From af7f51113a17b8e035569350ca25e3c92aa85d2c Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Mon, 13 May 2013 10:30:48 +0200 Subject: back end: add refresh expired records periodic task https://fedorahosted.org/sssd/ticket/1713 Add new option refresh_expired_interval. --- Makefile.am | 2 ++ src/confdb/confdb.c | 11 +++++++++++ src/confdb/confdb.h | 3 +++ src/config/SSSDConfig/__init__.py.in | 1 + src/config/SSSDConfigTest.py | 2 ++ src/config/etc/sssd.api.conf | 1 + src/man/sssd.conf.5.xml | 18 ++++++++++++++++++ src/providers/data_provider_be.c | 23 +++++++++++++++++++++++ src/providers/dp_backend.h | 3 +++ src/providers/dp_ptask.h | 3 +++ src/providers/dp_refresh.h | 3 +++ 11 files changed, 70 insertions(+) diff --git a/Makefile.am b/Makefile.am index 1e1e5672f..d983f7ee7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1017,6 +1017,8 @@ simple_access_tests_SOURCES = \ src/providers/data_provider_be.c \ src/providers/data_provider_fo.c \ src/providers/data_provider_callbacks.c \ + src/providers/dp_ptask.c \ + src/providers/dp_refresh.c \ $(SSSD_FAILOVER_OBJ) simple_access_tests_CFLAGS = \ $(AM_CFLAGS) \ diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 2a15176f9..96614e375 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -1017,6 +1017,17 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, goto done; } + /* Set refresh_expired_interval, if specified */ + ret = get_entry_as_uint32(res->msgs[0], &domain->refresh_expired_interval, + CONFDB_DOMAIN_REFRESH_EXPIRED_INTERVAL, + 0); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_REFRESH_EXPIRED_INTERVAL)); + goto done; + } + /* Set the PAM warning time, if specified. If not specified, pass on * the "not set" value of "-1" which means "use provider default". The * value 0 means "always display the warning if server sends one" */ diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index eb6101ad4..b47f65750 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -171,6 +171,7 @@ #define CONFDB_DOMAIN_AUTOFS_CACHE_TIMEOUT "entry_cache_autofs_timeout" #define CONFDB_DOMAIN_SUDO_CACHE_TIMEOUT "entry_cache_sudo_timeout" #define CONFDB_DOMAIN_PWD_EXPIRATION_WARNING "pwd_expiration_warning" +#define CONFDB_DOMAIN_REFRESH_EXPIRED_INTERVAL "refresh_expired_interval" /* Local Provider */ #define CONFDB_LOCAL_DEFAULT_SHELL "default_shell" @@ -222,6 +223,8 @@ struct sss_domain_info { uint32_t autofsmap_timeout; uint32_t sudo_timeout; + uint32_t refresh_expired_interval; + int pwd_expiration_warning; struct sysdb_ctx *sysdb; diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 9235ebd55..c5e768f71 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -125,6 +125,7 @@ option_strings = { 'entry_cache_service_timeout' : _('Entry cache timeout length (seconds)'), 'entry_cache_autofs_timeout' : _('Entry cache timeout length (seconds)'), 'entry_cache_sudo_timeout' : _('Entry cache timeout length (seconds)'), + 'refresh_expired_interval' : _('How often should expired entries be refreshed in background'), # [provider/ipa] 'ipa_domain' : _('IPA domain'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 0f15a8cc1..63914453e 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -503,6 +503,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'entry_cache_service_timeout', 'entry_cache_autofs_timeout', 'entry_cache_sudo_timeout', + 'refresh_expired_interval', 'lookup_family_order', 'account_cache_expiration', 'dns_resolver_timeout', @@ -843,6 +844,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'entry_cache_service_timeout', 'entry_cache_autofs_timeout', 'entry_cache_sudo_timeout', + 'refresh_expired_interval', 'account_cache_expiration', 'lookup_family_order', 'dns_resolver_timeout', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index ce7389f8c..11586c215 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -119,6 +119,7 @@ entry_cache_netgroup_timeout = int, None, false entry_cache_service_timeout = int, None, false entry_cache_autofs_timeout = int, None, false entry_cache_sudo_timeout = int, None, false +refresh_expired_interval = int, None, false # Special providers [provider/permit] diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index e844384fb..d83da0717 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -1102,6 +1102,24 @@ override_homedir = /home/%u + + refresh_expired_interval (integer) + + + Specifies how many seconds SSSD has to wait + before refreshing expired records. Currently + only refreshing expired netgroups is supported. + + + You can consider setting this value to + 3/4 * entry_cache_timeout. + + + Default: 0 (disabled) + + + + cache_credentials (bool) diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 33590aeef..3354695cf 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -42,6 +42,8 @@ #include "sbus/sssd_dbus.h" #include "providers/dp_backend.h" #include "providers/fail_over.h" +#include "providers/dp_refresh.h" +#include "providers/dp_ptask.h" #include "util/child_common.h" #include "resolv/async_resolv.h" #include "monitor/monitor_interfaces.h" @@ -2494,6 +2496,27 @@ int be_process_init(TALLOC_CTX *mem_ctx, goto fail; } + /* Initialize be_refresh periodic task. */ + ctx->refresh_ctx = be_refresh_ctx_init(ctx); + if (ctx->refresh_ctx == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, ("Unable to initialize refresh_ctx\n")); + ret = ENOMEM; + goto fail; + } + + if (ctx->domain->refresh_expired_interval > 0) { + ret = be_ptask_create(ctx, ctx, ctx->domain->refresh_expired_interval, + 30, 5, ctx->domain->refresh_expired_interval, + BE_PTASK_OFFLINE_SKIP, + be_refresh_send, be_refresh_recv, + ctx->refresh_ctx, "Refresh Records", NULL); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Unable to initialize refresh periodic task\n")); + goto fail; + } + } + ret = load_backend_module(ctx, BET_ID, &ctx->bet_info[BET_ID], NULL); if (ret != EOK) { diff --git a/src/providers/dp_backend.h b/src/providers/dp_backend.h index 743b6f4ff..a2af785ca 100644 --- a/src/providers/dp_backend.h +++ b/src/providers/dp_backend.h @@ -24,6 +24,7 @@ #include "providers/data_provider.h" #include "providers/fail_over.h" +#include "providers/dp_refresh.h" #include "util/child_common.h" #include "db/sysdb.h" @@ -123,6 +124,8 @@ struct be_ctx { struct loaded_be loaded_be[BET_MAX]; struct bet_info bet_info[BET_MAX]; + struct be_refresh_ctx *refresh_ctx; + size_t check_online_ref_count; }; diff --git a/src/providers/dp_ptask.h b/src/providers/dp_ptask.h index 3e0fd2dde..2a0288de4 100644 --- a/src/providers/dp_ptask.h +++ b/src/providers/dp_ptask.h @@ -27,6 +27,9 @@ #include "providers/dp_backend.h" +/* solve circular dependency */ +struct be_ctx; + struct be_ptask; /** diff --git a/src/providers/dp_refresh.h b/src/providers/dp_refresh.h index 9b152acb8..e93034096 100644 --- a/src/providers/dp_refresh.h +++ b/src/providers/dp_refresh.h @@ -27,6 +27,9 @@ #include "providers/dp_backend.h" #include "providers/dp_ptask.h" +/* solve circular dependency */ +struct be_ctx; + /** * name_list contains SYSDB_NAME of all expired records. */ -- cgit