From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 1 Apr 2008 09:02:01 +0000 (+0200)
Subject: passdb: guard pdb_generate_sam_sid() with a transaction
X-Git-Tag: samba-3.3.0pre1~2968
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9322442510d9c2cf16c25f5109fe81b277c44881;p=thirdparty%2Fsamba.git

passdb: guard pdb_generate_sam_sid() with a transaction

This prevents possible races with some dbwrap backends

metze
---

diff --git a/source/passdb/machine_sid.c b/source/passdb/machine_sid.c
index 8fafcbbbd46..ff2c9bcb0d9 100644
--- a/source/passdb/machine_sid.c
+++ b/source/passdb/machine_sid.c
@@ -181,16 +181,38 @@ static DOM_SID *pdb_generate_sam_sid(void)
 /* return our global_sam_sid */
 DOM_SID *get_global_sam_sid(void)
 {
+	struct db_context *db;
+
 	if (global_sam_sid != NULL)
 		return global_sam_sid;
 	
-	/* memory for global_sam_sid is allocated in 
-	   pdb_generate_sam_sid() as needed */
+	/*
+	 * memory for global_sam_sid is allocated in
+	 * pdb_generate_sam_sid() as needed
+	 *
+	 * Note: this is garded by a transaction
+	 *       to prevent races on startup which
+	 *       can happen with some dbwrap backends
+	 */
+
+	db = secrets_db_ctx();
+	if (!db) {
+		smb_panic("could not open secrets db");
+	}
+
+	if (db->transaction_start(db) != 0) {
+		smb_panic("could not start transaction on secrets db");
+	}
 
 	if (!(global_sam_sid = pdb_generate_sam_sid())) {
+		db->transaction_cancel(db);
 		smb_panic("could not generate a machine SID");
 	}
 
+	if (db->transaction_commit(db) != 0) {
+		smb_panic("could not start commit secrets db");
+	}
+
 	return global_sam_sid;
 }