diff --git a/AdHoc-Backup.ps1 b/AdHoc-Backup.ps1 index 620698e..dc88dd8 100644 --- a/AdHoc-Backup.ps1 +++ b/AdHoc-Backup.ps1 @@ -1,5 +1,5 @@ <# - Backup_AdHoc.ps1 + Backup_AdHoc_rclone_mail_fixed_v3_fix28_grantANY.ps1 Fix: - PowerShell è case-insensitive: le variabili locali "$files" sovrascrivevano "$Files" (hashtable globale). Rinominati i locali in "$outFiles" e, in Write-Log, uso esplicito di $script:Files.Log per evitare collisioni. @@ -450,47 +450,7 @@ function Get-OnlineUserDatabases { Log-SqlcmdArgsSafe -Args $sqlArgs $res = @(& $SqlcmdExe @sqlArgs 2>$null) if ($LASTEXITCODE -ne 0) { throw "sqlcmd fallito nell'enumerazione DB." } - - -function Ensure-BackupGrants-ForSystem { - param([string]$SqlcmdExe, [string[]]$DbList) - - # Concede BACKUP DATABASE / BACKUP LOG a 'NT AUTHORITY\SYSTEM' su TUTTI i DB utente. - # Nota: è idempotente e viene eseguito prima del backup. - try { - if (-not $SqlcmdExe) { $SqlcmdExe = Resolve-Sqlcmd } - if (-not $DbList -or @($DbList).Count -eq 0) { return } - - foreach ($db in @($DbList)) { - $sql = @" -USE [$db]; -IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = N'NT AUTHORITY\SYSTEM') - CREATE USER [NT AUTHORITY\SYSTEM] FOR LOGIN [NT AUTHORITY\SYSTEM]; -GRANT BACKUP DATABASE TO [NT AUTHORITY\SYSTEM]; -GRANT BACKUP LOG TO [NT AUTHORITY\SYSTEM]; -"@ - - $tmpSql = Join-Path $Paths.SqlStage ("grant_system_{0}.sql" -f $db) - $sql | Out-File -LiteralPath $tmpSql -Encoding ASCII -Force - - $sqlArgs = Build-SqlcmdArgs -WindowsAuth:$SqlUseWindowsAuth -User $SqlUser -Password $SqlPassword -Instance $SqlInstance -InputFile $tmpSql - Log-SqlcmdArgsSafe -Args $sqlArgs - & $SqlcmdExe @sqlArgs - - if ($LASTEXITCODE -ne 0) { - Write-Log WARN "Grant BACKUP fallito su DB [$db] (sqlcmd ExitCode=$LASTEXITCODE)." - } else { - Write-Log INFO "Concessi BACKUP DATABASE/LOG a NT AUTHORITY\\SYSTEM su [$db]." - } - - Remove-Item -LiteralPath $tmpSql -Force -ErrorAction SilentlyContinue - } - } catch { - Write-Log WARN "Errore durante concessione GRANT BACKUP a NT AUTHORITY\\SYSTEM: $_" - } -} - -$names = @() + $names = @() foreach ($line in @($res)) { $n = ($line | ForEach-Object { $_.Trim() }) if ($n) { $names += $n } @@ -509,7 +469,34 @@ function Backup-SqlDatabases { $sqlcmd = Resolve-Sqlcmd if (-not $sqlcmd) { throw "sqlcmd.exe non trovato (PATH o Client Tools mancanti)." } - Write-Log INFO "sqlcmd: $sqlcmd" + Write-Log INFO "sqlcmd: $sqlcmd + + # --- PRE-FLIGHT: Concedi a NT AUTHORITY\SYSTEM il permesso server-level 'BACKUP ANY DATABASE' --- + try { + $sqlGrant = @" +USE master; +IF NOT EXISTS (SELECT 1 FROM sys.server_principals WHERE name = N'NT AUTHORITY\SYSTEM') + CREATE LOGIN [NT AUTHORITY\SYSTEM] FROM WINDOWS; +GRANT BACKUP ANY DATABASE TO [NT AUTHORITY\SYSTEM]; +"@ + $tmpGrant = Join-Path $Paths.SqlStage "grant_SYSTEM_server.sql" + $sqlGrant | Out-File -LiteralPath $tmpGrant -Encoding ASCII -Force + + $grantArgs = Build-SqlcmdArgs -WindowsAuth:$SqlUseWindowsAuth -User $SqlUser -Password $SqlPassword -Instance $SqlInstance -InputFile $tmpGrant + Log-SqlcmdArgsSafe -Args $grantArgs + & $sqlcmd @grantArgs + if ($LASTEXITCODE -ne 0) { + Write-Log WARN "Grant server-level BACKUP ANY DATABASE a NT AUTHORITY\\SYSTEM fallito (ExitCode=$LASTEXITCODE)." + } else { + Write-Log INFO "Concesso BACKUP ANY DATABASE a NT AUTHORITY\\SYSTEM (server-level)." + } + Remove-Item -LiteralPath $tmpGrant -Force -ErrorAction SilentlyContinue + } catch { + Write-Log WARN "Errore durante il pre-flight GRANT BACKUP ANY DATABASE a SYSTEM: $_" + } + # --- FINE PRE-FLIGHT --- + +" $dbList = @() if (@($DbInclude).Count -gt 0) { @@ -526,7 +513,6 @@ function Backup-SqlDatabases { return $null } Write-Log INFO ("DB trovati: " + (@($dbList) -join ', ')) - Ensure-BackupGrants-ForSystem -SqlcmdExe $sqlcmd -DbList $dbList $bakPaths = @() foreach ($db in @($dbList)) {