From 739d7e54e78046dc77385b882fbba38ab5e7bd60 Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Wed, 2 Jun 2021 17:00:33 +1200 Subject: [PATCH] netcmd: Avoid conflicting SIDs when creating an offline backup To allow the new DC object to be created in a restored domain while avoiding conflicts with existing SIDS, we fetch a SID that is available at the time of backing up and store it in the backed-up database. However, if a new security principal is created on this DC during the backup process, the stored SID may be reused for that object, resulting in an error on restoration. By getting the SID for restore only after all the database files have been backed up, we ensure that the chosen SID does not conflict with any objects in the backed-up database. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall --- python/samba/netcmd/domain_backup.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python/samba/netcmd/domain_backup.py b/python/samba/netcmd/domain_backup.py index 56af47544f0..5cccccd40ec 100644 --- a/python/samba/netcmd/domain_backup.py +++ b/python/samba/netcmd/domain_backup.py @@ -1074,7 +1074,6 @@ class cmd_domain_backup_offline(samba.netcmd.Command): samdb = SamDB(url=paths.samdb, session_info=system_session(), lp=lp, flags=ldb.FLG_RDONLY) - sid = get_sid_for_restore(samdb, logger) # Iterating over the directories in this specific order ensures that # when the private directory contains hardlinks that are also contained @@ -1126,6 +1125,8 @@ class cmd_domain_backup_offline(samba.netcmd.Command): dom_sid_str = samdb.get_domain_sid() dom_sid = security.dom_sid(dom_sid_str) + sid = get_sid_for_restore(samdb, logger) + # Close the original samdb samdb = None