From: Joseph Sutton Date: Sun, 21 Mar 2021 22:06:30 +0000 (+1300) Subject: netcmd: Fix opening SamDB database for offline backup X-Git-Tag: tevent-0.11.0~1404 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d7c111514ad53787af5a7084355126df9999a34f;p=thirdparty%2Fsamba.git netcmd: Fix opening SamDB database for offline backup When opening the backed-up SamDB database, open the top-level database without loading any modules so the backend database files aren't unnecessarily opened. The domain SID is now fetched from the original database rather than from the backup. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14676 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Reviewed-by: Samuel Cabrero --- diff --git a/python/samba/netcmd/domain_backup.py b/python/samba/netcmd/domain_backup.py index ceba98039b7..f00fd41d95a 100644 --- a/python/samba/netcmd/domain_backup.py +++ b/python/samba/netcmd/domain_backup.py @@ -1156,21 +1156,31 @@ class cmd_domain_backup_offline(samba.netcmd.Command): # Backup secrets, sam.ldb and their downstream files self.backup_secrets(paths.private_dir, lp, logger) self.backup_smb_dbs(paths.private_dir, samdb, lp, logger) + + # Get the domain SID so we can later place it in the backup + dom_sid_str = samdb.get_domain_sid() + dom_sid = security.dom_sid(dom_sid_str) + + # Close the original samdb samdb = None # Open the new backed up samdb, flag it as backed up, and write - # the next SID so the restore tool can add objects. + # the next SID so the restore tool can add objects. We use + # options=["modules:"] here to prevent any modules from loading. # WARNING: Don't change this code unless you know what you're doing. # Writing to a .bak file only works because the DN being # written to happens to be top level. - samdb = SamDB(url=paths.samdb + self.backup_ext, + samdb = Ldb(url=paths.samdb + self.backup_ext, session_info=system_session(), lp=lp, - flags=ldb.FLG_DONT_CREATE_DB) + options=["modules:"], flags=ldb.FLG_DONT_CREATE_DB) time_str = get_timestamp() add_backup_marker(samdb, "backupDate", time_str) add_backup_marker(samdb, "sidForRestore", sid) add_backup_marker(samdb, "backupType", "offline") + # Close the backed up samdb + samdb = None + # Now handle all the LDB and TDB files that are not linked to # anything else. Use transactions for LDBs. for path in all_files: @@ -1196,7 +1206,7 @@ class cmd_domain_backup_offline(samba.netcmd.Command): logger.info('running offline ntacl backup of sysvol') sysvol_tar_fn = 'sysvol.tar.gz' sysvol_tar = os.path.join(temp_tar_dir, sysvol_tar_fn) - backup_offline(paths.sysvol, sysvol_tar, samdb, paths.smbconf) + backup_offline(paths.sysvol, sysvol_tar, paths.smbconf, dom_sid) tar.add(sysvol_tar, sysvol_tar_fn) os.remove(sysvol_tar) diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py index 4f189965d05..1bcb755c952 100644 --- a/python/samba/ntacls.py +++ b/python/samba/ntacls.py @@ -551,7 +551,7 @@ def backup_online(smb_conn, dest_tarfile_path, dom_sid): shutil.rmtree(localdir) -def backup_offline(src_service_path, dest_tarfile_path, samdb_conn, smb_conf_path): +def backup_offline(src_service_path, dest_tarfile_path, smb_conf_path, dom_sid): """ Backup files and ntacls to a tarfile for a service """ @@ -559,9 +559,6 @@ def backup_offline(src_service_path, dest_tarfile_path, samdb_conn, smb_conf_pat tempdir = tempfile.mkdtemp() session_info = system_session_unix() - dom_sid_str = samdb_conn.get_domain_sid() - dom_sid = security.dom_sid(dom_sid_str) - ntacls_helper = NtaclsHelper(service, smb_conf_path, dom_sid) for dirpath, dirnames, filenames in os.walk(src_service_path): diff --git a/python/samba/tests/ntacls_backup.py b/python/samba/tests/ntacls_backup.py index 265208805b7..03a9c0b22d8 100644 --- a/python/samba/tests/ntacls_backup.py +++ b/python/samba/tests/ntacls_backup.py @@ -184,7 +184,7 @@ class NtaclsBackupRestoreTests(SmbdBaseTests): """ ntacls.backup_offline( self.service_root, self.tarfile_path, - self.samdb_conn, self.smb_conf_path) + self.smb_conf_path, self.dom_sid) self._check_tarfile() self.smb_helper.delete_tree()