From 21e1a6b48d6c3670f7dad4fa595b39178e77f445 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 23 Aug 2021 19:41:15 +1200
Subject: [PATCH] samba-tool domain backup offline: Use passed in samdb when
 backing up sam.ldb

This avoids opening the database again by having the caller pass in
the DB open

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14676
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 423f808ff48e297745f576a52b2118c4b920a3e4)
---
 python/samba/netcmd/domain_backup.py | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/python/samba/netcmd/domain_backup.py b/python/samba/netcmd/domain_backup.py
index 5cccccd40ec..4f669a940b7 100644
--- a/python/samba/netcmd/domain_backup.py
+++ b/python/samba/netcmd/domain_backup.py
@@ -1020,8 +1020,7 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
         else:
             logger.info('Starting transaction on ' + sam_ldb_path)
             copy_function = self.offline_tdb_copy
-            sam_obj = Ldb(sam_ldb_path, lp=lp, flags=ldb.FLG_DONT_CREATE_DB)
-            sam_obj.transaction_start()
+            samdb.transaction_start()
 
         logger.info('   backing up ' + sam_ldb_path)
         self.offline_tdb_copy(sam_ldb_path)
@@ -1036,7 +1035,7 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
                 shutil.copyfile(sam_file, sam_file + self.backup_ext)
 
         if not mdb_backend:
-            sam_obj.transaction_cancel()
+            samdb.transaction_cancel()
 
     # Find where a path should go in the fixed backup archive structure.
     def get_arc_path(self, path, conf_paths):
@@ -1072,9 +1071,6 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
 
         check_targetdir(logger, targetdir)
 
-        samdb = SamDB(url=paths.samdb, session_info=system_session(), lp=lp,
-                      flags=ldb.FLG_RDONLY)
-
         # Iterating over the directories in this specific order ensures that
         # when the private directory contains hardlinks that are also contained
         # in other directories to be backed up (such as in paths.binddns_dir),
@@ -1117,7 +1113,12 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
 
                     all_files.append(full_path)
 
-        # Backup secrets, sam.ldb and their downstream files
+        # We would prefer to open with FLG_RDONLY but then we can't
+        # start a transaction which is the strong isolation we want
+        # for the backup.
+        samdb = SamDB(url=paths.samdb, session_info=system_session(), lp=lp,
+                      flags=ldb.FLG_DONT_CREATE_DB)
+
         self.backup_secrets(paths.private_dir, lp, logger)
         self.backup_smb_dbs(paths.private_dir, samdb, lp, logger)
 
-- 
2.11.4.GIT