3
# backend code for upgrading from Samba3
4
# Copyright Jelmer Vernooij 2005-2007
5
# Released under the GNU GPL v3 or later
8
"""Support code for upgrading from Samba 3 to Samba 4."""
10
__docformat__ = "restructuredText"
12
from provision import findnss, provision, FILL_DRS
20
from samba.samdb import SamDB
22
def import_sam_policy(samldb, samba3_policy, domaindn):
23
"""Import a Samba 3 policy database."""
24
samldb.modify_ldif("""
33
samba3ResetCountMinutes: %d
34
samba3UserMustLogonToChangePassword: %d
35
samba3BadLockoutMinutes: %d
36
samba3DisconnectTime: %d
38
""" % (dn, policy.min_password_length,
39
policy.password_history, policy.minimum_password_age,
40
policy.maximum_password_age, policy.lockout_duration,
41
policy.reset_count_minutes, policy.user_must_logon_to_change_password,
42
policy.bad_lockout_minutes, policy.disconnect_time))
45
def import_sam_account(samldb,acc,domaindn,domainsid):
46
"""Import a Samba 3 SAM account.
48
:param samldb: Samba 4 SAM Database handle
49
:param acc: Samba 3 account
50
:param domaindn: Domain DN
51
:param domainsid: Domain SID."""
52
if acc.nt_username is None or acc.nt_username == "":
53
acc.nt_username = acc.username
55
if acc.fullname is None:
57
acc.fullname = pwd.getpwnam(acc.username)[4].split(",")[0]
61
if acc.fullname is None:
62
acc.fullname = acc.username
64
assert acc.fullname is not None
65
assert acc.nt_username is not None
68
"dn": "cn=%s,%s" % (acc.fullname, domaindn),
69
"objectClass": ["top", "user"],
70
"lastLogon": str(acc.logon_time),
71
"lastLogoff": str(acc.logoff_time),
72
"unixName": acc.username,
73
"sAMAccountName": acc.nt_username,
74
"cn": acc.nt_username,
75
"description": acc.acct_desc,
76
"primaryGroupID": str(acc.group_rid),
77
"badPwdcount": str(acc.bad_password_count),
78
"logonCount": str(acc.logon_count),
79
"samba3Domain": acc.domain,
80
"samba3DirDrive": acc.dir_drive,
81
"samba3MungedDial": acc.munged_dial,
82
"samba3Homedir": acc.homedir,
83
"samba3LogonScript": acc.logon_script,
84
"samba3ProfilePath": acc.profile_path,
85
"samba3Workstations": acc.workstations,
86
"samba3KickOffTime": str(acc.kickoff_time),
87
"samba3BadPwdTime": str(acc.bad_password_time),
88
"samba3PassLastSetTime": str(acc.pass_last_set_time),
89
"samba3PassCanChangeTime": str(acc.pass_can_change_time),
90
"samba3PassMustChangeTime": str(acc.pass_must_change_time),
91
"objectSid": "%s-%d" % (domainsid, acc.user_rid),
92
"lmPwdHash:": acc.lm_password,
93
"ntPwdHash:": acc.nt_password,
97
def import_sam_group(samldb, sid, gid, sid_name_use, nt_name, comment, domaindn):
98
"""Upgrade a SAM group.
100
:param samldb: SAM database.
101
:param gid: Group GID
102
:param sid_name_use: SID name use
103
:param nt_name: NT Group Name
104
:param comment: NT Group Comment
105
:param domaindn: Domain DN
108
if sid_name_use == 5: # Well-known group
111
if nt_name in ("Domain Guests", "Domain Users", "Domain Admins"):
115
gr = grp.getgrnam(nt_name)
117
gr = grp.getgrgid(gid)
122
unixname = gr.gr_name
124
assert unixname is not None
127
"dn": "cn=%s,%s" % (nt_name, domaindn),
128
"objectClass": ["top", "group"],
129
"description": comment,
132
"unixName": unixname,
133
"samba3SidNameUse": str(sid_name_use)
137
def import_idmap(samdb,samba3_idmap,domaindn):
138
"""Import idmap data.
140
:param samdb: SamDB handle.
141
:param samba3_idmap: Samba 3 IDMAP database to import from
142
:param domaindn: Domain DN.
146
"userHwm": str(samba3_idmap.get_user_hwm()),
147
"groupHwm": str(samba3_idmap.get_group_hwm())})
149
for uid in samba3_idmap.uids():
150
samdb.add({"dn": "SID=%s,%s" % (samba3_idmap.get_user_sid(uid), domaindn),
151
"SID": samba3_idmap.get_user_sid(uid),
155
for gid in samba3_idmap.uids():
156
samdb.add({"dn": "SID=%s,%s" % (samba3_idmap.get_group_sid(gid), domaindn),
157
"SID": samba3_idmap.get_group_sid(gid),
162
def import_wins(samba4_winsdb, samba3_winsdb):
163
"""Import settings from a Samba3 WINS database.
165
:param samba4_winsdb: WINS database to import to
166
:param samba3_winsdb: WINS database to import from
170
for (name, (ttl, ips, nb_flags)) in samba3_winsdb.items():
173
type = int(name.split("#", 1)[1], 16)
188
if ttl > time.time():
189
rState = 0x0 # active
191
rState = 0x1 # released
193
nType = ((nb_flags & 0x60)>>5)
195
samba4_winsdb.add({"dn": "name=%s,type=0x%s" % tuple(name.split("#")),
196
"type": name.split("#")[1],
197
"name": name.split("#")[0],
198
"objectClass": "winsRecord",
199
"recordType": str(rType),
200
"recordState": str(rState),
201
"nodeType": str(nType),
202
"expireTime": ldb.timestring(ttl),
204
"versionID": str(version_id),
207
samba4_winsdb.add({"dn": "cn=VERSION",
209
"objectClass": "winsMaxVersion",
210
"maxVersion": str(version_id)})
212
def upgrade_provision(samba3, setup_dir, message, credentials, session_info, smbconf, targetdir):
213
oldconf = samba3.get_conf()
215
if oldconf.get("domain logons") == "True":
216
serverrole = "domain controller"
218
if oldconf.get("security") == "user":
219
serverrole = "standalone"
221
serverrole = "member server"
223
domainname = oldconf.get("workgroup")
225
domainname = str(domainname)
226
realm = oldconf.get("realm")
227
netbiosname = oldconf.get("netbios name")
229
secrets_db = samba3.get_secrets_db()
231
if domainname is None:
232
domainname = secrets_db.domains()[0]
233
message("No domain specified in smb.conf file, assuming '%s'" % domainname)
236
realm = domainname.lower()
237
message("No realm specified in smb.conf file, assuming '%s'\n" % realm)
239
domainguid = secrets_db.get_domain_guid(domainname)
240
domainsid = secrets_db.get_sid(domainname)
241
if domainsid is None:
242
message("Can't find domain secrets for '%s'; using random SID\n" % domainname)
244
if netbiosname is not None:
245
machinepass = secrets_db.get_machine_password(netbiosname)
249
result = provision(setup_dir=setup_dir, message=message,
250
samdb_fill=FILL_DRS, smbconf=smbconf, session_info=session_info,
251
credentials=credentials, realm=realm,
252
domain=domainname, domainsid=domainsid, domainguid=domainguid,
253
machinepass=machinepass, serverrole=serverrole, targetdir=targetdir)
255
import_wins(Ldb(result.paths.winsdb), samba3.get_wins_db())
257
# FIXME: import_registry(registry.Registry(), samba3.get_registry())
259
# FIXME: import_idmap(samdb,samba3.get_idmap_db(),domaindn)
261
groupdb = samba3.get_groupmapping_db()
262
for sid in groupdb.groupsids():
263
(gid, sid_name_use, nt_name, comment) = groupdb.get_group(sid)
264
# FIXME: import_sam_group(samdb, sid, gid, sid_name_use, nt_name, comment, domaindn)
268
passdb = samba3.get_sam_db()
271
#FIXME: import_sam_account(result.samdb, user, domaindn, domainsid)
273
if hasattr(passdb, 'ldap_url'):
274
message("Enabling Samba3 LDAP mappings for SAM database")
276
enable_samba3sam(result.samdb, passdb.ldap_url)
279
def enable_samba3sam(samdb, ldapurl):
280
"""Enable Samba 3 LDAP URL database.
282
:param samdb: SAM Database.
283
:param ldapurl: Samba 3 LDAP URL
285
samdb.modify_ldif("""
289
@LIST: samldb,operational,objectguid,rdn_name,samba3sam
292
samdb.add({"dn": "@MAP=samba3sam", "@MAP_URL": ldapurl})
309
"bind interfaces only",
314
"obey pam restrictions",
322
"client NTLMv2 auth",
323
"client lanman auth",
324
"client plaintext auth",
344
"name resolve order",
353
"paranoid server security",
389
def upgrade_smbconf(oldconf,mark):
390
"""Remove configuration variables not present in Samba4
392
:param oldconf: Old configuration structure
393
:param mark: Whether removed configuration variables should be
394
kept in the new configuration as "samba3:<name>"
396
data = oldconf.data()
397
newconf = param_init()
402
for k in smbconf_keep:
403
if smbconf_keep[k] == p:
408
newconf.set(s, p, oldconf.get(s, p))
410
newconf.set(s, "samba3:"+p, oldconf.get(s,p))
414
SAMBA3_PREDEF_NAMES = {
415
'HKLM': registry.HKEY_LOCAL_MACHINE,
418
def import_registry(samba4_registry, samba3_regdb):
419
"""Import a Samba 3 registry database into the Samba 4 registry.
421
:param samba4_registry: Samba 4 registry handle.
422
:param samba3_regdb: Samba 3 registry database handle.
424
def ensure_key_exists(keypath):
425
(predef_name, keypath) = keypath.split("/", 1)
426
predef_id = SAMBA3_PREDEF_NAMES[predef_name]
427
keypath = keypath.replace("/", "\\")
428
return samba4_registry.create_key(predef_id, keypath)
430
for key in samba3_regdb.keys():
431
key_handle = ensure_key_exists(key)
432
for subkey in samba3_regdb.subkeys(key):
433
ensure_key_exists(subkey)
434
for (value_name, (value_type, value_data)) in samba3_regdb.values(key).items():
435
key_handle.set_value(value_name, value_type, value_data)