[packages/MigrationTools.git] / MigrationTools-smbkrb5.patch

diff -ur MigrationTools-47/migrate_common.ph MigrationTools-47-krb5/migrate_common.ph
--- MigrationTools-47/migrate_common.ph	2009-06-22 16:16:02.730586333 +0200
+++ MigrationTools-47-krb5/migrate_common.ph	2009-06-22 16:15:55.070581897 +0200
@@ -120,6 +120,11 @@
 #	$DEFAULT_REALM = $DEFAULT_MAIL_DOMAIN;
 #	$DEFAULT_REALM =~ tr/a-z/A-Z/;
 #}
+
+# Default SMB SID (must be non-empty string)
+#if ($EXTENDED_SCHEMA) {
+#	$DEFAULT_SMB_SID = "";
+#}
 
 if (-x "/usr/sbin/revnetgroup") {
 	$REVNETGROUP = "/usr/sbin/revnetgroup";
diff -ur MigrationTools-47/migrate_passwd.pl MigrationTools-47-krb5/migrate_passwd.pl
--- MigrationTools-47/migrate_passwd.pl	2009-06-22 16:16:02.850581340 +0200
+++ MigrationTools-47-krb5/migrate_passwd.pl	2009-06-22 16:13:13.997264191 +0200
@@ -50,6 +52,7 @@
 	exit 1;
 }
 
+$do_samba = 0;
 while ($ARGV[0] =~ /^--.*/) {
 	if ($ARGV[0] eq "--minuid") {
 		$minuid = $ARGV[1];
@@ -57,13 +60,22 @@
 	} elsif ($ARGV[0] eq "--maxuid") {
 		$maxuid = $ARGV[1];
 		shift ; shift;
+	} elsif ($ARGV[0] eq "--samba") {
+		$do_samba = 1;
+		shift;
 	} else {
 		shift;
 	}
 }
 
+if ($do_samba && !defined($DEFAULT_SMB_SID)) {
+	print STDERR "You must set \$DEFAULT_SMB_SID in /etc/openldap/migrate_common.ph to migrate smbpasswd\n";
+	exit 2;
+}
+
 &parse_args();
 &read_shadow_file();
+if ($do_samba) { &read_samba(); }
 &open_files();
 
 while(<INFILE>)
@@ -138,7 +150,25 @@
 	print $HANDLE "objectClass: top\n";
 
 	if ($DEFAULT_REALM) {
-		print $HANDLE "objectClass: kerberosSecurityObject\n";
+		print $HANDLE "objectClass: krb5Principal\n";
+		print $HANDLE "objectClass: krb5KDCEntry\n";
+		print $HANDLE "krb5PrincipalName: $user\@$DEFAULT_REALM\n";
+		print $HANDLE "krb5KeyVersionNumber: 0\n";
+	}
+
+	if ($DEFAULT_SMB_SID) {
+		my $userSID = (2 * $uid) + 1000;
+		my $groupSID = (2 * $gid) + 1001;
+		print $HANDLE "objectClass: sambaSamAccount\n";
+		print $HANDLE "displayName: $cn\n";
+		print $HANDLE "sambaSID: $DEFAULT_SMB_SID-$userSID\n";
+		print $HANDLE "sambaPrimaryGroupSID: $DEFAULT_SMB_SID-$groupSID\n";
+		if ($do_samba) {
+			print $HANDLE "sambaLMPassword: ".$sambaUsers{$user}->{"sambaLMPassword"}."\n";
+			print $HANDLE "sambaNTPassword: ".$sambaUsers{$user}->{"sambaNTPassword"}."\n";
+			print $HANDLE "sambaAcctFlags: ".$sambaUsers{$user}->{"sambaAcctFlags"}."\n";
+			print $HANDLE "sambaPwdLastSet: ".$sambaUsers{$user}->{"sambaPwdLastSet"}."\n";
+		}
 	}
 
 	if ($shadowUsers{$user} ne "") {
@@ -147,10 +175,6 @@
 		print $HANDLE "userPassword: {crypt}$pwd\n";
 	}
 
-	if ($DEFAULT_REALM) {
-		print $HANDLE "krbName: $user\@$DEFAULT_REALM\n";
-	}
-
 	if ($shell) {
 		print $HANDLE "loginShell: $shell\n";
 	}
@@ -226,3 +250,16 @@
 	}
 }
 
+sub read_samba
+{
+	open(INPUT, "</etc/samba/smbpasswd");
+	while (<INPUT>) {
+		my ($sambaUser, $id, $lmp, $ntp, $f, $lf, $xxx) = split(':');
+		$sambaUsers{$sambaUser}->{"sambaLMPassword"} = $lmp;
+		$sambaUsers{$sambaUser}->{"sambaNTPassword"} = $ntp;
+		$sambaUsers{$sambaUser}->{"sambaAcctFlags"} = $f;
+		$lf =~ s/^LCT-//;
+		$sambaUsers{$sambaUser}->{"sambaPwdLastSet"} = hex($lf);
+	}
+	close(INPUT);
+}
diff -ur MigrationTools-47/migrate_group.pl MigrationTools-47-krb5/migrate_group.pl
--- MigrationTools-47/migrate_group.pl	2009-06-23 17:02:54.982471778 +0200
+++ MigrationTools-47-krb5/migrate_group.pl	2009-06-24 13:43:59.759317493 +0200
@@ -86,6 +86,12 @@
 	print $HANDLE "dn: cn=$group,$NAMINGCONTEXT\n";
 	print $HANDLE "objectClass: posixGroup\n";
 	print $HANDLE "objectClass: top\n";
+	if ($DEFAULT_SMB_SID) {
+		my $groupSID = (2 * $gid) + 1001;
+		print $HANDLE "objectClass: sambaGroupMapping\n";
+		print $HANDLE "sambaSID: $DEFAULT_SMB_SID-$groupSID\n";
+		print $HANDLE "sambaGroupType: 2\n";
+	}
 	print $HANDLE "cn: $group\n";
 	if ($pwd) {
 		print $HANDLE "userPassword: {crypt}$pwd\n";
Commit	Line	Data
68242fc0 JR	1	diff -ur MigrationTools-47/migrate_common.ph MigrationTools-47-krb5/migrate_common.ph
	2	--- MigrationTools-47/migrate_common.ph 2009-06-22 16:16:02.730586333 +0200
	3	+++ MigrationTools-47-krb5/migrate_common.ph 2009-06-22 16:15:55.070581897 +0200
a51959fb JR	4	@@ -120,6 +120,11 @@
	5	# $DEFAULT_REALM = $DEFAULT_MAIL_DOMAIN;
	6	# $DEFAULT_REALM =~ tr/a-z/A-Z/;
	7	#}
68242fc0	8	+
a51959fb JR	9	+# Default SMB SID (must be non-empty string)
	10	+#if ($EXTENDED_SCHEMA) {
	11	+# $DEFAULT_SMB_SID = "";
	12	+#}
68242fc0 JR	13
	14	if (-x "/usr/sbin/revnetgroup") {
	15	$REVNETGROUP = "/usr/sbin/revnetgroup";
68242fc0 JR	16	diff -ur MigrationTools-47/migrate_passwd.pl MigrationTools-47-krb5/migrate_passwd.pl
	17	--- MigrationTools-47/migrate_passwd.pl 2009-06-22 16:16:02.850581340 +0200
	18	+++ MigrationTools-47-krb5/migrate_passwd.pl 2009-06-22 16:13:13.997264191 +0200
a51959fb JR	19	@@ -50,6 +52,7 @@
	20	exit 1;
	21	}
	22
	23	+$do_samba = 0;
	24	while ($ARGV[0] =~ /^--.*/) {
	25	if ($ARGV[0] eq "--minuid") {
	26	$minuid = $ARGV[1];
	27	@@ -57,13 +60,22 @@
	28	} elsif ($ARGV[0] eq "--maxuid") {
	29	$maxuid = $ARGV[1];
	30	shift ; shift;
	31	+ } elsif ($ARGV[0] eq "--samba") {
	32	+ $do_samba = 1;
	33	+ shift;
	34	} else {
	35	shift;
	36	}
	37	}
	38
	39	+if ($do_samba && !defined($DEFAULT_SMB_SID)) {
	40	+ print STDERR "You must set \$DEFAULT_SMB_SID in /etc/openldap/migrate_common.ph to migrate smbpasswd\n";
	41	+ exit 2;
	42	+}
	43	+
	44	&parse_args();
	45	&read_shadow_file();
	46	+if ($do_samba) { &read_samba(); }
	47	&open_files();
	48
	49	while(<INFILE>)
c42cf111	50	@@ -138,7 +150,25 @@
68242fc0 JR	51	print $HANDLE "objectClass: top\n";
	52
	53	if ($DEFAULT_REALM) {
	54	- print $HANDLE "objectClass: kerberosSecurityObject\n";
	55	+ print $HANDLE "objectClass: krb5Principal\n";
	56	+ print $HANDLE "objectClass: krb5KDCEntry\n";
	57	+ print $HANDLE "krb5PrincipalName: $user\@$DEFAULT_REALM\n";
	58	+ print $HANDLE "krb5KeyVersionNumber: 0\n";
	59	+ }
	60	+
a51959fb	61	+ if ($DEFAULT_SMB_SID) {
c42cf111 JR	62	+ my $userSID = (2 * $uid) + 1000;
c42cf111 JR	63	+ my $groupSID = (2 * $gid) + 1001;
68242fc0	64	+ print $HANDLE "objectClass: sambaSamAccount\n";
a51959fb	65	+ print $HANDLE "displayName: $cn\n";
c42cf111 JR	66	+ print $HANDLE "sambaSID: $DEFAULT_SMB_SID-$userSID\n";
c42cf111 JR	67	+ print $HANDLE "sambaPrimaryGroupSID: $DEFAULT_SMB_SID-$groupSID\n";
a51959fb JR	68	+ if ($do_samba) {
	69	+ print $HANDLE "sambaLMPassword: ".$sambaUsers{$user}->{"sambaLMPassword"}."\n";
	70	+ print $HANDLE "sambaNTPassword: ".$sambaUsers{$user}->{"sambaNTPassword"}."\n";
	71	+ print $HANDLE "sambaAcctFlags: ".$sambaUsers{$user}->{"sambaAcctFlags"}."\n";
	72	+ print $HANDLE "sambaPwdLastSet: ".$sambaUsers{$user}->{"sambaPwdLastSet"}."\n";
	73	+ }
68242fc0 JR	74	}
	75
	76	if ($shadowUsers{$user} ne "") {
a51959fb	77	@@ -147,10 +175,6 @@
68242fc0 JR	78	print $HANDLE "userPassword: {crypt}$pwd\n";
	79	}
	80
	81	- if ($DEFAULT_REALM) {
	82	- print $HANDLE "krbName: $user\@$DEFAULT_REALM\n";
	83	- }
	84	-
	85	if ($shell) {
	86	print $HANDLE "loginShell: $shell\n";
	87	}
a51959fb JR	88	@@ -226,3 +250,16 @@
	89	}
	90	}
	91
	92	+sub read_samba
	93	+{
	94	+ open(INPUT, "</etc/samba/smbpasswd");
	95	+ while (<INPUT>) {
	96	+ my ($sambaUser, $id, $lmp, $ntp, $f, $lf, $xxx) = split(':');
	97	+ $sambaUsers{$sambaUser}->{"sambaLMPassword"} = $lmp;
	98	+ $sambaUsers{$sambaUser}->{"sambaNTPassword"} = $ntp;
	99	+ $sambaUsers{$sambaUser}->{"sambaAcctFlags"} = $f;
	100	+ $lf =~ s/^LCT-//;
	101	+ $sambaUsers{$sambaUser}->{"sambaPwdLastSet"} = hex($lf);
	102	+ }
	103	+ close(INPUT);
	104	+}
1c77e701 JR	105	diff -ur MigrationTools-47/migrate_group.pl MigrationTools-47-krb5/migrate_group.pl
	106	--- MigrationTools-47/migrate_group.pl 2009-06-23 17:02:54.982471778 +0200
	107	+++ MigrationTools-47-krb5/migrate_group.pl 2009-06-24 13:43:59.759317493 +0200
c42cf111	108	@@ -86,6 +86,12 @@
1c77e701 JR	109	print $HANDLE "dn: cn=$group,$NAMINGCONTEXT\n";
	110	print $HANDLE "objectClass: posixGroup\n";
	111	print $HANDLE "objectClass: top\n";
	112	+ if ($DEFAULT_SMB_SID) {
c42cf111	113	+ my $groupSID = (2 * $gid) + 1001;
1c77e701	114	+ print $HANDLE "objectClass: sambaGroupMapping\n";
c42cf111	115	+ print $HANDLE "sambaSID: $DEFAULT_SMB_SID-$groupSID\n";
1c77e701 JR	116	+ print $HANDLE "sambaGroupType: 2\n";
	117	+ }
	118	print $HANDLE "cn: $group\n";
	119	if ($pwd) {
	120	print $HANDLE "userPassword: {crypt}$pwd\n";