diff options
author | Amitay Isaacs <amitay@gmail.com> | 2011-08-12 11:37:57 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-08-13 20:18:40 +1000 |
commit | 305cb567f4f14ef329efc4756a17483076d9270c (patch) | |
tree | 8f78eb7b260bffc8a6e937a6559c18d86dec008d /source4/scripting | |
parent | 64ec42d64f0a6029b135c49cfeb8bc5c6f8cbdbe (diff) | |
download | samba-305cb567f4f14ef329efc4756a17483076d9270c.tar.gz samba-305cb567f4f14ef329efc4756a17483076d9270c.tar.bz2 samba-305cb567f4f14ef329efc4756a17483076d9270c.zip |
upgrade: Add missing bits for the s3 to s4 upgrade script
Use passdb backend to import/export users
Remove unused options for upgrade_from_s3 command (--blank) and credentials options
Config file is specified with -s/--configfile option and no need to specify as an argument.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/scripting')
-rw-r--r-- | source4/scripting/python/samba/upgrade.py | 105 |
1 files changed, 73 insertions, 32 deletions
diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 1002af53ef..e333174d13 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -26,7 +26,9 @@ import pwd from samba import Ldb, registry from samba.param import LoadParm -from samba.provision import provision +from samba.provision import provision, FILL_FULL +from samba.samba3 import passdb +from samba.samba3 import param as s3param def import_sam_policy(samldb, policy, dn): """Import a Samba 3 policy database.""" @@ -375,11 +377,15 @@ def import_registry(samba4_registry, samba3_regdb): key_handle.set_value(value_name, value_type, value_data) -def upgrade_from_passdb(samba3, logger, credentials, session_info, - smbconf, targetdir): - oldconf = samba3.get_conf() +def upgrade_from_samba3(samba3, logger, session_info, smbconf, targetdir): + """Upgrade from samba3 database to samba4 AD database + """ + + # Read samba3 smb.conf + oldconf = s3param.get_context(); + oldconf.load(smbconf) - if oldconf.get("domain logons") == "True": + if oldconf.get("domain logons"): serverrole = "domain controller" else: if oldconf.get("security") == "user": @@ -391,15 +397,16 @@ def upgrade_from_passdb(samba3, logger, credentials, session_info, realm = oldconf.get("realm") netbiosname = oldconf.get("netbios name") + # secrets db secrets_db = samba3.get_secrets_db() - if domainname is None: + if not domainname: domainname = secrets_db.domains()[0] logger.warning("No domain specified in smb.conf file, assuming '%s'", domainname) - if realm is None: - if oldconf.get("domain logons") == "True": + if not realm: + if oldconf.get("domain logons"): logger.warning("No realm specified in smb.conf file and being a DC. That upgrade path doesn't work! Please add a 'realm' directive to your old smb.conf to let us know which one you want to use (generally it's the upcased DNS domainname).") return else: @@ -407,23 +414,62 @@ def upgrade_from_passdb(samba3, logger, credentials, session_info, logger.warning("No realm specified in smb.conf file, assuming '%s'", realm) - domainguid = secrets_db.get_domain_guid(domainname) - domainsid = secrets_db.get_sid(domainname) + # Find machine account and password + machinepass = None + machinerid = 2000 + machinesid = None + + try: + machinepass = secrets_db.get_machine_password(netbiosname) + except: + pass + + # We must close the direct pytdb database before the C code loads it + secrets_db.close() + + # We must load the group mapping into memory before the passdb code touches it + groupdb = samba3.get_groupmapping_db() + for sid in groupdb.groupsids(): + (gid, sid_name_use, nt_name, comment) = groupdb.get_group(sid) + # FIXME: import_sam_group(samdb, sid, gid, sid_name_use, nt_name, comment, domaindn) + groupdb.close() + + passdb.set_secrets_dir(samba3.libdir) + + try: + domainsid = str(passdb.get_global_sam_sid()) + except: + pass + + try: + machineacct = old_passdb.getsampwnam('%s$' % netbiosname) + machinesid, machinerid = machineacct.user_sid.split() + except: + pass + if domainsid is None: logger.warning("Can't find domain secrets for '%s'; using random SID", domainname) - if netbiosname is not None: - machinepass = secrets_db.get_machine_password(netbiosname) - else: - machinepass = None - - result = provision(logger=logger, - session_info=session_info, credentials=credentials, + # Import users from old passdb backend + old_passdb = passdb.PDB(oldconf.get('passdb backend')) + userlist = old_passdb.search_users(0) + userdata = {} + for entry in userlist: + if machinesid and machinerid == entry['rid']: + continue + username = entry['account_name'] + if entry['rid'] < 1000: + print("Skipping wellknown rid=%d (for username=%s)\n" % (entry['rid'], username)) + continue + userdata[username] = old_passdb.getsampwnam(username) + + # Do full provision + result = provision(logger, session_info, None, targetdir=targetdir, realm=realm, domain=domainname, - domainguid=domainguid, domainsid=domainsid, + domainsid=domainsid, next_rid=machinerid, hostname=netbiosname, machinepass=machinepass, - serverrole=serverrole) + serverrole=serverrole, samdb_fill=FILL_FULL) import_wins(Ldb(result.paths.winsdb), samba3.get_wins_db()) @@ -431,20 +477,15 @@ def upgrade_from_passdb(samba3, logger, credentials, session_info, # FIXME: import_idmap(samdb,samba3.get_idmap_db(),domaindn) - groupdb = samba3.get_groupmapping_db() - for sid in groupdb.groupsids(): - (gid, sid_name_use, nt_name, comment) = groupdb.get_group(sid) - # FIXME: import_sam_group(samdb, sid, gid, sid_name_use, nt_name, comment, domaindn) - # FIXME: Aliases - passdb = samba3.get_sam_db() - for name in passdb: - user = passdb[name] - #FIXME: import_sam_account(result.samdb, user, domaindn, domainsid) - - if hasattr(passdb, 'ldap_url'): - logger.info("Enabling Samba3 LDAP mappings for SAM database") + # Export users to samba4 backend + new_smbconf = result.lp.configfile + newconf = s3param.get_context() + newconf.load(new_smbconf) - enable_samba3sam(result.samdb, passdb.ldap_url) + new_passdb = passdb.PDB('samba4') + for username in userdata: + print "adding user %s" % username + new_passdb.add_sam_account(userdata[username]) |