From 15609cb91986b3e29c5b1a3b6c69c04829f43eb4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 18 Nov 2020 12:11:10 +1300 Subject: [PATCH] samba-tool domain backup: Confirm the sidForRestore we will put into the backup is free Otherwise the administrator might only find there is a problem once they attempt to restore the domain! BUG: https://bugzilla.samba.org/show_bug.cgi?id=14575 Signed-off-by: Andrew Bartlett Reviewed-by: Gary Lockyer --- python/samba/netcmd/domain_backup.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/python/samba/netcmd/domain_backup.py b/python/samba/netcmd/domain_backup.py index 2977b071ec3..5a46ad13f0c 100644 --- a/python/samba/netcmd/domain_backup.py +++ b/python/samba/netcmd/domain_backup.py @@ -108,6 +108,32 @@ def get_sid_for_restore(samdb, logger): # Construct full SID sid = dom_sid(samdb.get_domain_sid()) + sid_for_restore = str(sid) + '-' + str(rid) + + # Confirm the SID is not already in use + try: + res = samdb.search(scope=ldb.SCOPE_BASE, + base='' % sid_for_restore, + attrs=[], + controls=['show_deleted:1', + 'show_recycled:1']) + if len(res) != 1: + # This case makes no sense, but neither does a corrupt RID set + raise CommandError("Cannot create backup - " + "this DC's RID pool is corrupt, " + "the next SID (%s) appears to be in use." % + sid_for_restore) + raise CommandError("Cannot create backup - " + "this DC's RID pool is corrupt, " + "the next SID %s points to existing object %s. " + "Please run samba-tool dbcheck on the source DC." % + (sid_for_restore, res[0].dn)) + except ldb.LdbError as e: + (enum, emsg) = e.args + if enum != ldb.ERR_NO_SUCH_OBJECT: + # We want NO_SUCH_OBJECT, anything else is a serious issue + raise + return str(sid) + '-' + str(rid) -- 2.34.1