account(samba3.samaccounts[i],subobj.BASEDN);
414 ok = samdb.add(ldif);
418 message("Importing groups\n");
419 for (var i in samba3.groupmappings) {
420 message("... " + samba3.groupmappings[i].nt_name + "\n");
421 var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN);
422 ok = samdb.add(ldif);
426 message("Importing registry data\n");
427 var hives = new Array("hkcr","hkcu","hklm","hkpd","hku","hkpt");
428 for (var i in hives) {
429 message("... " + hives[i] + "\n");
430 var regdb = ldb_init();
431 ok = regdb.connect(hives[i] + ".ldb");
433 var ldif = upgrade_registry(samba3.registry, hives[i]);
434 ok = regdb.add(ldif);
438 message("Importing WINS data\n");
439 var winsdb = ldb_init();
440 ok = winsdb.connect("wins.ldb");
443 var ldif = upgrade_wins(samba3);
444 ok = winsdb.add(ldif);