[packages/MigrationTools.git] / MigrationTools-smbkrb5.patch

diff -ur MigrationTools-47/migrate_common.ph MigrationTools-47-krb5/migrate_common.ph
--- MigrationTools-47/migrate_common.ph	2009-06-22 16:16:02.730586333 +0200
+++ MigrationTools-47-krb5/migrate_common.ph	2009-06-22 16:15:55.070581897 +0200
@@ -120,6 +120,11 @@
 #	$DEFAULT_REALM = $DEFAULT_MAIL_DOMAIN;
 #	$DEFAULT_REALM =~ tr/a-z/A-Z/;
 #}
+
+# Default SMB SID (must be non-empty string)
+#if ($EXTENDED_SCHEMA) {
+#	$DEFAULT_SMB_SID = "";
+#}
 
 if (-x "/usr/sbin/revnetgroup") {
 	$REVNETGROUP = "/usr/sbin/revnetgroup";
diff -ur MigrationTools-47/migrate_passwd.pl MigrationTools-47-krb5/migrate_passwd.pl
--- MigrationTools-47/migrate_passwd.pl	2009-06-22 16:16:02.850581340 +0200
+++ MigrationTools-47-krb5/migrate_passwd.pl	2009-06-22 16:13:13.997264191 +0200
@@ -50,6 +52,7 @@
 	exit 1;
 }
 
+$do_samba = 0;
 if ( defined($IGNORE_UID_BELOW) ) {
 	$minuid = $IGNORE_UID_BELOW;
 }
@@ -57,13 +60,22 @@
 	} elsif ($ARGV[0] eq "--maxgid") {
 		$maxgid = $ARGV[1];
 		shift ; shift;
+	} elsif ($ARGV[0] eq "--samba") {
+		$do_samba = 1;
+		shift;
 	} else {
 		shift;
 	}
 }
 
+if ($do_samba && !defined($DEFAULT_SMB_SID)) {
+	print STDERR "You must set \$DEFAULT_SMB_SID in %CONFDIR%migrate_common.ph to migrate smbpasswd\n";
+	exit 2;
+}
+
 &parse_args();
 &read_shadow_file();
+if ($do_samba) { &read_samba(); }
 &open_files();
 
 while(<INFILE>)
@@ -138,7 +150,28 @@
 	print $HANDLE "objectClass: top\n";
 
 	if ($DEFAULT_REALM) {
-		print $HANDLE "objectClass: kerberosSecurityObject\n";
+		print $HANDLE "objectClass: krb5Principal\n";
+		print $HANDLE "objectClass: krb5KDCEntry\n";
+		print $HANDLE "krb5PrincipalName: $user\@$DEFAULT_REALM\n";
+		print $HANDLE "krb5KeyVersionNumber: 0\n";
+		print $HANDLE "krb5KDCFlags: 126\n";
+		print $HANDLE "krb5MaxRenew: 604800\n";
+		print $HANDLE "krb5MaxLife: 86400\n";
+	}
+
+	if ($DEFAULT_SMB_SID) {
+		my $userSID = (2 * $uid) + 1000;
+		my $groupSID = (2 * $gid) + 1001;
+		print $HANDLE "objectClass: sambaSamAccount\n";
+		print $HANDLE "displayName: $cn\n";
+		print $HANDLE "sambaSID: $DEFAULT_SMB_SID-$userSID\n";
+		print $HANDLE "sambaPrimaryGroupSID: $DEFAULT_SMB_SID-$groupSID\n";
+		if ($do_samba) {
+			print $HANDLE "sambaLMPassword: ".$sambaUsers{$user}->{"sambaLMPassword"}."\n";
+			print $HANDLE "sambaNTPassword: ".$sambaUsers{$user}->{"sambaNTPassword"}."\n";
+			print $HANDLE "sambaAcctFlags: ".$sambaUsers{$user}->{"sambaAcctFlags"}."\n";
+			print $HANDLE "sambaPwdLastSet: ".$sambaUsers{$user}->{"sambaPwdLastSet"}."\n";
+		}
 	}
 
 	if ($shadowUsers{$user} ne "") {
@@ -147,10 +175,6 @@
 		print $HANDLE "userPassword: {crypt}$pwd\n";
 	}
 
-	if ($DEFAULT_REALM) {
-		print $HANDLE "krbName: $user\@$DEFAULT_REALM\n";
-	}
-
 	if ($shell) {
 		print $HANDLE "loginShell: $shell\n";
 	}
@@ -226,3 +250,16 @@
 	}
 }
 
+sub read_samba
+{
+	open(INPUT, "</etc/samba/smbpasswd");
+	while (<INPUT>) {
+		my ($sambaUser, $id, $lmp, $ntp, $f, $lf, $xxx) = split(':');
+		$sambaUsers{$sambaUser}->{"sambaLMPassword"} = $lmp;
+		$sambaUsers{$sambaUser}->{"sambaNTPassword"} = $ntp;
+		$sambaUsers{$sambaUser}->{"sambaAcctFlags"} = $f;
+		$lf =~ s/^LCT-//;
+		$sambaUsers{$sambaUser}->{"sambaPwdLastSet"} = hex($lf);
+	}
+	close(INPUT);
+}
diff -ur MigrationTools-47/migrate_group.pl MigrationTools-47-krb5/migrate_group.pl
--- MigrationTools-47/migrate_group.pl	2009-06-23 17:02:54.982471778 +0200
+++ MigrationTools-47-krb5/migrate_group.pl	2009-06-24 13:43:59.759317493 +0200
@@ -86,6 +86,12 @@
 	print $HANDLE "dn: cn=$group,$NAMINGCONTEXT\n";
 	print $HANDLE "objectClass: posixGroup\n";
 	print $HANDLE "objectClass: top\n";
+	if ($DEFAULT_SMB_SID) {
+		my $groupSID = (2 * $gid) + 1001;
+		print $HANDLE "objectClass: sambaGroupMapping\n";
+		print $HANDLE "sambaSID: $DEFAULT_SMB_SID-$groupSID\n";
+		print $HANDLE "sambaGroupType: 2\n";
+	}
 	print $HANDLE "cn: $group\n";
 	if ($pwd) {
 		print $HANDLE "userPassword: {crypt}$pwd\n";
Commit	Line	Data
68242fc0 JR	1	diff -ur MigrationTools-47/migrate_common.ph MigrationTools-47-krb5/migrate_common.ph
	2	--- MigrationTools-47/migrate_common.ph 2009-06-22 16:16:02.730586333 +0200
	3	+++ MigrationTools-47-krb5/migrate_common.ph 2009-06-22 16:15:55.070581897 +0200
a51959fb JR	4	@@ -120,6 +120,11 @@
	5	# $DEFAULT_REALM = $DEFAULT_MAIL_DOMAIN;
	6	# $DEFAULT_REALM =~ tr/a-z/A-Z/;
	7	#}
68242fc0	8	+
a51959fb JR	9	+# Default SMB SID (must be non-empty string)
	10	+#if ($EXTENDED_SCHEMA) {
	11	+# $DEFAULT_SMB_SID = "";
	12	+#}
68242fc0 JR	13
	14	if (-x "/usr/sbin/revnetgroup") {
	15	$REVNETGROUP = "/usr/sbin/revnetgroup";
68242fc0 JR	16	diff -ur MigrationTools-47/migrate_passwd.pl MigrationTools-47-krb5/migrate_passwd.pl
	17	--- MigrationTools-47/migrate_passwd.pl 2009-06-22 16:16:02.850581340 +0200
	18	+++ MigrationTools-47-krb5/migrate_passwd.pl 2009-06-22 16:13:13.997264191 +0200
a51959fb JR	19	@@ -50,6 +52,7 @@
	20	exit 1;
	21	}
	22
	23	+$do_samba = 0;
45f9ab82 JR	24	if ( defined($IGNORE_UID_BELOW) ) {
	25	$minuid = $IGNORE_UID_BELOW;
	26	}
a51959fb	27	@@ -57,13 +60,22 @@
45f9ab82 JR	28	} elsif ($ARGV[0] eq "--maxgid") {
45f9ab82 JR	29	$maxgid = $ARGV[1];
a51959fb JR	30	shift ; shift;
	31	+ } elsif ($ARGV[0] eq "--samba") {
	32	+ $do_samba = 1;
	33	+ shift;
	34	} else {
	35	shift;
	36	}
	37	}
	38
	39	+if ($do_samba && !defined($DEFAULT_SMB_SID)) {
c833263d	40	+ print STDERR "You must set \$DEFAULT_SMB_SID in %CONFDIR%migrate_common.ph to migrate smbpasswd\n";
a51959fb JR	41	+ exit 2;
	42	+}
	43	+
	44	&parse_args();
	45	&read_shadow_file();
	46	+if ($do_samba) { &read_samba(); }
	47	&open_files();
	48
	49	while(<INFILE>)
97a9c781	50	@@ -138,7 +150,28 @@
68242fc0 JR	51	print $HANDLE "objectClass: top\n";
	52
	53	if ($DEFAULT_REALM) {
	54	- print $HANDLE "objectClass: kerberosSecurityObject\n";
	55	+ print $HANDLE "objectClass: krb5Principal\n";
	56	+ print $HANDLE "objectClass: krb5KDCEntry\n";
	57	+ print $HANDLE "krb5PrincipalName: $user\@$DEFAULT_REALM\n";
	58	+ print $HANDLE "krb5KeyVersionNumber: 0\n";
97a9c781 JR	59	+ print $HANDLE "krb5KDCFlags: 126\n";
	60	+ print $HANDLE "krb5MaxRenew: 604800\n";
	61	+ print $HANDLE "krb5MaxLife: 86400\n";
68242fc0 JR	62	+ }
68242fc0 JR	63	+
a51959fb	64	+ if ($DEFAULT_SMB_SID) {
c42cf111 JR	65	+ my $userSID = (2 * $uid) + 1000;
c42cf111 JR	66	+ my $groupSID = (2 * $gid) + 1001;
68242fc0	67	+ print $HANDLE "objectClass: sambaSamAccount\n";
a51959fb	68	+ print $HANDLE "displayName: $cn\n";
c42cf111 JR	69	+ print $HANDLE "sambaSID: $DEFAULT_SMB_SID-$userSID\n";
c42cf111 JR	70	+ print $HANDLE "sambaPrimaryGroupSID: $DEFAULT_SMB_SID-$groupSID\n";
a51959fb JR	71	+ if ($do_samba) {
	72	+ print $HANDLE "sambaLMPassword: ".$sambaUsers{$user}->{"sambaLMPassword"}."\n";
	73	+ print $HANDLE "sambaNTPassword: ".$sambaUsers{$user}->{"sambaNTPassword"}."\n";
	74	+ print $HANDLE "sambaAcctFlags: ".$sambaUsers{$user}->{"sambaAcctFlags"}."\n";
	75	+ print $HANDLE "sambaPwdLastSet: ".$sambaUsers{$user}->{"sambaPwdLastSet"}."\n";
	76	+ }
68242fc0 JR	77	}
	78
	79	if ($shadowUsers{$user} ne "") {
a51959fb	80	@@ -147,10 +175,6 @@
68242fc0 JR	81	print $HANDLE "userPassword: {crypt}$pwd\n";
	82	}
	83
	84	- if ($DEFAULT_REALM) {
	85	- print $HANDLE "krbName: $user\@$DEFAULT_REALM\n";
	86	- }
	87	-
	88	if ($shell) {
	89	print $HANDLE "loginShell: $shell\n";
	90	}
a774229d	91	@@ -226,3 +250,16 @@
a51959fb JR	92	}
a51959fb JR	93	}
a774229d	94
a51959fb JR	95	+sub read_samba
	96	+{
	97	+ open(INPUT, "</etc/samba/smbpasswd");
	98	+ while (<INPUT>) {
	99	+ my ($sambaUser, $id, $lmp, $ntp, $f, $lf, $xxx) = split(':');
	100	+ $sambaUsers{$sambaUser}->{"sambaLMPassword"} = $lmp;
	101	+ $sambaUsers{$sambaUser}->{"sambaNTPassword"} = $ntp;
	102	+ $sambaUsers{$sambaUser}->{"sambaAcctFlags"} = $f;
	103	+ $lf =~ s/^LCT-//;
	104	+ $sambaUsers{$sambaUser}->{"sambaPwdLastSet"} = hex($lf);
	105	+ }
	106	+ close(INPUT);
	107	+}
1c77e701 JR	108	diff -ur MigrationTools-47/migrate_group.pl MigrationTools-47-krb5/migrate_group.pl
	109	--- MigrationTools-47/migrate_group.pl 2009-06-23 17:02:54.982471778 +0200
	110	+++ MigrationTools-47-krb5/migrate_group.pl 2009-06-24 13:43:59.759317493 +0200
c42cf111	111	@@ -86,6 +86,12 @@
1c77e701 JR	112	print $HANDLE "dn: cn=$group,$NAMINGCONTEXT\n";
	113	print $HANDLE "objectClass: posixGroup\n";
	114	print $HANDLE "objectClass: top\n";
	115	+ if ($DEFAULT_SMB_SID) {
c42cf111	116	+ my $groupSID = (2 * $gid) + 1001;
1c77e701	117	+ print $HANDLE "objectClass: sambaGroupMapping\n";
c42cf111	118	+ print $HANDLE "sambaSID: $DEFAULT_SMB_SID-$groupSID\n";
1c77e701 JR	119	+ print $HANDLE "sambaGroupType: 2\n";
	120	+ }
	121	print $HANDLE "cn: $group\n";
	122	if ($pwd) {
	123	print $HANDLE "userPassword: {crypt}$pwd\n";