diff options
| author | Pavel Březina <pbrezina@redhat.com> | 2012-08-15 13:59:37 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-08-23 14:27:51 +0200 |
| commit | 41be4e3976cf66823ad2c6880671ac7fbafdc640 (patch) | |
| tree | a70acd87acba86cd935bd150b66b58b0524d534b /src/providers/ldap/ldap_id.c | |
| parent | e4c29d1f8e3b2c2b268105f169e5156a0a36aebf (diff) | |
| download | sssd-41be4e3976cf66823ad2c6880671ac7fbafdc640.tar.gz sssd-41be4e3976cf66823ad2c6880671ac7fbafdc640.tar.xz sssd-41be4e3976cf66823ad2c6880671ac7fbafdc640.zip | |
Clean up cache on server reinitialization
https://fedorahosted.org/sssd/ticket/734
We successfully detect when the server is reinitialized by testing
the new lastUSN value. The maximum USN values are set to zero, but
the current cache content remains.
This patch removes records that were deleted from the server.
It uses the following approach:
1. remove entryUSN attribute from all entries
2. run enumeration
3. remove records that doesn't have entryUSN attribute updated
We don't need to do this for sudo rules, they will be refreshed
automatically during next smart/full refresh, or when an expired rule
is deleted.
Diffstat (limited to 'src/providers/ldap/ldap_id.c')
| -rw-r--r-- | src/providers/ldap/ldap_id.c | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 9515219cb..b8520df83 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -797,6 +797,8 @@ fail: sdap_handler_done(be_req, DP_ERR_FATAL, ret, NULL); } +static void sdap_check_online_reinit_done(struct tevent_req *req); + static void sdap_check_online_done(struct tevent_req *req) { struct sdap_online_check_ctx *check_ctx = tevent_req_callback_data(req, @@ -806,6 +808,9 @@ static void sdap_check_online_done(struct tevent_req *req) bool can_retry; struct sdap_server_opts *srv_opts; struct be_req *be_req; + struct sdap_id_ctx *id_ctx; + struct tevent_req *reinit_req = NULL; + bool reinit = false; ret = sdap_cli_connect_recv(req, NULL, &can_retry, NULL, &srv_opts); talloc_zfree(req); @@ -830,16 +835,56 @@ static void sdap_check_online_done(struct tevent_req *req) check_ctx->id_ctx->srv_opts->max_service_value = 0; check_ctx->id_ctx->srv_opts->max_sudo_value = 0; check_ctx->id_ctx->srv_opts->last_usn = srv_opts->last_usn; + + reinit = true; } sdap_steal_server_opts(check_ctx->id_ctx, &srv_opts); } be_req = check_ctx->be_req; + id_ctx = check_ctx->id_ctx; talloc_free(check_ctx); + + if (reinit) { + DEBUG(SSSDBG_TRACE_FUNC, ("Server reinitialization detected. " + "Cleaning cache.\n")); + reinit_req = sdap_reinit_cleanup_send(be_req, be_req->be_ctx, id_ctx); + if (reinit_req == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to perform reinitialization " + "clean up.\n")); + /* not fatal */ + goto done; + } + + tevent_req_set_callback(reinit_req, sdap_check_online_reinit_done, + be_req); + return; + } + +done: sdap_handler_done(be_req, dp_err, 0, NULL); } +static void sdap_check_online_reinit_done(struct tevent_req *req) +{ + struct be_req *be_req = NULL; + errno_t ret; + + be_req = tevent_req_callback_data(req, struct be_req); + ret = sdap_reinit_cleanup_recv(req); + talloc_zfree(req); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to perform reinitialization " + "clean up [%d]: %s\n", ret, strerror(ret))); + /* not fatal */ + } else { + DEBUG(SSSDBG_TRACE_FUNC, ("Reinitialization clean up completed\n")); + } + + sdap_handler_done(be_req, DP_ERR_OK, 0, NULL); +} + /* =Get-Account-Info-Call================================================= */ /* FIXME: embed this function in sssd_be and only call out |