On 09/01/2015 04:02 PM, Michal Židek wrote:
From 314116b09758e23626021da2f99f57f64846b26b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?=<mzidek(a)redhat.com>
Date: Mon, 31 Aug 2015 18:21:44 +0200
Subject: [PATCH 1/5] Makefile.am: Add missing AM_CFLAGS
Some targets were missing AM_CFLAGS so
it was not possible to compiple C99 features
s/compiple/compile
[snip]
0002-SYSDB-Add-function-to-expire-entry.patch
From a0fd65d5d25883e556bee34549c6df44aa3d5aba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?=<mzidek(a)redhat.com>
Date: Thu, 6 Aug 2015 09:16:03 +0200
Subject: [PATCH 2/5] SYSDB: Add function to expire entry
Ticket:
https://fedorahosted.org/sssd/ticket/2676
+START_TEST(test_sysdb_mark_entry_as_expired_ldb_dn)
+{
+ errno_t ret;
+ struct sysdb_test_ctx *test_ctx;
+ const char *attrs[] = { SYSDB_CACHE_EXPIRE, NULL };
+ size_t count;
+ struct ldb_message **msgs;
+ uint64_t expire;
+ struct ldb_dn *userdn;
+
+ ret = setup_sysdb_tests(&test_ctx);
+ fail_if(ret != EOK, "Could not setup the test");
+
+ /* Add something to database to test against */
+
+ ret = sysdb_transaction_start(test_ctx->sysdb);
+ ck_assert_int_eq(ret, EOK);
+
+ ret = sysdb_add_user(test_ctx->domain, "testuser",
+ 2000, 0, "Test User", "/home/testuser",
+ "/bin/bash",
+ NULL, NULL, 500, 0);
+ ck_assert_int_eq(ret, EOK);
+
+ ret = sysdb_transaction_commit(test_ctx->sysdb);
+ ck_assert_int_eq(ret, EOK);
+
+ ret = sysdb_search_users(test_ctx, test_ctx->domain,
+ "("SYSDB_UIDNUM"=2000)", attrs,
&count, &msgs);
+ ck_assert_int_eq(ret, EOK);
+ ck_assert_int_eq(count, 1);
+
+ expire = ldb_msg_find_attr_as_uint64(msgs[0], SYSDB_CACHE_EXPIRE, 0);
+ ck_assert(expire != 1);
+
+ userdn = sysdb_user_dn(test_ctx, test_ctx->domain, "testuser");
+ ck_assert(userdn != NULL);
+
+ ret = sysdb_transaction_start(test_ctx->sysdb);
+ ck_assert_int_eq(ret, EOK);
+
+ /* Expire entry */
+ ret = sysdb_mark_entry_as_expired_ldb_dn(test_ctx->domain, userdn);
+ ck_assert_int_eq(ret, EOK);
+
+ ret = sysdb_transaction_commit(test_ctx->sysdb);
+ ck_assert_int_eq(ret, EOK);
+
+ ret = sysdb_search_users(test_ctx, test_ctx->domain,
+ "("SYSDB_UIDNUM"=2000)", attrs,
&count, &msgs);
+ ck_assert_int_eq(ret, EOK);
+ ck_assert_int_eq(count, 1);
+
+ expire = ldb_msg_find_attr_as_uint64(msgs[0], SYSDB_CACHE_EXPIRE, 0);
+ ck_assert_int_eq(expire, 1);
+
+ /* Attempt to mark missing entry should be OK */
Can you improve this comment
but it's just a nitpick
+ ret = sysdb_transaction_start(test_ctx->sysdb);
+ ck_assert_int_eq(ret, EOK);
+
+ ret = sysdb_mark_entry_as_expired_ldb_dn(test_ctx->domain, userdn);
+ ck_assert_int_eq(ret, EOK);
+
+ ret = sysdb_transaction_commit(test_ctx->sysdb);
+ ck_assert_int_eq(ret, EOK);
+}
+END_TEST
+
Suite *create_sysdb_suite(void)
{
Suite *s = suite_create("sysdb");
@@ -6424,6 +6492,7 @@ Suite *create_sysdb_suite(void)
/* ===== Misc ===== */
tcase_add_test(tc_sysdb, test_sysdb_set_get_bool);
+ tcase_add_test(tc_sysdb, test_sysdb_mark_entry_as_expired_ldb_dn);
/* Add all test cases to the test suite */
suite_add_tcase(s, tc_sysdb);
-- 2.1.0
0003-cleanup-task-Expire-all-memberof-targets-when-removi.patch
From 825ac2373bbfb1f70e13ce86b8b1a98eedfb017f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?=<mzidek(a)redhat.com>
Date: Wed, 29 Jul 2015 17:18:06 +0200
Subject: [PATCH 3/5] cleanup task: Expire all memberof targets when removing
user
Ticket:
https://fedorahosted.org/sssd/ticket/2676
When user is removed from cache during cleanup task, mark all
his memberof targets as expired to refresh member/ghost
attributes on next request.
---
src/providers/ldap/ldap_id_cleanup.c | 52 +++++++++++++++++++++++++++++++++++-
1 file changed, 51 insertions(+), 1 deletion(-)
diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c
index 0cbcf04..624e746 100644
--- a/src/providers/ldap/ldap_id_cleanup.c
+++ b/src/providers/ldap/ldap_id_cleanup.c
@@ -175,11 +175,14 @@ done:
static int cleanup_users_logged_in(hash_table_t *table,
const struct ldb_message *msg);
+static errno_t expire_memberof_target_grps(struct sss_domain_info *dom,
+ struct ldb_message *user);
could you
rename
s/expire_memberof_target_grps/expire_memberof_target_groups - sorry that
I didn't ask for this earlier
+
static int cleanup_users(struct sdap_options *opts,
struct sss_domain_info *dom)
{
TALLOC_CTX *tmpctx;
- const char *attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, NULL };
+ const char *attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, SYSDB_MEMBEROF, NULL };
time_t now = time(NULL);
char *subfilter = NULL;
int account_cache_expiration;
@@ -277,6 +280,17 @@ static int cleanup_users(struct sdap_options *opts,
DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_delete_user failed: %d\n",
ret);
goto done;
}
+
+ /* Mark all groups of which user was a member as expired in cache,
+ * so that its ghost/member attributes are refreshed on next
+ * request. */
+ ret = expire_memberof_target_grps(dom, msgs[i]);
+ if (ret != EOK && ret != ENOENT) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "expire_memberof_target_grps failed: [%d]:%s\n",
+ ret, sss_strerror(ret));
+ goto done;
+ }
}
done:
@@ -284,6 +298,42 @@ done:
return ret;
}
+static errno_t expire_memberof_target_grps(struct sss_domain_info *dom,
+ struct ldb_message *user)
+{
+ struct ldb_message_element *memberof_el = NULL;
+ errno_t ret;
+ TALLOC_CTX *tmp_ctx;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ return ENOMEM;
+ }
+
+ memberof_el = ldb_msg_find_element(user, SYSDB_MEMBEROF);
+ if (memberof_el == NULL) {
+ ret = ENOMEM;
EOK? Could you add debug message here?
+ goto done;
+ }
+
+ for (unsigned int i = 0; i < memberof_el->num_values; i++) {
+ ret = sysdb_mark_entry_as_expired_ldb_val(dom,
+ &memberof_el->values[i]);
+ if (ret != EOK && ret != ENOENT) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sysdb_mark_entry_as_expired_ldb_val failed: [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto done;
+ }
+ }
+
+ ret = EOK;
+
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
static int cleanup_users_logged_in(hash_table_t *table,
const struct ldb_message *msg)
{
-- 2.1.0
Rest LGTM and my testing passed. We are almost there :-)