[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Mar 24 03:14:02 UTC 2021
The branch, master has been updated
via bf1c294adb7 auth:creds: Free the uname pointer in cli_credentials_parse_string()
via aa34799600b auth:creds: Don't include credentials_internal.h twice
via d7c111514ad netcmd: Fix opening SamDB database for offline backup
via bb3dcd403ce netcmd: Workaround issue backing up offline domain with lmdb >= 0.9.26
from c871c224611 s3:netapi: Add libnetapi_set_creds()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit bf1c294adb7ef623d0da1dd9b43d3b3fab58fa26
Author: Andreas Schneider <asn at samba.org>
Date: Mon Mar 22 18:11:33 2021 +0100
auth:creds: Free the uname pointer in cli_credentials_parse_string()
The data is duplicated and we don't need it anymore.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Mar 24 03:13:05 UTC 2021 on sn-devel-184
commit aa34799600bc95758d01bc9d7b3dd58f251d71ad
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 3 17:10:22 2020 +0100
auth:creds: Don't include credentials_internal.h twice
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d7c111514ad53787af5a7084355126df9999a34f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Mar 22 11:06:30 2021 +1300
netcmd: Fix opening SamDB database for offline backup
When opening the backed-up SamDB database, open the top-level database
without loading any modules so the backend database files aren't
unnecessarily opened. The domain SID is now fetched from the original
database rather than from the backup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14676
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
commit bb3dcd403ced922574a89011dd3814c4fe87dd76
Author: Samuel Cabrero <scabrero at samba.org>
Date: Thu Mar 18 17:54:33 2021 +0100
netcmd: Workaround issue backing up offline domain with lmdb >= 0.9.26
The LMDB change "ITS#9278 fix robust mutex cleanup for FreeBSD" released
in version 0.9.26 makes samba-tool domain backup offline to fail with
the following error:
Failed to connect to 'mdb:///tmp/foo/private/sam.ldb.d/CN=CONFIGURATION,DC=FOO,DC=EXAMPLE,DC=COM.ldb' with backend 'mdb': Unable to load ltdb cache records for backend 'ldb_mdb backend'
module samba_dsdb initialization failed : Operations error
Unable to load modules for /tmp/foo/private/sam.ldb.bak-offline: Unable to load ltdb cache records for backend 'ldb_mdb backend'
ERROR(ldb): uncaught exception - Unable to load ltdb cache records for backend 'ldb_mdb backend'
File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/__init__.py", line 186, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/domain_backup.py", line 1147, in run
session_info=system_session(), lp=lp)
File "/usr/local/samba/lib64/python3.6/site-packages/samba/samdb.py", line 72, in __init__
options=options)
File "/usr/local/samba/lib64/python3.6/site-packages/samba/__init__.py", line 114, in __init__
self.connect(url, flags, options)
File "/usr/local/samba/lib64/python3.6/site-packages/samba/samdb.py", line 87, in connect
options=options)
The error occurs opening the backed ldb to write the backup date and the
next SID, a call to pthread_mutex_lock in mdb_txn_renew0 (frame 8) returns
EINVAL:
#0 0x00007ff63c2f1bea in wait4 () from /lib64/libc.so.6
#1 0x00007ff63c26f3a3 in do_system () from /lib64/libc.so.6
#2 0x00007ff63bc71e94 in smb_panic_default (why=0x7ffed481b7d0 "Signal 6: Aborted") at ../../lib/util/fault.c:153
#3 0x00007ff63bc72168 in smb_panic (why=0x7ffed481b7d0 "Signal 6: Aborted") at ../../lib/util/fault.c:200
#4 0x00007ff63bc71c82 in fault_report (sig=6) at ../../lib/util/fault.c:81
#5 0x00007ff63bc71c97 in sig_fault (sig=6) at ../../lib/util/fault.c:92
#6 <signal handler called>
#7 0x00007ff63c2178b5 in raise () from /lib64/libpthread.so.0
#8 0x00007ff637602e65 in mdb_txn_renew0 (txn=txn at entry=0x55d6f97fb800) at mdb.c:2710
#9 0x00007ff637603ae8 in mdb_txn_begin (env=0x55d6f85dfa80, parent=0x0, flags=131072, ret=0x55d6f89c0928)
at mdb.c:2912
#10 0x00007ff6376236cc in lmdb_lock_read (module=0x55d6f8c5f4b0) at ../../lib/ldb/ldb_mdb/ldb_mdb.c:585
#11 0x00007ff637641de6 in ldb_kv_cache_load (module=0x55d6f8c5f4b0) at ../../lib/ldb/ldb_key_value/ldb_kv_cache.c:450
#12 0x00007ff637638792 in ldb_kv_init_store (ldb_kv=0x55d6f8af2a80, name=0x7ff637625675 "ldb_mdb backend",
ldb=0x55d6f8cd22b0, options=0x0, _module=0x7ffed481c248) at ../../lib/ldb/ldb_key_value/ldb_kv.c:2166
#13 0x00007ff6376247ba in lmdb_connect (ldb=0x55d6f8cd22b0,
url=0x55d6f85d41f0 "mdb:///tmp/foo/private/sam.ldb.d/CN=CONFIGURATION,DC=FOO,DC=EXAMPLE,DC=COM.ldb", flags=64,
options=0x0, _module=0x7ffed481c248) at ../../lib/ldb/ldb_mdb/ldb_mdb.c:1143
#14 0x00007ff63bd94d2f in ldb_module_connect_backend (ldb=0x55d6f8cd22b0,
url=0x55d6f85d41f0 "mdb:///tmp/foo/private/sam.ldb.d/CN=CONFIGURATION,DC=FOO,DC=EXAMPLE,DC=COM.ldb",
options=0x0, backend_module=0x7ffed481c248) at ../../lib/ldb/common/ldb_modules.c:221
#15 0x00007ff6375a4baf in new_partition_from_dn (ldb=0x55d6f8cd22b0, data=0x55d6f858bed0, mem_ctx=0x55d6f8a03cd0,
dn=0x55d6f9865450, filename=0x55d6f860b6da "sam.ldb.d/CN=CONFIGURATION,DC=FOO,DC=EXAMPLE,DC=COM.ldb",
backend_db_store=0x55d6f9d378e0 "mdb", partition=0x7ffed481c308)
at ../../source4/dsdb/samdb/ldb_modules/partition_init.c:257
#16 0x00007ff6375a57b9 in partition_reload_if_required (module=0x55d6f8972d10, data=0x55d6f858bed0, parent=0x0)
at ../../source4/dsdb/samdb/ldb_modules/partition_init.c:513
#17 0x00007ff6375a3b04 in partition_read_lock (module=0x55d6f8972d10)
at ../../source4/dsdb/samdb/ldb_modules/partition.c:1492
#18 0x00007ff63bd9631e in ldb_next_read_lock (module=0x55d6f8972d10) at ../../lib/ldb/common/ldb_modules.c:662
#19 0x00007ff637484857 in schema_read_lock (module=0x55d6f9377e40)
at ../../source4/dsdb/samdb/ldb_modules/schema_load.c:614
#20 0x00007ff63bd9631e in ldb_next_read_lock (module=0x55d6f9377e40) at ../../lib/ldb/common/ldb_modules.c:662
#21 0x00007ff6374b5402 in samba_dsdb_init (module=0x55d6f91c3cd0)
at ../../source4/dsdb/samdb/ldb_modules/samba_dsdb.c:483
#22 0x00007ff63bd95283 in ldb_module_init_chain (ldb=0x55d6f8cd22b0, module=0x55d6f91c3cd0)
at ../../lib/ldb/common/ldb_modules.c:363
#23 0x00007ff63bd95645 in ldb_load_modules (ldb=0x55d6f8cd22b0, options=0x0)
at ../../lib/ldb/common/ldb_modules.c:445
#24 0x00007ff63bd90663 in ldb_connect (ldb=0x55d6f8cd22b0,
url=0x7ff6377d98f8 "/tmp/foo/private/sam.ldb.bak-offline", flags=64, options=0x0)
at ../../lib/ldb/common/ldb.c:274
#25 0x00007ff63bddb32f in py_ldb_connect (self=0x7ff63778afc0, args=(), Python Exception <class 'gdb.error'> There is no member named ma_keys.:
kwargs=) at ../../lib/ldb/pyldb.c:1235
Deleting the previous samdb instance by setting it to None before opening the
backed ldb workaround the problem until we find the real problem here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14676
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials.c | 6 ++++++
auth/credentials/pycredentials.c | 1 -
python/samba/netcmd/domain_backup.py | 19 +++++++++++++++----
python/samba/ntacls.py | 5 +----
python/samba/tests/ntacls_backup.py | 2 +-
5 files changed, 23 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 6596a227bee..d851951c9ed 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -824,6 +824,7 @@ bool cli_credentials_set_workstation_callback(struct cli_credentials *cred,
_PUBLIC_ void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained)
{
char *uname, *p;
+ char *uname_free = NULL;
if (strcmp("%",data) == 0) {
cli_credentials_set_anonymous(credentials);
@@ -831,6 +832,8 @@ _PUBLIC_ void cli_credentials_parse_string(struct cli_credentials *credentials,
}
uname = talloc_strdup(credentials, data);
+ uname_free = uname;
+
if ((p = strchr_m(uname,'%'))) {
*p = 0;
cli_credentials_set_password(credentials, p+1, obtained);
@@ -848,6 +851,7 @@ _PUBLIC_ void cli_credentials_parse_string(struct cli_credentials *credentials,
cli_credentials_set_principal(credentials, uname, obtained);
*p = 0;
cli_credentials_set_realm(credentials, p+1, obtained);
+ TALLOC_FREE(uname_free);
return;
} else if ((p = strchr_m(uname,'\\'))
|| (p = strchr_m(uname, '/'))
@@ -889,6 +893,8 @@ _PUBLIC_ void cli_credentials_parse_string(struct cli_credentials *credentials,
credentials->principal = NULL;
}
cli_credentials_set_username(credentials, uname, obtained);
+
+ TALLOC_FREE(uname_free);
}
/**
diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c
index 23048c37276..4c9ad0bde44 100644
--- a/auth/credentials/pycredentials.c
+++ b/auth/credentials/pycredentials.c
@@ -30,7 +30,6 @@
#include "param/pyparam.h"
#include <tevent.h>
#include "libcli/auth/libcli_auth.h"
-#include "auth/credentials/credentials_internal.h"
#include "system/kerberos.h"
#include "auth/kerberos/kerberos.h"
#include "libcli/smb/smb_constants.h"
diff --git a/python/samba/netcmd/domain_backup.py b/python/samba/netcmd/domain_backup.py
index 9eae6d3c3cf..f00fd41d95a 100644
--- a/python/samba/netcmd/domain_backup.py
+++ b/python/samba/netcmd/domain_backup.py
@@ -1157,19 +1157,30 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
self.backup_secrets(paths.private_dir, lp, logger)
self.backup_smb_dbs(paths.private_dir, samdb, lp, logger)
+ # Get the domain SID so we can later place it in the backup
+ dom_sid_str = samdb.get_domain_sid()
+ dom_sid = security.dom_sid(dom_sid_str)
+
+ # Close the original samdb
+ samdb = None
+
# Open the new backed up samdb, flag it as backed up, and write
- # the next SID so the restore tool can add objects.
+ # the next SID so the restore tool can add objects. We use
+ # options=["modules:"] here to prevent any modules from loading.
# WARNING: Don't change this code unless you know what you're doing.
# Writing to a .bak file only works because the DN being
# written to happens to be top level.
- samdb = SamDB(url=paths.samdb + self.backup_ext,
+ samdb = Ldb(url=paths.samdb + self.backup_ext,
session_info=system_session(), lp=lp,
- flags=ldb.FLG_DONT_CREATE_DB)
+ options=["modules:"], flags=ldb.FLG_DONT_CREATE_DB)
time_str = get_timestamp()
add_backup_marker(samdb, "backupDate", time_str)
add_backup_marker(samdb, "sidForRestore", sid)
add_backup_marker(samdb, "backupType", "offline")
+ # Close the backed up samdb
+ samdb = None
+
# Now handle all the LDB and TDB files that are not linked to
# anything else. Use transactions for LDBs.
for path in all_files:
@@ -1195,7 +1206,7 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
logger.info('running offline ntacl backup of sysvol')
sysvol_tar_fn = 'sysvol.tar.gz'
sysvol_tar = os.path.join(temp_tar_dir, sysvol_tar_fn)
- backup_offline(paths.sysvol, sysvol_tar, samdb, paths.smbconf)
+ backup_offline(paths.sysvol, sysvol_tar, paths.smbconf, dom_sid)
tar.add(sysvol_tar, sysvol_tar_fn)
os.remove(sysvol_tar)
diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py
index 4f189965d05..1bcb755c952 100644
--- a/python/samba/ntacls.py
+++ b/python/samba/ntacls.py
@@ -551,7 +551,7 @@ def backup_online(smb_conn, dest_tarfile_path, dom_sid):
shutil.rmtree(localdir)
-def backup_offline(src_service_path, dest_tarfile_path, samdb_conn, smb_conf_path):
+def backup_offline(src_service_path, dest_tarfile_path, smb_conf_path, dom_sid):
"""
Backup files and ntacls to a tarfile for a service
"""
@@ -559,9 +559,6 @@ def backup_offline(src_service_path, dest_tarfile_path, samdb_conn, smb_conf_pat
tempdir = tempfile.mkdtemp()
session_info = system_session_unix()
- dom_sid_str = samdb_conn.get_domain_sid()
- dom_sid = security.dom_sid(dom_sid_str)
-
ntacls_helper = NtaclsHelper(service, smb_conf_path, dom_sid)
for dirpath, dirnames, filenames in os.walk(src_service_path):
diff --git a/python/samba/tests/ntacls_backup.py b/python/samba/tests/ntacls_backup.py
index 265208805b7..03a9c0b22d8 100644
--- a/python/samba/tests/ntacls_backup.py
+++ b/python/samba/tests/ntacls_backup.py
@@ -184,7 +184,7 @@ class NtaclsBackupRestoreTests(SmbdBaseTests):
"""
ntacls.backup_offline(
self.service_root, self.tarfile_path,
- self.samdb_conn, self.smb_conf_path)
+ self.smb_conf_path, self.dom_sid)
self._check_tarfile()
self.smb_helper.delete_tree()
--
Samba Shared Repository
More information about the samba-cvs
mailing list