r26593: - More work on the python versions of samba3dump and the samba3sam tests.

- Initial work converting the upgrade code to Python.
- Removed the old EJS upgrade code because it has been broken for a long time.
(This used to be commit 150cf39fbd4fe088546870fb0d8f20c0d9eb4aca)

5 files changed, 33 insertions, 755 deletions

diff --git a/source4/scripting/bin/samba3dump b/source4/scripting/bin/samba3dump
index 157a708ff6..f8d10cbc71 100755
--- a/source4/scripting/bin/samba3dump
+++ b/source4/scripting/bin/samba3dump
@@ -47,7 +47,6 @@ def print_samba3_policy(pol):
 
 def print_samba3_sam(samdb):
     print_header("SAM Database")
-    
     for user in samdb:
         print "%s" % user
 
@@ -55,10 +54,8 @@ def print_samba3_shares(shares):
     print_header("Configured shares")
     for s in shares:
         print "--- %s ---" % s.name
-
         for p in s:
             print "\t%s = %s" % (p.key, p.value)
-
         print ""
 
 def print_samba3_secrets(secrets):
diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js
deleted file mode 100644
index 3a548fe34b..0000000000
--- a/source4/scripting/libjs/upgrade.js
+++ /dev/null
@@ -1,687 +0,0 @@
-/*
-	backend code for upgrading from Samba3
-	Copyright Jelmer Vernooij 2005
-	Released under the GNU GPL v2 or later
-*/
-
-libinclude("base.js");
-
-function regkey_to_dn(name)
-{
-	var dn = "hive=NONE";
-	var i = 0;
-
-	var as = split("/", name);
-
-	for (i in as) {
-		if (i > 0) {
-			dn = sprintf("key=%s,", as[i]) + dn;
-		}
-	}
-
-	return dn;
-}
-
-/* Where prefix is any of:
- * - HKLM
- *   HKU
- *   HKCR
- *   HKPD
- *   HKPT
- */
-
-function upgrade_registry(regdb,prefix,ldb)
-{
-	assert(regdb != undefined);
-	var prefix_up = strupper(prefix);
-	var ldif = new Array();
-
-	for (var i in regdb.keys) {
-		var rk = regdb.keys[i];
-		var pts = split("/", rk.name);
-
-		/* Only handle selected hive */
-		if (strupper(pts[0]) != prefix_up) {
-			continue;
-		}
-
-		var keydn = regkey_to_dn(rk.name);
-
-		var pts = split("/", rk.name);
-
-		/* Convert key name to dn */
-		ldif[rk.name] = sprintf("
-dn: %s
-name: %s
-
-", keydn, pts[0]);
-		
-		for (var j in rk.values) {
-			var rv = rk.values[j];
-
-			ldif[rk.name + " (" + rv.name + ")"] = sprintf("
-dn: %s,value=%s
-value: %s
-type: %d
-data:: %s", keydn, rv.name, rv.name, rv.type, ldb.encode(rv.data));
-		}
-	}
-
-	return ldif;
-}
-
-function upgrade_sam_policy(samba3,dn)
-{
-	var ldif = sprintf("
-dn: %s
-changetype: modify
-replace: minPwdLength
-minPwdLength: %d
-pwdHistoryLength: %d
-minPwdAge: %d
-maxPwdAge: %d
-lockoutDuration: %d
-samba3ResetCountMinutes: %d
-samba3UserMustLogonToChangePassword: %d
-samba3BadLockoutMinutes: %d
-samba3DisconnectTime: %d
-
-", dn, samba3.policy.min_password_length, 
-	samba3.policy.password_history, samba3.policy.minimum_password_age,
-	samba3.policy.maximum_password_age, samba3.policy.lockout_duration,
-	samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password,
-	samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time
-);
-	
-	return ldif;
-}
-
-function upgrade_sam_account(ldb,acc,domaindn,domainsid)
-{
-	if (acc.nt_username == undefined) {
-		acc.nt_username = acc.username;
-	}	
-
-	if (acc.nt_username == "") {
-		acc.nt_username = acc.username;
-	}	
-
-	if (acc.fullname == undefined) {
-		var pw = nss.getpwnam(acc.fullname);
-		acc.fullname = pw.pw_gecos;
-	}
-
-	var pts = split(',', acc.fullname);
-	acc.fullname = pts[0];
-
-	if (acc.fullname == undefined) {
-		acc.fullname = acc.username;
-	}
-	
-	assert(acc.fullname != undefined);
-	assert(acc.nt_username != undefined);
-
-	var ldif = sprintf(
-"dn: cn=%s,%s
-objectClass: top
-objectClass: user
-lastLogon: %d
-lastLogoff: %d
-unixName: %s
-sAMAccountName: %s
-cn: %s
-description: %s
-primaryGroupID: %d
-badPwdcount: %d
-logonCount: %d
-samba3Domain: %s
-samba3DirDrive: %s
-samba3MungedDial: %s
-samba3Homedir: %s
-samba3LogonScript: %s
-samba3ProfilePath: %s
-samba3Workstations: %s
-samba3KickOffTime: %d
-samba3BadPwdTime: %d
-samba3PassLastSetTime: %d
-samba3PassCanChangeTime: %d
-samba3PassMustChangeTime: %d
-objectSid: %s-%d
-lmPwdHash:: %s
-ntPwdHash:: %s
-
-", ldb.dn_escape(acc.fullname), domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username, acc.nt_username, 
-
-acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
-acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script, 
-acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time, 
-acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, domainsid, acc.user_rid,
-	ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw)); 
-
-	return ldif;
-}
-
-function upgrade_sam_group(grp,domaindn)
-{
-	var nss = nss_init();
-
-	var gr;
-	if (grp.sid_name_use == 5) { // Well-known group
-		return undefined;
-	}
-
-	if (grp.nt_name == "Domain Guests" ||
-	    grp.nt_name == "Domain Users" ||
-	    grp.nt_name == "Domain Admins") {
-		return undefined;
-	}
-	
-	if (grp.gid == -1) {
-		gr = nss.getgrnam(grp.nt_name);
-	} else {
-		gr = nss.getgrgid(grp.gid);
-	}
-
-	if (gr == undefined) {
-		grp.unixname = "UNKNOWN";
-	} else {
-		grp.unixname = gr.gr_name;
-	}
-
-	assert(grp.unixname != undefined);
-	
-	var ldif = sprintf(
-"dn: cn=%s,%s
-objectClass: top
-objectClass: group
-description: %s
-cn: %s
-objectSid: %s
-unixName: %s
-samba3SidNameUse: %d
-", grp.nt_name, domaindn, 
-grp.comment, grp.nt_name, grp.sid, grp.unixname, grp.sid_name_use);
-
-	return ldif;
-}
-
-function upgrade_winbind(samba3,domaindn)
-{
-	var ldif = sprintf("
-		
-dn: dc=none
-userHwm: %d
-groupHwm: %d
-
-", samba3.idmap.user_hwm, samba3.idmap.group_hwm);
-
-	for (var i in samba3.idmap.mappings) {
-		var m = samba3.idmap.mappings[i];
-		ldif = ldif + sprintf("
-dn: SID=%s,%s
-SID: %s
-type: %d
-unixID: %d", m.sid, domaindn, m.sid, m.type, m.unix_id);
-	}
-	
-	return ldif;
-}
-*/
-
-function upgrade_wins(samba3)
-{
-	var ldif = "";
-	var version_id = 0;
-
-	for (i in samba3.winsentries) {
-		var rType;
-		var rState;
-		var nType;
-		var numIPs = 0;
-		var e = samba3.winsentries[i];
-		var now = sys.nttime();
-		var ttl = sys.unix2nttime(e.ttl);
-
-		version_id++;
-
-		for (var i in e.ips) {
-			numIPs++;
-		}
-
-		if (e.type == 0x1C) {
-			rType = 0x2;
-		} else if (sys.bitAND(e.type, 0x80)) {
-			if (numIPs > 1) {
-				rType = 0x2;
-			} else {
-				rType = 0x1;
-			}
-		} else {
-			if (numIPs > 1) {
-				rType = 0x3;
-			} else {
-				rType = 0x0;
-			}
-		}
-
-		if (ttl > now) {
-			rState = 0x0;/* active */
-		} else {
-			rState = 0x1;/* released */		
-		}
-
-		nType = (sys.bitAND(e.nb_flags,0x60)>>5);
-
-		ldif = ldif + sprintf("
-dn: name=%s,type=0x%02X
-type: 0x%02X
-name: %s
-objectClass: winsRecord
-recordType: %u
-recordState: %u
-nodeType: %u
-isStatic: 0
-expireTime: %s
-versionID: %llu
-", e.name, e.type, e.type, e.name, 
-   rType, rState, nType, 
-   sys.ldaptime(ttl), version_id);
-
-		for (var i in e.ips) {
-			ldif = ldif + sprintf("address: %s\n", e.ips[i]);
-		}
-	}
-
-	ldif = ldif + sprintf("
-dn: CN=VERSION
-objectClass: winsMaxVersion
-maxVersion: %llu
-", version_id);
-
-	return ldif;
-}
-
-function upgrade_provision(samba3)
-{
-	var subobj = new Object();
-	var nss = nss_init();
-	var lp = loadparm_init();
-	var rdn_list;
-
-	var domainname = samba3.configuration.get("workgroup");
-	
-	if (domainname == undefined) {
-		domainname = samba3.secrets.domains[0].name;
-		println("No domain specified in smb.conf file, assuming '" + domainname + "'");
-	}
-	
-	var domsec = samba3.find_domainsecrets(domainname);
-	var hostsec = samba3.find_domainsecrets(hostname());
-	var realm = samba3.configuration.get("realm");
-
-	if (realm == undefined) {
-		realm = domainname;
-		println("No realm specified in smb.conf file, assuming '" + realm + "'");
-	}
-	random_init(local);
-
-	subobj.REALM        = realm;
-	subobj.DOMAIN       = domainname;
-	subobj.HOSTNAME     = hostname();
-
-	assert(subobj.REALM);
-	assert(subobj.DOMAIN);
-	assert(subobj.HOSTNAME);
-
-	subobj.HOSTIP       = hostip();
-	if (domsec != undefined) {
-		subobj.DOMAINGUID   = domsec.guid;
-		subobj.DOMAINSID    = domsec.sid;
-	} else {
-		println("Can't find domain secrets for '" + domainname + "'; using random SID and GUID");
-		subobj.DOMAINGUID = randguid();
-		subobj.DOMAINSID = randsid();
-	}
-	
-	if (hostsec) {
-		subobj.HOSTGUID     = hostsec.guid;
-	} else {
-		subobj.HOSTGUID = randguid();
-	}
-	subobj.INVOCATIONID = randguid();
-	subobj.KRBTGTPASS   = randpass(12);
-	subobj.MACHINEPASS  = randpass(12);
-	subobj.ADMINPASS    = randpass(12);
-	subobj.DEFAULTSITE  = "Default-First-Site-Name";
-	subobj.NEWGUID      = randguid;
-	subobj.NTTIME       = nttime;
-	subobj.LDAPTIME     = ldaptime;
-	subobj.DATESTRING   = datestring;
-	subobj.ROOT         = findnss(nss.getpwnam, "root");
-	subobj.NOBODY       = findnss(nss.getpwnam, "nobody");
-	subobj.NOGROUP      = findnss(nss.getgrnam, "nogroup", "nobody");
-	subobj.WHEEL        = findnss(nss.getgrnam, "wheel", "root");
-	subobj.USERS        = findnss(nss.getgrnam, "users", "guest", "other");
-	subobj.DNSDOMAIN    = strlower(subobj.REALM);
-	subobj.DNSNAME      = sprintf("%s.%s", 
-				      strlower(subobj.HOSTNAME), 
-				      subobj.DNSDOMAIN);
-	subobj.BASEDN       = "DC=" + join(",DC=", split(".", subobj.REALM));
-	rdn_list = split(".", subobj.DNSDOMAIN);
-	subobj.DOMAINDN     = "DC=" + join(",DC=", rdn_list);
-	subobj.DOMAINDN_LDB = "users.ldb";
-	subobj.ROOTDN       = subobj.DOMAINDN;
-
-	modules_list        = new Array("rootdse",
-					"kludge_acl",
-					"paged_results",
-					"server_sort",
-					"extended_dn",
-					"asq",
-					"samldb",
-					"password_hash",
-					"operational",
-					"objectclass",
-					"rdn_name",
-					"show_deleted",
-					"partition");
-	subobj.MODULES_LIST = join(",", modules_list);
-
-	return subobj;
-}
-
-smbconf_keep = new Array(
-	"dos charset", 
-	"unix charset",
-	"display charset",
-	"comment",
-	"path",
-	"directory",
-	"workgroup",
-	"realm",
-	"netbios name",
-	"netbios aliases",
-	"netbios scope",
-	"server string",
-	"interfaces",
-	"bind interfaces only",
-	"security",
-	"auth methods",
-	"encrypt passwords",
-	"null passwords",
-	"obey pam restrictions",
-	"password server",
-	"smb passwd file",
-	"private dir",
-	"passwd chat",
-	"password level",
-	"lanman auth",
-	"ntlm auth",
-	"client NTLMv2 auth",
-	"client lanman auth",
-	"client plaintext auth",
-	"read only",
-	"hosts allow",
-	"hosts deny",
-	"log level",
-	"debuglevel",
-	"log file",
-	"smb ports",
-	"large readwrite",
-	"max protocol",
-	"min protocol",
-	"unicode",
-	"read raw",
-	"write raw",
-	"disable netbios",
-	"nt status support",
-	"announce version",
-	"announce as",
-	"max mux",
-	"max xmit",
-	"name resolve order",
-	"max wins ttl",
-	"min wins ttl",
-	"time server",
-	"unix extensions",
-	"use spnego",
-	"server signing",
-	"client signing",
-	"max connections",
-	"paranoid server security",
-	"socket options",
-	"strict sync",
-	"max print jobs",
-	"printable",
-	"print ok",
-	"printer name",
-	"printer",
-	"map system",
-	"map hidden",
-	"map archive",
-	"preferred master",
-	"prefered master",
-	"local master",
-	"browseable",
-	"browsable",
-	"wins server",
-	"wins support",
-	"csc policy",
-	"strict locking",
-	"preload",
-	"auto services",
-	"lock dir",
-	"lock directory",
-	"pid directory",
-	"socket address",
-	"copy",
-	"include",
-	"available",
-	"volume",
-	"fstype",
-	"panic action",
-	"msdfs root",
-	"host msdfs",
-	"winbind separator");
-
-/*
-   Remove configuration variables not present in Samba4
-	oldconf: Old configuration structure
-	mark: Whether removed configuration variables should be 
-		kept in the new configuration as "samba3:<name>"
- */
-function upgrade_smbconf(oldconf,mark)
-{
-	var data = oldconf.data();
-	var newconf = param_init();
-
-	for (var s in data) {
-		for (var p in data[s]) {
-			var keep = false;
-			for (var k in smbconf_keep) { 
-				if (smbconf_keep[k] == p) {
-					keep = true;
-					break;
-				}
-			}
-
-			if (keep) {
-				newconf.set(s, p, oldconf.get(s, p));
-			} else if (mark) {
-				newconf.set(s, "samba3:"+p, oldconf.get(s,p));
-			}
-		}
-	}
-
-	if (oldconf.get("domain logons") == "True") {
-		newconf.set("server role", "domain controller");
-	} else {
-		if (oldconf.get("security") == "user") {
-			newconf.set("server role", "standalone");
-		} else {
-			newconf.set("server role", "member server");
-		}
-	}
-
-	return newconf;
-}
-
-function upgrade(subobj, samba3, message, paths, session_info, credentials)
-{
-	var ret = 0;
-	var lp = loadparm_init();
-	var samdb = ldb_init();
-	samdb.session_info = session_info;
-	samdb.credentials = credentials;
-	var ok = samdb.connect(paths.samdb);
-	if (!ok) {
-		info.message("samdb connect failed: " + samdb.errstring() + "\n");
-		assert(ok);
-	}
-
-	message("Writing configuration\n");
-	var newconf = upgrade_smbconf(samba3.configuration,true);
-	newconf.save(paths.smbconf);
-
-	message("Importing account policies\n");
-	var ldif = upgrade_sam_policy(samba3,subobj.BASEDN);
-	ok = samdb.modify(ldif);
-	if (!ok) {
-		message("samdb load failed: " + samdb.errstring() + "\n");
-		assert(ok);
-	}
-	var regdb = ldb_init();
-	ok = regdb.connect(paths.hklm);
-	if (!ok) {
-		message("registry connect: " + regdb.errstring() + "\n");
-		assert(ok);
-	}
-
-	ok = regdb.modify(sprintf("
-dn: value=RefusePasswordChange,key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=System,HIVE=NONE
-replace: type
-type: 4
-replace: data
-data: %d
-", samba3.policy.refuse_machine_password_change));
-	if (!ok) {
-		message("registry load failed: " + regdb.errstring() + "\n");
-		assert(ok);
-	}
-
-	message("Importing users\n");
-	for (var i in samba3.samaccounts) {
-		var msg = "... " + samba3.samaccounts[i].username;
-		var ldif = upgrade_sam_account(samdb,samba3.samaccounts[i],subobj.BASEDN,subobj.DOMAINSID);
-		ok = samdb.add(ldif);
-		if (!ok && samdb.errstring() != "Record exists") { 
-			msg = msg + "... error: " + samdb.errstring();
-			ret = ret + 1; 
-		}
-		message(msg + "\n");
-	}
-
-	message("Importing groups\n");
-	for (var i in samba3.groupmappings) {
-		var msg = "... " + samba3.groupmappings[i].nt_name;
-		var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN);
-		if (ldif != undefined) {
-			ok = samdb.add(ldif);
-			if (!ok && samdb.errstring() != "Record exists") { 
-				msg = msg + "... error: " + samdb.errstring();
-				ret = ret + 1; 
-			}
-		}
-		message(msg + "\n");
-	}
-
-	message("Importing registry data\n");
-	var hives = new Array("hkcr","hkcu","hklm","hkpd","hku","hkpt"); 
-	for (var i in hives) {
-		var hn = hives[i];
-		message("... " + hn + "\n");
-		regdb = ldb_init();
-		ok = regdb.connect(paths[hn]);
-		assert(ok);
-		var ldif = upgrade_registry(samba3.registry, hn, regdb);
-		for (var j in ldif) {
-			var msg = "... ... " + j;
-			ok = regdb.add(ldif[j]);
-			if (!ok && regdb.errstring() != "Record exists") { 
-				msg = msg + "... error: " + regdb.errstring();
-				ret = ret + 1; 
-			}
-			message(msg + "\n");
-		}
-	}
-
-
-	message("Importing WINS data\n");
-	var winsdb = ldb_init();
-	ok = winsdb.connect(paths.winsdb);
-	assert(ok);
-	ldb_erase(winsdb);
-
-	var ldif = upgrade_wins(samba3);
-	ok = winsdb.add(ldif);
-	assert(ok);
-
-	// figure out ldapurl, if applicable
-	var ldapurl = undefined;
-	var pdb = samba3.configuration.get_list("passdb backend");
-	if (pdb != undefined) {
-		for (var b in pdb) {
-			if (strlen(pdb[b]) >= 7) {
-				if (substr(pdb[b], 0, 7) == "ldapsam") {
-					ldapurl = substr(pdb[b], 8);
-				}
-			}
-		}
-	}
-
-	// URL was not specified in passdb backend but ldap /is/ used
-	if (ldapurl == "") {
-		ldapurl = "ldap://" + samba3.configuration.get("ldap server");
-	}
-
-	// Enable samba3sam module if original passdb backend was ldap
-	if (ldapurl != undefined) {
-		message("Enabling Samba3 LDAP mappings for SAM database\n");
-
-		ok = samdb.modify("
-dn: @MODULES
-changetype: modify
-replace: @LIST
-@LIST: samldb,operational,objectguid,rdn_name,samba3sam
-");
-		if (!ok) {
-			message("Error enabling samba3sam module: " + samdb.errstring() + "\n");
-			ret = ret + 1;
-		}
-
-		ok = samdb.add(sprintf("
-dn: @MAP=samba3sam
-@MAP_URL: %s", ldapurl));
-		assert(ok);
-
-	}
-
-	return ret;
-}
-
-function upgrade_verify(subobj, samba3,paths,message)
-{
-	message("Verifying account policies\n");
-	var samldb = ldb_init();
-	var ne = 0;
-
-	var ok = samldb.connect(paths.samdb);
-	assert(ok);
-
-	for (var i in samba3.samaccounts) {
-		var msg = samldb.search("(&(sAMAccountName=" + samba3.samaccounts[i].nt_username + ")(objectclass=user))");
-		assert(msg.length >= 1);
-	}
-	
-	// FIXME
-}
diff --git a/source4/scripting/python/samba/samba3.py b/source4/scripting/python/samba/samba3.py
index d125e3164b..b4261f7c74 100644
--- a/source4/scripting/python/samba/samba3.py
+++ b/source4/scripting/python/samba/samba3.py
@@ -167,7 +167,7 @@ class SecretsDatabase:
     def get_auth_user(self):
         return self.tdb.get("SECRETS/AUTH_USER")
 
-    def get_dom_guid(self, host):
+    def get_domain_guid(self, host):
         return self.tdb.get("SECRETS/DOMGUID/%s" % host)
 
     def ldap_dns(self):
diff --git a/source4/scripting/python/samba/tests/__init__.py b/source4/scripting/python/samba/tests/__init__.py
index b01807c02f..5885a3b507 100644
--- a/source4/scripting/python/samba/tests/__init__.py
+++ b/source4/scripting/python/samba/tests/__init__.py
@@ -43,7 +43,7 @@ class TestCaseInTempDir(unittest.TestCase):
 
     def tearDown(self):
         super(TestCaseInTempDir, self).tearDown()
-        # FIXME: Remove all files in self.tempdir
+        os.rmdir(self.tempdir)
 
 
 class SubstituteVarTestCase(unittest.TestCase):
diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py
index 375c39eb5a..c13351bc63 100644
--- a/source4/scripting/python/samba/upgrade.py
+++ b/source4/scripting/python/samba/upgrade.py
@@ -255,68 +255,44 @@ maxVersion: %llu
 
     return ldif
 
-def upgrade_provision(lp, samba3):
-    domainname = samba3.configuration.get("workgroup")
+def upgrade_provision(samba3, setup_dir, message, credentials, session_info, paths):
+    oldconf = samba3.get_conf()
+
+    if oldconf.get("domain logons") == "True":
+        serverrole = "domain controller"
+    else:
+        if oldconf.get("security") == "user":
+            serverrole = "standalone"
+        else:
+            serverrole = "member server"
+
+    domainname = oldconf.get("workgroup")
+    realm = oldconf.get("realm")
+    netbiosname = oldconf.get("netbios name")
+
+    secrets_db = samba3.get_secrets_db()
     
     if domainname is None:
-        domainname = samba3.secrets.domains[0].name
-        print "No domain specified in smb.conf file, assuming '%s'\n" % domainname
+        domainname = secrets_db.domains()[0]
+        message("No domain specified in smb.conf file, assuming '%s'" % domainname)
     
-    domsec = samba3.find_domainsecrets(domainname)
-    hostsec = samba3.find_domainsecrets(hostname())
-    realm = samba3.configuration.get("realm")
-
     if realm is None:
-        realm = domainname
-        print "No realm specified in smb.conf file, assuming '%s'\n" % realm
-    random_init(local)
+        realm = domainname.lower()
+        message("No realm specified in smb.conf file, assuming '%s'\n" % realm)
 
-    subobj.realm        = realm
-    subobj.domain       = domainname
-
-    if domsec is not None:
-        subobj.DOMAINGUID   = domsec.guid
-        subobj.DOMAINSID    = domsec.sid
+    domainguid = secrets_db.get_domain_guid(domainname)
+    domainsid = secrets_db.get_sid(domainsid)
+    if domainsid is None:
+        message("Can't find domain secrets for '%s'; using random SID\n" % domainname)
+    
+    if netbiosname is not None:
+        machinepass = secrets_db.get_machine_password(netbiosname)
     else:
-        print "Can't find domain secrets for '%s'; using random SID and GUID\n" % domainname
-        subobj.DOMAINGUID = uuid.random()
-        subobj.DOMAINSID = randsid()
+        netbiosname = None
     
-    if hostsec:
-        hostguid = hostsec.guid
-    subobj.krbtgtpass   = randpass(12)
-    subobj.machinepass  = randpass(12)
-    subobj.adminpass    = randpass(12)
-    subobj.datestring   = datestring()
-    subobj.root         = findnss(pwd.getpwnam, "root")[4]
-    subobj.nobody       = findnss(pwd.getpwnam, "nobody")[4]
-    subobj.nogroup      = findnss(grp.getgrnam, "nogroup", "nobody")[2]
-    subobj.wheel        = findnss(grp.getgrnam, "wheel", "root")[2]
-    subobj.users        = findnss(grp.getgrnam, "users", "guest", "other")[2]
-    subobj.dnsdomain    = subobj.realm.lower()
-    subobj.dnsname      = "%s.%s" % (subobj.hostname.lower(), subobj.dnsdomain)
-    subobj.basedn       = "DC=" + ",DC=".join(subobj.realm.split("."))
-    rdn_list = subobj.dnsdomain.split(".")
-    subobj.domaindn     = "DC=" + ",DC=".join(rdn_list)
-    subobj.domaindn_ldb = "users.ldb"
-    subobj.rootdn       = subobj.domaindn
-
-    modules_list        = ["rootdse",
-                    "kludge_acl",
-                    "paged_results",
-                    "server_sort",
-                    "extended_dn",
-                    "asq",
-                    "samldb",
-                    "password_hash",
-                    "operational",
-                    "objectclass",
-                    "rdn_name",
-                    "show_deleted",
-                    "partition"]
-    subobj.modules_list = ",".join(modules_list)
-
-    return subobj
+    provision(lp, setup_dir, message, blank=True, paths=path, session_info=session_info, 
+              credentials=credentials, realm=realm, domain=domainname, 
+              domainsid=domainsid, domainguid=domainguid, machinepass=machinepass, serverrole=serverrole)
 
 smbconf_keep = [
     "dos charset", 
@@ -435,14 +411,6 @@ def upgrade_smbconf(oldconf,mark):
             elif mark:
                 newconf.set(s, "samba3:"+p, oldconf.get(s,p))
 
-    if oldconf.get("domain logons") == "True":
-        newconf.set("server role", "domain controller")
-    else:
-        if oldconf.get("security") == "user":
-            newconf.set("server role", "standalone")
-        else:
-            newconf.set("server role", "member server")
-
     return newconf
 
 def upgrade(subobj, samba3, message, paths, session_info, credentials):