[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Wed Mar 24 03:14:02 UTC 2021

The branch, master has been updated
       via  bf1c294adb7 auth:creds: Free the uname pointer in cli_credentials_parse_string()
       via  aa34799600b auth:creds: Don't include credentials_internal.h twice
       via  d7c111514ad netcmd: Fix opening SamDB database for offline backup
       via  bb3dcd403ce netcmd: Workaround issue backing up offline domain with lmdb >= 0.9.26
      from  c871c224611 s3:netapi: Add libnetapi_set_creds()


- Log -----------------------------------------------------------------
commit bf1c294adb7ef623d0da1dd9b43d3b3fab58fa26
Author: Andreas Schneider <asn at samba.org>
Date:   Mon Mar 22 18:11:33 2021 +0100

    auth:creds: Free the uname pointer in cli_credentials_parse_string()
    The data is duplicated and we don't need it anymore.
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Wed Mar 24 03:13:05 UTC 2021 on sn-devel-184

commit aa34799600bc95758d01bc9d7b3dd58f251d71ad
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Dec 3 17:10:22 2020 +0100

    auth:creds: Don't include credentials_internal.h twice
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit d7c111514ad53787af5a7084355126df9999a34f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date:   Mon Mar 22 11:06:30 2021 +1300

    netcmd: Fix opening SamDB database for offline backup
    When opening the backed-up SamDB database, open the top-level database
    without loading any modules so the backend database files aren't
    unnecessarily opened. The domain SID is now fetched from the original
    database rather than from the backup.
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14676
    Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Samuel Cabrero <scabrero at samba.org>

commit bb3dcd403ced922574a89011dd3814c4fe87dd76
Author: Samuel Cabrero <scabrero at samba.org>
Date:   Thu Mar 18 17:54:33 2021 +0100

    netcmd: Workaround issue backing up offline domain with lmdb >= 0.9.26
    The LMDB change "ITS#9278 fix robust mutex cleanup for FreeBSD" released
    in version 0.9.26 makes samba-tool domain backup offline to fail with
    the following error:
    Failed to connect to 'mdb:///tmp/foo/private/sam.ldb.d/CN=CONFIGURATION,DC=FOO,DC=EXAMPLE,DC=COM.ldb' with backend 'mdb': Unable to load ltdb cache records for backend 'ldb_mdb backend'
    module samba_dsdb initialization failed : Operations error
    Unable to load modules for /tmp/foo/private/sam.ldb.bak-offline: Unable to load ltdb cache records for backend 'ldb_mdb backend'
    ERROR(ldb): uncaught exception - Unable to load ltdb cache records for backend 'ldb_mdb backend'
      File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/__init__.py", line 186, in _run
        return self.run(*args, **kwargs)
      File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/domain_backup.py", line 1147, in run
        session_info=system_session(), lp=lp)
      File "/usr/local/samba/lib64/python3.6/site-packages/samba/samdb.py", line 72, in __init__
      File "/usr/local/samba/lib64/python3.6/site-packages/samba/__init__.py", line 114, in __init__
        self.connect(url, flags, options)
      File "/usr/local/samba/lib64/python3.6/site-packages/samba/samdb.py", line 87, in connect
    The error occurs opening the backed ldb to write the backup date and the
    next SID, a call to pthread_mutex_lock in mdb_txn_renew0 (frame 8) returns
      #0  0x00007ff63c2f1bea in wait4 () from /lib64/libc.so.6
      #1  0x00007ff63c26f3a3 in do_system () from /lib64/libc.so.6
      #2  0x00007ff63bc71e94 in smb_panic_default (why=0x7ffed481b7d0 "Signal 6: Aborted") at ../../lib/util/fault.c:153
      #3  0x00007ff63bc72168 in smb_panic (why=0x7ffed481b7d0 "Signal 6: Aborted") at ../../lib/util/fault.c:200
      #4  0x00007ff63bc71c82 in fault_report (sig=6) at ../../lib/util/fault.c:81
      #5  0x00007ff63bc71c97 in sig_fault (sig=6) at ../../lib/util/fault.c:92
      #6  <signal handler called>
      #7  0x00007ff63c2178b5 in raise () from /lib64/libpthread.so.0
      #8  0x00007ff637602e65 in mdb_txn_renew0 (txn=txn at entry=0x55d6f97fb800) at mdb.c:2710
      #9  0x00007ff637603ae8 in mdb_txn_begin (env=0x55d6f85dfa80, parent=0x0, flags=131072, ret=0x55d6f89c0928)
          at mdb.c:2912
      #10 0x00007ff6376236cc in lmdb_lock_read (module=0x55d6f8c5f4b0) at ../../lib/ldb/ldb_mdb/ldb_mdb.c:585
      #11 0x00007ff637641de6 in ldb_kv_cache_load (module=0x55d6f8c5f4b0) at ../../lib/ldb/ldb_key_value/ldb_kv_cache.c:450
      #12 0x00007ff637638792 in ldb_kv_init_store (ldb_kv=0x55d6f8af2a80, name=0x7ff637625675 "ldb_mdb backend",
          ldb=0x55d6f8cd22b0, options=0x0, _module=0x7ffed481c248) at ../../lib/ldb/ldb_key_value/ldb_kv.c:2166
      #13 0x00007ff6376247ba in lmdb_connect (ldb=0x55d6f8cd22b0,
          url=0x55d6f85d41f0 "mdb:///tmp/foo/private/sam.ldb.d/CN=CONFIGURATION,DC=FOO,DC=EXAMPLE,DC=COM.ldb", flags=64,
          options=0x0, _module=0x7ffed481c248) at ../../lib/ldb/ldb_mdb/ldb_mdb.c:1143
      #14 0x00007ff63bd94d2f in ldb_module_connect_backend (ldb=0x55d6f8cd22b0,
          url=0x55d6f85d41f0 "mdb:///tmp/foo/private/sam.ldb.d/CN=CONFIGURATION,DC=FOO,DC=EXAMPLE,DC=COM.ldb",
          options=0x0, backend_module=0x7ffed481c248) at ../../lib/ldb/common/ldb_modules.c:221
      #15 0x00007ff6375a4baf in new_partition_from_dn (ldb=0x55d6f8cd22b0, data=0x55d6f858bed0, mem_ctx=0x55d6f8a03cd0,
          dn=0x55d6f9865450, filename=0x55d6f860b6da "sam.ldb.d/CN=CONFIGURATION,DC=FOO,DC=EXAMPLE,DC=COM.ldb",
          backend_db_store=0x55d6f9d378e0 "mdb", partition=0x7ffed481c308)
          at ../../source4/dsdb/samdb/ldb_modules/partition_init.c:257
      #16 0x00007ff6375a57b9 in partition_reload_if_required (module=0x55d6f8972d10, data=0x55d6f858bed0, parent=0x0)
          at ../../source4/dsdb/samdb/ldb_modules/partition_init.c:513
      #17 0x00007ff6375a3b04 in partition_read_lock (module=0x55d6f8972d10)
          at ../../source4/dsdb/samdb/ldb_modules/partition.c:1492
      #18 0x00007ff63bd9631e in ldb_next_read_lock (module=0x55d6f8972d10) at ../../lib/ldb/common/ldb_modules.c:662
      #19 0x00007ff637484857 in schema_read_lock (module=0x55d6f9377e40)
          at ../../source4/dsdb/samdb/ldb_modules/schema_load.c:614
      #20 0x00007ff63bd9631e in ldb_next_read_lock (module=0x55d6f9377e40) at ../../lib/ldb/common/ldb_modules.c:662
      #21 0x00007ff6374b5402 in samba_dsdb_init (module=0x55d6f91c3cd0)
          at ../../source4/dsdb/samdb/ldb_modules/samba_dsdb.c:483
      #22 0x00007ff63bd95283 in ldb_module_init_chain (ldb=0x55d6f8cd22b0, module=0x55d6f91c3cd0)
          at ../../lib/ldb/common/ldb_modules.c:363
      #23 0x00007ff63bd95645 in ldb_load_modules (ldb=0x55d6f8cd22b0, options=0x0)
          at ../../lib/ldb/common/ldb_modules.c:445
      #24 0x00007ff63bd90663 in ldb_connect (ldb=0x55d6f8cd22b0,
          url=0x7ff6377d98f8 "/tmp/foo/private/sam.ldb.bak-offline", flags=64, options=0x0)
          at ../../lib/ldb/common/ldb.c:274
      #25 0x00007ff63bddb32f in py_ldb_connect (self=0x7ff63778afc0, args=(), Python Exception <class 'gdb.error'> There is no member named ma_keys.:
      kwargs=) at ../../lib/ldb/pyldb.c:1235
    Deleting the previous samdb instance by setting it to None before opening the
    backed ldb workaround the problem until we find the real problem here.
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14676
    Signed-off-by: Samuel Cabrero <scabrero at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>


Summary of changes:
 auth/credentials/credentials.c       |  6 ++++++
 auth/credentials/pycredentials.c     |  1 -
 python/samba/netcmd/domain_backup.py | 19 +++++++++++++++----
 python/samba/ntacls.py               |  5 +----
 python/samba/tests/ntacls_backup.py  |  2 +-
 5 files changed, 23 insertions(+), 10 deletions(-)

Changeset truncated at 500 lines:

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 6596a227bee..d851951c9ed 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -824,6 +824,7 @@ bool cli_credentials_set_workstation_callback(struct cli_credentials *cred,
 _PUBLIC_ void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained)
 	char *uname, *p;
+	char *uname_free = NULL;
 	if (strcmp("%",data) == 0) {
@@ -831,6 +832,8 @@ _PUBLIC_ void cli_credentials_parse_string(struct cli_credentials *credentials,
 	uname = talloc_strdup(credentials, data); 
+	uname_free = uname;
 	if ((p = strchr_m(uname,'%'))) {
 		*p = 0;
 		cli_credentials_set_password(credentials, p+1, obtained);
@@ -848,6 +851,7 @@ _PUBLIC_ void cli_credentials_parse_string(struct cli_credentials *credentials,
 		cli_credentials_set_principal(credentials, uname, obtained);
 		*p = 0;
 		cli_credentials_set_realm(credentials, p+1, obtained);
+		TALLOC_FREE(uname_free);
 	} else if ((p = strchr_m(uname,'\\'))
 		   || (p = strchr_m(uname, '/'))
@@ -889,6 +893,8 @@ _PUBLIC_ void cli_credentials_parse_string(struct cli_credentials *credentials,
 		credentials->principal = NULL;
 	cli_credentials_set_username(credentials, uname, obtained);
+	TALLOC_FREE(uname_free);
diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c
index 23048c37276..4c9ad0bde44 100644
--- a/auth/credentials/pycredentials.c
+++ b/auth/credentials/pycredentials.c
@@ -30,7 +30,6 @@
 #include "param/pyparam.h"
 #include <tevent.h>
 #include "libcli/auth/libcli_auth.h"
-#include "auth/credentials/credentials_internal.h"
 #include "system/kerberos.h"
 #include "auth/kerberos/kerberos.h"
 #include "libcli/smb/smb_constants.h"
diff --git a/python/samba/netcmd/domain_backup.py b/python/samba/netcmd/domain_backup.py
index 9eae6d3c3cf..f00fd41d95a 100644
--- a/python/samba/netcmd/domain_backup.py
+++ b/python/samba/netcmd/domain_backup.py
@@ -1157,19 +1157,30 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
         self.backup_secrets(paths.private_dir, lp, logger)
         self.backup_smb_dbs(paths.private_dir, samdb, lp, logger)
+        # Get the domain SID so we can later place it in the backup
+        dom_sid_str = samdb.get_domain_sid()
+        dom_sid = security.dom_sid(dom_sid_str)
+        # Close the original samdb
+        samdb = None
         # Open the new backed up samdb, flag it as backed up, and write
-        # the next SID so the restore tool can add objects.
+        # the next SID so the restore tool can add objects. We use
+        # options=["modules:"] here to prevent any modules from loading.
         # WARNING: Don't change this code unless you know what you're doing.
         #          Writing to a .bak file only works because the DN being
         #          written to happens to be top level.
-        samdb = SamDB(url=paths.samdb + self.backup_ext,
+        samdb = Ldb(url=paths.samdb + self.backup_ext,
                       session_info=system_session(), lp=lp,
-                      flags=ldb.FLG_DONT_CREATE_DB)
+                      options=["modules:"], flags=ldb.FLG_DONT_CREATE_DB)
         time_str = get_timestamp()
         add_backup_marker(samdb, "backupDate", time_str)
         add_backup_marker(samdb, "sidForRestore", sid)
         add_backup_marker(samdb, "backupType", "offline")
+        # Close the backed up samdb
+        samdb = None
         # Now handle all the LDB and TDB files that are not linked to
         # anything else.  Use transactions for LDBs.
         for path in all_files:
@@ -1195,7 +1206,7 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
         logger.info('running offline ntacl backup of sysvol')
         sysvol_tar_fn = 'sysvol.tar.gz'
         sysvol_tar = os.path.join(temp_tar_dir, sysvol_tar_fn)
-        backup_offline(paths.sysvol, sysvol_tar, samdb, paths.smbconf)
+        backup_offline(paths.sysvol, sysvol_tar, paths.smbconf, dom_sid)
         tar.add(sysvol_tar, sysvol_tar_fn)
diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py
index 4f189965d05..1bcb755c952 100644
--- a/python/samba/ntacls.py
+++ b/python/samba/ntacls.py
@@ -551,7 +551,7 @@ def backup_online(smb_conn, dest_tarfile_path, dom_sid):
-def backup_offline(src_service_path, dest_tarfile_path, samdb_conn, smb_conf_path):
+def backup_offline(src_service_path, dest_tarfile_path, smb_conf_path, dom_sid):
     Backup files and ntacls to a tarfile for a service
@@ -559,9 +559,6 @@ def backup_offline(src_service_path, dest_tarfile_path, samdb_conn, smb_conf_pat
     tempdir = tempfile.mkdtemp()
     session_info = system_session_unix()
-    dom_sid_str = samdb_conn.get_domain_sid()
-    dom_sid = security.dom_sid(dom_sid_str)
     ntacls_helper = NtaclsHelper(service, smb_conf_path, dom_sid)
     for dirpath, dirnames, filenames in os.walk(src_service_path):
diff --git a/python/samba/tests/ntacls_backup.py b/python/samba/tests/ntacls_backup.py
index 265208805b7..03a9c0b22d8 100644
--- a/python/samba/tests/ntacls_backup.py
+++ b/python/samba/tests/ntacls_backup.py
@@ -184,7 +184,7 @@ class NtaclsBackupRestoreTests(SmbdBaseTests):
             self.service_root, self.tarfile_path,
-            self.samdb_conn, self.smb_conf_path)
+            self.smb_conf_path, self.dom_sid)

Samba Shared Repository

More information about the samba-cvs mailing list