2010-11-28 16:09:30 +03:00
# backend code for upgrading from Samba3
# Copyright Jelmer Vernooij 2005-2007
2007-12-10 11:29:00 +03:00
#
2010-11-28 16:09:30 +03:00
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
2007-12-10 11:29:00 +03:00
#
""" Support code for upgrading from Samba 3 to Samba 4. """
2008-05-22 19:42:18 +04:00
__docformat__ = " restructuredText "
2007-12-10 11:29:00 +03:00
import grp
2007-12-27 12:09:49 +03:00
import ldb
2008-02-09 19:37:42 +03:00
import time
2007-12-10 11:29:00 +03:00
import pwd
2010-01-25 17:17:56 +03:00
from samba import Ldb , registry
2009-07-19 20:51:15 +04:00
from samba . param import LoadParm
2011-08-12 05:37:57 +04:00
from samba . provision import provision , FILL_FULL
from samba . samba3 import passdb
from samba . samba3 import param as s3param
2011-08-18 09:21:32 +04:00
from samba . dcerpc import lsa
from samba . dcerpc . security import dom_sid
from samba import dsdb
from samba . ndr import ndr_pack
2007-12-10 11:29:00 +03:00
2009-07-19 20:51:15 +04:00
def import_sam_policy ( samldb , policy , dn ) :
2008-02-10 00:29:42 +03:00
""" Import a Samba 3 policy database. """
2007-12-27 12:09:49 +03:00
samldb . modify_ldif ( """
2007-12-10 11:29:00 +03:00
dn : % s
changetype : modify
replace : minPwdLength
minPwdLength : % d
pwdHistoryLength : % d
minPwdAge : % d
maxPwdAge : % d
lockoutDuration : % d
samba3ResetCountMinutes : % d
samba3UserMustLogonToChangePassword : % d
samba3BadLockoutMinutes : % d
samba3DisconnectTime : % d
2010-11-28 16:09:30 +03:00
""" % (dn, policy.min_password_length,
2007-12-24 04:19:41 +03:00
policy . password_history , policy . minimum_password_age ,
policy . maximum_password_age , policy . lockout_duration ,
policy . reset_count_minutes , policy . user_must_logon_to_change_password ,
2007-12-27 12:09:49 +03:00
policy . bad_lockout_minutes , policy . disconnect_time ) )
2007-12-10 11:29:00 +03:00
2007-12-27 12:09:49 +03:00
def import_sam_account ( samldb , acc , domaindn , domainsid ) :
""" Import a Samba 3 SAM account.
2010-11-28 16:09:30 +03:00
2007-12-27 12:09:49 +03:00
: param samldb : Samba 4 SAM Database handle
: param acc : Samba 3 account
: param domaindn : Domain DN
: param domainsid : Domain SID . """
2007-12-10 11:29:00 +03:00
if acc . nt_username is None or acc . nt_username == " " :
2007-12-17 14:19:45 +03:00
acc . nt_username = acc . username
2007-12-10 11:29:00 +03:00
if acc . fullname is None :
2007-12-27 12:09:49 +03:00
try :
acc . fullname = pwd . getpwnam ( acc . username ) [ 4 ] . split ( " , " ) [ 0 ]
except KeyError :
pass
2007-12-10 11:29:00 +03:00
if acc . fullname is None :
2007-12-17 14:19:45 +03:00
acc . fullname = acc . username
2010-11-28 16:09:30 +03:00
2007-12-17 14:19:45 +03:00
assert acc . fullname is not None
assert acc . nt_username is not None
2007-12-10 11:29:00 +03:00
2007-12-27 12:09:49 +03:00
samldb . add ( {
" dn " : " cn= %s , %s " % ( acc . fullname , domaindn ) ,
" objectClass " : [ " top " , " user " ] ,
" lastLogon " : str ( acc . logon_time ) ,
" lastLogoff " : str ( acc . logoff_time ) ,
" unixName " : acc . username ,
" sAMAccountName " : acc . nt_username ,
" cn " : acc . nt_username ,
" description " : acc . acct_desc ,
" primaryGroupID " : str ( acc . group_rid ) ,
" badPwdcount " : str ( acc . bad_password_count ) ,
" logonCount " : str ( acc . logon_count ) ,
" samba3Domain " : acc . domain ,
" samba3DirDrive " : acc . dir_drive ,
" samba3MungedDial " : acc . munged_dial ,
2010-11-28 16:09:30 +03:00
" samba3Homedir " : acc . homedir ,
" samba3LogonScript " : acc . logon_script ,
2007-12-27 12:09:49 +03:00
" samba3ProfilePath " : acc . profile_path ,
" samba3Workstations " : acc . workstations ,
" samba3KickOffTime " : str ( acc . kickoff_time ) ,
" samba3BadPwdTime " : str ( acc . bad_password_time ) ,
" samba3PassLastSetTime " : str ( acc . pass_last_set_time ) ,
" samba3PassCanChangeTime " : str ( acc . pass_can_change_time ) ,
" samba3PassMustChangeTime " : str ( acc . pass_must_change_time ) ,
" objectSid " : " %s - %d " % ( domainsid , acc . user_rid ) ,
" lmPwdHash: " : acc . lm_password ,
" ntPwdHash: " : acc . nt_password ,
} )
2009-11-28 18:59:18 +03:00
2007-12-27 12:09:49 +03:00
def import_sam_group ( samldb , sid , gid , sid_name_use , nt_name , comment , domaindn ) :
""" Upgrade a SAM group.
2010-11-28 16:09:30 +03:00
2007-12-27 12:09:49 +03:00
: param samldb : SAM database .
: param gid : Group GID
: param sid_name_use : SID name use
: param nt_name : NT Group Name
: param comment : NT Group Comment
: param domaindn : Domain DN
"""
if sid_name_use == 5 : # Well-known group
2007-12-17 14:19:45 +03:00
return None
2007-12-10 11:29:00 +03:00
2007-12-27 12:09:49 +03:00
if nt_name in ( " Domain Guests " , " Domain Users " , " Domain Admins " ) :
2007-12-17 14:19:45 +03:00
return None
2010-11-28 16:09:30 +03:00
2007-12-27 12:09:49 +03:00
if gid == - 1 :
gr = grp . getgrnam ( nt_name )
2007-12-10 11:29:00 +03:00
else :
2007-12-27 12:09:49 +03:00
gr = grp . getgrgid ( gid )
2007-12-10 11:29:00 +03:00
if gr is None :
2007-12-27 12:09:49 +03:00
unixname = " UNKNOWN "
2007-12-10 11:29:00 +03:00
else :
2007-12-27 12:09:49 +03:00
unixname = gr . gr_name
2007-12-10 11:29:00 +03:00
2007-12-27 12:09:49 +03:00
assert unixname is not None
2010-11-28 16:09:30 +03:00
2007-12-27 12:09:49 +03:00
samldb . add ( {
" dn " : " cn= %s , %s " % ( nt_name , domaindn ) ,
" objectClass " : [ " top " , " group " ] ,
" description " : comment ,
2010-11-28 16:09:30 +03:00
" cn " : nt_name ,
2007-12-27 12:09:49 +03:00
" objectSid " : sid ,
" unixName " : unixname ,
" samba3SidNameUse " : str ( sid_name_use )
} )
2009-11-28 18:59:18 +03:00
2011-08-18 09:21:32 +04:00
def add_idmap_entry ( idmapdb , sid , xid , xid_type , logger ) :
""" Create idmap entry """
# First try to see if we already have this entry
found = False
try :
msg = idmapdb . search ( expression = ' objectSid= %s ' % str ( sid ) )
if msg . count == 1 :
found = True
except Exception , e :
raise e
if found :
print msg . count
print dir ( msg )
try :
m = ldb . Message ( )
m . dn = ldb . Dn ( idmapdb , msg [ 0 ] [ ' dn ' ] )
m [ ' xidNumber ' ] = ldb . MessageElement ( str ( xid ) , ldb . FLAG_MOD_REPLACE , ' xidNumber ' )
m [ ' type ' ] = ldb . MessageElement ( xid_type , ldb . FLAG_MOD_REPLACE , ' type ' )
idmapdb . modify ( m )
except ldb . LdbError , e :
logger . warn ( ' Could not modify idmap entry for sid= %s , id= %s , type= %s ( %s ) ' ,
str ( sid ) , str ( xid ) , xid_type , str ( e ) )
except Exception , e :
raise e
else :
try :
idmapdb . add ( { " dn " : " CN= %s " % str ( sid ) ,
" cn " : str ( sid ) ,
" objectClass " : " sidMap " ,
" objectSid " : ndr_pack ( sid ) ,
" type " : xid_type ,
" xidNumber " : str ( xid ) } )
except ldb . LdbError , e :
logger . warn ( ' Could not add idmap entry for sid= %s , id= %s , type= %s ( %s ) ' ,
str ( sid ) , str ( xid ) , xid_type , str ( e ) )
except Exception , e :
raise e
def import_idmap ( idmapdb , samba3_idmap , logger ) :
2007-12-27 12:09:49 +03:00
""" Import idmap data.
: param samba3_idmap : Samba 3 IDMAP database to import from
"""
2007-12-10 11:29:00 +03:00
2011-08-18 09:21:32 +04:00
currentxid = max ( samba3_idmap . get_user_hwm ( ) , samba3_idmap . get_group_hwm ( ) )
lowerbound = currentxid
# FIXME: upperbound
m = ldb . Message ( )
m . dn = ldb . Dn ( idmapdb , ' CN=CONFIG ' )
m [ ' lowerbound ' ] = ldb . MessageElement ( str ( lowerbound ) , ldb . FLAG_MOD_REPLACE , ' lowerBound ' )
m [ ' xidNumber ' ] = ldb . MessageElement ( str ( currentxid ) , ldb . FLAG_MOD_REPLACE , ' xidNumber ' )
idmapdb . modify ( m )
for id_type , xid in samba3_idmap . ids ( ) :
if id_type == ' UID ' :
xid_type = ' ID_TYPE_UID '
elif id_type == ' GID ' :
xid_type = ' ID_TYPE_GID '
else :
logger . warn ( ' Wrong type of entry in idmap ( %s ), Ignoring ' , id_type )
continue
sid = samba3_idmap . get_sid ( xid , id_type )
add_idmap_entry ( idmapdb , dom_sid ( sid ) , xid , xid_type , logger )
def add_group_from_mapping_entry ( samdb , groupmap , logger ) :
""" Add or modify group from group mapping entry """
# First try to see if we already have this entry
try :
msg = samdb . search ( base = ' <SID= %s > ' % str ( groupmap . sid ) , scope = ldb . SCOPE_BASE )
found = True
except ldb . LdbError , ( ecode , emsg ) :
if ecode == ldb . ERR_NO_SUCH_OBJECT :
found = False
else :
raise ldb . LdbError ( ecode , emsg )
except Exception , e :
raise e
if found :
logger . warn ( ' Group already exists sid= %s , groupname= %s existing_groupname= %s , Ignoring. ' ,
str ( groupmap . sid ) , groupmap . nt_name , msg [ 0 ] [ ' sAMAccountName ' ] [ 0 ] )
else :
if groupmap . sid_name_use == lsa . SID_NAME_WKN_GRP :
return
m = ldb . Message ( )
m . dn = ldb . Dn ( samdb , " CN= %s ,CN=Users, %s " % ( groupmap . nt_name , samdb . get_default_basedn ( ) ) )
m [ ' a01 ' ] = ldb . MessageElement ( groupmap . nt_name , ldb . FLAG_MOD_ADD , ' cn ' )
m [ ' a02 ' ] = ldb . MessageElement ( ' group ' , ldb . FLAG_MOD_ADD , ' objectClass ' )
m [ ' a03 ' ] = ldb . MessageElement ( ndr_pack ( groupmap . sid ) , ldb . FLAG_MOD_ADD , ' objectSid ' )
m [ ' a04 ' ] = ldb . MessageElement ( groupmap . comment , ldb . FLAG_MOD_ADD , ' description ' )
m [ ' a05 ' ] = ldb . MessageElement ( groupmap . nt_name , ldb . FLAG_MOD_ADD , ' sAMAccountName ' )
if groupmap . sid_name_use == lsa . SID_NAME_ALIAS :
m [ ' a06 ' ] = ldb . MessageElement ( str ( dsdb . GTYPE_SECURITY_DOMAIN_LOCAL_GROUP ) , ldb . FLAG_MOD_ADD , ' groupType ' )
try :
samdb . add ( m , controls = [ " relax:0 " ] )
except ldb . LdbError , e :
logger . warn ( ' Could not add group name= %s ( %s ) ' , groupmap . nt_name , str ( e ) )
except Exception , e :
raise ( e )
def add_users_to_group ( samdb , group , members ) :
""" Add user/member to group/alias """
2007-12-10 11:29:00 +03:00
2011-08-18 09:21:32 +04:00
for member_sid in members :
m = ldb . Message ( )
m . dn = ldb . Dn ( samdb , " <SID= %s " % str ( group . sid ) )
m [ ' a01 ' ] = ldb . MessageElement ( " <SID= %s > " % str ( member_sid ) , ldb . FLAG_MOD_REPLACE , ' member ' )
try :
samdb . modify ( m )
except ldb . LdbError , e :
logger . warn ( " Could not add member to group ' %s ' " , groupmap . nt_name )
except Exception , e :
raise ( e )
2007-12-10 11:29:00 +03:00
2009-11-28 18:59:18 +03:00
2007-12-27 05:55:05 +03:00
def import_wins ( samba4_winsdb , samba3_winsdb ) :
2007-12-27 12:09:49 +03:00
""" Import settings from a Samba3 WINS database.
2010-11-28 16:09:30 +03:00
2007-12-27 12:09:49 +03:00
: param samba4_winsdb : WINS database to import to
: param samba3_winsdb : WINS database to import from
"""
2007-12-27 05:55:05 +03:00
version_id = 0
for ( name , ( ttl , ips , nb_flags ) ) in samba3_winsdb . items ( ) :
2007-12-17 14:19:45 +03:00
version_id + = 1
2007-12-10 11:29:00 +03:00
2007-12-27 05:55:05 +03:00
type = int ( name . split ( " # " , 1 ) [ 1 ] , 16 )
if type == 0x1C :
2007-12-17 14:19:45 +03:00
rType = 0x2
2007-12-27 05:55:05 +03:00
elif type & 0x80 :
if len ( ips ) > 1 :
2007-12-17 14:19:45 +03:00
rType = 0x2
2007-12-10 11:29:00 +03:00
else :
2007-12-17 14:19:45 +03:00
rType = 0x1
2007-12-10 11:29:00 +03:00
else :
2007-12-27 05:55:05 +03:00
if len ( ips ) > 1 :
2007-12-17 14:19:45 +03:00
rType = 0x3
2007-12-10 11:29:00 +03:00
else :
2007-12-17 14:19:45 +03:00
rType = 0x0
2007-12-10 11:29:00 +03:00
2007-12-27 05:55:05 +03:00
if ttl > time . time ( ) :
2007-12-17 14:19:45 +03:00
rState = 0x0 # active
2007-12-10 11:29:00 +03:00
else :
2007-12-17 14:19:45 +03:00
rState = 0x1 # released
2007-12-10 11:29:00 +03:00
2007-12-27 05:55:05 +03:00
nType = ( ( nb_flags & 0x60 ) >> 5 )
2007-12-10 11:29:00 +03:00
2007-12-27 12:09:49 +03:00
samba4_winsdb . add ( { " dn " : " name= %s ,type=0x %s " % tuple ( name . split ( " # " ) ) ,
2007-12-27 05:55:05 +03:00
" type " : name . split ( " # " ) [ 1 ] ,
" name " : name . split ( " # " ) [ 0 ] ,
" objectClass " : " winsRecord " ,
" recordType " : str ( rType ) ,
" recordState " : str ( rState ) ,
" nodeType " : str ( nType ) ,
2007-12-27 12:09:49 +03:00
" expireTime " : ldb . timestring ( ttl ) ,
2007-12-27 05:55:05 +03:00
" isStatic " : " 0 " ,
" versionID " : str ( version_id ) ,
" address " : ips } )
2008-02-10 00:29:42 +03:00
samba4_winsdb . add ( { " dn " : " cn=VERSION " ,
" cn " : " VERSION " ,
2007-12-27 05:55:05 +03:00
" objectClass " : " winsMaxVersion " ,
" maxVersion " : str ( version_id ) } )
2007-12-10 11:29:00 +03:00
2007-12-27 12:09:49 +03:00
def enable_samba3sam ( samdb , ldapurl ) :
""" Enable Samba 3 LDAP URL database.
: param samdb : SAM Database .
: param ldapurl : Samba 3 LDAP URL
"""
samdb . modify_ldif ( """
dn : @MODULES
changetype : modify
replace : @LIST
@LIST : samldb , operational , objectguid , rdn_name , samba3sam
""" )
samdb . add ( { " dn " : " @MAP=samba3sam " , " @MAP_URL " : ldapurl } )
2009-11-28 18:59:18 +03:00
2007-12-10 11:29:00 +03:00
smbconf_keep = [
2010-11-28 16:09:30 +03:00
" dos charset " ,
2007-12-17 14:19:45 +03:00
" unix charset " ,
" display charset " ,
" comment " ,
" path " ,
" directory " ,
" workgroup " ,
" realm " ,
" netbios name " ,
" netbios aliases " ,
" netbios scope " ,
" server string " ,
" interfaces " ,
" bind interfaces only " ,
" security " ,
" auth methods " ,
" encrypt passwords " ,
" null passwords " ,
" obey pam restrictions " ,
" password server " ,
" smb passwd file " ,
" private dir " ,
" passwd chat " ,
" password level " ,
" lanman auth " ,
" ntlm auth " ,
" client NTLMv2 auth " ,
" client lanman auth " ,
" client plaintext auth " ,
" read only " ,
" hosts allow " ,
" hosts deny " ,
" log level " ,
" debuglevel " ,
" log file " ,
" smb ports " ,
" large readwrite " ,
" max protocol " ,
" min protocol " ,
" unicode " ,
" read raw " ,
" write raw " ,
" disable netbios " ,
" nt status support " ,
" max mux " ,
" max xmit " ,
" name resolve order " ,
" max wins ttl " ,
" min wins ttl " ,
" time server " ,
" unix extensions " ,
" use spnego " ,
" server signing " ,
" client signing " ,
" max connections " ,
" paranoid server security " ,
" socket options " ,
" strict sync " ,
" max print jobs " ,
" printable " ,
" print ok " ,
" printer name " ,
" printer " ,
" map system " ,
" map hidden " ,
" map archive " ,
" preferred master " ,
" prefered master " ,
" local master " ,
" browseable " ,
" browsable " ,
" wins server " ,
" wins support " ,
" csc policy " ,
" strict locking " ,
" preload " ,
" auto services " ,
" lock dir " ,
" lock directory " ,
" pid directory " ,
" socket address " ,
" copy " ,
" include " ,
" available " ,
" volume " ,
" fstype " ,
" panic action " ,
" msdfs root " ,
" host msdfs " ,
" winbind separator " ]
2007-12-10 11:29:00 +03:00
def upgrade_smbconf ( oldconf , mark ) :
2007-12-17 14:19:45 +03:00
""" Remove configuration variables not present in Samba4
: param oldconf : Old configuration structure
2010-11-28 16:09:30 +03:00
: param mark : Whether removed configuration variables should be
2007-12-17 14:19:45 +03:00
kept in the new configuration as " samba3:<name> "
"""
data = oldconf . data ( )
2009-07-19 20:51:15 +04:00
newconf = LoadParm ( )
2007-12-17 14:19:45 +03:00
for s in data :
for p in data [ s ] :
keep = False
for k in smbconf_keep :
2007-12-10 11:29:00 +03:00
if smbconf_keep [ k ] == p :
2007-12-17 14:19:45 +03:00
keep = True
break
2007-12-10 11:29:00 +03:00
if keep :
2007-12-17 14:19:45 +03:00
newconf . set ( s , p , oldconf . get ( s , p ) )
2007-12-10 11:29:00 +03:00
elif mark :
2007-12-17 14:19:45 +03:00
newconf . set ( s , " samba3: " + p , oldconf . get ( s , p ) )
2007-12-10 11:29:00 +03:00
2007-12-17 14:19:45 +03:00
return newconf
2007-12-10 11:29:00 +03:00
2007-12-27 05:55:05 +03:00
SAMBA3_PREDEF_NAMES = {
' HKLM ' : registry . HKEY_LOCAL_MACHINE ,
}
def import_registry ( samba4_registry , samba3_regdb ) :
""" Import a Samba 3 registry database into the Samba 4 registry.
: param samba4_registry : Samba 4 registry handle .
: param samba3_regdb : Samba 3 registry database handle .
"""
def ensure_key_exists ( keypath ) :
( predef_name , keypath ) = keypath . split ( " / " , 1 )
predef_id = SAMBA3_PREDEF_NAMES [ predef_name ]
keypath = keypath . replace ( " / " , " \\ " )
return samba4_registry . create_key ( predef_id , keypath )
for key in samba3_regdb . keys ( ) :
key_handle = ensure_key_exists ( key )
for subkey in samba3_regdb . subkeys ( key ) :
ensure_key_exists ( subkey )
for ( value_name , ( value_type , value_data ) ) in samba3_regdb . values ( key ) . items ( ) :
key_handle . set_value ( value_name , value_type , value_data )
2011-08-12 05:37:57 +04:00
def upgrade_from_samba3 ( samba3 , logger , session_info , smbconf , targetdir ) :
""" Upgrade from samba3 database to samba4 AD database
"""
# Read samba3 smb.conf
oldconf = s3param . get_context ( ) ;
oldconf . load ( smbconf )
2009-11-27 17:50:26 +03:00
2011-08-12 05:37:57 +04:00
if oldconf . get ( " domain logons " ) :
2009-11-27 17:50:26 +03:00
serverrole = " domain controller "
else :
if oldconf . get ( " security " ) == " user " :
serverrole = " standalone "
else :
serverrole = " member server "
domainname = oldconf . get ( " workgroup " )
realm = oldconf . get ( " realm " )
netbiosname = oldconf . get ( " netbios name " )
2011-08-12 05:37:57 +04:00
# secrets db
2009-11-27 17:50:26 +03:00
secrets_db = samba3 . get_secrets_db ( )
2010-11-28 16:09:30 +03:00
2011-08-12 05:37:57 +04:00
if not domainname :
2009-11-27 17:50:26 +03:00
domainname = secrets_db . domains ( ) [ 0 ]
2010-06-13 17:05:50 +04:00
logger . warning ( " No domain specified in smb.conf file, assuming ' %s ' " ,
domainname )
2010-11-28 16:09:30 +03:00
2011-08-12 05:37:57 +04:00
if not realm :
if oldconf . get ( " domain logons " ) :
2010-06-13 17:05:50 +04:00
logger . warning ( " No realm specified in smb.conf file and being a DC. That upgrade path doesn ' t work! Please add a ' realm ' directive to your old smb.conf to let us know which one you want to use (generally it ' s the upcased DNS domainname). " )
2009-11-27 17:50:26 +03:00
return
else :
realm = domainname . upper ( )
2010-06-13 17:05:50 +04:00
logger . warning ( " No realm specified in smb.conf file, assuming ' %s ' " ,
realm )
2009-11-27 17:50:26 +03:00
2011-08-12 05:37:57 +04:00
# Find machine account and password
machinepass = None
2011-08-13 07:32:18 +04:00
machinerid = None
2011-08-12 05:37:57 +04:00
machinesid = None
2011-08-13 07:32:18 +04:00
next_rid = 1000
2011-08-12 05:37:57 +04:00
try :
machinepass = secrets_db . get_machine_password ( netbiosname )
except :
pass
# We must close the direct pytdb database before the C code loads it
secrets_db . close ( )
2011-08-19 06:30:19 +04:00
passdb . set_secrets_dir ( samba3 . privatedir )
2011-08-12 05:37:57 +04:00
2011-08-18 09:21:32 +04:00
# Get domain sid
2011-08-12 05:37:57 +04:00
try :
2011-08-18 09:21:32 +04:00
domainsid = passdb . get_global_sam_sid ( )
2011-08-12 05:37:57 +04:00
except :
2011-08-18 09:21:32 +04:00
raise Exception ( " Can ' t find domain sid for ' %s ' , Exiting. " % domainname )
2011-08-12 05:37:57 +04:00
2011-08-18 09:21:32 +04:00
# Get machine account, sid, rid
2011-08-12 05:37:57 +04:00
try :
machineacct = old_passdb . getsampwnam ( ' %s $ ' % netbiosname )
machinesid , machinerid = machineacct . user_sid . split ( )
except :
pass
2011-08-18 09:21:32 +04:00
# Connect to old password backend
old_passdb = passdb . PDB ( oldconf . get ( ' passdb backend ' ) )
# Import groups from old passdb backend
logger . info ( " Exporting groups " )
grouplist = old_passdb . enum_group_mapping ( )
groupmembers = { }
for group in grouplist :
sid , rid = group . sid . split ( )
if sid == domainsid :
if rid > = next_rid :
next_rid = rid + 1
# Get members for each group/alias
if group . sid_name_use == lsa . SID_NAME_ALIAS or group . sid_name_use == lsa . SID_NAME_WKN_GRP :
members = old_passdb . enum_aliasmem ( group . sid )
elif group . sid_name_use == lsa . SID_NAME_DOM_GRP :
try :
members = old_passdb . enum_group_members ( group . sid )
except :
continue
else :
logger . warn ( " Ignoring group ' %s ' with sid_name_use= %d " ,
group . nt_name , group . sid_name_use )
continue
groupmembers [ group . nt_name ] = members
2010-11-28 16:09:30 +03:00
2011-08-12 05:37:57 +04:00
# Import users from old passdb backend
2011-08-18 09:21:32 +04:00
logger . info ( " Exporting users " )
2011-08-12 05:37:57 +04:00
userlist = old_passdb . search_users ( 0 )
userdata = { }
2011-08-18 09:21:32 +04:00
uids = { }
2011-08-12 05:37:57 +04:00
for entry in userlist :
2011-08-13 07:32:18 +04:00
if machinerid and machinerid == entry [ ' rid ' ] :
2011-08-12 05:37:57 +04:00
continue
username = entry [ ' account_name ' ]
if entry [ ' rid ' ] < 1000 :
2011-08-18 09:21:32 +04:00
logger . info ( " Skipping wellknown rid= %d (for username= %s ) " , entry [ ' rid ' ] , username )
2011-08-12 05:37:57 +04:00
continue
2011-08-13 07:32:18 +04:00
if entry [ ' rid ' ] > = next_rid :
next_rid = entry [ ' rid ' ] + 1
2011-08-12 05:37:57 +04:00
userdata [ username ] = old_passdb . getsampwnam ( username )
2011-08-18 09:21:32 +04:00
try :
uids [ username ] = old_passdb . sid_to_id ( userdata [ username ] . user_sid ) [ 0 ]
except :
try :
uids [ username ] = pwd . getpwnam ( username ) . pw_uid
except :
pass
logger . info ( " Next rid = %d " , next_rid )
2011-08-12 05:37:57 +04:00
# Do full provision
result = provision ( logger , session_info , None ,
2009-11-27 17:50:26 +03:00
targetdir = targetdir , realm = realm , domain = domainname ,
2011-08-18 09:21:32 +04:00
domainsid = str ( domainsid ) , next_rid = next_rid ,
2011-08-13 07:32:18 +04:00
dc_rid = machinerid ,
2009-11-27 17:50:26 +03:00
hostname = netbiosname , machinepass = machinepass ,
2011-08-12 05:37:57 +04:00
serverrole = serverrole , samdb_fill = FILL_FULL )
2009-11-27 17:50:26 +03:00
2011-08-18 09:21:32 +04:00
logger . info ( " Import WINS " )
2009-11-28 17:28:45 +03:00
import_wins ( Ldb ( result . paths . winsdb ) , samba3 . get_wins_db ( ) )
2009-11-27 17:50:26 +03:00
2011-08-12 05:37:57 +04:00
new_smbconf = result . lp . configfile
newconf = s3param . get_context ( )
newconf . load ( new_smbconf )
2009-11-27 17:50:26 +03:00
2011-08-18 09:21:32 +04:00
# Migrate idmap
logger . info ( " Migrating idmap database " )
import_idmap ( result . idmap , samba3 . get_idmap_db ( ) , logger )
# Connect to samba4 backend
2011-08-12 05:37:57 +04:00
new_passdb = passdb . PDB ( ' samba4 ' )
2009-11-27 17:50:26 +03:00
2011-08-18 09:21:32 +04:00
# Export groups to samba4 backend
logger . info ( " Importing groups " )
for g in grouplist :
# Ignore uninitialized groups (gid = -1)
if g . gid != 0xffffffff :
add_idmap_entry ( result . idmap , g . sid , g . gid , " GID " , logger )
add_group_from_mapping_entry ( result . samdb , g , logger )
# Export users to samba4 backend
logger . info ( " Importing users " )
2011-08-12 05:37:57 +04:00
for username in userdata :
2011-08-19 06:33:15 +04:00
if username . lower ( ) == ' administrator ' or username . lower ( ) == ' root ' :
continue
2011-08-12 05:37:57 +04:00
new_passdb . add_sam_account ( userdata [ username ] )
2011-08-18 09:21:32 +04:00
if username in uids :
add_idmap_entry ( result . idmap , userdata [ username ] . user_sid , uids [ username ] , " UID " , logger )
logger . info ( " Adding users to groups " )
for g in grouplist :
if g . nt_name in groupmembers :
add_users_to_group ( result . samdb , g , groupmembers [ g . nt_name ] )
# FIXME: import_registry(registry.Registry(), samba3.get_registry())