passdb: guard pdb_generate_sam_sid() with a transaction

This prevents possible races with some dbwrap backends

metze
(This used to be commit 9322442510d9c2cf16c25f5109fe81b277c44881)

diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c
index 8fafcbbbd4678b9cf707a7fae1abad04184d6bb1..ff2c9bcb0d9fd46870f10753c684c0760689142e 100644 (file)
--- a/source3/passdb/machine_sid.c
+++ b/source3/passdb/machine_sid.c
@@ -181,16 +181,38 @@ static DOM_SID *pdb_generate_sam_sid(void)
 /* return our global_sam_sid */
 DOM_SID *get_global_sam_sid(void)
 {
+       struct db_context *db;
+
        if (global_sam_sid != NULL)
                return global_sam_sid;
        
-       /* memory for global_sam_sid is allocated in 
-          pdb_generate_sam_sid() as needed */
+       /*
+        * memory for global_sam_sid is allocated in
+        * pdb_generate_sam_sid() as needed
+        *
+        * Note: this is garded by a transaction
+        *       to prevent races on startup which
+        *       can happen with some dbwrap backends
+        */
+
+       db = secrets_db_ctx();
+       if (!db) {
+               smb_panic("could not open secrets db");
+       }
+
+       if (db->transaction_start(db) != 0) {
+               smb_panic("could not start transaction on secrets db");
+       }
 
        if (!(global_sam_sid = pdb_generate_sam_sid())) {
+               db->transaction_cancel(db);
                smb_panic("could not generate a machine SID");
        }
 
+       if (db->transaction_commit(db) != 0) {
+               smb_panic("could not start commit secrets db");
+       }
+
        return global_sam_sid;
 }