summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2010-01-20 18:03:33 +0100
committerStephen Gallagher <sgallagh@redhat.com>2010-02-23 16:16:24 -0500
commit170cd083e3a9738b35de03b8e63743a8f2516ca8 (patch)
treedff21886a5caf84103be7c4af7e37914f836b790
parentcbb4369808229180449152401459f896d390a083 (diff)
downloadsssd-170cd083e3a9738b35de03b8e63743a8f2516ca8.tar.gz
sssd-170cd083e3a9738b35de03b8e63743a8f2516ca8.tar.xz
sssd-170cd083e3a9738b35de03b8e63743a8f2516ca8.zip
Do not check entries during cleanup task
Do not attempt to validate expired entries in cache, just delete them. Also increase the cache timeouts. Fixes: #331
-rw-r--r--src/man/sssd.conf.5.xml2
-rw-r--r--src/providers/ldap/ldap_common.c4
-rw-r--r--src/providers/ldap/ldap_id_cleanup.c136
3 files changed, 60 insertions, 82 deletions
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 496c1712e..e5b551c52 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -444,7 +444,7 @@
entries valid before asking the backend again
</para>
<para>
- Default: 600
+ Default: 5400
</para>
</listitem>
</varlistentry>
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index bd4294f83..61cba03e7 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -50,8 +50,8 @@ struct dp_option default_basic_opts[] = {
{ "ldap_offline_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER },
{ "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
{ "ldap_enumeration_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER },
- { "ldap_purge_cache_timeout", DP_OPT_NUMBER, { .number = 3600 }, NULL_NUMBER },
- { "entry_cache_timoeut", DP_OPT_NUMBER, { .number = 1800 }, NULL_NUMBER },
+ { "ldap_purge_cache_timeout", DP_OPT_NUMBER, { .number = 10800 }, NULL_NUMBER },
+ { "entry_cache_timeout", DP_OPT_NUMBER, { .number = 5400 }, NULL_NUMBER },
{ "ldap_tls_cacert", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_id_use_start_tls", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c
index 43b2db79a..02b750bca 100644
--- a/src/providers/ldap/ldap_id_cleanup.c
+++ b/src/providers/ldap/ldap_id_cleanup.c
@@ -143,16 +143,19 @@ int ldap_id_cleanup_set_timer(struct sdap_id_ctx *ctx, struct timeval tv)
struct global_cleanup_state {
struct tevent_context *ev;
- struct sdap_id_ctx *ctx;
+ struct sysdb_ctx *sysdb;
+ struct sss_domain_info *domain;
};
static struct tevent_req *cleanup_users_send(TALLOC_CTX *memctx,
- struct tevent_context *ev,
- struct sdap_id_ctx *ctx);
+ struct tevent_context *ev,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain);
static void ldap_id_cleanup_users_done(struct tevent_req *subreq);
static struct tevent_req *cleanup_groups_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
- struct sdap_id_ctx *ctx);
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain);
static void ldap_id_cleanup_groups_done(struct tevent_req *subreq);
struct tevent_req *ldap_id_cleanup_send(TALLOC_CTX *memctx,
@@ -166,9 +169,10 @@ struct tevent_req *ldap_id_cleanup_send(TALLOC_CTX *memctx,
if (!req) return NULL;
state->ev = ev;
- state->ctx = ctx;
+ state->sysdb = ctx->be->sysdb;
+ state->domain = ctx->be->domain;
- subreq = cleanup_users_send(state, ev, ctx);
+ subreq = cleanup_users_send(state, ev, state->sysdb, state->domain);
if (!subreq) {
talloc_zfree(req);
return NULL;
@@ -199,8 +203,10 @@ static void ldap_id_cleanup_users_done(struct tevent_req *subreq)
}
talloc_zfree(subreq);
- subreq = cleanup_groups_send(state, state->ev, state->ctx);
+ subreq = cleanup_groups_send(state, state->ev,
+ state->sysdb, state->domain);
if (!subreq) {
+ err = ENOMEM;
goto fail;
}
tevent_req_set_callback(subreq, ldap_id_cleanup_groups_done, req);
@@ -208,22 +214,8 @@ static void ldap_id_cleanup_users_done(struct tevent_req *subreq)
return;
fail:
- if (err) {
- DEBUG(9, ("User cleanup failed with: (%d)[%s]\n",
- (int)err, strerror(err)));
-
- if (sdap_check_gssapi_reconnect(state->ctx)) {
- talloc_zfree(state->ctx->gsh);
- subreq = cleanup_users_send(state, state->ev, state->ctx);
- if (subreq != NULL) {
- tevent_req_set_callback(subreq, ldap_id_cleanup_users_done, req);
- return;
- }
- }
- sdap_mark_offline(state->ctx);
- }
-
- DEBUG(1, ("Failed to cleanup users, retrying later!\n"));
+ DEBUG(1, ("Failed to cleanup users (%d [%s]), retrying later!\n",
+ (int)err, strerror(err)));
tevent_req_done(req);
}
@@ -231,8 +223,6 @@ static void ldap_id_cleanup_groups_done(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(subreq,
struct tevent_req);
- struct global_cleanup_state *state = tevent_req_data(req,
- struct global_cleanup_state);
enum tevent_req_state tstate;
uint64_t err;
@@ -250,16 +240,6 @@ static void ldap_id_cleanup_groups_done(struct tevent_req *subreq)
return;
fail:
- /* check if credentials are expired otherwise go offline on failures */
- if (sdap_check_gssapi_reconnect(state->ctx)) {
- talloc_zfree(state->ctx->gsh);
- subreq = cleanup_groups_send(state, state->ev, state->ctx);
- if (subreq != NULL) {
- tevent_req_set_callback(subreq, ldap_id_cleanup_groups_done, req);
- return;
- }
- }
- sdap_mark_offline(state->ctx);
DEBUG(1, ("Failed to cleanup groups (%d [%s]), retrying later!\n",
(int)err, strerror(err)));
tevent_req_done(req);
@@ -270,7 +250,6 @@ fail:
struct cleanup_users_state {
struct tevent_context *ev;
- struct sdap_id_ctx *ctx;
struct sysdb_ctx *sysdb;
struct sss_domain_info *domain;
@@ -282,12 +261,13 @@ struct cleanup_users_state {
};
static void cleanup_users_process(struct tevent_req *subreq);
-static void cleanup_users_update(struct tevent_req *req);
-static void cleanup_users_up_done(struct tevent_req *subreq);
+static void cleanup_users_delete(struct tevent_req *req);
+static void cleanup_users_delete_done(struct tevent_req *subreq);
static struct tevent_req *cleanup_users_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
- struct sdap_id_ctx *ctx)
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain)
{
struct tevent_req *req, *subreq;
struct cleanup_users_state *state;
@@ -301,9 +281,8 @@ static struct tevent_req *cleanup_users_send(TALLOC_CTX *memctx,
}
state->ev = ev;
- state->ctx = ctx;
- state->sysdb = ctx->be->sysdb;
- state->domain = ctx->be->domain;
+ state->sysdb = sysdb;
+ state->domain = domain;
state->msgs = NULL;
state->count = 0;
state->cur = 0;
@@ -355,35 +334,36 @@ static void cleanup_users_process(struct tevent_req *subreq)
tevent_req_done(req);
}
- cleanup_users_update(req);
+ cleanup_users_delete(req);
}
-static void cleanup_users_update(struct tevent_req *req)
+static void cleanup_users_delete(struct tevent_req *req)
{
struct tevent_req *subreq;
struct cleanup_users_state *state = tevent_req_data(req,
struct cleanup_users_state);
- const char *str;
+ const char *name;
- str = ldb_msg_find_attr_as_string(state->msgs[state->cur],
+ name = ldb_msg_find_attr_as_string(state->msgs[state->cur],
SYSDB_NAME, NULL);
- if (!str) {
+ if (!name) {
DEBUG(2, ("Entry %s has no Name Attribute ?!?\n",
ldb_dn_get_linearized(state->msgs[state->cur]->dn)));
tevent_req_error(req, EFAULT);
return;
}
- subreq = users_get_send(state, state->ev, state->ctx,
- str, BE_FILTER_NAME, BE_ATTR_CORE);
+ subreq = sysdb_delete_user_send(state, state->ev,
+ state->sysdb, NULL,
+ state->domain, name, 0);
if (!subreq) {
tevent_req_error(req, ENOMEM);
return;
}
- tevent_req_set_callback(subreq, cleanup_users_up_done, req);
+ tevent_req_set_callback(subreq, cleanup_users_delete_done, req);
}
-static void cleanup_users_up_done(struct tevent_req *subreq)
+static void cleanup_users_delete_done(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(subreq,
struct tevent_req);
@@ -391,21 +371,18 @@ static void cleanup_users_up_done(struct tevent_req *subreq)
struct cleanup_users_state);
int ret;
- ret = users_get_recv(subreq);
+ ret = sysdb_delete_user_recv(subreq);
talloc_zfree(subreq);
if (ret) {
- DEBUG(2, ("User check returned: %d(%s)\n",
+ DEBUG(2, ("User delete returned %d (%s)\n",
ret, strerror(ret)));
- }
-
- /* if the entry doesn't need to be purged, remove it from the list */
- if (ret != ENOENT) {
- talloc_zfree(state->msgs[state->cur]);
+ tevent_req_error(req, ret);
+ return;
}
state->cur++;
if (state->cur < state->count) {
- cleanup_users_update(req);
+ cleanup_users_delete(req);
return;
}
@@ -416,7 +393,6 @@ static void cleanup_users_up_done(struct tevent_req *subreq)
struct cleanup_groups_state {
struct tevent_context *ev;
- struct sdap_id_ctx *ctx;
struct sysdb_ctx *sysdb;
struct sss_domain_info *domain;
@@ -428,12 +404,13 @@ struct cleanup_groups_state {
};
static void cleanup_groups_process(struct tevent_req *subreq);
-static void cleanup_groups_update(struct tevent_req *req);
-static void cleanup_groups_up_done(struct tevent_req *subreq);
+static void cleanup_groups_delete(struct tevent_req *req);
+static void cleanup_groups_delete_done(struct tevent_req *subreq);
static struct tevent_req *cleanup_groups_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
- struct sdap_id_ctx *ctx)
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain)
{
struct tevent_req *req, *subreq;
struct cleanup_groups_state *state;
@@ -447,9 +424,8 @@ static struct tevent_req *cleanup_groups_send(TALLOC_CTX *memctx,
}
state->ev = ev;
- state->ctx = ctx;
- state->sysdb = ctx->be->sysdb;
- state->domain = ctx->be->domain;
+ state->sysdb = sysdb;
+ state->domain = domain;
state->msgs = NULL;
state->count = 0;
state->cur = 0;
@@ -501,35 +477,36 @@ static void cleanup_groups_process(struct tevent_req *subreq)
tevent_req_done(req);
}
- cleanup_groups_update(req);
+ cleanup_groups_delete(req);
}
-static void cleanup_groups_update(struct tevent_req *req)
+static void cleanup_groups_delete(struct tevent_req *req)
{
struct tevent_req *subreq;
struct cleanup_groups_state *state = tevent_req_data(req,
struct cleanup_groups_state);
- const char *str;
+ const char *name;
- str = ldb_msg_find_attr_as_string(state->msgs[state->cur],
+ name = ldb_msg_find_attr_as_string(state->msgs[state->cur],
SYSDB_NAME, NULL);
- if (!str) {
+ if (!name) {
DEBUG(2, ("Entry %s has no Name Attribute ?!?\n",
ldb_dn_get_linearized(state->msgs[state->cur]->dn)));
tevent_req_error(req, EFAULT);
return;
}
- subreq = groups_get_send(state, state->ev, state->ctx,
- str, BE_FILTER_NAME, BE_ATTR_CORE);
+ subreq = sysdb_delete_group_send(state, state->ev,
+ state->sysdb, NULL,
+ state->domain, name, 0);
if (!subreq) {
tevent_req_error(req, ENOMEM);
return;
}
- tevent_req_set_callback(subreq, cleanup_groups_up_done, req);
+ tevent_req_set_callback(subreq, cleanup_groups_delete_done, req);
}
-static void cleanup_groups_up_done(struct tevent_req *subreq)
+static void cleanup_groups_delete_done(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(subreq,
struct tevent_req);
@@ -537,16 +514,17 @@ static void cleanup_groups_up_done(struct tevent_req *subreq)
struct cleanup_groups_state);
int ret;
- ret = groups_get_recv(subreq);
+ ret = sysdb_delete_group_recv(subreq);
talloc_zfree(subreq);
if (ret) {
- DEBUG(2, ("User check returned: %d(%s)\n",
- ret, strerror(ret)));
+ DEBUG(2, ("Group delete returned %d (%s)\n", ret, strerror(ret)));
+ tevent_req_error(req, ret);
+ return;
}
state->cur++;
if (state->cur < state->count) {
- cleanup_groups_update(req);
+ cleanup_groups_delete(req);
return;
}