2 backend code for upgrading from Samba3
3 Copyright Jelmer Vernooij 2005
4 Released under the GNU GPL v2 or later
9 function regkey_to_dn(name)
14 var as = split("/", name);
18 dn = sprintf("key=%s,", as[i]) + dn;
25 /* Where prefix is any of:
33 function upgrade_registry(regdb,prefix,ldb)
35 assert(regdb != undefined);
36 var prefix_up = strupper(prefix);
37 var ldif = new Array();
39 for (var i in regdb.keys) {
40 var rk = regdb.keys[i];
41 var pts = split("/", rk.name);
43 /* Only handle selected hive */
44 if (strupper(pts[0]) != prefix_up) {
48 var keydn = regkey_to_dn(rk.name);
50 var pts = split("/", rk.name);
52 /* Convert key name to dn */
53 ldif[rk.name] = sprintf("
59 for (var j in rk.values) {
60 var rv = rk.values[j];
62 ldif[rk.name + " (" + rv.name + ")"] = sprintf("
66 data:: %s", keydn, rv.name, rv.name, rv.type, ldb.encode(rv.data));
73 function upgrade_sam_policy(samba3,dn)
84 samba3ResetCountMinutes: %d
85 samba3UserMustLogonToChangePassword: %d
86 samba3BadLockoutMinutes: %d
87 samba3DisconnectTime: %d
88 samba3RefuseMachinePwdChange: %d
90 ", dn, samba3.policy.min_password_length,
91 samba3.policy.password_history, samba3.policy.minimum_password_age,
92 samba3.policy.maximum_password_age, samba3.policy.lockout_duration,
93 samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password,
94 samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time,
95 samba3.policy.refuse_machine_password_change
101 function upgrade_sam_account(acc,domaindn)
103 var ldb = ldb_init();
120 samba3LogonScript: %s
121 samba3ProfilePath: %s
122 samba3Workstations: %s
123 samba3KickOffTime: %d
125 samba3PassLastSetTime: %d
126 samba3PassCanChangeTime: %d
127 samba3PassMustChangeTime: %d
132 ", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username,
133 acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
134 acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script,
135 acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time,
136 acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc.user_rid,
137 ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw));
142 function upgrade_sam_group(grp,domaindn)
153 ", grp.nt_name, domaindn,
154 grp.comment, grp.nt_name, grp.sid, grp.sid_name_use);
159 function upgrade_winbind(samba3,domaindn)
167 ", samba3.idmap.user_hwm, samba3.idmap.group_hwm);
169 for (var i in samba3.idmap.mappings) {
170 var m = samba3.idmap.mappings[i];
171 ldif = ldif + sprintf("
175 unixID: %d", m.sid, domaindn, m.sid, m.type, m.unix_id);
182 function upgrade_wins(samba3)
185 for (i in samba3.winsentries) {
186 var e = samba3.winsentries[i];
188 ldif = ldif + sprintf("
194 ", e.type, e.name, e.name, e.type, e.nb_flags, sys.ldaptime(e.ttl));
196 for (var i in e.ips) {
197 ldif = ldif + sprintf("address: %s\n", e.ips[i]);
204 function upgrade_provision(samba3)
206 var subobj = new Object();
207 var nss = nss_init();
208 var lp = loadparm_init();
211 var domainname = samba3.configuration.get("workgroup");
213 if (domainname == undefined) {
214 domainname = samba3.secrets.domains[0].name;
215 println("No domain specified in smb.conf file, assuming '" + domainname + "'");
218 var domsec = samba3.find_domainsecrets(domainname);
219 var hostsec = samba3.find_domainsecrets(hostname());
220 var realm = samba3.configuration.get("realm");
222 if (realm == undefined) {
224 println("No realm specified in smb.conf file, assuming '" + realm + "'");
228 subobj.REALM = realm;
229 subobj.DOMAIN = domainname;
230 subobj.HOSTNAME = hostname();
232 assert(subobj.REALM);
233 assert(subobj.DOMAIN);
234 assert(subobj.HOSTNAME);
236 subobj.HOSTIP = hostip();
237 if (domsec != undefined) {
238 subobj.DOMAINGUID = domsec.guid;
239 subobj.DOMAINSID = domsec.sid;
241 println("Can't find domain secrets for '" + domainname + "'; using random SID and GUID");
242 subobj.DOMAINGUID = randguid();
243 subobj.DOMAINSID = randsid();
247 subobj.HOSTGUID = hostsec.guid;
249 subobj.HOSTGUID = randguid();
251 subobj.INVOCATIONID = randguid();
252 subobj.KRBTGTPASS = randpass(12);
253 subobj.MACHINEPASS = randpass(12);
254 subobj.ADMINPASS = randpass(12);
255 subobj.DEFAULTSITE = "Default-First-Site-Name";
256 subobj.NEWGUID = randguid;
257 subobj.NTTIME = nttime;
258 subobj.LDAPTIME = ldaptime;
259 subobj.DATESTRING = datestring;
260 subobj.USN = nextusn;
261 subobj.ROOT = findnss(nss.getpwnam, "root");
262 subobj.NOBODY = findnss(nss.getpwnam, "nobody");
263 subobj.NOGROUP = findnss(nss.getgrnam, "nogroup", "nobody");
264 subobj.WHEEL = findnss(nss.getgrnam, "wheel", "root");
265 subobj.USERS = findnss(nss.getgrnam, "users", "guest", "other");
266 subobj.DNSDOMAIN = strlower(subobj.REALM);
267 subobj.DNSNAME = sprintf("%s.%s",
268 strlower(subobj.HOSTNAME),
270 subobj.BASEDN = "DC=" + join(",DC=", split(".", subobj.REALM));
271 rdn_list = split(".", subobj.REALM);
275 smbconf_keep = new Array(
289 "bind interfaces only",
294 "obey pam restrictions",
302 "client NTLMv2 auth",
303 "client lanman auth",
304 "client plaintext auth",
324 "name resolve order",
333 "paranoid server security",
370 "winbind separator");
373 Remove configuration variables not present in Samba4
374 oldconf: Old configuration structure
375 mark: Whether removed configuration variables should be
376 kept in the new configuration as "samba3:<name>"
378 function upgrade_smbconf(oldconf,mark)
380 var data = oldconf.data();
381 var newconf = param_init();
383 for (var s in data) {
384 for (var p in data[s]) {
386 for (var k in smbconf_keep) {
387 if (smbconf_keep[k] == p) {
394 newconf.set(s, p, oldconf.get(s, p));
396 newconf.set(s, "samba3:"+p, oldconf.get(s,p));
404 function upgrade(subobj, samba3, message, paths)
407 var lp = loadparm_init();
408 var samdb = ldb_init();
409 var ok = samdb.connect(paths.samdb);
412 message("Writing configuration\n");
413 var newconf = upgrade_smbconf(samba3.configuration,true);
414 newconf.save(paths.smbconf);
416 message("Importing account policies\n");
417 var ldif = upgrade_sam_policy(samba3,subobj.BASEDN);
418 ok = samdb.modify(ldif);
421 message("Importing users\n");
422 for (var i in samba3.samaccounts) {
423 var msg = "... " + samba3.samaccounts[i].username;
424 var ldif = upgrade_sam_account(samba3.samaccounts[i],subobj.BASEDN);
425 ok = samdb.add(ldif);
427 msg = msg + "... error: " + samdb.errstring();
433 message("Importing groups\n");
434 for (var i in samba3.groupmappings) {
435 var msg = "... " + samba3.groupmappings[i].nt_name;
436 var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN);
437 ok = samdb.add(ldif);
439 msg = msg + "... error: " + samdb.errstring();
445 message("Importing registry data\n");
446 var hives = new Array("hkcr","hkcu","hklm","hkpd","hku","hkpt");
447 for (var i in hives) {
449 message("... " + hn + "\n");
450 var regdb = ldb_init();
451 ok = regdb.connect(paths[hn]);
453 var ldif = upgrade_registry(samba3.registry, hn, regdb);
454 for (var j in ldif) {
455 var msg = "... ... " + j;
456 ok = regdb.add(ldif[j]);
458 msg = msg + "... error: " + regdb.errstring();
465 message("Importing WINS data\n");
466 var winsdb = ldb_init();
467 ok = winsdb.connect(paths.winsdb);
471 var ldif = upgrade_wins(samba3);
472 ok = winsdb.add(ldif);
475 // figure out ldapurl, if applicable
476 var ldapurl = undefined;
477 var pdb = samba3.configuration.get_list("passdb backend");
478 if (pdb != undefined) {
480 if (substr(pdb[b], 0, 7) == "ldapsam") {
481 ldapurl = substr(pdb[b], 8);
486 // URL was not specified in passdb backend but ldap /is/ used
488 ldapurl = "ldap://" + samba3.configuration.get("ldap server");
491 // Enable samba3sam module if original passdb backend was ldap
492 if (ldapurl != undefined) {
493 message("Enabling Samba3 LDAP mappings for SAM database\n");
496 @MAP_URL: %s", ldapurl);
497 ok = samdb.add(ldif);
500 ok = samdb.modify("dn: @MODULES
502 @LIST: samldb,timestamps,objectguid,rdn_name,samba3sam");
509 function upgrade_verify(subobj, samba3,paths,message)
511 message("Verifying account policies\n");
512 var samldb = ldb_init();
515 var ok = samldb.connect(paths.samdb);