Hi,
Attached are three patches,
[PATCH 1/3] Make subdomain refresh period configurable
* Adds the ad_subdomain_refresh_period and ipa_subdomain_refresh_period
configuration options. This isn't needed to be pushed, but I think it
can be beneficial. Also, I needed to write this anyway to work with the
refresh.
[PATCH 2/3] DP: Store list of back-end tevent requests
* Adds every created request to list, and removes every terminated. This
is to enable iteration through active requests, to fix the issue
addressed in https://fedorahosted.org/sssd/ticket/1968
[PATCH 3/3] Clean list of domain requests
* fixes https://fedorahosted.org/sssd/ticket/1968
* Goes through the list of tevent requests introduced in previous patch
an those, which match the vanished domain are terminated.
Ondra
--
Ondrej Kos
Associate Software Engineer
Identity Management - SSSD
Red Hat Czech
From 733f0bfd650634724d2040be8e66bf539e586136 Mon Sep 17 00:00:00 2001
From: Ondrej Kos <o...@redhat.com>
Date: Mon, 5 Aug 2013 14:44:31 +0200
Subject: [PATCH 1/3] Make subdomain refresh period configurable
Adds following config file options:
ad_subdomain_refresh_period
ipa_subdomain_refresh_period
Both are in seconds and have the same usage - setting the refresh period
of AD/IPA subdomains.
---
src/config/SSSDConfig/__init__.py.in | 3 +++
src/config/etc/sssd.api.d/sssd-ad.conf | 1 +
src/config/etc/sssd.api.d/sssd-ipa.conf | 1 +
src/man/sssd-ad.5.xml | 13 +++++++++++++
src/man/sssd-ipa.5.xml | 13 +++++++++++++
src/providers/ad/ad_common.h | 1 +
src/providers/ad/ad_opts.h | 1 +
src/providers/ad/ad_subdomains.c | 9 +++++----
src/providers/ipa/ipa_common.h | 1 +
src/providers/ipa/ipa_opts.h | 1 +
src/providers/ipa/ipa_subdomains.c | 7 +++++--
11 files changed, 45 insertions(+), 6 deletions(-)
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 1bc4f1bffeb757547d35f6064d9c36bf053d49f9..9b7a67e9079fab0b07200ad1370fbecb4dd100f5 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -151,6 +151,8 @@ option_strings = {
'ipa_master_domain_search_base': _("Search base for object containing info about IPA domain"),
'ipa_ranges_search_base': _("Search base for objects containing info about ID ranges"),
'ipa_enable_dns_sites': _("Enable DNS sites - location based service discovery"),
+ 'ipa_subdomain_refresh_period': _("How often should be subdomains list refreshed"),
+
# [provider/ad]
'ad_domain' : _('Active Directory domain'),
@@ -158,6 +160,7 @@ option_strings = {
'ad_backup_server' : _('Active Directory backup server address'),
'ad_hostname' : _('Active Directory client hostname'),
'ad_enable_dns_sites' : _('Enable DNS sites - location based service discovery'),
+ 'ad_subdomain_refresh_period': _("How often should be subdomains list refreshed"),
# [provider/krb5]
'krb5_kdcip' : _('Kerberos server address'),
diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf
index 120c827523d5b103396b3a38bca8cc75b25d0cc2..84bb1854877b8490a16d70450154506a052f8b15 100644
--- a/src/config/etc/sssd.api.d/sssd-ad.conf
+++ b/src/config/etc/sssd.api.d/sssd-ad.conf
@@ -4,6 +4,7 @@ ad_server = str, None, false
ad_backup_server = str, None, false
ad_hostname = str, None, false
ad_enable_dns_sites = bool, None, false
+ad_subdomain_refresh_period = int, None, false
ldap_uri = str, None, false
ldap_backup_uri = str, None, false
ldap_search_base = str, None, false
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
index bc14fbe3d4153bd7a7ca4ffe0351edf0b8c02ee4..566ebed810cd555f19cf5bdbd40760abaffe3420 100644
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -11,6 +11,7 @@ ipa_host_search_base = str, None, false
ipa_master_domain_search_base = str, None, false
ipa_ranges_search_base = str, None, false
ipa_enable_dns_sites = bool, None, false
+ipa_subdomain_refresh_period = int, None, false
ldap_uri = str, None, false
ldap_backup_uri = str, None, false
ldap_search_base = str, None, false
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index 92656929461885690d1863947ce528ecb782562b..385ee7030c7455e8d2d7a0fc4193daa940e562d2 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -159,6 +159,19 @@ ldap_id_mapping = False
</varlistentry>
<varlistentry>
+ <term>ad_subdomain_refresh_period (integer)</term>
+ <listitem>
+ <para>
+ Optional. Specifies how often should SSSD refresh
+ the list of subdomains.
+ </para>
+ <para>
+ Default: 14400 (seconds)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>dyndns_update (boolean)</term>
<listitem>
<para>
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index 28ac252abbeb508d62ca1a94f2440afc6b5b5c88..9a50e11c229b45f99a6753cb050c573622c334ad 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -208,6 +208,19 @@
</varlistentry>
<varlistentry>
+ <term>ad_subdomain_refresh_period (integer)</term>
+ <listitem>
+ <para>
+ Optional. Specifies how often should SSSD refresh
+ the list of subdomains.
+ </para>
+ <para>
+ Default: 14400 (seconds)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>dyndns_refresh_interval (integer)</term>
<listitem>
<para>
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
index 98aeb2165273b5dbfafd3b8757180d74b4504c98..be31b080179011d4f14b1195cde0f4d31e6622f6 100644
--- a/src/providers/ad/ad_common.h
+++ b/src/providers/ad/ad_common.h
@@ -41,6 +41,7 @@ enum ad_basic_opt {
AD_KEYTAB,
AD_KRB5_REALM,
AD_ENABLE_DNS_SITES,
+ AD_SUBDOMAIN_REFRESH_PERIOD,
AD_OPTS_BASIC /* opts counter */
};
diff --git a/src/providers/ad/ad_opts.h b/src/providers/ad/ad_opts.h
index 197b97e222367ba80af017fe635fceffdd9a9faa..fca5d8e02b8cc6ea48ecd6369d70a8f0cd2ee7e7 100644
--- a/src/providers/ad/ad_opts.h
+++ b/src/providers/ad/ad_opts.h
@@ -35,6 +35,7 @@ struct dp_option ad_basic_opts[] = {
{ "krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING},
{ "ad_enable_dns_sites", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
+ { "ad_subdomain_refresh_period", DP_OPT_NUMBER, {.number = 14400}, NULL_NUMBER}, /* 4 hours */
DP_OPTION_TERMINATOR
};
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index be4781cc5bc01152ffa1fbedf0ad5352f72939ae..b062b888d6ee726c79619c9875a9518d151a5854 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -55,9 +55,6 @@
/* do not refresh more often than every 5 seconds for now */
#define AD_SUBDOMAIN_REFRESH_LIMIT 5
-/* refresh automatically every 4 hours */
-#define AD_SUBDOMAIN_REFRESH_PERIOD (3600 * 4)
-
struct ad_subdomains_ctx {
struct be_ctx *be_ctx;
struct sdap_id_ctx *sdap_id_ctx;
@@ -714,6 +711,7 @@ static void ad_subdom_online_cb(void *pvt)
struct ad_subdomains_ctx *ctx;
struct be_req *be_req;
struct timeval tv;
+ int refresh_period;
ctx = talloc_get_type(pvt, struct ad_subdomains_ctx);
if (!ctx) {
@@ -730,7 +728,10 @@ static void ad_subdom_online_cb(void *pvt)
ad_subdomains_retrieve(ctx, be_req);
- tv = tevent_timeval_current_ofs(AD_SUBDOMAIN_REFRESH_PERIOD, 0);
+ refresh_period = dp_opt_get_int(ctx->sdap_id_ctx->opts->basic,
+ AD_SUBDOMAIN_REFRESH_PERIOD);
+
+ tv = tevent_timeval_current_ofs(refresh_period, 0);
ctx->timer_event = tevent_add_timer(ctx->be_ctx->ev, ctx, tv,
ad_subdom_timer_refresh, ctx);
if (!ctx->timer_event) {
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 1afe20dbb1ecb52de8bd6948fe780300d43e4dd3..1c1717c518dea96b07ed0c05c7558d476e9e883c 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -52,6 +52,7 @@ enum ipa_basic_opt {
IPA_RANGES_SEARCH_BASE,
IPA_ENABLE_DNS_SITES,
IPA_SERVER_MODE,
+ IPA_SUBDOMAIN_REFRESH_PERIOD,
IPA_OPTS_BASIC /* opts counter */
};
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
index 9babca73f4cf2e48ec7dff085870fa69429053df..f84709604f1267bba59d40832aef3bb2ba9d6cc4 100644
--- a/src/providers/ipa/ipa_opts.h
+++ b/src/providers/ipa/ipa_opts.h
@@ -49,6 +49,7 @@ struct dp_option ipa_basic_opts[] = {
{ "ipa_ranges_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ipa_enable_dns_sites", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
{ "ipa_server_mode", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
+ { "ipa_subdomain_refresh_period", DP_OPT_NUMBER, {.number = 14400}, NULL_NUMBER}, /* 4 hours */
DP_OPTION_TERMINATOR
};
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 9ded9954bbc819e65e3b222c8968d2440320c4be..f7f4db35de753c1377f4ced4dcf731548b8acfcb 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -48,7 +48,6 @@
#define IPA_SUBDOMAIN_REFRESH_LIMIT 5
/* refresh automatically every 4 hours */
-#define IPA_SUBDOMAIN_REFRESH_PERIOD (3600 * 4)
#define IPA_SUBDOMAIN_DISABLED_PERIOD 3600
enum ipa_subdomains_req_type {
@@ -953,6 +952,7 @@ static void ipa_subdom_online_cb(void *pvt)
struct ipa_subdomains_ctx *ctx;
struct be_req *be_req;
struct timeval tv;
+ int refresh_period;
ctx = talloc_get_type(pvt, struct ipa_subdomains_ctx);
if (!ctx) {
@@ -971,7 +971,10 @@ static void ipa_subdom_online_cb(void *pvt)
ipa_subdomains_retrieve(ctx, be_req);
- tv = tevent_timeval_current_ofs(IPA_SUBDOMAIN_REFRESH_PERIOD, 0);
+ refresh_period = dp_opt_get_int(ctx->sdap_id_ctx->opts->basic,
+ IPA_SUBDOMAIN_REFRESH_PERIOD);
+
+ tv = tevent_timeval_current_ofs(refresh_period, 0);
ctx->timer_event = tevent_add_timer(ctx->be_ctx->ev, ctx, tv,
ipa_subdom_timer_refresh, ctx);
if (!ctx->timer_event) {
--
1.8.1.4
From c32871bb5775d709e32089485e06ba9e204aa066 Mon Sep 17 00:00:00 2001
From: Ondrej Kos <o...@redhat.com>
Date: Mon, 5 Aug 2013 12:39:04 +0200
Subject: [PATCH 2/3] DP: Store list of back-end tevent requests
---
src/providers/data_provider_be.c | 25 +++++++++++++++++++++++++
src/providers/dp_backend.h | 3 +++
2 files changed, 28 insertions(+)
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index ae9ba81c871e8cefc11cbbfd9b3fb2140ef74498..7797512815e9c540ba16c14dee3ab4c6b1c421a8 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -125,6 +125,8 @@ static struct bet_data bet_data[] = {
#define REQ_PHASE_SELINUX 1
struct be_req {
+ struct be_req *prev;
+ struct be_req *next;
struct be_client *becli;
struct be_ctx *be_ctx;
void *req_data;
@@ -166,10 +168,25 @@ void *be_req_get_data(struct be_req *be_req)
return be_req->req_data;
}
+struct sss_domain_info *be_req_get_domain(struct be_req *be_req)
+{
+ struct be_ctx *be_ctx = be_req_get_be_ctx(be_req);
+
+ return be_ctx ? be_ctx->domain : NULL;
+}
+
void be_req_terminate(struct be_req *be_req,
int dp_err_type, int errnum, const char *errstr)
{
+ struct be_ctx *be_ctx = NULL;
+
if (be_req->fn == NULL) return;
+
+ be_ctx = be_req_get_be_ctx(be_req);
+ if (be_ctx == NULL) return;
+
+ DLIST_REMOVE(be_ctx->be_reqlist, be_req);
+
be_req->fn(be_req, dp_err_type, errnum, errstr);
}
@@ -274,6 +291,7 @@ static errno_t be_file_request(TALLOC_CTX *mem_ctx,
be_req_fn_t fn)
{
errno_t ret;
+ struct be_ctx *be_ctx = NULL;
struct be_async_req *areq;
struct tevent_timer *te;
struct timeval tv;
@@ -300,6 +318,13 @@ static errno_t be_file_request(TALLOC_CTX *mem_ctx,
return EIO;
}
+ be_ctx = be_req_get_be_ctx(be_req);
+ if (be_ctx == NULL) {
+ return EINVAL;
+ }
+
+ DLIST_ADD(be_ctx->be_reqlist, be_req);
+
return EOK;
}
diff --git a/src/providers/dp_backend.h b/src/providers/dp_backend.h
index e07b4e649f5983fc0239101f5b75579ea06f8ef7..12352d487be8931876f975cb5f4f8e4efa6c9bf7 100644
--- a/src/providers/dp_backend.h
+++ b/src/providers/dp_backend.h
@@ -144,6 +144,9 @@ struct be_ctx {
struct be_refresh_ctx *refresh_ctx;
size_t check_online_ref_count;
+
+ struct be_req *be_reqlist;
+
};
struct bet_ops {
--
1.8.1.4
From c989c6097beebff0b75442f6b753c045e98f339d Mon Sep 17 00:00:00 2001
From: Ondrej Kos <o...@redhat.com>
Date: Mon, 5 Aug 2013 13:44:15 +0200
Subject: [PATCH 3/3] Clean list of domain requests
https://fedorahosted.org/sssd/ticket/1968
When subdomain is removed, there still might be some requests pending.
Provided function goes through the list and matching requests are removed.
---
src/providers/ad/ad_subdomains.c | 1 +
src/providers/data_provider_be.c | 21 +++++++++++++++++++++
src/providers/dp_backend.h | 2 ++
3 files changed, 24 insertions(+)
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index b062b888d6ee726c79619c9875a9518d151a5854..bce5e665a5faa0302c79f7d7dd3ac0007e750472 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -209,6 +209,7 @@ static errno_t ad_subdomains_refresh(struct ad_subdomains_ctx *ctx,
/* Remove the subdomain from the list of LDAP domains */
sdap_domain_remove(ctx->sdap_id_ctx->opts, dom);
+ be_clean_dom_req_list(ctx->be_ctx);
} else {
/* ok let's try to update it */
ret = ad_subdom_store(ctx, domain, reply[c]);
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index 7797512815e9c540ba16c14dee3ab4c6b1c421a8..95d48cbffcdd0e582877e47c8c98eaca3e5ccbbc 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -447,6 +447,27 @@ done:
talloc_free(next_be_req);
}
+void be_clean_dom_req_list(struct be_ctx *be_ctx)
+{
+ struct be_req *be_req;
+ struct sss_domain_info *domain;
+ char *domain_name;
+
+ domain_name = be_ctx->domain->name;
+
+ DEBUG(SSSDBG_TRACE_FUNC,
+ ("Removing requests for domain %s\n", domain_name));
+
+ DLIST_FOR_EACH(be_req, be_ctx->be_reqlist) {
+
+ domain = be_req_get_domain(be_req);
+
+ if (strcmp(domain_name, domain->name) == 0) {
+ be_req_terminate(be_req, DP_ERR_FATAL, EIO, NULL);
+ }
+ }
+}
+
bool be_is_offline(struct be_ctx *ctx)
{
time_t now = time(NULL);
diff --git a/src/providers/dp_backend.h b/src/providers/dp_backend.h
index 12352d487be8931876f975cb5f4f8e4efa6c9bf7..d5a26491bfa675a1972534e243fc88a567b618f8 100644
--- a/src/providers/dp_backend.h
+++ b/src/providers/dp_backend.h
@@ -210,6 +210,8 @@ int be_add_offline_cb(TALLOC_CTX *mem_ctx,
struct be_cb **online_cb);
void be_run_offline_cb(struct be_ctx *be);
+void be_clean_dom_req_list(struct be_ctx *be_ctx);
+
/* from data_provider_fo.c */
enum be_fo_protocol {
BE_FO_PROTO_TCP,
--
1.8.1.4
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
