d98fdd80331e93cd698281341360a3ce3e30afbePavel Březina Pavel Březina <pbrezina@redhat.com>
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina Copyright (C) 2012 Red Hat
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina This program is free software; you can redistribute it and/or modify
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina it under the terms of the GNU General Public License as published by
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina the Free Software Foundation; either version 3 of the License, or
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina (at your option) any later version.
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina This program is distributed in the hope that it will be useful,
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina but WITHOUT ANY WARRANTY; without even the implied warranty of
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina GNU General Public License for more details.
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina You should have received a copy of the GNU General Public License
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina along with this program. If not, see <http://www.gnu.org/licenses/>.
044868b388b4e47499f12a9105310b247bbe1ce2Simo Sorcestatic errno_t sdap_reinit_clear_usn(struct sysdb_ctx *sysdb,
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březinastatic void sdap_reinit_cleanup_done(struct tevent_req *subreq);
4fcc50e133f90cd4c5931a3ac48c84cb628b16fcMichal Zidekstatic errno_t sdap_reinit_delete_records(struct sss_domain_info *domain);
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březinastruct tevent_req* sdap_reinit_cleanup_send(TALLOC_CTX *mem_ctx,
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina * 1. remove entryUSN attribute from all entries
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina * 2. run enumeration
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina * 3. remove records that doesn't have entryUSN attribute updated
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina * We don't need to do this for sudo rules, they will be refreshed
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina * automatically during next smart/full refresh, or when an expired rule
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina * is deleted.
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina req = tevent_req_create(mem_ctx, &state, struct sdap_reinit_cleanup_state);
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina /* enumeration is disabled, this whole process is meaningless */
044868b388b4e47499f12a9105310b247bbe1ce2Simo Sorce ret = sdap_reinit_clear_usn(state->sysdb, state->domain);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Unable to clear USN attributes [%d]: %s\n",
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek subreq = sdap_dom_enum_send(id_ctx, be_ctx->ev, id_ctx,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Unable to issue enumeration request\n");
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina tevent_req_set_callback(subreq, sdap_reinit_cleanup_done, req);
4c2cf6607ddc82c5061d805c11e163de4bc1bd82Simo Sorcestatic void sdap_delete_msgs_usn(struct sysdb_ctx *sysdb,
4c2cf6607ddc82c5061d805c11e163de4bc1bd82Simo Sorce struct ldb_message_element el = { 0, SYSDB_USN, 0, NULL };
4c2cf6607ddc82c5061d805c11e163de4bc1bd82Simo Sorce for (i = 0; i < msgs_num; i++) {
4c2cf6607ddc82c5061d805c11e163de4bc1bd82Simo Sorce ret = sysdb_set_entry_attr(sysdb, msgs[i]->dn, &usn_el, SYSDB_MOD_DEL);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, "Failed to clean USN on entry: [%s]\n",
044868b388b4e47499f12a9105310b247bbe1ce2Simo Sorcestatic errno_t sdap_reinit_clear_usn(struct sysdb_ctx *sysdb,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
4c2cf6607ddc82c5061d805c11e163de4bc1bd82Simo Sorce /* reset users' usn */
4c2cf6607ddc82c5061d805c11e163de4bc1bd82Simo Sorce /* reset groups' usn */
d115f40c7a3999e3cbe705a2ff9cf0fd493f80fbMichal Zidek ret = sysdb_search_groups(tmp_ctx, domain, "", attrs, &msgs_num, &msgs);
4c2cf6607ddc82c5061d805c11e163de4bc1bd82Simo Sorce /* reset services' usn */
4fcc50e133f90cd4c5931a3ac48c84cb628b16fcMichal Zidek ret = sysdb_search_services(tmp_ctx, domain, "", attrs, &msgs_num, &msgs);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Cannot search services [%d]: %s\n", ret, strerror(ret));
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_MINOR_FAILURE, "Could not commit transaction\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Could not cancel transaction\n");
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březinastatic void sdap_reinit_cleanup_done(struct tevent_req *subreq)
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina struct sdap_reinit_cleanup_state *state = NULL;
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina req = tevent_req_callback_data(subreq, struct tevent_req);
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina state = tevent_req_data(req, struct sdap_reinit_cleanup_state);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Domain enumeration failed [%d]: %s\n",
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina /* Ok, we've completed an enumeration. Save this to the
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina * sysdb so we can postpone starting up the enumeration
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina * process on the next SSSD service restart (to avoid
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina * slowing down system boot-up
e2ac9be4f293b96f3c8992f1171e44bc1da5cfcaMichal Zidek ret = sysdb_set_enumerated(state->domain, true);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_MINOR_FAILURE, "Could not mark domain as having "
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "enumerated.\n");
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina /* This error is non-fatal, so continue */
4fcc50e133f90cd4c5931a3ac48c84cb628b16fcMichal Zidek ret = sdap_reinit_delete_records(state->domain);
4c2cf6607ddc82c5061d805c11e163de4bc1bd82Simo Sorcestatic void sdap_delete_msgs_dn(struct sysdb_ctx *sysdb,
4c2cf6607ddc82c5061d805c11e163de4bc1bd82Simo Sorce for (i = 0; i < msgs_num; i++) {
4c2cf6607ddc82c5061d805c11e163de4bc1bd82Simo Sorce ret = sysdb_delete_entry(sysdb, msgs[i]->dn, true);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, "Failed to delete entry: [%s]\n",
4fcc50e133f90cd4c5931a3ac48c84cb628b16fcMichal Zidekstatic errno_t sdap_reinit_delete_records(struct sss_domain_info *domain)
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
4c2cf6607ddc82c5061d805c11e163de4bc1bd82Simo Sorce /* purge untouched users */
d115f40c7a3999e3cbe705a2ff9cf0fd493f80fbMichal Zidek ret = sysdb_search_users(tmp_ctx, domain, "(!("SYSDB_USN"=*))",
4c2cf6607ddc82c5061d805c11e163de4bc1bd82Simo Sorce /* purge untouched groups */
d115f40c7a3999e3cbe705a2ff9cf0fd493f80fbMichal Zidek ret = sysdb_search_groups(tmp_ctx, domain, "(!("SYSDB_USN"=*))",
4c2cf6607ddc82c5061d805c11e163de4bc1bd82Simo Sorce /* purge untouched services */
4fcc50e133f90cd4c5931a3ac48c84cb628b16fcMichal Zidek ret = sysdb_search_services(tmp_ctx, domain, "(!("SYSDB_USN"=*))",
3db6dee5b9b24d457b4ab763e07263d121b76553Lukas Slebodnik "Cannot search services [%d]: %s\n", ret, strerror(ret));
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_MINOR_FAILURE, "Could not commit transaction\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Could not cancel transaction\n");