Attachment #11255 for bug #57297

View | Details | Raw Unified | Return to bug 57297
Collapse All | Expand All




        # Close the original samdb, to avoid any confusion, we will
        # not use this any more as the data has all been copied under
        # the transaction
        samdb.disconnect()
        samdb = None

        # Open the new backed up samdb, flag it as backed up, and write

        add_backup_marker(samdb, "backupType", "offline")

        # Close the backed up samdb
        samdb.disconnect()
        samdb = None

        # Now handle all the LDB and TDB files that are not linked to
- 
lock during mdb backup"
--
python/samba/netcmd/domain/backup.py | 38 +++++-----------------------
1 file changed, 6 insertions(+), 32 deletions(-)





    # sam.ldb must have a transaction started on it before backing up
    # everything in sam.ldb.d with the appropriate backup function.
    #
    # Obtains the sidForRestore (SID for the new DC) and returns it
    # from under the transaction
    def backup_smb_dbs(self, private_dir, samdb, lp, logger):
        sam_ldb_path = os.path.join(private_dir, 'sam.ldb')

        # First, determine if DB backend is MDB.  Assume not unless there is a
        # 'backendStore' attribute on @PARTITION containing the text 'mdb'
        store_label = "backendStore"

                           attrs=[store_label])
        mdb_backend = store_label in res[0] and str(res[0][store_label][0]) == 'mdb'

        sam_ldb_path = os.path.join(private_dir, 'sam.ldb')
        # of the transaction.
        res_iterator = None

        copy_function = None
        if mdb_backend:
            logger.info('MDB backend detected.  Using mdb backup function.')
            copy_function = self.offline_mdb_copy

            # We can't backup with a write transaction open, so get a
            # read lock with a search_iterator().
            #
            # We have tests in lib/ldb/tests/python/api.py that the
            # search iterator takes a read lock effective against a
            # transaction.  This in turn will ensure there are no
            # transactions on either the main or sub-database, even if
            # the read locks were not enforced globally (they are).
            res_iterator = samdb.search_iterator()
        else:
            logger.info('Starting transaction on ' + sam_ldb_path)
            copy_function = self.offline_tdb_copy

                logger.info('   copying locked/related file ' + sam_file)
                shutil.copyfile(sam_file, sam_file + self.backup_ext)

        if not mdb_backend:

        if mdb_backend:
            # Delete the iterator, release the read lock
            del(res_iterator)
        else:
            samdb.transaction_cancel()

        return sid

    # Find where a path should go in the fixed backup archive structure.
    def get_arc_path(self, path, conf_paths):
        backup_dirs = {"private": conf_paths.private_dir,

        samdb = SamDB(url=paths.samdb, session_info=system_session(), lp=lp,
                      flags=ldb.FLG_DONT_CREATE_DB)

        # Backup secrets, sam.ldb and their downstream files
        self.backup_secrets(paths.private_dir, lp, logger)
        self.backup_smb_dbs(paths.private_dir, samdb, lp, logger)

        # Get the domain SID so we can later place it in the backup
        dom_sid_str = samdb.get_domain_sid()
        dom_sid = security.dom_sid(dom_sid_str)

        sid = get_sid_for_restore(samdb, logger)

        # Close the original samdb
        samdb = None

        # Open the new backed up samdb, flag it as backed up, and write
- 
samdb when backing up sam.ldb"
--
python/samba/netcmd/domain/backup.py | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)

Lines 1035-1041 def backup_smb_dbs(self, private_dir, samdb, lp, logger): Link Here

(-)a/python/samba/netcmd/domain/backup.py (-10 / +7 lines)
1035	else:	1035	else:
1036	logger.info('Starting transaction on ' + sam_ldb_path)	1036	logger.info('Starting transaction on ' + sam_ldb_path)
1037	copy_function = self.offline_tdb_copy	1037	copy_function = self.offline_tdb_copy
1038	samdb.transaction_start()	1038	sam_obj = Ldb(sam_ldb_path, lp=lp, flags=ldb.FLG_DONT_CREATE_DB)
		1039	sam_obj.transaction_start()
1039		1040
1040	logger.info(' backing up ' + sam_ldb_path)	1041	logger.info(' backing up ' + sam_ldb_path)
1041	self.offline_tdb_copy(sam_ldb_path)	1042	self.offline_tdb_copy(sam_ldb_path)
Lines 1053-1059 def backup_smb_dbs(self, private_dir, samdb, lp, logger): Link Here
1053	shutil.copyfile(sam_file, sam_file + self.backup_ext)	1054	shutil.copyfile(sam_file, sam_file + self.backup_ext)
1054		1055
1055	if not mdb_backend:	1056	if not mdb_backend:
1056	samdb.transaction_cancel()	1057	sam_obj.transaction_cancel()
1057		1058
1058	# Find where a path should go in the fixed backup archive structure.	1059	# Find where a path should go in the fixed backup archive structure.
1059	def get_arc_path(self, path, conf_paths):	1060	def get_arc_path(self, path, conf_paths):
Lines 1089-1094 def run(self, sambaopts=None, targetdir=None): Link Here
1089		1090
1090	check_targetdir(logger, targetdir)	1091	check_targetdir(logger, targetdir)
1091		1092
		1093	samdb = SamDB(url=paths.samdb, session_info=system_session(), lp=lp,
		1094	flags=ldb.FLG_RDONLY)
		1095
1092	# Iterating over the directories in this specific order ensures that	1096	# Iterating over the directories in this specific order ensures that
1093	# when the private directory contains hardlinks that are also contained	1097	# when the private directory contains hardlinks that are also contained
1094	# in other directories to be backed up (such as in paths.binddns_dir),	1098	# in other directories to be backed up (such as in paths.binddns_dir),
Lines 1139-1150 def run(self, sambaopts=None, targetdir=None): Link Here
1139	all_files.append(full_path)	1143	all_files.append(full_path)
1140	all_stats.add((s.st_ino, s.st_dev))	1144	all_stats.add((s.st_ino, s.st_dev))
1141		1145
1142	# We would prefer to open with FLG_RDONLY but then we can't	1146	# Backup secrets, sam.ldb and their downstream files
1143	# start a transaction which is the strong isolation we want
1144	# for the backup.
1145	samdb = SamDB(url=paths.samdb, session_info=system_session(), lp=lp,
1146	flags=ldb.FLG_DONT_CREATE_DB)
1147
1148	self.backup_secrets(paths.private_dir, lp, logger)	1147	self.backup_secrets(paths.private_dir, lp, logger)
1149	self.backup_smb_dbs(paths.private_dir, samdb, lp, logger)	1148	self.backup_smb_dbs(paths.private_dir, samdb, lp, logger)
1150		1149
1151	-
1152	offline backup"	1150	offline backup"
1153	--
1154	python/samba/netcmd/domain/backup.py \| 3 +--	1151	python/samba/netcmd/domain/backup.py \| 3 +--
1155	1 file changed, 1 insertion(+), 2 deletions(-)	1152	1 file changed, 1 insertion(+), 2 deletions(-)





        samdb = SamDB(url=paths.samdb, session_info=system_session(), lp=lp,
                      flags=ldb.FLG_RDONLY)
        sid = get_sid_for_restore(samdb, logger)

        # Iterating over the directories in this specific order ensures that
        # when the private directory contains hardlinks that are also contained

        dom_sid_str = samdb.get_domain_sid()
        dom_sid = security.dom_sid(dom_sid_str)

        sid = get_sid_for_restore(samdb, logger)

        # Close the original samdb
        samdb = None

- 
backup"
--
python/samba/netcmd/domain/backup.py | 18 ++++--------------
python/samba/ntacls.py               |  5 ++++-
python/samba/tests/ntacls_backup.py  |  2 +-
3 files changed, 9 insertions(+), 16 deletions(-)




        # Backup secrets, sam.ldb and their downstream files
        self.backup_secrets(paths.private_dir, lp, logger)
        self.backup_smb_dbs(paths.private_dir, samdb, lp, logger)

        # Get the domain SID so we can later place it in the backup
        dom_sid_str = samdb.get_domain_sid()
        dom_sid = security.dom_sid(dom_sid_str)

        # Close the original samdb
        samdb = None

        # Open the new backed up samdb, flag it as backed up, and write
        # the next SID so the restore tool can add objects.
        # options=["modules:"] here to prevent any modules from loading.
        # WARNING: Don't change this code unless you know what you're doing.
        #          Writing to a .bak file only works because the DN being
        #          written to happens to be top level.
        samdb = SamDB(url=paths.samdb + self.backup_ext,
                      session_info=system_session(), lp=lp,
                      flags=ldb.FLG_DONT_CREATE_DB)
        time_str = get_timestamp()
        add_backup_marker(samdb, "backupDate", time_str)
        add_backup_marker(samdb, "sidForRestore", sid)
        add_backup_marker(samdb, "backupType", "offline")

        # Close the backed up samdb
        samdb = None

        # Now handle all the LDB and TDB files that are not linked to
        # anything else.  Use transactions for LDBs.
        for path in all_files:

        logger.info('running offline ntacl backup of sysvol')
        sysvol_tar_fn = 'sysvol.tar.gz'
        sysvol_tar = os.path.join(temp_tar_dir, sysvol_tar_fn)
        backup_offline(paths.sysvol, sysvol_tar, samdb, paths.smbconf)
        tar.add(sysvol_tar, sysvol_tar_fn)
        os.remove(sysvol_tar)


Lines 551-557 def backup_online(smb_conn, dest_tarfile_path, dom_sid): Link Here

(-)a/python/samba/ntacls.py (-1 / +4 lines)
551	shutil.rmtree(localdir)	551	shutil.rmtree(localdir)
552		552
553		553
554	def backup_offline(src_service_path, dest_tarfile_path, smb_conf_path, dom_sid):	554	def backup_offline(src_service_path, dest_tarfile_path, samdb_conn, smb_conf_path):
555	"""	555	"""
556	Backup files and ntacls to a tarfile for a service	556	Backup files and ntacls to a tarfile for a service
557	"""	557	"""
Lines 559-564 def backup_offline(src_service_path, dest_tarfile_path, smb_conf_path, dom_sid): Link Here
559	tempdir = tempfile.mkdtemp()	559	tempdir = tempfile.mkdtemp()
560	session_info = system_session_unix()	560	session_info = system_session_unix()
561		561
		562	dom_sid_str = samdb_conn.get_domain_sid()
		563	dom_sid = security.dom_sid(dom_sid_str)
		564
562	ntacls_helper = NtaclsHelper(service, smb_conf_path, dom_sid)	565	ntacls_helper = NtaclsHelper(service, smb_conf_path, dom_sid)
563		566
564	for dirpath, dirnames, filenames in os.walk(src_service_path):	567	for dirpath, dirnames, filenames in os.walk(src_service_path):




        """
        ntacls.backup_offline(
            self.service_root, self.tarfile_path,
            self.samdb_conn, self.smb_conf_path)
        self._check_tarfile()

        self.smb_helper.delete_tree()
- 
domain with lmdb >= 0.9.26"
--
python/samba/netcmd/domain/backup.py | 1 -
1 file changed, 1 deletion(-)

Lines 1147-1153 def run(self, sambaopts=None, targetdir=None): Link Here

(-)a/python/samba/netcmd/domain/backup.py (-2 lines)
1147	# Backup secrets, sam.ldb and their downstream files	1147	# Backup secrets, sam.ldb and their downstream files
1148	self.backup_secrets(paths.private_dir, lp, logger)	1148	self.backup_secrets(paths.private_dir, lp, logger)
1149	self.backup_smb_dbs(paths.private_dir, samdb, lp, logger)	1149	self.backup_smb_dbs(paths.private_dir, samdb, lp, logger)
1150	samdb = None
1151		1150
1152	# Open the new backed up samdb, flag it as backed up, and write	1151	# Open the new backed up samdb, flag it as backed up, and write
1153	# the next SID so the restore tool can add objects.	1152	# the next SID so the restore tool can add objects.
1154	-

Return to bug 57297

Lines 1181-1187 def run(self, sambaopts=None, targetdir=None): Link Here

(-)a/python/samba/netcmd/domain/backup.py (-4 lines)
1181	# Close the original samdb, to avoid any confusion, we will	1181	# Close the original samdb, to avoid any confusion, we will
1182	# not use this any more as the data has all been copied under	1182	# not use this any more as the data has all been copied under
1183	# the transaction	1183	# the transaction
1184	samdb.disconnect()
1185	samdb = None	1184	samdb = None
1186		1185
1187	# Open the new backed up samdb, flag it as backed up, and write	1186	# Open the new backed up samdb, flag it as backed up, and write
Lines 1199-1205 def run(self, sambaopts=None, targetdir=None): Link Here
1199	add_backup_marker(samdb, "backupType", "offline")	1198	add_backup_marker(samdb, "backupType", "offline")
1200		1199
1201	# Close the backed up samdb	1200	# Close the backed up samdb
1202	samdb.disconnect()
1203	samdb = None	1201	samdb = None
1204		1202
1205	# Now handle all the LDB and TDB files that are not linked to	1203	# Now handle all the LDB and TDB files that are not linked to
1206	-
1207	lock during mdb backup"	1204	lock during mdb backup"
1208	--
1209	python/samba/netcmd/domain/backup.py \| 38 +++++-----------------------	1205	python/samba/netcmd/domain/backup.py \| 38 +++++-----------------------
1210	1 file changed, 6 insertions(+), 32 deletions(-)	1206	1 file changed, 6 insertions(+), 32 deletions(-)

Lines 184-190 def test_backup_offline(self): Link Here

(-)a/python/samba/tests/ntacls_backup.py (-3 / +1 lines)
184	"""	184	"""
185	ntacls.backup_offline(	185	ntacls.backup_offline(
186	self.service_root, self.tarfile_path,	186	self.service_root, self.tarfile_path,
187	self.smb_conf_path, self.dom_sid)	187	self.samdb_conn, self.smb_conf_path)
188	self._check_tarfile()	188	self._check_tarfile()
189		189
190	self.smb_helper.delete_tree()	190	self.smb_helper.delete_tree()
191	-
192	domain with lmdb >= 0.9.26"	191	domain with lmdb >= 0.9.26"
193	--
194	python/samba/netcmd/domain/backup.py \| 1 -	192	python/samba/netcmd/domain/backup.py \| 1 -
195	1 file changed, 1 deletion(-)	193	1 file changed, 1 deletion(-)

Lines 1019-1030 def backup_secrets(self, private_dir, lp, logger): Link Here

(-)a/python/samba/netcmd/domain/backup.py (-34 / +6 lines)
1019		1019
1020	# sam.ldb must have a transaction started on it before backing up	1020	# sam.ldb must have a transaction started on it before backing up
1021	# everything in sam.ldb.d with the appropriate backup function.	1021	# everything in sam.ldb.d with the appropriate backup function.
1022	#
1023	# Obtains the sidForRestore (SID for the new DC) and returns it
1024	# from under the transaction
1025	def backup_smb_dbs(self, private_dir, samdb, lp, logger):	1022	def backup_smb_dbs(self, private_dir, samdb, lp, logger):
1026	sam_ldb_path = os.path.join(private_dir, 'sam.ldb')
1027
1028	# First, determine if DB backend is MDB. Assume not unless there is a	1023	# First, determine if DB backend is MDB. Assume not unless there is a
1029	# 'backendStore' attribute on @PARTITION containing the text 'mdb'	1024	# 'backendStore' attribute on @PARTITION containing the text 'mdb'
1030	store_label = "backendStore"	1025	store_label = "backendStore"
Lines 1032-1055 def backup_smb_dbs(self, private_dir, samdb, lp, logger): Link Here
1032	attrs=[store_label])	1027	attrs=[store_label])
1033	mdb_backend = store_label in res[0] and str(res[0][store_label][0]) == 'mdb'	1028	mdb_backend = store_label in res[0] and str(res[0][store_label][0]) == 'mdb'
1034		1029
1035	# This is needed to keep this variable in scope until the end	1030	sam_ldb_path = os.path.join(private_dir, 'sam.ldb')
1036	# of the transaction.
1037	res_iterator = None
1038
1039	copy_function = None	1031	copy_function = None
1040	if mdb_backend:	1032	if mdb_backend:
1041	logger.info('MDB backend detected. Using mdb backup function.')	1033	logger.info('MDB backend detected. Using mdb backup function.')
1042	copy_function = self.offline_mdb_copy	1034	copy_function = self.offline_mdb_copy
1043
1044	# We can't backup with a write transaction open, so get a
1045	# read lock with a search_iterator().
1046	#
1047	# We have tests in lib/ldb/tests/python/api.py that the
1048	# search iterator takes a read lock effective against a
1049	# transaction. This in turn will ensure there are no
1050	# transactions on either the main or sub-database, even if
1051	# the read locks were not enforced globally (they are).
1052	res_iterator = samdb.search_iterator()
1053	else:	1035	else:
1054	logger.info('Starting transaction on ' + sam_ldb_path)	1036	logger.info('Starting transaction on ' + sam_ldb_path)
1055	copy_function = self.offline_tdb_copy	1037	copy_function = self.offline_tdb_copy
Lines 1070-1085 def backup_smb_dbs(self, private_dir, samdb, lp, logger): Link Here
1070	logger.info(' copying locked/related file ' + sam_file)	1052	logger.info(' copying locked/related file ' + sam_file)
1071	shutil.copyfile(sam_file, sam_file + self.backup_ext)	1053	shutil.copyfile(sam_file, sam_file + self.backup_ext)
1072		1054
1073	sid = get_sid_for_restore(samdb, logger)	1055	if not mdb_backend:
1074
1075	if mdb_backend:
1076	# Delete the iterator, release the read lock
1077	del(res_iterator)
1078	else:
1079	samdb.transaction_cancel()	1056	samdb.transaction_cancel()
1080		1057
1081	return sid
1082
1083	# Find where a path should go in the fixed backup archive structure.	1058	# Find where a path should go in the fixed backup archive structure.
1084	def get_arc_path(self, path, conf_paths):	1059	def get_arc_path(self, path, conf_paths):
1085	backup_dirs = {"private": conf_paths.private_dir,	1060	backup_dirs = {"private": conf_paths.private_dir,
Lines 1170-1186 def run(self, sambaopts=None, targetdir=None): Link Here
1170	samdb = SamDB(url=paths.samdb, session_info=system_session(), lp=lp,	1145	samdb = SamDB(url=paths.samdb, session_info=system_session(), lp=lp,
1171	flags=ldb.FLG_DONT_CREATE_DB)	1146	flags=ldb.FLG_DONT_CREATE_DB)
1172		1147
1173	# Backup secrets, sam.ldb and their downstream files
1174	self.backup_secrets(paths.private_dir, lp, logger)	1148	self.backup_secrets(paths.private_dir, lp, logger)
1175	sid = self.backup_smb_dbs(paths.private_dir, samdb, lp, logger)	1149	self.backup_smb_dbs(paths.private_dir, samdb, lp, logger)
1176		1150
1177	# Get the domain SID so we can later place it in the backup	1151	# Get the domain SID so we can later place it in the backup
1178	dom_sid_str = samdb.get_domain_sid()	1152	dom_sid_str = samdb.get_domain_sid()
1179	dom_sid = security.dom_sid(dom_sid_str)	1153	dom_sid = security.dom_sid(dom_sid_str)
1180		1154
1181	# Close the original samdb, to avoid any confusion, we will	1155	sid = get_sid_for_restore(samdb, logger)
1182	# not use this any more as the data has all been copied under	1156
1183	# the transaction	1157	# Close the original samdb
1184	samdb = None	1158	samdb = None
1185		1159
1186	# Open the new backed up samdb, flag it as backed up, and write	1160	# Open the new backed up samdb, flag it as backed up, and write
1187	-
1188	samdb when backing up sam.ldb"	1161	samdb when backing up sam.ldb"
1189	--
1190	python/samba/netcmd/domain/backup.py \| 15 +++++++--------	1162	python/samba/netcmd/domain/backup.py \| 15 +++++++--------
1191	1 file changed, 7 insertions(+), 8 deletions(-)	1163	1 file changed, 7 insertions(+), 8 deletions(-)