From 7c146c42d2cf51e891b9f29d3b61a40f173a3b23 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 25 Dec 2007 16:36:31 -0600 Subject: r26593: - More work on the python versions of samba3dump and the samba3sam tests. - Initial work converting the upgrade code to Python. - Removed the old EJS upgrade code because it has been broken for a long time. (This used to be commit 150cf39fbd4fe088546870fb0d8f20c0d9eb4aca) --- source4/scripting/bin/samba3dump | 3 - source4/scripting/libjs/upgrade.js | 687 ----------------------- source4/scripting/python/samba/samba3.py | 2 +- source4/scripting/python/samba/tests/__init__.py | 2 +- source4/scripting/python/samba/upgrade.py | 94 +--- 5 files changed, 33 insertions(+), 755 deletions(-) delete mode 100644 source4/scripting/libjs/upgrade.js (limited to 'source4/scripting') diff --git a/source4/scripting/bin/samba3dump b/source4/scripting/bin/samba3dump index 157a708ff6..f8d10cbc71 100755 --- a/source4/scripting/bin/samba3dump +++ b/source4/scripting/bin/samba3dump @@ -47,7 +47,6 @@ def print_samba3_policy(pol): def print_samba3_sam(samdb): print_header("SAM Database") - for user in samdb: print "%s" % user @@ -55,10 +54,8 @@ def print_samba3_shares(shares): print_header("Configured shares") for s in shares: print "--- %s ---" % s.name - for p in s: print "\t%s = %s" % (p.key, p.value) - print "" def print_samba3_secrets(secrets): diff --git a/source4/scripting/libjs/upgrade.js b/source4/scripting/libjs/upgrade.js deleted file mode 100644 index 3a548fe34b..0000000000 --- a/source4/scripting/libjs/upgrade.js +++ /dev/null @@ -1,687 +0,0 @@ -/* - backend code for upgrading from Samba3 - Copyright Jelmer Vernooij 2005 - Released under the GNU GPL v2 or later -*/ - -libinclude("base.js"); - -function regkey_to_dn(name) -{ - var dn = "hive=NONE"; - var i = 0; - - var as = split("/", name); - - for (i in as) { - if (i > 0) { - dn = sprintf("key=%s,", as[i]) + dn; - } - } - - return dn; -} - -/* Where prefix is any of: - * - HKLM - * HKU - * HKCR - * HKPD - * HKPT - */ - -function upgrade_registry(regdb,prefix,ldb) -{ - assert(regdb != undefined); - var prefix_up = strupper(prefix); - var ldif = new Array(); - - for (var i in regdb.keys) { - var rk = regdb.keys[i]; - var pts = split("/", rk.name); - - /* Only handle selected hive */ - if (strupper(pts[0]) != prefix_up) { - continue; - } - - var keydn = regkey_to_dn(rk.name); - - var pts = split("/", rk.name); - - /* Convert key name to dn */ - ldif[rk.name] = sprintf(" -dn: %s -name: %s - -", keydn, pts[0]); - - for (var j in rk.values) { - var rv = rk.values[j]; - - ldif[rk.name + " (" + rv.name + ")"] = sprintf(" -dn: %s,value=%s -value: %s -type: %d -data:: %s", keydn, rv.name, rv.name, rv.type, ldb.encode(rv.data)); - } - } - - return ldif; -} - -function upgrade_sam_policy(samba3,dn) -{ - var ldif = sprintf(" -dn: %s -changetype: modify -replace: minPwdLength -minPwdLength: %d -pwdHistoryLength: %d -minPwdAge: %d -maxPwdAge: %d -lockoutDuration: %d -samba3ResetCountMinutes: %d -samba3UserMustLogonToChangePassword: %d -samba3BadLockoutMinutes: %d -samba3DisconnectTime: %d - -", dn, samba3.policy.min_password_length, - samba3.policy.password_history, samba3.policy.minimum_password_age, - samba3.policy.maximum_password_age, samba3.policy.lockout_duration, - samba3.policy.reset_count_minutes, samba3.policy.user_must_logon_to_change_password, - samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time -); - - return ldif; -} - -function upgrade_sam_account(ldb,acc,domaindn,domainsid) -{ - if (acc.nt_username == undefined) { - acc.nt_username = acc.username; - } - - if (acc.nt_username == "") { - acc.nt_username = acc.username; - } - - if (acc.fullname == undefined) { - var pw = nss.getpwnam(acc.fullname); - acc.fullname = pw.pw_gecos; - } - - var pts = split(',', acc.fullname); - acc.fullname = pts[0]; - - if (acc.fullname == undefined) { - acc.fullname = acc.username; - } - - assert(acc.fullname != undefined); - assert(acc.nt_username != undefined); - - var ldif = sprintf( -"dn: cn=%s,%s -objectClass: top -objectClass: user -lastLogon: %d -lastLogoff: %d -unixName: %s -sAMAccountName: %s -cn: %s -description: %s -primaryGroupID: %d -badPwdcount: %d -logonCount: %d -samba3Domain: %s -samba3DirDrive: %s -samba3MungedDial: %s -samba3Homedir: %s -samba3LogonScript: %s -samba3ProfilePath: %s -samba3Workstations: %s -samba3KickOffTime: %d -samba3BadPwdTime: %d -samba3PassLastSetTime: %d -samba3PassCanChangeTime: %d -samba3PassMustChangeTime: %d -objectSid: %s-%d -lmPwdHash:: %s -ntPwdHash:: %s - -", ldb.dn_escape(acc.fullname), domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username, acc.nt_username, - -acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count, -acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script, -acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time, -acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, domainsid, acc.user_rid, - ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw)); - - return ldif; -} - -function upgrade_sam_group(grp,domaindn) -{ - var nss = nss_init(); - - var gr; - if (grp.sid_name_use == 5) { // Well-known group - return undefined; - } - - if (grp.nt_name == "Domain Guests" || - grp.nt_name == "Domain Users" || - grp.nt_name == "Domain Admins") { - return undefined; - } - - if (grp.gid == -1) { - gr = nss.getgrnam(grp.nt_name); - } else { - gr = nss.getgrgid(grp.gid); - } - - if (gr == undefined) { - grp.unixname = "UNKNOWN"; - } else { - grp.unixname = gr.gr_name; - } - - assert(grp.unixname != undefined); - - var ldif = sprintf( -"dn: cn=%s,%s -objectClass: top -objectClass: group -description: %s -cn: %s -objectSid: %s -unixName: %s -samba3SidNameUse: %d -", grp.nt_name, domaindn, -grp.comment, grp.nt_name, grp.sid, grp.unixname, grp.sid_name_use); - - return ldif; -} - -function upgrade_winbind(samba3,domaindn) -{ - var ldif = sprintf(" - -dn: dc=none -userHwm: %d -groupHwm: %d - -", samba3.idmap.user_hwm, samba3.idmap.group_hwm); - - for (var i in samba3.idmap.mappings) { - var m = samba3.idmap.mappings[i]; - ldif = ldif + sprintf(" -dn: SID=%s,%s -SID: %s -type: %d -unixID: %d", m.sid, domaindn, m.sid, m.type, m.unix_id); - } - - return ldif; -} -*/ - -function upgrade_wins(samba3) -{ - var ldif = ""; - var version_id = 0; - - for (i in samba3.winsentries) { - var rType; - var rState; - var nType; - var numIPs = 0; - var e = samba3.winsentries[i]; - var now = sys.nttime(); - var ttl = sys.unix2nttime(e.ttl); - - version_id++; - - for (var i in e.ips) { - numIPs++; - } - - if (e.type == 0x1C) { - rType = 0x2; - } else if (sys.bitAND(e.type, 0x80)) { - if (numIPs > 1) { - rType = 0x2; - } else { - rType = 0x1; - } - } else { - if (numIPs > 1) { - rType = 0x3; - } else { - rType = 0x0; - } - } - - if (ttl > now) { - rState = 0x0;/* active */ - } else { - rState = 0x1;/* released */ - } - - nType = (sys.bitAND(e.nb_flags,0x60)>>5); - - ldif = ldif + sprintf(" -dn: name=%s,type=0x%02X -type: 0x%02X -name: %s -objectClass: winsRecord -recordType: %u -recordState: %u -nodeType: %u -isStatic: 0 -expireTime: %s -versionID: %llu -", e.name, e.type, e.type, e.name, - rType, rState, nType, - sys.ldaptime(ttl), version_id); - - for (var i in e.ips) { - ldif = ldif + sprintf("address: %s\n", e.ips[i]); - } - } - - ldif = ldif + sprintf(" -dn: CN=VERSION -objectClass: winsMaxVersion -maxVersion: %llu -", version_id); - - return ldif; -} - -function upgrade_provision(samba3) -{ - var subobj = new Object(); - var nss = nss_init(); - var lp = loadparm_init(); - var rdn_list; - - var domainname = samba3.configuration.get("workgroup"); - - if (domainname == undefined) { - domainname = samba3.secrets.domains[0].name; - println("No domain specified in smb.conf file, assuming '" + domainname + "'"); - } - - var domsec = samba3.find_domainsecrets(domainname); - var hostsec = samba3.find_domainsecrets(hostname()); - var realm = samba3.configuration.get("realm"); - - if (realm == undefined) { - realm = domainname; - println("No realm specified in smb.conf file, assuming '" + realm + "'"); - } - random_init(local); - - subobj.REALM = realm; - subobj.DOMAIN = domainname; - subobj.HOSTNAME = hostname(); - - assert(subobj.REALM); - assert(subobj.DOMAIN); - assert(subobj.HOSTNAME); - - subobj.HOSTIP = hostip(); - if (domsec != undefined) { - subobj.DOMAINGUID = domsec.guid; - subobj.DOMAINSID = domsec.sid; - } else { - println("Can't find domain secrets for '" + domainname + "'; using random SID and GUID"); - subobj.DOMAINGUID = randguid(); - subobj.DOMAINSID = randsid(); - } - - if (hostsec) { - subobj.HOSTGUID = hostsec.guid; - } else { - subobj.HOSTGUID = randguid(); - } - subobj.INVOCATIONID = randguid(); - subobj.KRBTGTPASS = randpass(12); - subobj.MACHINEPASS = randpass(12); - subobj.ADMINPASS = randpass(12); - subobj.DEFAULTSITE = "Default-First-Site-Name"; - subobj.NEWGUID = randguid; - subobj.NTTIME = nttime; - subobj.LDAPTIME = ldaptime; - subobj.DATESTRING = datestring; - subobj.ROOT = findnss(nss.getpwnam, "root"); - subobj.NOBODY = findnss(nss.getpwnam, "nobody"); - subobj.NOGROUP = findnss(nss.getgrnam, "nogroup", "nobody"); - subobj.WHEEL = findnss(nss.getgrnam, "wheel", "root"); - subobj.USERS = findnss(nss.getgrnam, "users", "guest", "other"); - subobj.DNSDOMAIN = strlower(subobj.REALM); - subobj.DNSNAME = sprintf("%s.%s", - strlower(subobj.HOSTNAME), - subobj.DNSDOMAIN); - subobj.BASEDN = "DC=" + join(",DC=", split(".", subobj.REALM)); - rdn_list = split(".", subobj.DNSDOMAIN); - subobj.DOMAINDN = "DC=" + join(",DC=", rdn_list); - subobj.DOMAINDN_LDB = "users.ldb"; - subobj.ROOTDN = subobj.DOMAINDN; - - modules_list = new Array("rootdse", - "kludge_acl", - "paged_results", - "server_sort", - "extended_dn", - "asq", - "samldb", - "password_hash", - "operational", - "objectclass", - "rdn_name", - "show_deleted", - "partition"); - subobj.MODULES_LIST = join(",", modules_list); - - return subobj; -} - -smbconf_keep = new Array( - "dos charset", - "unix charset", - "display charset", - "comment", - "path", - "directory", - "workgroup", - "realm", - "netbios name", - "netbios aliases", - "netbios scope", - "server string", - "interfaces", - "bind interfaces only", - "security", - "auth methods", - "encrypt passwords", - "null passwords", - "obey pam restrictions", - "password server", - "smb passwd file", - "private dir", - "passwd chat", - "password level", - "lanman auth", - "ntlm auth", - "client NTLMv2 auth", - "client lanman auth", - "client plaintext auth", - "read only", - "hosts allow", - "hosts deny", - "log level", - "debuglevel", - "log file", - "smb ports", - "large readwrite", - "max protocol", - "min protocol", - "unicode", - "read raw", - "write raw", - "disable netbios", - "nt status support", - "announce version", - "announce as", - "max mux", - "max xmit", - "name resolve order", - "max wins ttl", - "min wins ttl", - "time server", - "unix extensions", - "use spnego", - "server signing", - "client signing", - "max connections", - "paranoid server security", - "socket options", - "strict sync", - "max print jobs", - "printable", - "print ok", - "printer name", - "printer", - "map system", - "map hidden", - "map archive", - "preferred master", - "prefered master", - "local master", - "browseable", - "browsable", - "wins server", - "wins support", - "csc policy", - "strict locking", - "preload", - "auto services", - "lock dir", - "lock directory", - "pid directory", - "socket address", - "copy", - "include", - "available", - "volume", - "fstype", - "panic action", - "msdfs root", - "host msdfs", - "winbind separator"); - -/* - Remove configuration variables not present in Samba4 - oldconf: Old configuration structure - mark: Whether removed configuration variables should be - kept in the new configuration as "samba3:" - */ -function upgrade_smbconf(oldconf,mark) -{ - var data = oldconf.data(); - var newconf = param_init(); - - for (var s in data) { - for (var p in data[s]) { - var keep = false; - for (var k in smbconf_keep) { - if (smbconf_keep[k] == p) { - keep = true; - break; - } - } - - if (keep) { - newconf.set(s, p, oldconf.get(s, p)); - } else if (mark) { - newconf.set(s, "samba3:"+p, oldconf.get(s,p)); - } - } - } - - if (oldconf.get("domain logons") == "True") { - newconf.set("server role", "domain controller"); - } else { - if (oldconf.get("security") == "user") { - newconf.set("server role", "standalone"); - } else { - newconf.set("server role", "member server"); - } - } - - return newconf; -} - -function upgrade(subobj, samba3, message, paths, session_info, credentials) -{ - var ret = 0; - var lp = loadparm_init(); - var samdb = ldb_init(); - samdb.session_info = session_info; - samdb.credentials = credentials; - var ok = samdb.connect(paths.samdb); - if (!ok) { - info.message("samdb connect failed: " + samdb.errstring() + "\n"); - assert(ok); - } - - message("Writing configuration\n"); - var newconf = upgrade_smbconf(samba3.configuration,true); - newconf.save(paths.smbconf); - - message("Importing account policies\n"); - var ldif = upgrade_sam_policy(samba3,subobj.BASEDN); - ok = samdb.modify(ldif); - if (!ok) { - message("samdb load failed: " + samdb.errstring() + "\n"); - assert(ok); - } - var regdb = ldb_init(); - ok = regdb.connect(paths.hklm); - if (!ok) { - message("registry connect: " + regdb.errstring() + "\n"); - assert(ok); - } - - ok = regdb.modify(sprintf(" -dn: value=RefusePasswordChange,key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=System,HIVE=NONE -replace: type -type: 4 -replace: data -data: %d -", samba3.policy.refuse_machine_password_change)); - if (!ok) { - message("registry load failed: " + regdb.errstring() + "\n"); - assert(ok); - } - - message("Importing users\n"); - for (var i in samba3.samaccounts) { - var msg = "... " + samba3.samaccounts[i].username; - var ldif = upgrade_sam_account(samdb,samba3.samaccounts[i],subobj.BASEDN,subobj.DOMAINSID); - ok = samdb.add(ldif); - if (!ok && samdb.errstring() != "Record exists") { - msg = msg + "... error: " + samdb.errstring(); - ret = ret + 1; - } - message(msg + "\n"); - } - - message("Importing groups\n"); - for (var i in samba3.groupmappings) { - var msg = "... " + samba3.groupmappings[i].nt_name; - var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN); - if (ldif != undefined) { - ok = samdb.add(ldif); - if (!ok && samdb.errstring() != "Record exists") { - msg = msg + "... error: " + samdb.errstring(); - ret = ret + 1; - } - } - message(msg + "\n"); - } - - message("Importing registry data\n"); - var hives = new Array("hkcr","hkcu","hklm","hkpd","hku","hkpt"); - for (var i in hives) { - var hn = hives[i]; - message("... " + hn + "\n"); - regdb = ldb_init(); - ok = regdb.connect(paths[hn]); - assert(ok); - var ldif = upgrade_registry(samba3.registry, hn, regdb); - for (var j in ldif) { - var msg = "... ... " + j; - ok = regdb.add(ldif[j]); - if (!ok && regdb.errstring() != "Record exists") { - msg = msg + "... error: " + regdb.errstring(); - ret = ret + 1; - } - message(msg + "\n"); - } - } - - - message("Importing WINS data\n"); - var winsdb = ldb_init(); - ok = winsdb.connect(paths.winsdb); - assert(ok); - ldb_erase(winsdb); - - var ldif = upgrade_wins(samba3); - ok = winsdb.add(ldif); - assert(ok); - - // figure out ldapurl, if applicable - var ldapurl = undefined; - var pdb = samba3.configuration.get_list("passdb backend"); - if (pdb != undefined) { - for (var b in pdb) { - if (strlen(pdb[b]) >= 7) { - if (substr(pdb[b], 0, 7) == "ldapsam") { - ldapurl = substr(pdb[b], 8); - } - } - } - } - - // URL was not specified in passdb backend but ldap /is/ used - if (ldapurl == "") { - ldapurl = "ldap://" + samba3.configuration.get("ldap server"); - } - - // Enable samba3sam module if original passdb backend was ldap - if (ldapurl != undefined) { - message("Enabling Samba3 LDAP mappings for SAM database\n"); - - ok = samdb.modify(" -dn: @MODULES -changetype: modify -replace: @LIST -@LIST: samldb,operational,objectguid,rdn_name,samba3sam -"); - if (!ok) { - message("Error enabling samba3sam module: " + samdb.errstring() + "\n"); - ret = ret + 1; - } - - ok = samdb.add(sprintf(" -dn: @MAP=samba3sam -@MAP_URL: %s", ldapurl)); - assert(ok); - - } - - return ret; -} - -function upgrade_verify(subobj, samba3,paths,message) -{ - message("Verifying account policies\n"); - var samldb = ldb_init(); - var ne = 0; - - var ok = samldb.connect(paths.samdb); - assert(ok); - - for (var i in samba3.samaccounts) { - var msg = samldb.search("(&(sAMAccountName=" + samba3.samaccounts[i].nt_username + ")(objectclass=user))"); - assert(msg.length >= 1); - } - - // FIXME -} diff --git a/source4/scripting/python/samba/samba3.py b/source4/scripting/python/samba/samba3.py index d125e3164b..b4261f7c74 100644 --- a/source4/scripting/python/samba/samba3.py +++ b/source4/scripting/python/samba/samba3.py @@ -167,7 +167,7 @@ class SecretsDatabase: def get_auth_user(self): return self.tdb.get("SECRETS/AUTH_USER") - def get_dom_guid(self, host): + def get_domain_guid(self, host): return self.tdb.get("SECRETS/DOMGUID/%s" % host) def ldap_dns(self): diff --git a/source4/scripting/python/samba/tests/__init__.py b/source4/scripting/python/samba/tests/__init__.py index b01807c02f..5885a3b507 100644 --- a/source4/scripting/python/samba/tests/__init__.py +++ b/source4/scripting/python/samba/tests/__init__.py @@ -43,7 +43,7 @@ class TestCaseInTempDir(unittest.TestCase): def tearDown(self): super(TestCaseInTempDir, self).tearDown() - # FIXME: Remove all files in self.tempdir + os.rmdir(self.tempdir) class SubstituteVarTestCase(unittest.TestCase): diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 375c39eb5a..c13351bc63 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -255,68 +255,44 @@ maxVersion: %llu return ldif -def upgrade_provision(lp, samba3): - domainname = samba3.configuration.get("workgroup") +def upgrade_provision(samba3, setup_dir, message, credentials, session_info, paths): + oldconf = samba3.get_conf() + + if oldconf.get("domain logons") == "True": + serverrole = "domain controller" + else: + if oldconf.get("security") == "user": + serverrole = "standalone" + else: + serverrole = "member server" + + domainname = oldconf.get("workgroup") + realm = oldconf.get("realm") + netbiosname = oldconf.get("netbios name") + + secrets_db = samba3.get_secrets_db() if domainname is None: - domainname = samba3.secrets.domains[0].name - print "No domain specified in smb.conf file, assuming '%s'\n" % domainname + domainname = secrets_db.domains()[0] + message("No domain specified in smb.conf file, assuming '%s'" % domainname) - domsec = samba3.find_domainsecrets(domainname) - hostsec = samba3.find_domainsecrets(hostname()) - realm = samba3.configuration.get("realm") - if realm is None: - realm = domainname - print "No realm specified in smb.conf file, assuming '%s'\n" % realm - random_init(local) + realm = domainname.lower() + message("No realm specified in smb.conf file, assuming '%s'\n" % realm) - subobj.realm = realm - subobj.domain = domainname - - if domsec is not None: - subobj.DOMAINGUID = domsec.guid - subobj.DOMAINSID = domsec.sid + domainguid = secrets_db.get_domain_guid(domainname) + domainsid = secrets_db.get_sid(domainsid) + if domainsid is None: + message("Can't find domain secrets for '%s'; using random SID\n" % domainname) + + if netbiosname is not None: + machinepass = secrets_db.get_machine_password(netbiosname) else: - print "Can't find domain secrets for '%s'; using random SID and GUID\n" % domainname - subobj.DOMAINGUID = uuid.random() - subobj.DOMAINSID = randsid() + netbiosname = None - if hostsec: - hostguid = hostsec.guid - subobj.krbtgtpass = randpass(12) - subobj.machinepass = randpass(12) - subobj.adminpass = randpass(12) - subobj.datestring = datestring() - subobj.root = findnss(pwd.getpwnam, "root")[4] - subobj.nobody = findnss(pwd.getpwnam, "nobody")[4] - subobj.nogroup = findnss(grp.getgrnam, "nogroup", "nobody")[2] - subobj.wheel = findnss(grp.getgrnam, "wheel", "root")[2] - subobj.users = findnss(grp.getgrnam, "users", "guest", "other")[2] - subobj.dnsdomain = subobj.realm.lower() - subobj.dnsname = "%s.%s" % (subobj.hostname.lower(), subobj.dnsdomain) - subobj.basedn = "DC=" + ",DC=".join(subobj.realm.split(".")) - rdn_list = subobj.dnsdomain.split(".") - subobj.domaindn = "DC=" + ",DC=".join(rdn_list) - subobj.domaindn_ldb = "users.ldb" - subobj.rootdn = subobj.domaindn - - modules_list = ["rootdse", - "kludge_acl", - "paged_results", - "server_sort", - "extended_dn", - "asq", - "samldb", - "password_hash", - "operational", - "objectclass", - "rdn_name", - "show_deleted", - "partition"] - subobj.modules_list = ",".join(modules_list) - - return subobj + provision(lp, setup_dir, message, blank=True, paths=path, session_info=session_info, + credentials=credentials, realm=realm, domain=domainname, + domainsid=domainsid, domainguid=domainguid, machinepass=machinepass, serverrole=serverrole) smbconf_keep = [ "dos charset", @@ -435,14 +411,6 @@ def upgrade_smbconf(oldconf,mark): elif mark: newconf.set(s, "samba3:"+p, oldconf.get(s,p)) - if oldconf.get("domain logons") == "True": - newconf.set("server role", "domain controller") - else: - if oldconf.get("security") == "user": - newconf.set("server role", "standalone") - else: - newconf.set("server role", "member server") - return newconf def upgrade(subobj, samba3, message, paths, session_info, credentials): -- cgit