From 7b5e7e539ae9312ab55d75aa94feaad549b2a708 Mon Sep 17 00:00:00 2001
From: Pavel Březina <pbrezina@redhat.com>
Date: Tue, 14 May 2013 15:00:05 +0200
Subject: providers: refresh expired netgroups

https://fedorahosted.org/sssd/ticket/1713
---
 Makefile.am                       |   1 +
 src/providers/ad/ad_init.c        |  10 +++
 src/providers/dp_refresh.c        |  12 ++-
 src/providers/ipa/ipa_init.c      |  10 +++
 src/providers/ldap/ldap_common.h  |   8 ++
 src/providers/ldap/ldap_init.c    |  11 +++
 src/providers/ldap/sdap_refresh.c | 164 ++++++++++++++++++++++++++++++++++++++
 7 files changed, 213 insertions(+), 3 deletions(-)
 create mode 100644 src/providers/ldap/sdap_refresh.c

diff --git a/Makefile.am b/Makefile.am
index 65a9216ab..93e3a6fc0 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1437,6 +1437,7 @@ libsss_ldap_common_la_SOURCES = \
     src/providers/ldap/sdap_range.c \
     src/providers/ldap/sdap_reinit.c \
     src/providers/ldap/sdap_dyndns.c \
+    src/providers/ldap/sdap_refresh.c \
     src/providers/ldap/sdap.c
 libsss_ldap_common_la_LDFLAGS = \
     -avoid-version
diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c
index cb73aca3a..09ba384be 100644
--- a/src/providers/ad/ad_init.c
+++ b/src/providers/ad/ad_init.c
@@ -213,6 +213,16 @@ sssm_ad_id_init(struct be_ctx *bectx,
         }
     }
 
+    /* setup periodical refresh of expired records */
+    ret = be_refresh_add_cb(bectx->refresh_ctx, BE_REFRESH_TYPE_NETGROUPS,
+                            sdap_refresh_netgroups_send,
+                            sdap_refresh_netgroups_recv,
+                            sdap_ctx);
+    if (ret != EOK && ret != EEXIST) {
+        DEBUG(SSSDBG_MINOR_FAILURE, ("Periodical refresh of netgroups "
+              "will not work [%d]: %s\n", ret, strerror(ret)));
+    }
+
     *ops = &ad_id_ops;
     *pvt_data = ad_ctx;
 
diff --git a/src/providers/dp_refresh.c b/src/providers/dp_refresh.c
index 5b0a394a2..59d858549 100644
--- a/src/providers/dp_refresh.c
+++ b/src/providers/dp_refresh.c
@@ -31,6 +31,7 @@
 
 static errno_t be_refresh_get_values(TALLOC_CTX *mem_ctx,
                                      struct sss_domain_info *domain,
+                                     time_t period,
                                      const char *objectclass,
                                      struct ldb_dn *base_dn,
                                      const char *attr,
@@ -52,7 +53,7 @@ static errno_t be_refresh_get_values(TALLOC_CTX *mem_ctx,
     }
 
     filter = talloc_asprintf(tmp_ctx, "(&(%s<=%lld))",
-                             SYSDB_CACHE_EXPIRE, (long long) now);
+                             SYSDB_CACHE_EXPIRE, (long long) now + period);
     if (filter == NULL) {
         ret = ENOMEM;
         goto done;
@@ -90,6 +91,7 @@ done:
 
 static errno_t be_refresh_get_netgroups(TALLOC_CTX *mem_ctx,
                                         struct sss_domain_info *domain,
+                                        time_t period,
                                         char ***_values)
 {
     struct ldb_dn *base_dn = NULL;
@@ -100,7 +102,7 @@ static errno_t be_refresh_get_netgroups(TALLOC_CTX *mem_ctx,
         return ENOMEM;
     }
 
-    ret = be_refresh_get_values(mem_ctx, domain, SYSDB_NETGROUP_CLASS,
+    ret = be_refresh_get_values(mem_ctx, domain, period, SYSDB_NETGROUP_CLASS,
                                 base_dn, SYSDB_NAME, _values);
 
     talloc_free(base_dn);
@@ -110,6 +112,7 @@ static errno_t be_refresh_get_netgroups(TALLOC_CTX *mem_ctx,
 typedef errno_t
 (*be_refresh_get_values_t)(TALLOC_CTX *mem_ctx,
                            struct sss_domain_info *domain,
+                           time_t period,
                            char ***_values);
 
 
@@ -169,6 +172,7 @@ struct be_refresh_state {
     struct be_refresh_ctx *ctx;
     struct be_refresh_cb *cb;
     enum be_refresh_type index;
+    time_t period;
 };
 
 static errno_t be_refresh_step(struct tevent_req *req);
@@ -193,6 +197,7 @@ struct tevent_req *be_refresh_send(TALLOC_CTX *mem_ctx,
 
     state->ev = ev;
     state->be_ctx = be_ctx;
+    state->period = be_ptask_get_period(be_ptask);
     state->ctx = talloc_get_type(pvt, struct be_refresh_ctx);
     if (state->ctx == NULL) {
         ret = EINVAL;
@@ -247,7 +252,8 @@ static errno_t be_refresh_step(struct tevent_req *req)
         goto done;
     }
 
-    ret = state->cb->get_values(state, state->be_ctx->domain, &values);
+    ret = state->cb->get_values(state, state->be_ctx->domain, state->period,
+                                &values);
     if (ret != EOK) {
         DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to obtain DN list [%d]: %s\n",
                                     ret, sss_strerror(ret)));
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index 8363ca6d7..ece62bb89 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -228,6 +228,16 @@ int sssm_ipa_id_init(struct be_ctx *bectx,
         }
     }
 
+    /* setup periodical refresh of expired records */
+    ret = be_refresh_add_cb(bectx->refresh_ctx, BE_REFRESH_TYPE_NETGROUPS,
+                            sdap_refresh_netgroups_send,
+                            sdap_refresh_netgroups_recv,
+                            sdap_ctx);
+    if (ret != EOK && ret != EEXIST) {
+        DEBUG(SSSDBG_MINOR_FAILURE, ("Periodical refresh of netgroups "
+              "will not work [%d]: %s\n", ret, strerror(ret)));
+    }
+
     *ops = &ipa_id_ops;
     *pvt_data = ipa_ctx;
     ret = EOK;
diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
index 8960bce1e..7a7083011 100644
--- a/src/providers/ldap/ldap_common.h
+++ b/src/providers/ldap/ldap_common.h
@@ -284,4 +284,12 @@ struct sdap_id_ctx *
 sdap_id_ctx_new(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
                 struct sdap_service *sdap_service);
 
+struct tevent_req *sdap_refresh_netgroups_send(TALLOC_CTX *mem_ctx,
+                                               struct tevent_context *ev,
+                                               struct be_ctx *be_ctx,
+                                               char **names,
+                                               void *pvt);
+
+errno_t sdap_refresh_netgroups_recv(struct tevent_req *req);
+
 #endif /* _LDAP_COMMON_H_ */
diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c
index 76167ad45..38d4fa717 100644
--- a/src/providers/ldap/ldap_init.c
+++ b/src/providers/ldap/ldap_init.c
@@ -30,6 +30,7 @@
 #include "providers/ldap/sdap_autofs.h"
 #include "providers/ldap/sdap_idmap.h"
 #include "providers/fail_over_srv.h"
+#include "providers/dp_refresh.h"
 
 static void sdap_shutdown(struct be_req *req);
 
@@ -179,6 +180,16 @@ int sssm_ldap_id_init(struct be_ctx *bectx,
         goto done;
     }
 
+    /* setup periodical refresh of expired records */
+    ret = be_refresh_add_cb(bectx->refresh_ctx, BE_REFRESH_TYPE_NETGROUPS,
+                            sdap_refresh_netgroups_send,
+                            sdap_refresh_netgroups_recv,
+                            ctx);
+    if (ret != EOK && ret != EEXIST) {
+        DEBUG(SSSDBG_MINOR_FAILURE, ("Periodical refresh of netgroups "
+              "will not work [%d]: %s\n", ret, strerror(ret)));
+    }
+
     *ops = &sdap_id_ops;
     *pvt_data = ctx;
     ret = EOK;
diff --git a/src/providers/ldap/sdap_refresh.c b/src/providers/ldap/sdap_refresh.c
new file mode 100644
index 000000000..819ee4fce
--- /dev/null
+++ b/src/providers/ldap/sdap_refresh.c
@@ -0,0 +1,164 @@
+/*
+    Authors:
+        Pavel Březina <pbrezina@redhat.com>
+
+    Copyright (C) 2013 Red Hat
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <talloc.h>
+#include <tevent.h>
+
+#include "providers/ldap/sdap.h"
+#include "providers/ldap/ldap_common.h"
+
+struct sdap_refresh_netgroups_state {
+    struct tevent_context *ev;
+    struct sdap_id_ctx *id_ctx;
+    char **names;
+    size_t index;
+};
+
+static errno_t sdap_refresh_netgroups_step(struct tevent_req *req);
+static void sdap_refresh_netgroups_done(struct tevent_req *subreq);
+
+struct tevent_req *sdap_refresh_netgroups_send(TALLOC_CTX *mem_ctx,
+                                               struct tevent_context *ev,
+                                               struct be_ctx *be_ctx,
+                                               char **names,
+                                               void *pvt)
+{
+    struct sdap_refresh_netgroups_state *state = NULL;
+    struct tevent_req *req = NULL;
+    errno_t ret;
+
+    req = tevent_req_create(mem_ctx, &state,
+                            struct sdap_refresh_netgroups_state);
+    if (req == NULL) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n"));
+        return NULL;
+    }
+
+    state->ev = ev;
+    state->id_ctx = talloc_get_type(pvt, struct sdap_id_ctx);
+    state->names = names;
+    state->index = 0;
+
+    if (names == NULL) {
+        ret = EOK;
+        goto immediately;
+    }
+
+    ret = sdap_refresh_netgroups_step(req);
+    if (ret == EOK) {
+        DEBUG(SSSDBG_TRACE_FUNC, ("Nothing to refresh\n"));
+        goto immediately;
+    } else if (ret != EAGAIN) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("sdap_refresh_netgroups_step() failed "
+                                    "[%d]: %s\n", ret, sss_strerror(ret)));
+        goto immediately;
+    }
+
+    return req;
+
+immediately:
+    if (ret == EOK) {
+        tevent_req_done(req);
+    } else {
+        tevent_req_error(req, ret);
+    }
+    tevent_req_post(req, ev);
+
+    return req;
+}
+
+static errno_t sdap_refresh_netgroups_step(struct tevent_req *req)
+{
+    struct sdap_refresh_netgroups_state *state = NULL;
+    struct tevent_req *subreq = NULL;
+    const char *name = NULL;
+    errno_t ret;
+
+    state = tevent_req_data(req, struct sdap_refresh_netgroups_state);
+
+    if (state->names == NULL) {
+        ret = EOK;
+        goto done;
+    }
+
+    name = state->names[state->index];
+    if (name == NULL) {
+        ret = EOK;
+        goto done;
+    }
+
+    DEBUG(SSSDBG_TRACE_FUNC, ("Issuing refresh of netgroup %s\n", name));
+
+    subreq = ldap_netgroup_get_send(state, state->ev, state->id_ctx,
+                                    state->id_ctx->opts->sdom,
+                                    state->id_ctx->conn,
+                                    name, true);
+    if (subreq == NULL) {
+        ret = ENOMEM;
+        goto done;
+    }
+
+    tevent_req_set_callback(subreq, sdap_refresh_netgroups_done, req);
+
+    state->index++;
+    ret = EAGAIN;
+
+done:
+    return ret;
+}
+
+static void sdap_refresh_netgroups_done(struct tevent_req *subreq)
+{
+    struct tevent_req *req = NULL;
+    errno_t dp_error;
+    int sdap_ret;
+    errno_t ret;
+
+    req = tevent_req_callback_data(subreq, struct tevent_req);
+
+    ret = ldap_netgroup_get_recv(subreq, &dp_error, &sdap_ret);
+    talloc_zfree(subreq);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to refresh netgroup [dp_error: %d, "
+              "sdap_ret: %d, errno: %d]: %s\n",
+              dp_error, sdap_ret, ret, sss_strerror(ret)));
+        goto done;
+    }
+
+    ret = sdap_refresh_netgroups_step(req);
+    if (ret == EAGAIN) {
+        return;
+    }
+
+done:
+    if (ret != EOK) {
+        tevent_req_error(req, ret);
+        return;
+    }
+
+    tevent_req_done(req);
+}
+
+errno_t sdap_refresh_netgroups_recv(struct tevent_req *req)
+{
+    TEVENT_REQ_RETURN_ON_ERROR(req);
+
+    return EOK;
+}
-- 
cgit