[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Tue Aug 24 13:23:01 UTC 2021
The branch, master has been updated
via 78942ad7d17 samba-tool domain backup: Use tdbbackup on metadata.tdb
via 958931ad379 samba-tool: Rework transations/locks to hold a lock during mdb backup
via 423f808ff48 samba-tool domain backup offline: Use passed in samdb when backing up sam.ldb
via 2d6cdb54218 selftest: Add python path for compiled python modules like ldb
from 72b4fe93f15 s3: smbd: Ensure all returns from OpenDir() correctly set errno.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 78942ad7d17a92cd39d9c46ae1b8348e9673ac30
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 23 20:45:50 2021 +1200
samba-tool domain backup: Use tdbbackup on metadata.tdb
metadata.tdb is inside sam.ldb.d/ but should be backed up with tdbbackup.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Aug 24 13:22:04 UTC 2021 on sn-devel-184
commit 958931ad379af26dcbc55cfbc49e7886ef8e0550
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 23 18:14:16 2021 +1200
samba-tool: Rework transations/locks to hold a lock during mdb backup
We now also get sidForRestore under that lock, rather than
after the backup.
This avoids using the database again after the backup process
While not entirely clear how/why this matters with LMDB
as seen in Fedora 34, likely due to the same issues
seen with 0.9.26 or later fixed by commmit
bb3dcd403ced922574a89011dd3814c4fe87dd76.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14676
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 423f808ff48e297745f576a52b2118c4b920a3e4
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 23 19:41:15 2021 +1200
samba-tool domain backup offline: Use passed in samdb when backing up sam.ldb
This avoids opening the database again by having the caller pass in
the DB open
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14676
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 2d6cdb5421810b0027cb78307abd8a8c855c5244
Author: Andreas Schneider <asn at samba.org>
Date: Tue Aug 24 10:14:14 2021 +0200
selftest: Add python path for compiled python modules like ldb
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
python/samba/netcmd/domain_backup.py | 54 ++++++++++++++++++++++++++++--------
selftest/devel_env.sh | 3 +-
2 files changed, 44 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/netcmd/domain_backup.py b/python/samba/netcmd/domain_backup.py
index 5cccccd40ec..81738196385 100644
--- a/python/samba/netcmd/domain_backup.py
+++ b/python/samba/netcmd/domain_backup.py
@@ -1004,7 +1004,12 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
# sam.ldb must have a transaction started on it before backing up
# everything in sam.ldb.d with the appropriate backup function.
+ #
+ # Obtains the sidForRestore (SID for the new DC) and returns it
+ # from under the transaction
def backup_smb_dbs(self, private_dir, samdb, lp, logger):
+ sam_ldb_path = os.path.join(private_dir, 'sam.ldb')
+
# First, determine if DB backend is MDB. Assume not unless there is a
# 'backendStore' attribute on @PARTITION containing the text 'mdb'
store_label = "backendStore"
@@ -1012,16 +1017,28 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
attrs=[store_label])
mdb_backend = store_label in res[0] and str(res[0][store_label][0]) == 'mdb'
- sam_ldb_path = os.path.join(private_dir, 'sam.ldb')
+ # This is needed to keep this variable in scope until the end
+ # of the transaction.
+ res_iterator = None
+
copy_function = None
if mdb_backend:
logger.info('MDB backend detected. Using mdb backup function.')
copy_function = self.offline_mdb_copy
+
+ # We can't backup with a write transaction open, so get a
+ # read lock with a search_iterator().
+ #
+ # We have tests in lib/ldb/tests/python/api.py that the
+ # search iterator takes a read lock effective against a
+ # transaction. This in turn will ensure there are no
+ # transactions on either the main or sub-database, even if
+ # the read locks were not enforced globally (they are).
+ res_iterator = samdb.search_iterator()
else:
logger.info('Starting transaction on ' + sam_ldb_path)
copy_function = self.offline_tdb_copy
- sam_obj = Ldb(sam_ldb_path, lp=lp, flags=ldb.FLG_DONT_CREATE_DB)
- sam_obj.transaction_start()
+ samdb.transaction_start()
logger.info(' backing up ' + sam_ldb_path)
self.offline_tdb_copy(sam_ldb_path)
@@ -1031,12 +1048,22 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
if sam_file.endswith('.ldb'):
logger.info(' backing up locked/related file ' + sam_file)
copy_function(sam_file)
+ elif sam_file.endswith('.tdb'):
+ logger.info(' tdbbackup of locked/related file ' + sam_file)
+ self.offline_tdb_copy(sam_file)
else:
logger.info(' copying locked/related file ' + sam_file)
shutil.copyfile(sam_file, sam_file + self.backup_ext)
- if not mdb_backend:
- sam_obj.transaction_cancel()
+ sid = get_sid_for_restore(samdb, logger)
+
+ if mdb_backend:
+ # Delete the iterator, release the read lock
+ del(res_iterator)
+ else:
+ samdb.transaction_cancel()
+
+ return sid
# Find where a path should go in the fixed backup archive structure.
def get_arc_path(self, path, conf_paths):
@@ -1072,9 +1099,6 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
check_targetdir(logger, targetdir)
- samdb = SamDB(url=paths.samdb, session_info=system_session(), lp=lp,
- flags=ldb.FLG_RDONLY)
-
# Iterating over the directories in this specific order ensures that
# when the private directory contains hardlinks that are also contained
# in other directories to be backed up (such as in paths.binddns_dir),
@@ -1117,17 +1141,23 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
all_files.append(full_path)
+ # We would prefer to open with FLG_RDONLY but then we can't
+ # start a transaction which is the strong isolation we want
+ # for the backup.
+ samdb = SamDB(url=paths.samdb, session_info=system_session(), lp=lp,
+ flags=ldb.FLG_DONT_CREATE_DB)
+
# Backup secrets, sam.ldb and their downstream files
self.backup_secrets(paths.private_dir, lp, logger)
- self.backup_smb_dbs(paths.private_dir, samdb, lp, logger)
+ sid = self.backup_smb_dbs(paths.private_dir, samdb, lp, logger)
# Get the domain SID so we can later place it in the backup
dom_sid_str = samdb.get_domain_sid()
dom_sid = security.dom_sid(dom_sid_str)
- sid = get_sid_for_restore(samdb, logger)
-
- # Close the original samdb
+ # Close the original samdb, to avoid any confusion, we will
+ # not use this any more as the data has all been copied under
+ # the transaction
samdb = None
# Open the new backed up samdb, flag it as backed up, and write
diff --git a/selftest/devel_env.sh b/selftest/devel_env.sh
index ccf433da782..1409d30c92b 100644
--- a/selftest/devel_env.sh
+++ b/selftest/devel_env.sh
@@ -11,4 +11,5 @@ export SMBD_DONT_LOG_STDOUT=1
export WINBINDD_DONT_LOG_STDOUT=1
# Setup python path for lsp server
-export PYTHONPATH="$(pwd)/third_party/waf:$(pwd)/python:$(pwd)/selftest:$PYTHONPATH"
+PYTHONPATH="$(pwd)/third_party/waf:$(pwd)/python:$(pwd)/bin/python:$(pwd)/selftest:$PYTHONPATH"
+export PYTHONPATH
--
Samba Shared Repository
More information about the samba-cvs
mailing list