From 5860e321d82d007a5b7f4a1ff9a3893156e22b19 Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Fri, 14 Dec 2012 12:51:33 +0100 Subject: sudo: schedule another full refresh in short interval if the first fails https://fedorahosted.org/sssd/ticket/1689 If the first full refresh of sudo rules fails because the data provider is offline, we will schedule another one in 2, 4, ... minutes. --- src/providers/ldap/sdap_sudo.c | 27 +++++++++++++++++++++++++++ src/providers/ldap/sdap_sudo.h | 1 + 2 files changed, 28 insertions(+) diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c index c4f422ed..9a780b8e 100644 --- a/src/providers/ldap/sdap_sudo.c +++ b/src/providers/ldap/sdap_sudo.c @@ -30,6 +30,8 @@ #include "providers/ldap/sdap_sudo_cache.h" #include "db/sysdb_sudo.h" +#define SUDO_MAX_FIRST_REFRESH_DELAY 16 + struct sdap_sudo_full_refresh_state { struct sdap_sudo_ctx *sudo_ctx; struct sdap_id_ctx *id_ctx; @@ -960,6 +962,7 @@ static void sdap_sudo_periodical_first_refresh_done(struct tevent_req *req) struct tevent_req *subreq = NULL; /* req from sdap_sudo_full_refresh_send() */ struct sdap_sudo_ctx *sudo_ctx = NULL; time_t delay; + time_t timeout; int dp_error = DP_ERR_OK; int error = EOK; int ret; @@ -999,6 +1002,30 @@ schedule: return; } + /* if we are offline, we will try to perform another full refresh */ + if (dp_error == DP_ERR_OFFLINE) { + sudo_ctx->full_refresh_attempts++; + timeout = delay; + delay = sudo_ctx->full_refresh_attempts << 1; + if (delay > SUDO_MAX_FIRST_REFRESH_DELAY) { + delay = SUDO_MAX_FIRST_REFRESH_DELAY; + } + + DEBUG(SSSDBG_TRACE_FUNC, ("Data provider is offline. " + "Scheduling another full refresh in %l minutes.\n", delay)); + + ret = sdap_sudo_schedule_refresh(sudo_ctx, sudo_ctx, + SDAP_SUDO_REFRESH_FULL, + sdap_sudo_periodical_first_refresh_done, + delay * 60, timeout); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("Unable to schedule full refresh of sudo " + "rules! Periodical updates will not work!\n")); + } + + return; + } + ret = sdap_sudo_schedule_full_refresh(sudo_ctx, delay); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Full periodical refresh will not work.\n")); diff --git a/src/providers/ldap/sdap_sudo.h b/src/providers/ldap/sdap_sudo.h index 5a12afd5..6384c7b8 100644 --- a/src/providers/ldap/sdap_sudo.h +++ b/src/providers/ldap/sdap_sudo.h @@ -31,6 +31,7 @@ struct sdap_sudo_ctx { bool use_host_filter; bool full_refresh_done; + int full_refresh_attempts; }; enum sdap_sudo_refresh_type { -- cgit