https://fedorahosted.org/sssd/ticket/734
Patches 1 and 2 adds support sysdb functions.
Patch 3 uses them to remove those entries.
From 8c753e06aba409aafead7a989577ad42b255c313 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Tue, 7 Aug 2012 13:27:55 +0200
Subject: [PATCH 1/3] Add sysdb_delete_filter()
Deletes all entries that satisfies the filter.
Delete sysdb entries with entryUSN > lastUSN when USN change
https://fedorahosted.org/sssd/ticket/734
---
src/db/sysdb.h | 5 ++++
src/db/sysdb_ops.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 71 insertions(+), 1 deletions(-)
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 43ac61c2132c18db9beccf68e488e0132a98d58c..127dcc4a0c5917c5cd3431fbf409ad10f2dc372c 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -546,6 +546,10 @@ int sysdb_delete_recursive(struct sysdb_ctx *sysdb,
struct ldb_dn *dn,
bool ignore_not_found);
+int sysdb_delete_filter(struct sysdb_ctx *sysdb,
+ struct ldb_dn *base_dn,
+ const char *filter);
+
/* Search Entry */
int sysdb_search_entry(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
@@ -812,6 +816,7 @@ int sysdb_search_users(TALLOC_CTX *mem_ctx,
int sysdb_delete_user(struct sysdb_ctx *sysdb,
const char *name, uid_t uid);
+
int sysdb_search_groups(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
const char *sub_filter,
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index ed7b37e32acdb1d4032ec0815769902ebca3ec5b..6a696fb28734a01db5698c8eb3d32184492e1e77 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -165,6 +165,72 @@ done:
}
+/* =Delete-entries-by-filter============================================ */
+
+int sysdb_delete_filter(struct sysdb_ctx *sysdb,
+ struct ldb_dn *base_dn,
+ const char *filter)
+{
+ TALLOC_CTX *tmp_ctx = NULL;
+ bool in_transaction = false;
+ const char *attrs[] = {SYSDB_OBJECTCLASS, NULL};
+ struct ldb_message **msgs;
+ size_t count = 0;
+ int sret;
+ int ret;
+ int i;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n"));
+ return ENOMEM;
+ }
+
+ ret = sysdb_search_entry(tmp_ctx, sysdb, base_dn, LDB_SCOPE_SUBTREE, filter,
+ attrs, &count, &msgs);
+ if (ret == ENOENT || count == 0) {
+ DEBUG(SSSDBG_TRACE_FUNC, ("Nothing to delete\n"));
+ ret = EOK;
+ goto done;
+ } else if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Unable to search sysdb [%d]: %s\n",
+ ret, strerror(ret)));
+ goto done;
+ }
+
+ ret = sysdb_transaction_start(sysdb);
+ if (ret != EOK) {
+ goto done;
+ }
+ in_transaction = true;
+
+ for (i = 0; i < count; i++) {
+ ret = sysdb_delete_entry(sysdb, msgs[i]->dn, true);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Unable to delete entry \"%s\" [%d]: %s\n",
+ ldb_dn_get_linearized(msgs[i]->dn), ret, strerror(ret)));
+ goto done;
+ }
+ }
+
+ ret = sysdb_transaction_commit(sysdb);
+ if (ret == EOK) {
+ in_transaction = false;
+ }
+
+done:
+ if (in_transaction) {
+ sret = sysdb_transaction_cancel(sysdb);
+ if (sret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Could not cancel transaction\n"));
+ }
+ }
+
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+
/* =Search-Entry========================================================== */
int sysdb_search_entry(TALLOC_CTX *mem_ctx,
@@ -2377,7 +2443,6 @@ fail:
return ret;
}
-
/* =Search-Groups-with-Custom-Filter===================================== */
int sysdb_search_groups(TALLOC_CTX *mem_ctx,
--
1.7.6.5
From 2b234d7a8b68fe4a95e17350e16723d2422cc52e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Tue, 7 Aug 2012 14:21:10 +0200
Subject: [PATCH 2/3] Add sysdb_domain_delete_larger_usn()
Deletes all entries from entire domain with entryUSN > last_usn.
---
src/db/sysdb.h | 3 +++
src/db/sysdb_ops.c | 36 ++++++++++++++++++++++++++++++++++++
2 files changed, 39 insertions(+), 0 deletions(-)
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 127dcc4a0c5917c5cd3431fbf409ad10f2dc372c..a5f3dd2a6e1d477330b291129ae0d6541697c5b5 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -550,6 +550,9 @@ int sysdb_delete_filter(struct sysdb_ctx *sysdb,
struct ldb_dn *base_dn,
const char *filter);
+int sysdb_domain_delete_larger_usn(struct sysdb_ctx *sysdb,
+ unsigned long last_usn);
+
/* Search Entry */
int sysdb_search_entry(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 6a696fb28734a01db5698c8eb3d32184492e1e77..efcbf1fd5cc31829c83f2f10843698cd1ca01bca 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -231,6 +231,42 @@ done:
}
+/* =Delete-entries-with-usn-higher-than-last-usn========================== */
+
+int sysdb_domain_delete_larger_usn(struct sysdb_ctx *sysdb, unsigned long last_usn)
+{
+ TALLOC_CTX *tmp_ctx = NULL;
+ struct ldb_dn *base_dn = NULL;
+ char *filter = NULL;
+ int ret;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n"));
+ return ENOMEM;
+ }
+
+ base_dn = sysdb_domain_dn(sysdb, tmp_ctx, sysdb->domain->name);
+ if (base_dn == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ filter = talloc_asprintf(tmp_ctx, "(&(%s>=%lu)(!(%s=%lu)))",
+ SYSDB_USN, last_usn, SYSDB_USN, last_usn);
+ if (filter == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = sysdb_delete_filter(sysdb, base_dn, filter);
+
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+
/* =Search-Entry========================================================== */
int sysdb_search_entry(TALLOC_CTX *mem_ctx,
--
1.7.6.5
From a015dace2bee079435bafe240a9207052ba7d0d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Tue, 7 Aug 2012 14:34:57 +0200
Subject: [PATCH 3/3] Delete sysdb entries with entryUSN > lastUSN when USN
changes
https://fedorahosted.org/sssd/ticket/734
---
src/providers/ldap/ldap_id.c | 20 +++++++++++++++-----
src/providers/ldap/sdap_id_op.c | 11 +++++++++++
2 files changed, 26 insertions(+), 5 deletions(-)
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index 9515219cbba4621600a8e9b01e6044248afcb4d2..b442fce307da3d8a928ab9922dd7aaeef4c4bc45 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -810,11 +810,7 @@ static void sdap_check_online_done(struct tevent_req *req)
ret = sdap_cli_connect_recv(req, NULL, &can_retry, NULL, &srv_opts);
talloc_zfree(req);
- if (ret != EOK) {
- if (!can_retry) {
- dp_err = DP_ERR_OFFLINE;
- }
- } else {
+ if (ret == EOK) {
dp_err = DP_ERR_OK;
if (!check_ctx->id_ctx->srv_opts) {
@@ -830,11 +826,25 @@ static void sdap_check_online_done(struct tevent_req *req)
check_ctx->id_ctx->srv_opts->max_service_value = 0;
check_ctx->id_ctx->srv_opts->max_sudo_value = 0;
check_ctx->id_ctx->srv_opts->last_usn = srv_opts->last_usn;
+
+ ret = sysdb_domain_delete_larger_usn(check_ctx->id_ctx->be->sysdb,
+ check_ctx->id_ctx->srv_opts->last_usn);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE, ("Unable to clear cache from "
+ "entries with larger USN than new value [%d]: "
+ "%s\n", ret, strerror(ret)));
+ goto done;
+ }
}
sdap_steal_server_opts(check_ctx->id_ctx, &srv_opts);
}
+done:
+ if (ret != EOK && !can_retry) {
+ dp_err = DP_ERR_OFFLINE;
+ }
+
be_req = check_ctx->be_req;
talloc_free(check_ctx);
sdap_handler_done(be_req, dp_err, 0, NULL);
diff --git a/src/providers/ldap/sdap_id_op.c b/src/providers/ldap/sdap_id_op.c
index 3036d0cc144111b89319a7bf075c37789cb911d0..9103e1f671b26f4a623a39c26a896e47bbd41b60 100644
--- a/src/providers/ldap/sdap_id_op.c
+++ b/src/providers/ldap/sdap_id_op.c
@@ -570,8 +570,19 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq)
current_srv_opts->max_service_value = 0;
current_srv_opts->max_sudo_value = 0;
current_srv_opts->last_usn = srv_opts->last_usn;
+
+ ret = sysdb_domain_delete_larger_usn(conn_cache->id_ctx->be->sysdb,
+ current_srv_opts->last_usn);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE, ("Unable to clear cache from "
+ "entries with larger USN than new value [%d]: "
+ "%s\n", ret, strerror(ret)));
+ }
}
}
+ }
+
+ if (ret == EOK) {
ret = sdap_id_conn_data_set_expire_timer(conn_data);
sdap_steal_server_opts(conn_cache->id_ctx, &srv_opts);
}
--
1.7.6.5
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
