summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2012-12-14 12:51:33 +0100
committerJakub Hrozek <jhrozek@redhat.com>2012-12-18 19:55:32 +0100
commitbc90c44b2f9d0a1b6b7921aa75d2efbf3408232a (patch)
treead55e95659adb8c4bcc3e2f57be7bc68e696cea6
parentdf1b0949b78a0eb4bcb94d773837ec825cc066ce (diff)
downloadsssd-bc90c44b2f9d0a1b6b7921aa75d2efbf3408232a.tar.gz
sssd-bc90c44b2f9d0a1b6b7921aa75d2efbf3408232a.tar.xz
sssd-bc90c44b2f9d0a1b6b7921aa75d2efbf3408232a.zip
sudo: schedule another full refresh in short interval if the first fails
https://fedorahosted.org/sssd/ticket/1689 If the first full refresh of sudo rules fails because the data provider is offline, we will schedule another one in 2, 4, ... minutes.
-rw-r--r--src/providers/ldap/sdap_sudo.c27
-rw-r--r--src/providers/ldap/sdap_sudo.h1
2 files changed, 28 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c
index a21935b77..50db4eae4 100644
--- a/src/providers/ldap/sdap_sudo.c
+++ b/src/providers/ldap/sdap_sudo.c
@@ -30,6 +30,8 @@
#include "providers/ldap/sdap_sudo_cache.h"
#include "db/sysdb_sudo.h"
+#define SUDO_MAX_FIRST_REFRESH_DELAY 16
+
struct sdap_sudo_full_refresh_state {
struct sdap_sudo_ctx *sudo_ctx;
struct sdap_id_ctx *id_ctx;
@@ -960,6 +962,7 @@ static void sdap_sudo_periodical_first_refresh_done(struct tevent_req *req)
struct tevent_req *subreq = NULL; /* req from sdap_sudo_full_refresh_send() */
struct sdap_sudo_ctx *sudo_ctx = NULL;
time_t delay;
+ time_t timeout;
int dp_error = DP_ERR_OK;
int error = EOK;
int ret;
@@ -999,6 +1002,30 @@ schedule:
return;
}
+ /* if we are offline, we will try to perform another full refresh */
+ if (dp_error == DP_ERR_OFFLINE) {
+ sudo_ctx->full_refresh_attempts++;
+ timeout = delay;
+ delay = sudo_ctx->full_refresh_attempts << 1;
+ if (delay > SUDO_MAX_FIRST_REFRESH_DELAY) {
+ delay = SUDO_MAX_FIRST_REFRESH_DELAY;
+ }
+
+ DEBUG(SSSDBG_TRACE_FUNC, ("Data provider is offline. "
+ "Scheduling another full refresh in %l minutes.\n", delay));
+
+ ret = sdap_sudo_schedule_refresh(sudo_ctx, sudo_ctx,
+ SDAP_SUDO_REFRESH_FULL,
+ sdap_sudo_periodical_first_refresh_done,
+ delay * 60, timeout);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Unable to schedule full refresh of sudo "
+ "rules! Periodical updates will not work!\n"));
+ }
+
+ return;
+ }
+
ret = sdap_sudo_schedule_full_refresh(sudo_ctx, delay);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Full periodical refresh will not work.\n"));
diff --git a/src/providers/ldap/sdap_sudo.h b/src/providers/ldap/sdap_sudo.h
index 5a12afd59..6384c7b81 100644
--- a/src/providers/ldap/sdap_sudo.h
+++ b/src/providers/ldap/sdap_sudo.h
@@ -31,6 +31,7 @@ struct sdap_sudo_ctx {
bool use_host_filter;
bool full_refresh_done;
+ int full_refresh_attempts;
};
enum sdap_sudo_refresh_type {