1
0
mirror of https://github.com/samba-team/samba.git synced 2025-07-22 16:59:09 +03:00

r26506: Start running (really trivial) tests for upgrade script.

(This used to be commit 73bd4a9566)
This commit is contained in:
Jelmer Vernooij
2007-12-17 12:19:45 +01:00
committed by Stefan Metzmacher
parent f89c7a6e5e
commit 323c174be3
4 changed files with 314 additions and 318 deletions

View File

@ -11,17 +11,19 @@ from provision import findnss
import provision
import grp
import pwd
from uuid import uuid4
from param import default_configuration
import uuid
def regkey_to_dn(name):
"""Convert a registry key to a DN."""
dn = "hive=NONE"
dn = "hive=NONE"
for el in name.split("/")[1:]:
if name == "":
return dn
for el in name.split("/"):
dn = "key=%s," % el + dn
return dn
return dn
# Where prefix is any of:
# - HKLM
@ -33,39 +35,39 @@ def regkey_to_dn(name):
def upgrade_registry(regdb,prefix,ldb):
"""Migrate registry contents."""
assert regdb is not None:
prefix_up = prefix.upper()
ldif = []
assert regdb is not None
prefix_up = prefix.upper()
ldif = []
for rk in regdb.keys:
pts = rk.name.split("/")
pts = rk.name.split("/")
# Only handle selected hive
# Only handle selected hive
if pts[0].upper() != prefix_up:
continue
continue
keydn = regkey_to_dn(rk.name)
keydn = regkey_to_dn(rk.name)
pts = rk.name.split("/")
pts = rk.name.split("/")
# Convert key name to dn
ldif[rk.name] = """
# Convert key name to dn
ldif[rk.name] = """
dn: %s
name: %s
""" % (keydn, pts[0])
for rv in rk.values:
ldif[rk.name + " (" + rv.name + ")"] = """
ldif[rk.name + " (" + rv.name + ")"] = """
dn: %s,value=%s
value: %s
type: %d
data:: %s""" % (keydn, rv.name, rv.name, rv.type, ldb.encode(rv.data))
return ldif
return ldif
def upgrade_sam_policy(samba3,dn):
ldif = """
ldif = """
dn: %s
changetype: modify
replace: minPwdLength
@ -80,30 +82,30 @@ samba3BadLockoutMinutes: %d
samba3DisconnectTime: %d
""" % (dn, samba3.policy.min_password_length,
samba3.policy.password_history, samba3.policy.minimum_password_age,
samba3.policy.maximum_password_age, samba3.policy.lockout_duration,
samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password,
samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time)
return ldif
samba3.policy.password_history, samba3.policy.minimum_password_age,
samba3.policy.maximum_password_age, samba3.policy.lockout_duration,
samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password,
samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time)
return ldif
def upgrade_sam_account(ldb,acc,domaindn,domainsid):
"""Upgrade a SAM account."""
if acc.nt_username is None or acc.nt_username == "":
acc.nt_username = acc.username
acc.nt_username = acc.username
if acc.fullname is None:
acc.fullname = pwd.getpwnam(acc.fullname)[4]
acc.fullname = pwd.getpwnam(acc.fullname)[4]
acc.fullname = acc.fullname.split(",")[0]
acc.fullname = acc.fullname.split(",")[0]
if acc.fullname is None:
acc.fullname = acc.username
assert acc.fullname is not None
assert acc.nt_username is not None
acc.fullname = acc.username
assert acc.fullname is not None
assert acc.nt_username is not None
ldif = """dn: cn=%s,%s
ldif = """dn: cn=%s,%s
objectClass: top
objectClass: user
lastLogon: %d
@ -136,31 +138,31 @@ acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script,
acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time,
acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, domainsid, acc.user_rid,
ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw))
ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw))
return ldif
return ldif
def upgrade_sam_group(group,domaindn):
"""Upgrade a SAM group."""
if group.sid_name_use == 5: # Well-known group
return None
if group.sid_name_use == 5: # Well-known group
return None
if group.nt_name in ("Domain Guests", "Domain Users", "Domain Admins"):
return None
return None
if group.gid == -1:
gr = grp.getgrnam(grp.nt_name)
gr = grp.getgrnam(grp.nt_name)
else:
gr = grp.getgrgid(grp.gid)
gr = grp.getgrgid(grp.gid)
if gr is None:
group.unixname = "UNKNOWN"
group.unixname = "UNKNOWN"
else:
group.unixname = gr.gr_name
group.unixname = gr.gr_name
assert group.unixname is not None
ldif = """dn: cn=%s,%s
assert group.unixname is not None
ldif = """dn: cn=%s,%s
objectClass: top
objectClass: group
description: %s
@ -171,11 +173,11 @@ samba3SidNameUse: %d
""" % (group.nt_name, domaindn,
group.comment, group.nt_name, group.sid, group.unixname, group.sid_name_use)
return ldif
return ldif
def upgrade_winbind(samba3,domaindn):
ldif = """
ldif = """
dn: dc=none
userHwm: %d
groupHwm: %d
@ -183,48 +185,48 @@ groupHwm: %d
""" % (samba3.idmap.user_hwm, samba3.idmap.group_hwm)
for m in samba3.idmap.mappings:
ldif += """
ldif += """
dn: SID=%s,%s
SID: %s
type: %d
unixID: %d""" % (m.sid, domaindn, m.sid, m.type, m.unix_id)
return ldif
return ldif
def upgrade_wins(samba3):
"""Upgrade the WINS database."""
ldif = ""
version_id = 0
ldif = ""
version_id = 0
for e in samba3.winsentries:
now = sys.nttime()
ttl = sys.unix2nttime(e.ttl)
now = sys.nttime()
ttl = sys.unix2nttime(e.ttl)
version_id+=1
version_id+=1
numIPs = len(e.ips)
if e.type == 0x1C:
rType = 0x2
rType = 0x2
elif e.type & 0x80:
if numIPs > 1:
rType = 0x2
rType = 0x2
else:
rType = 0x1
rType = 0x1
else:
if numIPs > 1:
rType = 0x3
rType = 0x3
else:
rType = 0x0
rType = 0x0
if ttl > now:
rState = 0x0 # active
rState = 0x0 # active
else:
rState = 0x1 # released
rState = 0x1 # released
nType = ((e.nb_flags & 0x60)>>5)
nType = ((e.nb_flags & 0x60)>>5)
ldif += """
ldif += """
dn: name=%s,type=0x%02X
type: 0x%02X
name: %s
@ -240,324 +242,322 @@ versionID: %llu
ldaptime(ttl), version_id)
for ip in e.ips:
ldif += "address: %s\n" % ip
ldif += "address: %s\n" % ip
ldif += """
ldif += """
dn: CN=VERSION
objectClass: winsMaxVersion
maxVersion: %llu
""" % version_id
return ldif
return ldif
def upgrade_provision(lp, samba3):
subobj = Object()
subobj = Object()
domainname = samba3.configuration.get("workgroup")
domainname = samba3.configuration.get("workgroup")
if domainname is None:
domainname = samba3.secrets.domains[0].name
print "No domain specified in smb.conf file, assuming '%s'\n" % domainname
domsec = samba3.find_domainsecrets(domainname)
hostsec = samba3.find_domainsecrets(hostname())
realm = samba3.configuration.get("realm")
domainname = samba3.secrets.domains[0].name
print "No domain specified in smb.conf file, assuming '%s'\n" % domainname
domsec = samba3.find_domainsecrets(domainname)
hostsec = samba3.find_domainsecrets(hostname())
realm = samba3.configuration.get("realm")
if realm is None:
realm = domainname
print "No realm specified in smb.conf file, assuming '%s'\n" % realm
random_init(local)
realm = domainname
print "No realm specified in smb.conf file, assuming '%s'\n" % realm
random_init(local)
subobj.realm = realm
subobj.domain = domainname
subobj.hostname = hostname()
subobj.realm = realm
subobj.domain = domainname
subobj.hostname = hostname()
assert subobj.realm is not None
assert subobj.domain is not None
assert subobj.hostname is not None
assert subobj.realm is not None
assert subobj.domain is not None
assert subobj.hostname is not None
subobj.HOSTIP = hostip()
subobj.HOSTIP = hostip()
if domsec is not None:
subobj.DOMAINGUID = domsec.guid
subobj.DOMAINSID = domsec.sid
subobj.DOMAINGUID = domsec.guid
subobj.DOMAINSID = domsec.sid
else:
print "Can't find domain secrets for '%s'; using random SID and GUID\n" % domainname
subobj.DOMAINGUID = uuid4()
subobj.DOMAINSID = randsid()
print "Can't find domain secrets for '%s'; using random SID and GUID\n" % domainname
subobj.DOMAINGUID = uuid.random()
subobj.DOMAINSID = randsid()
if hostsec:
subobj.HOSTGUID = hostsec.guid
subobj.HOSTGUID = hostsec.guid
else:
subobj.HOSTGUID = uuid4()
subobj.invocationid = uuid4()
subobj.krbtgtpass = randpass(12)
subobj.machinepass = randpass(12)
subobj.adminpass = randpass(12)
subobj.datestring = datestring()
subobj.root = findnss(pwd.getpwnam, "root")[4]
subobj.nobody = findnss(pwd.getpwnam, "nobody")[4]
subobj.nogroup = findnss(grp.getgrnam, "nogroup", "nobody")[2]
subobj.wheel = findnss(grp.getgrnam, "wheel", "root")[2]
subobj.users = findnss(grp.getgrnam, "users", "guest", "other")[2]
subobj.dnsdomain = subobj.realm.lower()
subobj.dnsname = "%s.%s" % (subobj.hostname.lower(), subobj.dnsdomain)
subobj.basedn = "DC=" + ",DC=".join(subobj.realm.split("."))
rdn_list = subobj.dnsdomain.split(".")
subobj.domaindn = "DC=" + ",DC=".join(rdn_list)
subobj.domaindn_ldb = "users.ldb"
subobj.rootdn = subobj.domaindn
subobj.HOSTGUID = uuid.random()
subobj.invocationid = uuid.random()
subobj.krbtgtpass = randpass(12)
subobj.machinepass = randpass(12)
subobj.adminpass = randpass(12)
subobj.datestring = datestring()
subobj.root = findnss(pwd.getpwnam, "root")[4]
subobj.nobody = findnss(pwd.getpwnam, "nobody")[4]
subobj.nogroup = findnss(grp.getgrnam, "nogroup", "nobody")[2]
subobj.wheel = findnss(grp.getgrnam, "wheel", "root")[2]
subobj.users = findnss(grp.getgrnam, "users", "guest", "other")[2]
subobj.dnsdomain = subobj.realm.lower()
subobj.dnsname = "%s.%s" % (subobj.hostname.lower(), subobj.dnsdomain)
subobj.basedn = "DC=" + ",DC=".join(subobj.realm.split("."))
rdn_list = subobj.dnsdomain.split(".")
subobj.domaindn = "DC=" + ",DC=".join(rdn_list)
subobj.domaindn_ldb = "users.ldb"
subobj.rootdn = subobj.domaindn
modules_list = ["rootdse",
"kludge_acl",
"paged_results",
"server_sort",
"extended_dn",
"asq",
"samldb",
"password_hash",
"operational",
"objectclass",
"rdn_name",
"show_deleted",
"partition"]
subobj.modules_list = ",".join(modules_list)
modules_list = ["rootdse",
"kludge_acl",
"paged_results",
"server_sort",
"extended_dn",
"asq",
"samldb",
"password_hash",
"operational",
"objectclass",
"rdn_name",
"show_deleted",
"partition"]
subobj.modules_list = ",".join(modules_list)
return subobj
return subobj
smbconf_keep = [
"dos charset",
"unix charset",
"display charset",
"comment",
"path",
"directory",
"workgroup",
"realm",
"netbios name",
"netbios aliases",
"netbios scope",
"server string",
"interfaces",
"bind interfaces only",
"security",
"auth methods",
"encrypt passwords",
"null passwords",
"obey pam restrictions",
"password server",
"smb passwd file",
"private dir",
"passwd chat",
"password level",
"lanman auth",
"ntlm auth",
"client NTLMv2 auth",
"client lanman auth",
"client plaintext auth",
"read only",
"hosts allow",
"hosts deny",
"log level",
"debuglevel",
"log file",
"smb ports",
"large readwrite",
"max protocol",
"min protocol",
"unicode",
"read raw",
"write raw",
"disable netbios",
"nt status support",
"announce version",
"announce as",
"max mux",
"max xmit",
"name resolve order",
"max wins ttl",
"min wins ttl",
"time server",
"unix extensions",
"use spnego",
"server signing",
"client signing",
"max connections",
"paranoid server security",
"socket options",
"strict sync",
"max print jobs",
"printable",
"print ok",
"printer name",
"printer",
"map system",
"map hidden",
"map archive",
"preferred master",
"prefered master",
"local master",
"browseable",
"browsable",
"wins server",
"wins support",
"csc policy",
"strict locking",
"preload",
"auto services",
"lock dir",
"lock directory",
"pid directory",
"socket address",
"copy",
"include",
"available",
"volume",
"fstype",
"panic action",
"msdfs root",
"host msdfs",
"winbind separator"]
"dos charset",
"unix charset",
"display charset",
"comment",
"path",
"directory",
"workgroup",
"realm",
"netbios name",
"netbios aliases",
"netbios scope",
"server string",
"interfaces",
"bind interfaces only",
"security",
"auth methods",
"encrypt passwords",
"null passwords",
"obey pam restrictions",
"password server",
"smb passwd file",
"private dir",
"passwd chat",
"password level",
"lanman auth",
"ntlm auth",
"client NTLMv2 auth",
"client lanman auth",
"client plaintext auth",
"read only",
"hosts allow",
"hosts deny",
"log level",
"debuglevel",
"log file",
"smb ports",
"large readwrite",
"max protocol",
"min protocol",
"unicode",
"read raw",
"write raw",
"disable netbios",
"nt status support",
"announce version",
"announce as",
"max mux",
"max xmit",
"name resolve order",
"max wins ttl",
"min wins ttl",
"time server",
"unix extensions",
"use spnego",
"server signing",
"client signing",
"max connections",
"paranoid server security",
"socket options",
"strict sync",
"max print jobs",
"printable",
"print ok",
"printer name",
"printer",
"map system",
"map hidden",
"map archive",
"preferred master",
"prefered master",
"local master",
"browseable",
"browsable",
"wins server",
"wins support",
"csc policy",
"strict locking",
"preload",
"auto services",
"lock dir",
"lock directory",
"pid directory",
"socket address",
"copy",
"include",
"available",
"volume",
"fstype",
"panic action",
"msdfs root",
"host msdfs",
"winbind separator"]
#
# Remove configuration variables not present in Samba4
# oldconf: Old configuration structure
# mark: Whether removed configuration variables should be
# kept in the new configuration as "samba3:<name>"
def upgrade_smbconf(oldconf,mark):
data = oldconf.data()
newconf = param_init()
"""Remove configuration variables not present in Samba4
for (s in data) {
for (p in data[s]) {
keep = False
for (k in smbconf_keep) {
:param oldconf: Old configuration structure
:param mark: Whether removed configuration variables should be
kept in the new configuration as "samba3:<name>"
"""
data = oldconf.data()
newconf = param_init()
for s in data:
for p in data[s]:
keep = False
for k in smbconf_keep:
if smbconf_keep[k] == p:
keep = True
break
}
keep = True
break
if keep:
newconf.set(s, p, oldconf.get(s, p))
newconf.set(s, p, oldconf.get(s, p))
elif mark:
newconf.set(s, "samba3:"+p, oldconf.get(s,p))
}
}
newconf.set(s, "samba3:"+p, oldconf.get(s,p))
if oldconf.get("domain logons") == "True":
newconf.set("server role", "domain controller")
newconf.set("server role", "domain controller")
else:
if oldconf.get("security") == "user":
newconf.set("server role", "standalone")
newconf.set("server role", "standalone")
else:
newconf.set("server role", "member server")
newconf.set("server role", "member server")
return newconf
return newconf
def upgrade(subobj, samba3, message, paths, session_info, credentials):
ret = 0
lp = loadparm_init()
samdb = Ldb(paths.samdb, session_info=session_info, credentials=credentials)
ret = 0
lp = loadparm_init()
samdb = Ldb(paths.samdb, session_info=session_info, credentials=credentials)
message("Writing configuration")
newconf = upgrade_smbconf(samba3.configuration,True)
newconf.save(paths.smbconf)
message("Writing configuration")
newconf = upgrade_smbconf(samba3.configuration,True)
newconf.save(paths.smbconf)
message("Importing account policies")
ldif = upgrade_sam_policy(samba3,subobj.BASEDN)
samdb.modify(ldif)
regdb = Ldb(paths.hklm)
message("Importing account policies")
ldif = upgrade_sam_policy(samba3,subobj.BASEDN)
samdb.modify(ldif)
regdb = Ldb(paths.hklm)
regdb.modify("
regdb.modify("""
dn: value=RefusePasswordChange,key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=System,HIVE=NONE
replace: type
type: 4
replace: data
data: %d
" % samba3.policy.refuse_machine_password_change)
""" % samba3.policy.refuse_machine_password_change)
message("Importing users")
message("Importing users")
for account in samba3.samaccounts:
msg = "... " + account.username
ldif = upgrade_sam_account(samdb, accounts,subobj.BASEDN,subobj.DOMAINSID)
msg = "... " + account.username
ldif = upgrade_sam_account(samdb, accounts,subobj.BASEDN,subobj.DOMAINSID)
try:
samdb.add(ldif)
except LdbError, e:
# FIXME: Ignore 'Record exists' errors
msg += "... error: " + str(e)
ret += 1;
message(msg)
msg += "... error: " + str(e)
ret += 1;
message(msg)
message("Importing groups")
message("Importing groups")
for mapping in samba3.groupmappings:
msg = "... " + mapping.nt_name
ldif = upgrade_sam_group(mapping, subobj.BASEDN)
msg = "... " + mapping.nt_name
ldif = upgrade_sam_group(mapping, subobj.BASEDN)
if ldif is not None:
try:
samdb.add(ldif)
samdb.add(ldif)
except LdbError, e:
# FIXME: Ignore 'Record exists' errors
msg += "... error: " + str(e)
ret += 1
message(msg)
msg += "... error: " + str(e)
ret += 1
message(msg)
message("Importing registry data")
message("Importing registry data")
for hive in ["hkcr","hkcu","hklm","hkpd","hku","hkpt"]:
message("... " + hive)
regdb = Ldb(paths[hive])
ldif = upgrade_registry(samba3.registry, hive, regdb)
for (var j in ldif) {
var msg = "... ... " + j
message("... " + hive)
regdb = Ldb(paths[hive])
ldif = upgrade_registry(samba3.registry, hive, regdb)
for j in ldif:
msg = "... ... " + j
try:
regdb.add(ldif[j])
except LdbError, e:
# FIXME: Ignore 'Record exists' errors
msg += "... error: " + str(e)
ret += 1
message(msg)
msg += "... error: " + str(e)
ret += 1
message(msg)
message("Importing WINS data")
winsdb = Ldb(paths.winsdb)
ldb_erase(winsdb)
message("Importing WINS data")
winsdb = Ldb(paths.winsdb)
ldb_erase(winsdb)
ldif = upgrade_wins(samba3)
winsdb.add(ldif)
ldif = upgrade_wins(samba3)
winsdb.add(ldif)
# figure out ldapurl, if applicable
ldapurl = None
pdb = samba3.configuration.get_list("passdb backend")
# figure out ldapurl, if applicable
ldapurl = None
pdb = samba3.configuration.get_list("passdb backend")
if pdb is not None:
for backend in pdb:
if len(backend) >= 7 and backend[0:7] == "ldapsam":
ldapurl = backend[7:]
# URL was not specified in passdb backend but ldap /is/ used
# URL was not specified in passdb backend but ldap /is/ used
if ldapurl == "":
ldapurl = "ldap://%s" % samba3.configuration.get("ldap server")
ldapurl = "ldap://%s" % samba3.configuration.get("ldap server")
# Enable samba3sam module if original passdb backend was ldap
# Enable samba3sam module if original passdb backend was ldap
if ldapurl is not None:
message("Enabling Samba3 LDAP mappings for SAM database")
message("Enabling Samba3 LDAP mappings for SAM database")
samdb.modify("""
samdb.modify("""
dn: @MODULES
changetype: modify
replace: @LIST
@LIST: samldb,operational,objectguid,rdn_name,samba3sam
""")
samdb.add("""
samdb.add("""
dn: @MAP=samba3sam
@MAP_URL: %s""", ldapurl))
@MAP_URL: %s""" % ldapurl)
return ret
return ret
def upgrade_verify(subobj, samba3, paths, message):
message("Verifying account policies")
message("Verifying account policies")
samldb = Ldb(paths.samdb)
samldb = Ldb(paths.samdb)
for account in samba3.samaccounts:
msg = samldb.search("(&(sAMAccountName=" + account.nt_username + ")(objectclass=user))")
assert(len(msg) >= 1)
# FIXME
msg = samldb.search("(&(sAMAccountName=" + account.nt_username + ")(objectclass=user))")
assert(len(msg) >= 1)
# FIXME