From c926cddfad97713ca017c03e61c6e90414c1ad62 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 10 Dec 2007 09:29:00 +0100 Subject: r26366: Import provision scripts in Python. (This used to be commit 090c799f98adf2c4186daca445c81b4e26e91f2f) --- source4/scripting/python/samba/upgrade.py | 561 ++++++++++++++++++++++++++++++ 1 file changed, 561 insertions(+) create mode 100644 source4/scripting/python/samba/upgrade.py (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py new file mode 100644 index 0000000000..49aee3f94d --- /dev/null +++ b/source4/scripting/python/samba/upgrade.py @@ -0,0 +1,561 @@ +#!/usr/bin/python +# +# backend code for upgrading from Samba3 +# Copyright Jelmer Vernooij 2005-2007 +# Released under the GNU GPL v3 or later +# + +"""Support code for upgrading from Samba 3 to Samba 4.""" + +from provision import findnss +import provision +import grp +import pwd +from uuid import uuid4 +from param import default_configuration + +def regkey_to_dn(name): + dn = "hive=NONE" + + for el in name.split("/")[1:]: + dn = "key=%s," % el + dn + + return dn + +# Where prefix is any of: +# - HKLM +# HKU +# HKCR +# HKPD +# HKPT +# + +def upgrade_registry(regdb,prefix,ldb): + """Migrate registry contents.""" + assert regdb is not None: + prefix_up = prefix.upper() + ldif = [] + + for rk in regdb.keys: + pts = rk.name.split("/") + + # Only handle selected hive + if pts[0].upper() != prefix_up: + continue + + keydn = regkey_to_dn(rk.name) + + pts = rk.name.split("/") + + # Convert key name to dn + ldif[rk.name] = """ +dn: %s +name: %s + +""" % (keydn, pts[0]) + + for rv in rk.values: + ldif[rk.name + " (" + rv.name + ")"] = """ +dn: %s,value=%s +value: %s +type: %d +data:: %s""" % (keydn, rv.name, rv.name, rv.type, ldb.encode(rv.data)) + + return ldif + +def upgrade_sam_policy(samba3,dn): + ldif = """ +dn: %s +changetype: modify +replace: minPwdLength +minPwdLength: %d +pwdHistoryLength: %d +minPwdAge: %d +maxPwdAge: %d +lockoutDuration: %d +samba3ResetCountMinutes: %d +samba3UserMustLogonToChangePassword: %d +samba3BadLockoutMinutes: %d +samba3DisconnectTime: %d + +""" % (dn, samba3.policy.min_password_length, + samba3.policy.password_history, samba3.policy.minimum_password_age, + samba3.policy.maximum_password_age, samba3.policy.lockout_duration, + samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password, + samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time) + + return ldif + +def upgrade_sam_account(ldb,acc,domaindn,domainsid): + """Upgrade a SAM account.""" + if acc.nt_username is None or acc.nt_username == "": + acc.nt_username = acc.username + + if acc.fullname is None: + acc.fullname = pwd.getpwnam(acc.fullname)[4] + + acc.fullname = acc.fullname.split(",")[0] + + if acc.fullname is None: + acc.fullname = acc.username + + assert acc.fullname is not None + assert acc.nt_username is not None + + ldif = """dn: cn=%s,%s +objectClass: top +objectClass: user +lastLogon: %d +lastLogoff: %d +unixName: %s +sAMAccountName: %s +cn: %s +description: %s +primaryGroupID: %d +badPwdcount: %d +logonCount: %d +samba3Domain: %s +samba3DirDrive: %s +samba3MungedDial: %s +samba3Homedir: %s +samba3LogonScript: %s +samba3ProfilePath: %s +samba3Workstations: %s +samba3KickOffTime: %d +samba3BadPwdTime: %d +samba3PassLastSetTime: %d +samba3PassCanChangeTime: %d +samba3PassMustChangeTime: %d +objectSid: %s-%d +lmPwdHash:: %s +ntPwdHash:: %s + +""" % (ldb.dn_escape(acc.fullname), domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username, acc.nt_username, +acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count, +acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script, +acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time, +acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, domainsid, acc.user_rid, + ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw)) + + return ldif + +def upgrade_sam_group(group,domaindn): + """Upgrade a SAM group.""" + if group.sid_name_use == 5: # Well-known group + return None + + if group.nt_name in ("Domain Guests", "Domain Users", "Domain Admins"): + return None + + if group.gid == -1: + gr = grp.getgrnam(grp.nt_name) + else: + gr = grp.getgrgid(grp.gid) + + if gr is None: + group.unixname = "UNKNOWN" + else: + group.unixname = gr.gr_name + + assert group.unixname is not None + + ldif = """dn: cn=%s,%s +objectClass: top +objectClass: group +description: %s +cn: %s +objectSid: %s +unixName: %s +samba3SidNameUse: %d +""" % (group.nt_name, domaindn, +group.comment, group.nt_name, group.sid, group.unixname, group.sid_name_use) + + return ldif + +def upgrade_winbind(samba3,domaindn): + ldif = """ + +dn: dc=none +userHwm: %d +groupHwm: %d + +""" % (samba3.idmap.user_hwm, samba3.idmap.group_hwm) + + for m in samba3.idmap.mappings: + ldif += """ +dn: SID=%s,%s +SID: %s +type: %d +unixID: %d""" % (m.sid, domaindn, m.sid, m.type, m.unix_id) + + return ldif + +def upgrade_wins(samba3): + ldif = "" + version_id = 0 + + for e in samba3.winsentries: + now = sys.nttime() + ttl = sys.unix2nttime(e.ttl) + + version_id+=1 + + numIPs = len(e.ips) + + if e.type == 0x1C: + rType = 0x2 + elif e.type & 0x80: + if numIPs > 1: + rType = 0x2 + else: + rType = 0x1 + else: + if numIPs > 1: + rType = 0x3 + else: + rType = 0x0 + + if ttl > now: + rState = 0x0 # active + else: + rState = 0x1 # released + + nType = ((e.nb_flags & 0x60)>>5) + + ldif += """ +dn: name=%s,type=0x%02X +type: 0x%02X +name: %s +objectClass: winsRecord +recordType: %u +recordState: %u +nodeType: %u +isStatic: 0 +expireTime: %s +versionID: %llu +""" % (e.name, e.type, e.type, e.name, + rType, rState, nType, + ldaptime(ttl), version_id) + + for ip in e.ips: + ldif += "address: %s\n" % ip + + ldif += """ +dn: CN=VERSION +objectClass: winsMaxVersion +maxVersion: %llu +""" % version_id + + return ldif + +def upgrade_provision(lp, samba3): + subobj = Object() + + domainname = samba3.configuration.get("workgroup") + + if domainname is None: + domainname = samba3.secrets.domains[0].name + print "No domain specified in smb.conf file, assuming '%s'\n" % domainname + + domsec = samba3.find_domainsecrets(domainname) + hostsec = samba3.find_domainsecrets(hostname()) + realm = samba3.configuration.get("realm") + + if realm is None: + realm = domainname + print "No realm specified in smb.conf file, assuming '%s'\n" % realm + random_init(local) + + subobj.realm = realm + subobj.domain = domainname + subobj.hostname = hostname() + + assert subobj.realm is not None + assert subobj.domain is not None + assert subobj.hostname is not None + + subobj.HOSTIP = hostip() + if domsec is not None: + subobj.DOMAINGUID = domsec.guid + subobj.DOMAINSID = domsec.sid + else: + print "Can't find domain secrets for '%s'; using random SID and GUID\n" % domainname + subobj.DOMAINGUID = uuid4() + subobj.DOMAINSID = randsid() + + if hostsec: + subobj.HOSTGUID = hostsec.guid + else: + subobj.HOSTGUID = uuid4() + subobj.invocationid = uuid4() + subobj.krbtgtpass = randpass(12) + subobj.machinepass = randpass(12) + subobj.adminpass = randpass(12) + subobj.datestring = datestring() + subobj.root = findnss(pwd.getpwnam, "root")[4] + subobj.nobody = findnss(pwd.getpwnam, "nobody")[4] + subobj.nogroup = findnss(grp.getgrnam, "nogroup", "nobody")[2] + subobj.wheel = findnss(grp.getgrnam, "wheel", "root")[2] + subobj.users = findnss(grp.getgrnam, "users", "guest", "other")[2] + subobj.dnsdomain = subobj.realm.lower() + subobj.dnsname = "%s.%s" % (subobj.hostname.lower(), subobj.dnsdomain) + subobj.basedn = "DC=" + ",DC=".join(subobj.realm.split(".")) + rdn_list = subobj.dnsdomain.split(".") + subobj.domaindn = "DC=" + ",DC=".join(rdn_list) + subobj.domaindn_ldb = "users.ldb" + subobj.rootdn = subobj.domaindn + + modules_list = ["rootdse", + "kludge_acl", + "paged_results", + "server_sort", + "extended_dn", + "asq", + "samldb", + "password_hash", + "operational", + "objectclass", + "rdn_name", + "show_deleted", + "partition"] + subobj.modules_list = ",".join(modules_list) + + return subobj + +smbconf_keep = [ + "dos charset", + "unix charset", + "display charset", + "comment", + "path", + "directory", + "workgroup", + "realm", + "netbios name", + "netbios aliases", + "netbios scope", + "server string", + "interfaces", + "bind interfaces only", + "security", + "auth methods", + "encrypt passwords", + "null passwords", + "obey pam restrictions", + "password server", + "smb passwd file", + "private dir", + "passwd chat", + "password level", + "lanman auth", + "ntlm auth", + "client NTLMv2 auth", + "client lanman auth", + "client plaintext auth", + "read only", + "hosts allow", + "hosts deny", + "log level", + "debuglevel", + "log file", + "smb ports", + "large readwrite", + "max protocol", + "min protocol", + "unicode", + "read raw", + "write raw", + "disable netbios", + "nt status support", + "announce version", + "announce as", + "max mux", + "max xmit", + "name resolve order", + "max wins ttl", + "min wins ttl", + "time server", + "unix extensions", + "use spnego", + "server signing", + "client signing", + "max connections", + "paranoid server security", + "socket options", + "strict sync", + "max print jobs", + "printable", + "print ok", + "printer name", + "printer", + "map system", + "map hidden", + "map archive", + "preferred master", + "prefered master", + "local master", + "browseable", + "browsable", + "wins server", + "wins support", + "csc policy", + "strict locking", + "preload", + "auto services", + "lock dir", + "lock directory", + "pid directory", + "socket address", + "copy", + "include", + "available", + "volume", + "fstype", + "panic action", + "msdfs root", + "host msdfs", + "winbind separator"] + +# +# Remove configuration variables not present in Samba4 +# oldconf: Old configuration structure +# mark: Whether removed configuration variables should be +# kept in the new configuration as "samba3:" +def upgrade_smbconf(oldconf,mark): + data = oldconf.data() + newconf = param_init() + + for (s in data) { + for (p in data[s]) { + keep = False + for (k in smbconf_keep) { + if smbconf_keep[k] == p: + keep = True + break + } + + if keep: + newconf.set(s, p, oldconf.get(s, p)) + elif mark: + newconf.set(s, "samba3:"+p, oldconf.get(s,p)) + } + } + + if oldconf.get("domain logons") == "True": + newconf.set("server role", "domain controller") + else: + if oldconf.get("security") == "user": + newconf.set("server role", "standalone") + else: + newconf.set("server role", "member server") + + return newconf + +def upgrade(subobj, samba3, message, paths, session_info, credentials): + ret = 0 + lp = loadparm_init() + samdb = Ldb(paths.samdb, session_info=session_info, credentials=credentials) + + message("Writing configuration") + newconf = upgrade_smbconf(samba3.configuration,True) + newconf.save(paths.smbconf) + + message("Importing account policies") + ldif = upgrade_sam_policy(samba3,subobj.BASEDN) + samdb.modify(ldif) + regdb = Ldb(paths.hklm) + + regdb.modify(" +dn: value=RefusePasswordChange,key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=System,HIVE=NONE +replace: type +type: 4 +replace: data +data: %d +" % samba3.policy.refuse_machine_password_change) + + message("Importing users") + for account in samba3.samaccounts: + msg = "... " + account.username + ldif = upgrade_sam_account(samdb, accounts,subobj.BASEDN,subobj.DOMAINSID) + try: + samdb.add(ldif) + except LdbError, e: + # FIXME: Ignore 'Record exists' errors + msg += "... error: " + str(e) + ret += 1; + message(msg) + + message("Importing groups") + for mapping in samba3.groupmappings: + msg = "... " + mapping.nt_name + ldif = upgrade_sam_group(mapping, subobj.BASEDN) + if ldif is not None: + try: + samdb.add(ldif) + except LdbError, e: + # FIXME: Ignore 'Record exists' errors + msg += "... error: " + str(e) + ret += 1 + message(msg) + + message("Importing registry data") + for hive in ["hkcr","hkcu","hklm","hkpd","hku","hkpt"]: + message("... " + hive) + regdb = Ldb(paths[hive]) + ldif = upgrade_registry(samba3.registry, hive, regdb) + for (var j in ldif) { + var msg = "... ... " + j + try: + regdb.add(ldif[j]) + except LdbError, e: + # FIXME: Ignore 'Record exists' errors + msg += "... error: " + str(e) + ret += 1 + message(msg) + + message("Importing WINS data") + winsdb = Ldb(paths.winsdb) + ldb_erase(winsdb) + + ldif = upgrade_wins(samba3) + winsdb.add(ldif) + + # figure out ldapurl, if applicable + ldapurl = None + pdb = samba3.configuration.get_list("passdb backend") + if pdb is not None: + for backend in pdb: + if len(backend) >= 7 and backend[0:7] == "ldapsam": + ldapurl = backend[7:] + + # URL was not specified in passdb backend but ldap /is/ used + if ldapurl == "": + ldapurl = "ldap://%s" % samba3.configuration.get("ldap server") + + # Enable samba3sam module if original passdb backend was ldap + if ldapurl is not None: + message("Enabling Samba3 LDAP mappings for SAM database") + + samdb.modify(""" +dn: @MODULES +changetype: modify +replace: @LIST +@LIST: samldb,operational,objectguid,rdn_name,samba3sam +""") + + samdb.add(""" +dn: @MAP=samba3sam +@MAP_URL: %s""", ldapurl)) + + return ret + +def upgrade_verify(subobj, samba3, paths, message): + message("Verifying account policies") + + samldb = Ldb(paths.samdb) + + for account in samba3.samaccounts: + msg = samldb.search("(&(sAMAccountName=" + account.nt_username + ")(objectclass=user))") + assert(len(msg) >= 1) + + # FIXME -- cgit From b414ac505282f5a2a59c7580a19dfbd86489676e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 10 Dec 2007 10:29:20 +0100 Subject: r26369: Start on tests for the upgrade python code. (This used to be commit c4458d11c710d4f0f892b26c7cb0701a43273587) --- source4/scripting/python/samba/upgrade.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 49aee3f94d..1908e3ea55 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -15,6 +15,7 @@ from uuid import uuid4 from param import default_configuration def regkey_to_dn(name): + """Convert a registry key to a DN.""" dn = "hive=NONE" for el in name.split("/")[1:]: @@ -191,6 +192,7 @@ unixID: %d""" % (m.sid, domaindn, m.sid, m.type, m.unix_id) return ldif def upgrade_wins(samba3): + """Upgrade the WINS database.""" ldif = "" version_id = 0 -- cgit From 323c174be37214d561a5d525a7c3eef47ac700e8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 17 Dec 2007 12:19:45 +0100 Subject: r26506: Start running (really trivial) tests for upgrade script. (This used to be commit 73bd4a9566d15f85a971e3a87cefbec2e2eece1c) --- source4/scripting/python/samba/upgrade.py | 602 +++++++++++++++--------------- 1 file changed, 301 insertions(+), 301 deletions(-) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 1908e3ea55..783cc008d5 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -11,17 +11,19 @@ from provision import findnss import provision import grp import pwd -from uuid import uuid4 -from param import default_configuration +import uuid def regkey_to_dn(name): """Convert a registry key to a DN.""" - dn = "hive=NONE" + dn = "hive=NONE" - for el in name.split("/")[1:]: + if name == "": + return dn + + for el in name.split("/"): dn = "key=%s," % el + dn - return dn + return dn # Where prefix is any of: # - HKLM @@ -33,39 +35,39 @@ def regkey_to_dn(name): def upgrade_registry(regdb,prefix,ldb): """Migrate registry contents.""" - assert regdb is not None: - prefix_up = prefix.upper() - ldif = [] + assert regdb is not None + prefix_up = prefix.upper() + ldif = [] for rk in regdb.keys: - pts = rk.name.split("/") + pts = rk.name.split("/") - # Only handle selected hive + # Only handle selected hive if pts[0].upper() != prefix_up: - continue + continue - keydn = regkey_to_dn(rk.name) + keydn = regkey_to_dn(rk.name) - pts = rk.name.split("/") + pts = rk.name.split("/") - # Convert key name to dn - ldif[rk.name] = """ + # Convert key name to dn + ldif[rk.name] = """ dn: %s name: %s """ % (keydn, pts[0]) - + for rv in rk.values: - ldif[rk.name + " (" + rv.name + ")"] = """ + ldif[rk.name + " (" + rv.name + ")"] = """ dn: %s,value=%s value: %s type: %d data:: %s""" % (keydn, rv.name, rv.name, rv.type, ldb.encode(rv.data)) - return ldif + return ldif def upgrade_sam_policy(samba3,dn): - ldif = """ + ldif = """ dn: %s changetype: modify replace: minPwdLength @@ -80,30 +82,30 @@ samba3BadLockoutMinutes: %d samba3DisconnectTime: %d """ % (dn, samba3.policy.min_password_length, - samba3.policy.password_history, samba3.policy.minimum_password_age, - samba3.policy.maximum_password_age, samba3.policy.lockout_duration, - samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password, - samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time) - - return ldif + samba3.policy.password_history, samba3.policy.minimum_password_age, + samba3.policy.maximum_password_age, samba3.policy.lockout_duration, + samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password, + samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time) + + return ldif def upgrade_sam_account(ldb,acc,domaindn,domainsid): """Upgrade a SAM account.""" if acc.nt_username is None or acc.nt_username == "": - acc.nt_username = acc.username + acc.nt_username = acc.username if acc.fullname is None: - acc.fullname = pwd.getpwnam(acc.fullname)[4] + acc.fullname = pwd.getpwnam(acc.fullname)[4] - acc.fullname = acc.fullname.split(",")[0] + acc.fullname = acc.fullname.split(",")[0] if acc.fullname is None: - acc.fullname = acc.username - - assert acc.fullname is not None - assert acc.nt_username is not None + acc.fullname = acc.username + + assert acc.fullname is not None + assert acc.nt_username is not None - ldif = """dn: cn=%s,%s + ldif = """dn: cn=%s,%s objectClass: top objectClass: user lastLogon: %d @@ -136,31 +138,31 @@ acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count, acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script, acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time, acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, domainsid, acc.user_rid, - ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw)) + ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw)) - return ldif + return ldif def upgrade_sam_group(group,domaindn): """Upgrade a SAM group.""" - if group.sid_name_use == 5: # Well-known group - return None + if group.sid_name_use == 5: # Well-known group + return None if group.nt_name in ("Domain Guests", "Domain Users", "Domain Admins"): - return None - + return None + if group.gid == -1: - gr = grp.getgrnam(grp.nt_name) + gr = grp.getgrnam(grp.nt_name) else: - gr = grp.getgrgid(grp.gid) + gr = grp.getgrgid(grp.gid) if gr is None: - group.unixname = "UNKNOWN" + group.unixname = "UNKNOWN" else: - group.unixname = gr.gr_name + group.unixname = gr.gr_name - assert group.unixname is not None - - ldif = """dn: cn=%s,%s + assert group.unixname is not None + + ldif = """dn: cn=%s,%s objectClass: top objectClass: group description: %s @@ -171,11 +173,11 @@ samba3SidNameUse: %d """ % (group.nt_name, domaindn, group.comment, group.nt_name, group.sid, group.unixname, group.sid_name_use) - return ldif + return ldif def upgrade_winbind(samba3,domaindn): - ldif = """ - + ldif = """ + dn: dc=none userHwm: %d groupHwm: %d @@ -183,48 +185,48 @@ groupHwm: %d """ % (samba3.idmap.user_hwm, samba3.idmap.group_hwm) for m in samba3.idmap.mappings: - ldif += """ + ldif += """ dn: SID=%s,%s SID: %s type: %d unixID: %d""" % (m.sid, domaindn, m.sid, m.type, m.unix_id) - - return ldif + + return ldif def upgrade_wins(samba3): """Upgrade the WINS database.""" - ldif = "" - version_id = 0 + ldif = "" + version_id = 0 for e in samba3.winsentries: - now = sys.nttime() - ttl = sys.unix2nttime(e.ttl) + now = sys.nttime() + ttl = sys.unix2nttime(e.ttl) - version_id+=1 + version_id+=1 numIPs = len(e.ips) if e.type == 0x1C: - rType = 0x2 + rType = 0x2 elif e.type & 0x80: if numIPs > 1: - rType = 0x2 + rType = 0x2 else: - rType = 0x1 + rType = 0x1 else: if numIPs > 1: - rType = 0x3 + rType = 0x3 else: - rType = 0x0 + rType = 0x0 if ttl > now: - rState = 0x0 # active + rState = 0x0 # active else: - rState = 0x1 # released + rState = 0x1 # released - nType = ((e.nb_flags & 0x60)>>5) + nType = ((e.nb_flags & 0x60)>>5) - ldif += """ + ldif += """ dn: name=%s,type=0x%02X type: 0x%02X name: %s @@ -240,324 +242,322 @@ versionID: %llu ldaptime(ttl), version_id) for ip in e.ips: - ldif += "address: %s\n" % ip + ldif += "address: %s\n" % ip - ldif += """ + ldif += """ dn: CN=VERSION objectClass: winsMaxVersion maxVersion: %llu """ % version_id - return ldif + return ldif def upgrade_provision(lp, samba3): - subobj = Object() + subobj = Object() - domainname = samba3.configuration.get("workgroup") - + domainname = samba3.configuration.get("workgroup") + if domainname is None: - domainname = samba3.secrets.domains[0].name - print "No domain specified in smb.conf file, assuming '%s'\n" % domainname - - domsec = samba3.find_domainsecrets(domainname) - hostsec = samba3.find_domainsecrets(hostname()) - realm = samba3.configuration.get("realm") + domainname = samba3.secrets.domains[0].name + print "No domain specified in smb.conf file, assuming '%s'\n" % domainname + + domsec = samba3.find_domainsecrets(domainname) + hostsec = samba3.find_domainsecrets(hostname()) + realm = samba3.configuration.get("realm") if realm is None: - realm = domainname - print "No realm specified in smb.conf file, assuming '%s'\n" % realm - random_init(local) + realm = domainname + print "No realm specified in smb.conf file, assuming '%s'\n" % realm + random_init(local) - subobj.realm = realm - subobj.domain = domainname - subobj.hostname = hostname() + subobj.realm = realm + subobj.domain = domainname + subobj.hostname = hostname() - assert subobj.realm is not None - assert subobj.domain is not None - assert subobj.hostname is not None + assert subobj.realm is not None + assert subobj.domain is not None + assert subobj.hostname is not None - subobj.HOSTIP = hostip() + subobj.HOSTIP = hostip() if domsec is not None: - subobj.DOMAINGUID = domsec.guid - subobj.DOMAINSID = domsec.sid + subobj.DOMAINGUID = domsec.guid + subobj.DOMAINSID = domsec.sid else: - print "Can't find domain secrets for '%s'; using random SID and GUID\n" % domainname - subobj.DOMAINGUID = uuid4() - subobj.DOMAINSID = randsid() - + print "Can't find domain secrets for '%s'; using random SID and GUID\n" % domainname + subobj.DOMAINGUID = uuid.random() + subobj.DOMAINSID = randsid() + if hostsec: - subobj.HOSTGUID = hostsec.guid + subobj.HOSTGUID = hostsec.guid else: - subobj.HOSTGUID = uuid4() - subobj.invocationid = uuid4() - subobj.krbtgtpass = randpass(12) - subobj.machinepass = randpass(12) - subobj.adminpass = randpass(12) - subobj.datestring = datestring() - subobj.root = findnss(pwd.getpwnam, "root")[4] - subobj.nobody = findnss(pwd.getpwnam, "nobody")[4] - subobj.nogroup = findnss(grp.getgrnam, "nogroup", "nobody")[2] - subobj.wheel = findnss(grp.getgrnam, "wheel", "root")[2] - subobj.users = findnss(grp.getgrnam, "users", "guest", "other")[2] - subobj.dnsdomain = subobj.realm.lower() - subobj.dnsname = "%s.%s" % (subobj.hostname.lower(), subobj.dnsdomain) - subobj.basedn = "DC=" + ",DC=".join(subobj.realm.split(".")) - rdn_list = subobj.dnsdomain.split(".") - subobj.domaindn = "DC=" + ",DC=".join(rdn_list) - subobj.domaindn_ldb = "users.ldb" - subobj.rootdn = subobj.domaindn - - modules_list = ["rootdse", - "kludge_acl", - "paged_results", - "server_sort", - "extended_dn", - "asq", - "samldb", - "password_hash", - "operational", - "objectclass", - "rdn_name", - "show_deleted", - "partition"] - subobj.modules_list = ",".join(modules_list) - - return subobj + subobj.HOSTGUID = uuid.random() + subobj.invocationid = uuid.random() + subobj.krbtgtpass = randpass(12) + subobj.machinepass = randpass(12) + subobj.adminpass = randpass(12) + subobj.datestring = datestring() + subobj.root = findnss(pwd.getpwnam, "root")[4] + subobj.nobody = findnss(pwd.getpwnam, "nobody")[4] + subobj.nogroup = findnss(grp.getgrnam, "nogroup", "nobody")[2] + subobj.wheel = findnss(grp.getgrnam, "wheel", "root")[2] + subobj.users = findnss(grp.getgrnam, "users", "guest", "other")[2] + subobj.dnsdomain = subobj.realm.lower() + subobj.dnsname = "%s.%s" % (subobj.hostname.lower(), subobj.dnsdomain) + subobj.basedn = "DC=" + ",DC=".join(subobj.realm.split(".")) + rdn_list = subobj.dnsdomain.split(".") + subobj.domaindn = "DC=" + ",DC=".join(rdn_list) + subobj.domaindn_ldb = "users.ldb" + subobj.rootdn = subobj.domaindn + + modules_list = ["rootdse", + "kludge_acl", + "paged_results", + "server_sort", + "extended_dn", + "asq", + "samldb", + "password_hash", + "operational", + "objectclass", + "rdn_name", + "show_deleted", + "partition"] + subobj.modules_list = ",".join(modules_list) + + return subobj smbconf_keep = [ - "dos charset", - "unix charset", - "display charset", - "comment", - "path", - "directory", - "workgroup", - "realm", - "netbios name", - "netbios aliases", - "netbios scope", - "server string", - "interfaces", - "bind interfaces only", - "security", - "auth methods", - "encrypt passwords", - "null passwords", - "obey pam restrictions", - "password server", - "smb passwd file", - "private dir", - "passwd chat", - "password level", - "lanman auth", - "ntlm auth", - "client NTLMv2 auth", - "client lanman auth", - "client plaintext auth", - "read only", - "hosts allow", - "hosts deny", - "log level", - "debuglevel", - "log file", - "smb ports", - "large readwrite", - "max protocol", - "min protocol", - "unicode", - "read raw", - "write raw", - "disable netbios", - "nt status support", - "announce version", - "announce as", - "max mux", - "max xmit", - "name resolve order", - "max wins ttl", - "min wins ttl", - "time server", - "unix extensions", - "use spnego", - "server signing", - "client signing", - "max connections", - "paranoid server security", - "socket options", - "strict sync", - "max print jobs", - "printable", - "print ok", - "printer name", - "printer", - "map system", - "map hidden", - "map archive", - "preferred master", - "prefered master", - "local master", - "browseable", - "browsable", - "wins server", - "wins support", - "csc policy", - "strict locking", - "preload", - "auto services", - "lock dir", - "lock directory", - "pid directory", - "socket address", - "copy", - "include", - "available", - "volume", - "fstype", - "panic action", - "msdfs root", - "host msdfs", - "winbind separator"] + "dos charset", + "unix charset", + "display charset", + "comment", + "path", + "directory", + "workgroup", + "realm", + "netbios name", + "netbios aliases", + "netbios scope", + "server string", + "interfaces", + "bind interfaces only", + "security", + "auth methods", + "encrypt passwords", + "null passwords", + "obey pam restrictions", + "password server", + "smb passwd file", + "private dir", + "passwd chat", + "password level", + "lanman auth", + "ntlm auth", + "client NTLMv2 auth", + "client lanman auth", + "client plaintext auth", + "read only", + "hosts allow", + "hosts deny", + "log level", + "debuglevel", + "log file", + "smb ports", + "large readwrite", + "max protocol", + "min protocol", + "unicode", + "read raw", + "write raw", + "disable netbios", + "nt status support", + "announce version", + "announce as", + "max mux", + "max xmit", + "name resolve order", + "max wins ttl", + "min wins ttl", + "time server", + "unix extensions", + "use spnego", + "server signing", + "client signing", + "max connections", + "paranoid server security", + "socket options", + "strict sync", + "max print jobs", + "printable", + "print ok", + "printer name", + "printer", + "map system", + "map hidden", + "map archive", + "preferred master", + "prefered master", + "local master", + "browseable", + "browsable", + "wins server", + "wins support", + "csc policy", + "strict locking", + "preload", + "auto services", + "lock dir", + "lock directory", + "pid directory", + "socket address", + "copy", + "include", + "available", + "volume", + "fstype", + "panic action", + "msdfs root", + "host msdfs", + "winbind separator"] -# -# Remove configuration variables not present in Samba4 -# oldconf: Old configuration structure -# mark: Whether removed configuration variables should be -# kept in the new configuration as "samba3:" def upgrade_smbconf(oldconf,mark): - data = oldconf.data() - newconf = param_init() - - for (s in data) { - for (p in data[s]) { - keep = False - for (k in smbconf_keep) { + """Remove configuration variables not present in Samba4 + + :param oldconf: Old configuration structure + :param mark: Whether removed configuration variables should be + kept in the new configuration as "samba3:" + """ + data = oldconf.data() + newconf = param_init() + + for s in data: + for p in data[s]: + keep = False + for k in smbconf_keep: if smbconf_keep[k] == p: - keep = True - break - } + keep = True + break if keep: - newconf.set(s, p, oldconf.get(s, p)) + newconf.set(s, p, oldconf.get(s, p)) elif mark: - newconf.set(s, "samba3:"+p, oldconf.get(s,p)) - } - } + newconf.set(s, "samba3:"+p, oldconf.get(s,p)) if oldconf.get("domain logons") == "True": - newconf.set("server role", "domain controller") + newconf.set("server role", "domain controller") else: if oldconf.get("security") == "user": - newconf.set("server role", "standalone") + newconf.set("server role", "standalone") else: - newconf.set("server role", "member server") + newconf.set("server role", "member server") - return newconf + return newconf def upgrade(subobj, samba3, message, paths, session_info, credentials): - ret = 0 - lp = loadparm_init() - samdb = Ldb(paths.samdb, session_info=session_info, credentials=credentials) + ret = 0 + lp = loadparm_init() + samdb = Ldb(paths.samdb, session_info=session_info, credentials=credentials) - message("Writing configuration") - newconf = upgrade_smbconf(samba3.configuration,True) - newconf.save(paths.smbconf) + message("Writing configuration") + newconf = upgrade_smbconf(samba3.configuration,True) + newconf.save(paths.smbconf) - message("Importing account policies") - ldif = upgrade_sam_policy(samba3,subobj.BASEDN) - samdb.modify(ldif) - regdb = Ldb(paths.hklm) + message("Importing account policies") + ldif = upgrade_sam_policy(samba3,subobj.BASEDN) + samdb.modify(ldif) + regdb = Ldb(paths.hklm) - regdb.modify(" + regdb.modify(""" dn: value=RefusePasswordChange,key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=System,HIVE=NONE replace: type type: 4 replace: data data: %d -" % samba3.policy.refuse_machine_password_change) +""" % samba3.policy.refuse_machine_password_change) - message("Importing users") + message("Importing users") for account in samba3.samaccounts: - msg = "... " + account.username - ldif = upgrade_sam_account(samdb, accounts,subobj.BASEDN,subobj.DOMAINSID) + msg = "... " + account.username + ldif = upgrade_sam_account(samdb, accounts,subobj.BASEDN,subobj.DOMAINSID) try: samdb.add(ldif) except LdbError, e: # FIXME: Ignore 'Record exists' errors - msg += "... error: " + str(e) - ret += 1; - message(msg) + msg += "... error: " + str(e) + ret += 1; + message(msg) - message("Importing groups") + message("Importing groups") for mapping in samba3.groupmappings: - msg = "... " + mapping.nt_name - ldif = upgrade_sam_group(mapping, subobj.BASEDN) + msg = "... " + mapping.nt_name + ldif = upgrade_sam_group(mapping, subobj.BASEDN) if ldif is not None: try: - samdb.add(ldif) + samdb.add(ldif) except LdbError, e: # FIXME: Ignore 'Record exists' errors - msg += "... error: " + str(e) - ret += 1 - message(msg) + msg += "... error: " + str(e) + ret += 1 + message(msg) - message("Importing registry data") + message("Importing registry data") for hive in ["hkcr","hkcu","hklm","hkpd","hku","hkpt"]: - message("... " + hive) - regdb = Ldb(paths[hive]) - ldif = upgrade_registry(samba3.registry, hive, regdb) - for (var j in ldif) { - var msg = "... ... " + j + message("... " + hive) + regdb = Ldb(paths[hive]) + ldif = upgrade_registry(samba3.registry, hive, regdb) + for j in ldif: + msg = "... ... " + j try: regdb.add(ldif[j]) except LdbError, e: # FIXME: Ignore 'Record exists' errors - msg += "... error: " + str(e) - ret += 1 - message(msg) + msg += "... error: " + str(e) + ret += 1 + message(msg) - message("Importing WINS data") - winsdb = Ldb(paths.winsdb) - ldb_erase(winsdb) + message("Importing WINS data") + winsdb = Ldb(paths.winsdb) + ldb_erase(winsdb) - ldif = upgrade_wins(samba3) - winsdb.add(ldif) + ldif = upgrade_wins(samba3) + winsdb.add(ldif) - # figure out ldapurl, if applicable - ldapurl = None - pdb = samba3.configuration.get_list("passdb backend") + # figure out ldapurl, if applicable + ldapurl = None + pdb = samba3.configuration.get_list("passdb backend") if pdb is not None: for backend in pdb: if len(backend) >= 7 and backend[0:7] == "ldapsam": ldapurl = backend[7:] - # URL was not specified in passdb backend but ldap /is/ used + # URL was not specified in passdb backend but ldap /is/ used if ldapurl == "": - ldapurl = "ldap://%s" % samba3.configuration.get("ldap server") + ldapurl = "ldap://%s" % samba3.configuration.get("ldap server") - # Enable samba3sam module if original passdb backend was ldap + # Enable samba3sam module if original passdb backend was ldap if ldapurl is not None: - message("Enabling Samba3 LDAP mappings for SAM database") + message("Enabling Samba3 LDAP mappings for SAM database") - samdb.modify(""" + samdb.modify(""" dn: @MODULES changetype: modify replace: @LIST @LIST: samldb,operational,objectguid,rdn_name,samba3sam """) - samdb.add(""" + samdb.add(""" dn: @MAP=samba3sam -@MAP_URL: %s""", ldapurl)) +@MAP_URL: %s""" % ldapurl) - return ret + return ret def upgrade_verify(subobj, samba3, paths, message): - message("Verifying account policies") + message("Verifying account policies") - samldb = Ldb(paths.samdb) + samldb = Ldb(paths.samdb) for account in samba3.samaccounts: - msg = samldb.search("(&(sAMAccountName=" + account.nt_username + ")(objectclass=user))") - assert(len(msg) >= 1) - - # FIXME + msg = samldb.search("(&(sAMAccountName=" + account.nt_username + ")(objectclass=user))") + assert(len(msg) >= 1) + + # FIXME -- cgit From 86f91db7d5c84526b3fbd4369d7a56dc0f057b4c Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 19 Dec 2007 23:27:31 +0100 Subject: r26536: More tests for provisioning code. (This used to be commit 43c8bfeedf06ce806c524a28fa72c643f6db60f4) --- source4/scripting/python/samba/upgrade.py | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 783cc008d5..4521d4604d 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -14,7 +14,10 @@ import pwd import uuid def regkey_to_dn(name): - """Convert a registry key to a DN.""" + """Convert a registry key to a DN. + + :name: The registry key name. + :return: A matching DN.""" dn = "hive=NONE" if name == "": @@ -253,8 +256,6 @@ maxVersion: %llu return ldif def upgrade_provision(lp, samba3): - subobj = Object() - domainname = samba3.configuration.get("workgroup") if domainname is None: @@ -272,13 +273,7 @@ def upgrade_provision(lp, samba3): subobj.realm = realm subobj.domain = domainname - subobj.hostname = hostname() - assert subobj.realm is not None - assert subobj.domain is not None - assert subobj.hostname is not None - - subobj.HOSTIP = hostip() if domsec is not None: subobj.DOMAINGUID = domsec.guid subobj.DOMAINSID = domsec.sid @@ -288,10 +283,7 @@ def upgrade_provision(lp, samba3): subobj.DOMAINSID = randsid() if hostsec: - subobj.HOSTGUID = hostsec.guid - else: - subobj.HOSTGUID = uuid.random() - subobj.invocationid = uuid.random() + hostguid = hostsec.guid subobj.krbtgtpass = randpass(12) subobj.machinepass = randpass(12) subobj.adminpass = randpass(12) -- cgit From c2fffa8335ac68ff70de52f9fc80fb49e5d6d686 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 19 Dec 2007 23:27:38 +0100 Subject: r26538: Pass path generation function around rather than base directory. (This used to be commit 5f921af41e4dcd6844f6a662d56bd27c4e76ff88) --- source4/scripting/python/samba/upgrade.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 4521d4604d..1c27f8ec25 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -537,9 +537,7 @@ replace: @LIST @LIST: samldb,operational,objectguid,rdn_name,samba3sam """) - samdb.add(""" -dn: @MAP=samba3sam -@MAP_URL: %s""" % ldapurl) + samdb.add({"dn": "@MAP=samba3sam", "@MAP_URL": ldapurl}) return ret -- cgit From aa0a06f13c44e0eca0b3f2f0c34f0f7995b87159 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 23 Dec 2007 19:19:41 -0600 Subject: r26570: - Trim size of the swig-generated Python bindings by removing a bunch of {}'s. - Start working on Python equivalents for various EJS tests. - Fix regression in argument order for reg_diff_apply() in EJS bindings. (This used to be commit c550c03372cb260b78f6a6c132e70571bc4cb852) --- source4/scripting/python/samba/upgrade.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 1c27f8ec25..3168fedf2d 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -7,7 +7,7 @@ """Support code for upgrading from Samba 3 to Samba 4.""" -from provision import findnss +from provision import findnss, provision import provision import grp import pwd @@ -69,7 +69,7 @@ data:: %s""" % (keydn, rv.name, rv.name, rv.type, ldb.encode(rv.data)) return ldif -def upgrade_sam_policy(samba3,dn): +def upgrade_sam_policy(policy,dn): ldif = """ dn: %s changetype: modify @@ -84,11 +84,11 @@ samba3UserMustLogonToChangePassword: %d samba3BadLockoutMinutes: %d samba3DisconnectTime: %d -""" % (dn, samba3.policy.min_password_length, - samba3.policy.password_history, samba3.policy.minimum_password_age, - samba3.policy.maximum_password_age, samba3.policy.lockout_duration, - samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password, - samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time) +""" % (dn, policy.min_password_length, + policy.password_history, policy.minimum_password_age, + policy.maximum_password_age, policy.lockout_duration, + policy.reset_count_minutes, policy.user_must_logon_to_change_password, + policy.bad_lockout_minutes, policy.disconnect_time) return ldif @@ -465,7 +465,7 @@ replace: type type: 4 replace: data data: %d -""" % samba3.policy.refuse_machine_password_change) +""" % policy.refuse_machine_password_change) message("Importing users") for account in samba3.samaccounts: -- cgit From 95b1f554b2c57a9f975a0cc27ca51bec6c7594d6 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 24 Dec 2007 13:04:33 -0600 Subject: r26587: Fix reading Samba 3 WINS database and initial work on group db, aliases and secrets. (This used to be commit c7c4cf258ac7975b409d26c9386838d4780c756f) --- source4/scripting/python/samba/upgrade.py | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 3168fedf2d..4f2ab46ef0 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -530,14 +530,7 @@ data: %d if ldapurl is not None: message("Enabling Samba3 LDAP mappings for SAM database") - samdb.modify(""" -dn: @MODULES -changetype: modify -replace: @LIST -@LIST: samldb,operational,objectguid,rdn_name,samba3sam -""") - - samdb.add({"dn": "@MAP=samba3sam", "@MAP_URL": ldapurl}) + enable_samba3sam(samdb) return ret @@ -551,3 +544,15 @@ def upgrade_verify(subobj, samba3, paths, message): assert(len(msg) >= 1) # FIXME + + + +def enable_samba3sam(samdb): + samdb.modify(""" +dn: @MODULES +changetype: modify +replace: @LIST +@LIST: samldb,operational,objectguid,rdn_name,samba3sam +""") + + samdb.add({"dn": "@MAP=samba3sam", "@MAP_URL": ldapurl}) -- cgit From 3c22677a8ce1635d7e055f954153dec4c1796b17 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 24 Dec 2007 14:16:59 -0600 Subject: r26591: Get the first bits of samba3dump to work again. (This used to be commit 3511027515f8ea860fbe46639d9169999646a297) --- source4/scripting/python/samba/upgrade.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 4f2ab46ef0..375c39eb5a 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -447,7 +447,6 @@ def upgrade_smbconf(oldconf,mark): def upgrade(subobj, samba3, message, paths, session_info, credentials): ret = 0 - lp = loadparm_init() samdb = Ldb(paths.samdb, session_info=session_info, credentials=credentials) message("Writing configuration") @@ -455,8 +454,7 @@ def upgrade(subobj, samba3, message, paths, session_info, credentials): newconf.save(paths.smbconf) message("Importing account policies") - ldif = upgrade_sam_policy(samba3,subobj.BASEDN) - samdb.modify(ldif) + samdb.modify_ldif(upgrade_sam_policy(samba3,subobj.BASEDN)) regdb = Ldb(paths.hklm) regdb.modify(""" -- cgit From 7c146c42d2cf51e891b9f29d3b61a40f173a3b23 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 25 Dec 2007 16:36:31 -0600 Subject: r26593: - More work on the python versions of samba3dump and the samba3sam tests. - Initial work converting the upgrade code to Python. - Removed the old EJS upgrade code because it has been broken for a long time. (This used to be commit 150cf39fbd4fe088546870fb0d8f20c0d9eb4aca) --- source4/scripting/python/samba/upgrade.py | 94 ++++++++++--------------------- 1 file changed, 31 insertions(+), 63 deletions(-) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 375c39eb5a..c13351bc63 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -255,68 +255,44 @@ maxVersion: %llu return ldif -def upgrade_provision(lp, samba3): - domainname = samba3.configuration.get("workgroup") +def upgrade_provision(samba3, setup_dir, message, credentials, session_info, paths): + oldconf = samba3.get_conf() + + if oldconf.get("domain logons") == "True": + serverrole = "domain controller" + else: + if oldconf.get("security") == "user": + serverrole = "standalone" + else: + serverrole = "member server" + + domainname = oldconf.get("workgroup") + realm = oldconf.get("realm") + netbiosname = oldconf.get("netbios name") + + secrets_db = samba3.get_secrets_db() if domainname is None: - domainname = samba3.secrets.domains[0].name - print "No domain specified in smb.conf file, assuming '%s'\n" % domainname + domainname = secrets_db.domains()[0] + message("No domain specified in smb.conf file, assuming '%s'" % domainname) - domsec = samba3.find_domainsecrets(domainname) - hostsec = samba3.find_domainsecrets(hostname()) - realm = samba3.configuration.get("realm") - if realm is None: - realm = domainname - print "No realm specified in smb.conf file, assuming '%s'\n" % realm - random_init(local) + realm = domainname.lower() + message("No realm specified in smb.conf file, assuming '%s'\n" % realm) - subobj.realm = realm - subobj.domain = domainname - - if domsec is not None: - subobj.DOMAINGUID = domsec.guid - subobj.DOMAINSID = domsec.sid + domainguid = secrets_db.get_domain_guid(domainname) + domainsid = secrets_db.get_sid(domainsid) + if domainsid is None: + message("Can't find domain secrets for '%s'; using random SID\n" % domainname) + + if netbiosname is not None: + machinepass = secrets_db.get_machine_password(netbiosname) else: - print "Can't find domain secrets for '%s'; using random SID and GUID\n" % domainname - subobj.DOMAINGUID = uuid.random() - subobj.DOMAINSID = randsid() + netbiosname = None - if hostsec: - hostguid = hostsec.guid - subobj.krbtgtpass = randpass(12) - subobj.machinepass = randpass(12) - subobj.adminpass = randpass(12) - subobj.datestring = datestring() - subobj.root = findnss(pwd.getpwnam, "root")[4] - subobj.nobody = findnss(pwd.getpwnam, "nobody")[4] - subobj.nogroup = findnss(grp.getgrnam, "nogroup", "nobody")[2] - subobj.wheel = findnss(grp.getgrnam, "wheel", "root")[2] - subobj.users = findnss(grp.getgrnam, "users", "guest", "other")[2] - subobj.dnsdomain = subobj.realm.lower() - subobj.dnsname = "%s.%s" % (subobj.hostname.lower(), subobj.dnsdomain) - subobj.basedn = "DC=" + ",DC=".join(subobj.realm.split(".")) - rdn_list = subobj.dnsdomain.split(".") - subobj.domaindn = "DC=" + ",DC=".join(rdn_list) - subobj.domaindn_ldb = "users.ldb" - subobj.rootdn = subobj.domaindn - - modules_list = ["rootdse", - "kludge_acl", - "paged_results", - "server_sort", - "extended_dn", - "asq", - "samldb", - "password_hash", - "operational", - "objectclass", - "rdn_name", - "show_deleted", - "partition"] - subobj.modules_list = ",".join(modules_list) - - return subobj + provision(lp, setup_dir, message, blank=True, paths=path, session_info=session_info, + credentials=credentials, realm=realm, domain=domainname, + domainsid=domainsid, domainguid=domainguid, machinepass=machinepass, serverrole=serverrole) smbconf_keep = [ "dos charset", @@ -435,14 +411,6 @@ def upgrade_smbconf(oldconf,mark): elif mark: newconf.set(s, "samba3:"+p, oldconf.get(s,p)) - if oldconf.get("domain logons") == "True": - newconf.set("server role", "domain controller") - else: - if oldconf.get("security") == "user": - newconf.set("server role", "standalone") - else: - newconf.set("server role", "member server") - return newconf def upgrade(subobj, samba3, message, paths, session_info, credentials): -- cgit From 533cc583ed20efdfd6bee60f86d16fef3942898b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 25 Dec 2007 16:36:44 -0600 Subject: r26596: Fixed upgrade.py. Added blackbox tests for provision and upgrade Python scripts. Clean up temporary files created by the Python tests. (This used to be commit 2227fb6df62240cae64d27a1920d878316f819fc) --- source4/scripting/python/samba/upgrade.py | 26 +++++++++----------------- 1 file changed, 9 insertions(+), 17 deletions(-) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index c13351bc63..05a63d9326 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -8,7 +8,6 @@ """Support code for upgrading from Samba 3 to Samba 4.""" from provision import findnss, provision -import provision import grp import pwd import uuid @@ -255,7 +254,7 @@ maxVersion: %llu return ldif -def upgrade_provision(samba3, setup_dir, message, credentials, session_info, paths): +def upgrade_provision(samba3, setup_dir, message, credentials, session_info, lp, paths): oldconf = samba3.get_conf() if oldconf.get("domain logons") == "True": @@ -266,7 +265,11 @@ def upgrade_provision(samba3, setup_dir, message, credentials, session_info, pat else: serverrole = "member server" + lp.set("server role", serverrole) domainname = oldconf.get("workgroup") + if domainname: + domainname = str(domainname) + lp.set("workgroup", domainname) realm = oldconf.get("realm") netbiosname = oldconf.get("netbios name") @@ -279,18 +282,19 @@ def upgrade_provision(samba3, setup_dir, message, credentials, session_info, pat if realm is None: realm = domainname.lower() message("No realm specified in smb.conf file, assuming '%s'\n" % realm) + lp.set("realm", realm) domainguid = secrets_db.get_domain_guid(domainname) - domainsid = secrets_db.get_sid(domainsid) + domainsid = secrets_db.get_sid(domainname) if domainsid is None: message("Can't find domain secrets for '%s'; using random SID\n" % domainname) if netbiosname is not None: machinepass = secrets_db.get_machine_password(netbiosname) else: - netbiosname = None + machinepass = None - provision(lp, setup_dir, message, blank=True, paths=path, session_info=session_info, + provision(lp=lp, setup_dir=setup_dir, message=message, blank=True, ldapbackend=None, paths=paths, session_info=session_info, credentials=credentials, realm=realm, domain=domainname, domainsid=domainsid, domainguid=domainguid, machinepass=machinepass, serverrole=serverrole) @@ -500,18 +504,6 @@ data: %d return ret -def upgrade_verify(subobj, samba3, paths, message): - message("Verifying account policies") - - samldb = Ldb(paths.samdb) - - for account in samba3.samaccounts: - msg = samldb.search("(&(sAMAccountName=" + account.nt_username + ")(objectclass=user))") - assert(len(msg) >= 1) - - # FIXME - - def enable_samba3sam(samdb): samdb.modify(""" -- cgit From c4d3666ac2821518be57ca89d963f77bbddaedf4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 26 Dec 2007 20:55:05 -0600 Subject: r26607: Fix reading of values and subkeys in Samba 3 registry files. (This used to be commit e3d7454ef70d6fe9a1ce34eaf57268bd5b713ccf) --- source4/scripting/python/samba/upgrade.py | 188 +++++++++++------------------- 1 file changed, 70 insertions(+), 118 deletions(-) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 05a63d9326..a6bd07df58 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -11,21 +11,7 @@ from provision import findnss, provision import grp import pwd import uuid - -def regkey_to_dn(name): - """Convert a registry key to a DN. - - :name: The registry key name. - :return: A matching DN.""" - dn = "hive=NONE" - - if name == "": - return dn - - for el in name.split("/"): - dn = "key=%s," % el + dn - - return dn +import registry # Where prefix is any of: # - HKLM @@ -35,39 +21,6 @@ def regkey_to_dn(name): # HKPT # -def upgrade_registry(regdb,prefix,ldb): - """Migrate registry contents.""" - assert regdb is not None - prefix_up = prefix.upper() - ldif = [] - - for rk in regdb.keys: - pts = rk.name.split("/") - - # Only handle selected hive - if pts[0].upper() != prefix_up: - continue - - keydn = regkey_to_dn(rk.name) - - pts = rk.name.split("/") - - # Convert key name to dn - ldif[rk.name] = """ -dn: %s -name: %s - -""" % (keydn, pts[0]) - - for rv in rk.values: - ldif[rk.name + " (" + rv.name + ")"] = """ -dn: %s,value=%s -value: %s -type: %d -data:: %s""" % (keydn, rv.name, rv.name, rv.type, ldb.encode(rv.data)) - - return ldif - def upgrade_sam_policy(policy,dn): ldif = """ dn: %s @@ -177,82 +130,72 @@ group.comment, group.nt_name, group.sid, group.unixname, group.sid_name_use) return ldif -def upgrade_winbind(samba3,domaindn): - ldif = """ - -dn: dc=none -userHwm: %d -groupHwm: %d - -""" % (samba3.idmap.user_hwm, samba3.idmap.group_hwm) - - for m in samba3.idmap.mappings: - ldif += """ -dn: SID=%s,%s -SID: %s -type: %d -unixID: %d""" % (m.sid, domaindn, m.sid, m.type, m.unix_id) - - return ldif +def import_idmap(samba4_idmap,samba3_idmap,domaindn): + samba4_idmap.add({ + "dn": domaindn, + "userHwm": str(samba3_idmap.get_user_hwm()), + "groupHwm": str(samba3_idmap.get_group_hwm())}) -def upgrade_wins(samba3): - """Upgrade the WINS database.""" - ldif = "" - version_id = 0 + for uid in samba3_idmap.uids(): + samba4_idmap.add({"dn": "SID=%s,%s" % (samba3_idmap.get_user_sid(uid), domaindn), + "SID": samba3_idmap.get_user_sid(uid), + "type": "user", + "unixID": str(uid)}) - for e in samba3.winsentries: - now = sys.nttime() - ttl = sys.unix2nttime(e.ttl) + for gid in samba3_idmap.uids(): + samba4_idmap.add({"dn": "SID=%s,%s" % (samba3_idmap.get_group_sid(gid), domaindn), + "SID": samba3_idmap.get_group_sid(gid), + "type": "group", + "unixID": str(gid)}) + +def import_wins(samba4_winsdb, samba3_winsdb): + """Import settings from a Samba3 WINS database.""" + version_id = 0 + import time + + for (name, (ttl, ips, nb_flags)) in samba3_winsdb.items(): version_id+=1 numIPs = len(e.ips) - if e.type == 0x1C: + type = int(name.split("#", 1)[1], 16) + + if type == 0x1C: rType = 0x2 - elif e.type & 0x80: - if numIPs > 1: + elif type & 0x80: + if len(ips) > 1: rType = 0x2 else: rType = 0x1 else: - if numIPs > 1: + if len(ips) > 1: rType = 0x3 else: rType = 0x0 - if ttl > now: + if ttl > time.time(): rState = 0x0 # active else: rState = 0x1 # released - nType = ((e.nb_flags & 0x60)>>5) - - ldif += """ -dn: name=%s,type=0x%02X -type: 0x%02X -name: %s -objectClass: winsRecord -recordType: %u -recordState: %u -nodeType: %u -isStatic: 0 -expireTime: %s -versionID: %llu -""" % (e.name, e.type, e.type, e.name, - rType, rState, nType, - ldaptime(ttl), version_id) - - for ip in e.ips: - ldif += "address: %s\n" % ip - - ldif += """ -dn: CN=VERSION -objectClass: winsMaxVersion -maxVersion: %llu -""" % version_id + nType = ((nb_flags & 0x60)>>5) - return ldif + samba4_winsdb.add({"dn": "name=%s,type=0x%s" % name.split("#"), + "type": name.split("#")[1], + "name": name.split("#")[0], + "objectClass": "winsRecord", + "recordType": str(rType), + "recordState": str(rState), + "nodeType": str(nType), + "expireTime": ldb.ldaptime(ttl), + "isStatic": "0", + "versionID": str(version_id), + "address": ips}) + + samba4_winsdb.add({"dn": "CN=VERSION", + "objectClass": "winsMaxVersion", + "maxVersion": str(version_id)}) def upgrade_provision(samba3, setup_dir, message, credentials, session_info, lp, paths): oldconf = samba3.get_conf() @@ -417,6 +360,30 @@ def upgrade_smbconf(oldconf,mark): return newconf +SAMBA3_PREDEF_NAMES = { + 'HKLM': registry.HKEY_LOCAL_MACHINE, +} + +def import_registry(samba4_registry, samba3_regdb): + """Import a Samba 3 registry database into the Samba 4 registry. + + :param samba4_registry: Samba 4 registry handle. + :param samba3_regdb: Samba 3 registry database handle. + """ + def ensure_key_exists(keypath): + (predef_name, keypath) = keypath.split("/", 1) + predef_id = SAMBA3_PREDEF_NAMES[predef_name] + keypath = keypath.replace("/", "\\") + return samba4_registry.create_key(predef_id, keypath) + + for key in samba3_regdb.keys(): + key_handle = ensure_key_exists(key) + for subkey in samba3_regdb.subkeys(key): + ensure_key_exists(subkey) + for (value_name, (value_type, value_data)) in samba3_regdb.values(key).items(): + key_handle.set_value(value_name, value_type, value_data) + + def upgrade(subobj, samba3, message, paths, session_info, credentials): ret = 0 samdb = Ldb(paths.samdb, session_info=session_info, credentials=credentials) @@ -462,21 +429,6 @@ data: %d ret += 1 message(msg) - message("Importing registry data") - for hive in ["hkcr","hkcu","hklm","hkpd","hku","hkpt"]: - message("... " + hive) - regdb = Ldb(paths[hive]) - ldif = upgrade_registry(samba3.registry, hive, regdb) - for j in ldif: - msg = "... ... " + j - try: - regdb.add(ldif[j]) - except LdbError, e: - # FIXME: Ignore 'Record exists' errors - msg += "... error: " + str(e) - ret += 1 - message(msg) - message("Importing WINS data") winsdb = Ldb(paths.winsdb) ldb_erase(winsdb) -- cgit From 222262b54e74a01a66b3cbbea5502d4ce488905d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 27 Dec 2007 03:09:49 -0600 Subject: r26608: More improvements to the upgrade code. (This used to be commit 7ea06d91f602f770f55a1171174f11b922fed8e7) --- source4/scripting/python/samba/upgrade.py | 260 ++++++++++++++++-------------- 1 file changed, 141 insertions(+), 119 deletions(-) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index a6bd07df58..3ecfe872f9 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -9,20 +9,15 @@ from provision import findnss, provision import grp +import ldb import pwd import uuid import registry +from samba import Ldb +from samba.samdb import SamDB -# Where prefix is any of: -# - HKLM -# HKU -# HKCR -# HKPD -# HKPT -# - -def upgrade_sam_policy(policy,dn): - ldif = """ +def import_sam_policy(samldb, samba3_policy, domaindn): + samldb.modify_ldif(""" dn: %s changetype: modify replace: minPwdLength @@ -40,19 +35,24 @@ samba3DisconnectTime: %d policy.password_history, policy.minimum_password_age, policy.maximum_password_age, policy.lockout_duration, policy.reset_count_minutes, policy.user_must_logon_to_change_password, - policy.bad_lockout_minutes, policy.disconnect_time) - - return ldif + policy.bad_lockout_minutes, policy.disconnect_time)) + -def upgrade_sam_account(ldb,acc,domaindn,domainsid): - """Upgrade a SAM account.""" +def import_sam_account(samldb,acc,domaindn,domainsid): + """Import a Samba 3 SAM account. + + :param samldb: Samba 4 SAM Database handle + :param acc: Samba 3 account + :param domaindn: Domain DN + :param domainsid: Domain SID.""" if acc.nt_username is None or acc.nt_username == "": acc.nt_username = acc.username if acc.fullname is None: - acc.fullname = pwd.getpwnam(acc.fullname)[4] - - acc.fullname = acc.fullname.split(",")[0] + try: + acc.fullname = pwd.getpwnam(acc.username)[4].split(",")[0] + except KeyError: + pass if acc.fullname is None: acc.fullname = acc.username @@ -60,105 +60,113 @@ def upgrade_sam_account(ldb,acc,domaindn,domainsid): assert acc.fullname is not None assert acc.nt_username is not None - ldif = """dn: cn=%s,%s -objectClass: top -objectClass: user -lastLogon: %d -lastLogoff: %d -unixName: %s -sAMAccountName: %s -cn: %s -description: %s -primaryGroupID: %d -badPwdcount: %d -logonCount: %d -samba3Domain: %s -samba3DirDrive: %s -samba3MungedDial: %s -samba3Homedir: %s -samba3LogonScript: %s -samba3ProfilePath: %s -samba3Workstations: %s -samba3KickOffTime: %d -samba3BadPwdTime: %d -samba3PassLastSetTime: %d -samba3PassCanChangeTime: %d -samba3PassMustChangeTime: %d -objectSid: %s-%d -lmPwdHash:: %s -ntPwdHash:: %s - -""" % (ldb.dn_escape(acc.fullname), domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username, acc.nt_username, -acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count, -acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script, -acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time, -acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, domainsid, acc.user_rid, - ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw)) - - return ldif - -def upgrade_sam_group(group,domaindn): - """Upgrade a SAM group.""" - if group.sid_name_use == 5: # Well-known group + samldb.add({ + "dn": "cn=%s,%s" % (acc.fullname, domaindn), + "objectClass": ["top", "user"], + "lastLogon": str(acc.logon_time), + "lastLogoff": str(acc.logoff_time), + "unixName": acc.username, + "sAMAccountName": acc.nt_username, + "cn": acc.nt_username, + "description": acc.acct_desc, + "primaryGroupID": str(acc.group_rid), + "badPwdcount": str(acc.bad_password_count), + "logonCount": str(acc.logon_count), + "samba3Domain": acc.domain, + "samba3DirDrive": acc.dir_drive, + "samba3MungedDial": acc.munged_dial, + "samba3Homedir": acc.homedir, + "samba3LogonScript": acc.logon_script, + "samba3ProfilePath": acc.profile_path, + "samba3Workstations": acc.workstations, + "samba3KickOffTime": str(acc.kickoff_time), + "samba3BadPwdTime": str(acc.bad_password_time), + "samba3PassLastSetTime": str(acc.pass_last_set_time), + "samba3PassCanChangeTime": str(acc.pass_can_change_time), + "samba3PassMustChangeTime": str(acc.pass_must_change_time), + "objectSid": "%s-%d" % (domainsid, acc.user_rid), + "lmPwdHash:": acc.lm_password, + "ntPwdHash:": acc.nt_password, + }) + + +def import_sam_group(samldb, sid, gid, sid_name_use, nt_name, comment, domaindn): + """Upgrade a SAM group. + + :param samldb: SAM database. + :param gid: Group GID + :param sid_name_use: SID name use + :param nt_name: NT Group Name + :param comment: NT Group Comment + :param domaindn: Domain DN + """ + + if sid_name_use == 5: # Well-known group return None - if group.nt_name in ("Domain Guests", "Domain Users", "Domain Admins"): + if nt_name in ("Domain Guests", "Domain Users", "Domain Admins"): return None - if group.gid == -1: - gr = grp.getgrnam(grp.nt_name) + if gid == -1: + gr = grp.getgrnam(nt_name) else: - gr = grp.getgrgid(grp.gid) + gr = grp.getgrgid(gid) if gr is None: - group.unixname = "UNKNOWN" + unixname = "UNKNOWN" else: - group.unixname = gr.gr_name + unixname = gr.gr_name - assert group.unixname is not None + assert unixname is not None - ldif = """dn: cn=%s,%s -objectClass: top -objectClass: group -description: %s -cn: %s -objectSid: %s -unixName: %s -samba3SidNameUse: %d -""" % (group.nt_name, domaindn, -group.comment, group.nt_name, group.sid, group.unixname, group.sid_name_use) - - return ldif - -def import_idmap(samba4_idmap,samba3_idmap,domaindn): - samba4_idmap.add({ + samldb.add({ + "dn": "cn=%s,%s" % (nt_name, domaindn), + "objectClass": ["top", "group"], + "description": comment, + "cn": nt_name, + "objectSid": sid, + "unixName": unixname, + "samba3SidNameUse": str(sid_name_use) + }) + + +def import_idmap(samdb,samba3_idmap,domaindn): + """Import idmap data. + + :param samdb: SamDB handle. + :param samba3_idmap: Samba 3 IDMAP database to import from + :param domaindn: Domain DN. + """ + samdb.add({ "dn": domaindn, "userHwm": str(samba3_idmap.get_user_hwm()), "groupHwm": str(samba3_idmap.get_group_hwm())}) for uid in samba3_idmap.uids(): - samba4_idmap.add({"dn": "SID=%s,%s" % (samba3_idmap.get_user_sid(uid), domaindn), + samdb.add({"dn": "SID=%s,%s" % (samba3_idmap.get_user_sid(uid), domaindn), "SID": samba3_idmap.get_user_sid(uid), "type": "user", "unixID": str(uid)}) for gid in samba3_idmap.uids(): - samba4_idmap.add({"dn": "SID=%s,%s" % (samba3_idmap.get_group_sid(gid), domaindn), + samdb.add({"dn": "SID=%s,%s" % (samba3_idmap.get_group_sid(gid), domaindn), "SID": samba3_idmap.get_group_sid(gid), "type": "group", "unixID": str(gid)}) def import_wins(samba4_winsdb, samba3_winsdb): - """Import settings from a Samba3 WINS database.""" + """Import settings from a Samba3 WINS database. + + :param samba4_winsdb: WINS database to import to + :param samba3_winsdb: WINS database to import from + """ version_id = 0 import time for (name, (ttl, ips, nb_flags)) in samba3_winsdb.items(): version_id+=1 - numIPs = len(e.ips) - type = int(name.split("#", 1)[1], 16) if type == 0x1C: @@ -181,14 +189,14 @@ def import_wins(samba4_winsdb, samba3_winsdb): nType = ((nb_flags & 0x60)>>5) - samba4_winsdb.add({"dn": "name=%s,type=0x%s" % name.split("#"), + samba4_winsdb.add({"dn": "name=%s,type=0x%s" % tuple(name.split("#")), "type": name.split("#")[1], "name": name.split("#")[0], "objectClass": "winsRecord", "recordType": str(rType), "recordState": str(rState), "nodeType": str(nType), - "expireTime": ldb.ldaptime(ttl), + "expireTime": ldb.timestring(ttl), "isStatic": "0", "versionID": str(version_id), "address": ips}) @@ -237,9 +245,52 @@ def upgrade_provision(samba3, setup_dir, message, credentials, session_info, lp, else: machinepass = None - provision(lp=lp, setup_dir=setup_dir, message=message, blank=True, ldapbackend=None, paths=paths, session_info=session_info, - credentials=credentials, realm=realm, domain=domainname, - domainsid=domainsid, domainguid=domainguid, machinepass=machinepass, serverrole=serverrole) + domaindn = provision(lp=lp, setup_dir=setup_dir, message=message, blank=True, ldapbackend=None, + paths=paths, session_info=session_info, credentials=credentials, realm=realm, + domain=domainname, domainsid=domainsid, domainguid=domainguid, + machinepass=machinepass, serverrole=serverrole) + + samdb = SamDB(paths.samdb, credentials=credentials, lp=lp, session_info=session_info) + + import_wins(Ldb(paths.winsdb), samba3.get_wins_db()) + + # FIXME: import_registry(registry.Registry(), samba3.get_registry()) + + # FIXME: import_idmap(samdb,samba3.get_idmap_db(),domaindn) + + groupdb = samba3.get_groupmapping_db() + for sid in groupdb.groupsids(): + (gid, sid_name_use, nt_name, comment) = groupdb.get_group(sid) + # FIXME: import_sam_group(samdb, sid, gid, sid_name_use, nt_name, comment, domaindn) + + # FIXME: Aliases + + passdb = samba3.get_sam_db() + for name in passdb: + user = passdb[name] + #FIXME: import_sam_account(samdb, user, domaindn, domainsid) + + if hasattr(passdb, 'ldap_url'): + message("Enabling Samba3 LDAP mappings for SAM database") + + enable_samba3sam(samdb, passdb.ldap_url) + + +def enable_samba3sam(samdb, ldapurl): + """Enable Samba 3 LDAP URL database. + + :param samdb: SAM Database. + :param ldapurl: Samba 3 LDAP URL + """ + samdb.modify_ldif(""" +dn: @MODULES +changetype: modify +replace: @LIST +@LIST: samldb,operational,objectguid,rdn_name,samba3sam +""") + + samdb.add({"dn": "@MAP=samba3sam", "@MAP_URL": ldapurl}) + smbconf_keep = [ "dos charset", @@ -436,33 +487,4 @@ data: %d ldif = upgrade_wins(samba3) winsdb.add(ldif) - # figure out ldapurl, if applicable - ldapurl = None - pdb = samba3.configuration.get_list("passdb backend") - if pdb is not None: - for backend in pdb: - if len(backend) >= 7 and backend[0:7] == "ldapsam": - ldapurl = backend[7:] - - # URL was not specified in passdb backend but ldap /is/ used - if ldapurl == "": - ldapurl = "ldap://%s" % samba3.configuration.get("ldap server") - # Enable samba3sam module if original passdb backend was ldap - if ldapurl is not None: - message("Enabling Samba3 LDAP mappings for SAM database") - - enable_samba3sam(samdb) - - return ret - - -def enable_samba3sam(samdb): - samdb.modify(""" -dn: @MODULES -changetype: modify -replace: @LIST -@LIST: samldb,operational,objectguid,rdn_name,samba3sam -""") - - samdb.add({"dn": "@MAP=samba3sam", "@MAP_URL": ldapurl}) -- cgit From 8ad2a035e35284f50ed2650bb202f050416de248 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 27 Dec 2007 23:31:59 -0600 Subject: r26616: Support parsing of user data in SAmba 3 tdbsam. (This used to be commit 2f33e0451d6699fed8bc9abfa2f331317502b358) --- source4/scripting/python/samba/upgrade.py | 53 ------------------------------- 1 file changed, 53 deletions(-) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 3ecfe872f9..abf1127c36 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -435,56 +435,3 @@ def import_registry(samba4_registry, samba3_regdb): key_handle.set_value(value_name, value_type, value_data) -def upgrade(subobj, samba3, message, paths, session_info, credentials): - ret = 0 - samdb = Ldb(paths.samdb, session_info=session_info, credentials=credentials) - - message("Writing configuration") - newconf = upgrade_smbconf(samba3.configuration,True) - newconf.save(paths.smbconf) - - message("Importing account policies") - samdb.modify_ldif(upgrade_sam_policy(samba3,subobj.BASEDN)) - regdb = Ldb(paths.hklm) - - regdb.modify(""" -dn: value=RefusePasswordChange,key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=System,HIVE=NONE -replace: type -type: 4 -replace: data -data: %d -""" % policy.refuse_machine_password_change) - - message("Importing users") - for account in samba3.samaccounts: - msg = "... " + account.username - ldif = upgrade_sam_account(samdb, accounts,subobj.BASEDN,subobj.DOMAINSID) - try: - samdb.add(ldif) - except LdbError, e: - # FIXME: Ignore 'Record exists' errors - msg += "... error: " + str(e) - ret += 1; - message(msg) - - message("Importing groups") - for mapping in samba3.groupmappings: - msg = "... " + mapping.nt_name - ldif = upgrade_sam_group(mapping, subobj.BASEDN) - if ldif is not None: - try: - samdb.add(ldif) - except LdbError, e: - # FIXME: Ignore 'Record exists' errors - msg += "... error: " + str(e) - ret += 1 - message(msg) - - message("Importing WINS data") - winsdb = Ldb(paths.winsdb) - ldb_erase(winsdb) - - ldif = upgrade_wins(samba3) - winsdb.add(ldif) - - -- cgit From 37f35d2a03409e0d52232d4c4f956ec8637d4884 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 25 Jan 2008 01:02:13 +0100 Subject: python/provision: Reconcile code partitions-only provisioning and generic provisioning, some other minor refactoring of the provisioning. Pair-programmed by Andrew and me using obby :-) (This used to be commit 688adcbb635af87fcfedb869b7f1857a947fd2f9) --- source4/scripting/python/samba/upgrade.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index abf1127c36..a118af2526 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -7,7 +7,7 @@ """Support code for upgrading from Samba 3 to Samba 4.""" -from provision import findnss, provision +from provision import findnss, provision, FILL_DRS import grp import ldb import pwd @@ -245,7 +245,8 @@ def upgrade_provision(samba3, setup_dir, message, credentials, session_info, lp, else: machinepass = None - domaindn = provision(lp=lp, setup_dir=setup_dir, message=message, blank=True, ldapbackend=None, + domaindn = provision(lp=lp, setup_dir=setup_dir, message=message, + samdb_fill=FILL_DRS, ldapbackend=None, paths=paths, session_info=session_info, credentials=credentials, realm=realm, domain=domainname, domainsid=domainsid, domainguid=domainguid, machinepass=machinepass, serverrole=serverrole) -- cgit From 4932e4bb7ad11c6ef8ad3187063dba4e7481afa7 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 9 Feb 2008 03:59:45 +0100 Subject: Fix upgrade after provision parameter rename. (This used to be commit 361b9f43fb2abb64f2cbae7740b89a616a3c2646) --- source4/scripting/python/samba/upgrade.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index a118af2526..b332bb89ae 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -246,8 +246,8 @@ def upgrade_provision(samba3, setup_dir, message, credentials, session_info, lp, machinepass = None domaindn = provision(lp=lp, setup_dir=setup_dir, message=message, - samdb_fill=FILL_DRS, ldapbackend=None, - paths=paths, session_info=session_info, credentials=credentials, realm=realm, + samdb_fill=FILL_DRS, paths=paths, session_info=session_info, + credentials=credentials, realm=realm, domain=domainname, domainsid=domainsid, domainguid=domainguid, machinepass=machinepass, serverrole=serverrole) -- cgit From 2fa4c158580a1e3efea7f8d121305d16eda815cb Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 9 Feb 2008 17:37:42 +0100 Subject: Fix syntax of docstrings, set project name when generating Python API documentation. (This used to be commit 68f13d87eb034fdbc712169f2d1b1a0475751ec5) --- source4/scripting/python/samba/upgrade.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index b332bb89ae..8bf75d776e 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -10,6 +10,7 @@ from provision import findnss, provision, FILL_DRS import grp import ldb +import time import pwd import uuid import registry @@ -162,7 +163,6 @@ def import_wins(samba4_winsdb, samba3_winsdb): :param samba3_winsdb: WINS database to import from """ version_id = 0 - import time for (name, (ttl, ips, nb_flags)) in samba3_winsdb.items(): version_id+=1 -- cgit From 2cf29aebff0dc821487e60ce86c18c6bbf1be866 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 9 Feb 2008 22:29:42 +0100 Subject: Add tests for upgrade of WINS database. (This used to be commit 7777611c0f32a693f0fa057c130e4ea491658f6b) --- source4/scripting/python/samba/upgrade.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 8bf75d776e..01b62ff984 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -18,6 +18,7 @@ from samba import Ldb from samba.samdb import SamDB def import_sam_policy(samldb, samba3_policy, domaindn): + """Import a Samba 3 policy database.""" samldb.modify_ldif(""" dn: %s changetype: modify @@ -201,7 +202,8 @@ def import_wins(samba4_winsdb, samba3_winsdb): "versionID": str(version_id), "address": ips}) - samba4_winsdb.add({"dn": "CN=VERSION", + samba4_winsdb.add({"dn": "cn=VERSION", + "cn": "VERSION", "objectClass": "winsMaxVersion", "maxVersion": str(version_id)}) -- cgit From 14c5f968e1f99ceabc5a42d9a38a00ea137b00ea Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 7 Mar 2008 10:57:52 +1100 Subject: Rework provision scripts for more testing This fixes up some issues with testdir (was not honoured) and increases test coverage. We now check all the major provision modes. In doing so, to make it possible to call from the multiple layers of 'sh', I have allowed 'dc' to alias 'domain controller' and 'member' to alias 'member server'. Fighting shell quoting in the test system was just too hard... Also fix upgrade.py Andrew Bartlett (This used to be commit 0923de12282b0e063dd73bc3e056dd5c3663c190) --- source4/scripting/python/samba/upgrade.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 01b62ff984..c5086846d8 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -218,11 +218,9 @@ def upgrade_provision(samba3, setup_dir, message, credentials, session_info, lp, else: serverrole = "member server" - lp.set("server role", serverrole) domainname = oldconf.get("workgroup") if domainname: domainname = str(domainname) - lp.set("workgroup", domainname) realm = oldconf.get("realm") netbiosname = oldconf.get("netbios name") @@ -235,7 +233,6 @@ def upgrade_provision(samba3, setup_dir, message, credentials, session_info, lp, if realm is None: realm = domainname.lower() message("No realm specified in smb.conf file, assuming '%s'\n" % realm) - lp.set("realm", realm) domainguid = secrets_db.get_domain_guid(domainname) domainsid = secrets_db.get_sid(domainname) @@ -247,7 +244,7 @@ def upgrade_provision(samba3, setup_dir, message, credentials, session_info, lp, else: machinepass = None - domaindn = provision(lp=lp, setup_dir=setup_dir, message=message, + domaindn = provision(setup_dir=setup_dir, message=message, samdb_fill=FILL_DRS, paths=paths, session_info=session_info, credentials=credentials, realm=realm, domain=domainname, domainsid=domainsid, domainguid=domainguid, -- cgit From a7e1fa0bef17ecc46f642b23ef635acfb09fea04 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 7 Mar 2008 19:20:39 +1100 Subject: Try to fix up part of the upgrade test. There are still problems with the upgrade test, but these are not related to the provision system. Andrew Bartlett (This used to be commit d331bc400fb138bc43be88d0ca8ab3bcd590d2cd) --- source4/scripting/python/samba/upgrade.py | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index c5086846d8..f40f2cffe7 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -207,7 +207,7 @@ def import_wins(samba4_winsdb, samba3_winsdb): "objectClass": "winsMaxVersion", "maxVersion": str(version_id)}) -def upgrade_provision(samba3, setup_dir, message, credentials, session_info, lp, paths): +def upgrade_provision(samba3, setup_dir, message, credentials, session_info, smbconf, targetdir): oldconf = samba3.get_conf() if oldconf.get("domain logons") == "True": @@ -244,15 +244,13 @@ def upgrade_provision(samba3, setup_dir, message, credentials, session_info, lp, else: machinepass = None - domaindn = provision(setup_dir=setup_dir, message=message, - samdb_fill=FILL_DRS, paths=paths, session_info=session_info, - credentials=credentials, realm=realm, - domain=domainname, domainsid=domainsid, domainguid=domainguid, - machinepass=machinepass, serverrole=serverrole) + result = provision(setup_dir=setup_dir, message=message, + samdb_fill=FILL_DRS, smbconf=smbconf, session_info=session_info, + credentials=credentials, realm=realm, + domain=domainname, domainsid=domainsid, domainguid=domainguid, + machinepass=machinepass, serverrole=serverrole, targetdir=targetdir) - samdb = SamDB(paths.samdb, credentials=credentials, lp=lp, session_info=session_info) - - import_wins(Ldb(paths.winsdb), samba3.get_wins_db()) + import_wins(Ldb(result.paths.winsdb), samba3.get_wins_db()) # FIXME: import_registry(registry.Registry(), samba3.get_registry()) @@ -268,12 +266,12 @@ def upgrade_provision(samba3, setup_dir, message, credentials, session_info, lp, passdb = samba3.get_sam_db() for name in passdb: user = passdb[name] - #FIXME: import_sam_account(samdb, user, domaindn, domainsid) + #FIXME: import_sam_account(result.samdb, user, domaindn, domainsid) if hasattr(passdb, 'ldap_url'): message("Enabling Samba3 LDAP mappings for SAM database") - enable_samba3sam(samdb, passdb.ldap_url) + enable_samba3sam(result.samdb, passdb.ldap_url) def enable_samba3sam(samdb, ldapurl): -- cgit From c401aa93573460f10256218a6a1902839b17b884 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 22 May 2008 17:42:18 +0200 Subject: Use restructuredText formatting for docstrings. (This used to be commit 0cc58decd74d20f3d7dff93ddef1c8bce4d49ad0) --- source4/scripting/python/samba/upgrade.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/scripting/python/samba/upgrade.py') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index f40f2cffe7..0c83604e82 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -7,6 +7,8 @@ """Support code for upgrading from Samba 3 to Samba 4.""" +__docformat__ = "restructuredText" + from provision import findnss, provision, FILL_DRS import grp import ldb -- cgit