passdb: guard pdb_generate_sam_sid() with a transaction

This prevents possible races with some dbwrap backends

metze
(This used to be commit 9322442510d9c2cf16c25f5109fe81b277c44881)

1 files changed, 24 insertions, 2 deletions

diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c
index 8fafcbbbd4..ff2c9bcb0d 100644
--- a/source3/passdb/machine_sid.c
+++ b/source3/passdb/machine_sid.c
@@ -181,16 +181,38 @@ static DOM_SID *pdb_generate_sam_sid(void)
 /* return our global_sam_sid */
 DOM_SID *get_global_sam_sid(void)
 {
+	struct db_context *db;
+
 	if (global_sam_sid != NULL)
 		return global_sam_sid;
 	
-	/* memory for global_sam_sid is allocated in 
-	   pdb_generate_sam_sid() as needed */
+	/*
+	 * memory for global_sam_sid is allocated in
+	 * pdb_generate_sam_sid() as needed
+	 *
+	 * Note: this is garded by a transaction
+	 *       to prevent races on startup which
+	 *       can happen with some dbwrap backends
+	 */
+
+	db = secrets_db_ctx();
+	if (!db) {
+		smb_panic("could not open secrets db");
+	}
+
+	if (db->transaction_start(db) != 0) {
+		smb_panic("could not start transaction on secrets db");
+	}
 
 	if (!(global_sam_sid = pdb_generate_sam_sid())) {
+		db->transaction_cancel(db);
 		smb_panic("could not generate a machine SID");
 	}
 
+	if (db->transaction_commit(db) != 0) {
+		smb_panic("could not start commit secrets db");
+	}
+
 	return global_sam_sid;
 }