From cced56736431094db14d07cfe04fd7606541c339 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 30 Dec 2009 21:40:17 +1100 Subject: [PATCH] s4-kcc: added a preiodic task to remove deleted objects we check for deleted objects in each partition every 10 minutes, using onelevel searches --- source4/dsdb/config.mk | 1 + source4/dsdb/kcc/kcc_deleted.c | 100 ++++++++++++++++++++++++++++++-- source4/dsdb/kcc/kcc_periodic.c | 5 ++ source4/dsdb/kcc/kcc_service.h | 2 + 4 files changed, 104 insertions(+), 4 deletions(-) diff --git a/source4/dsdb/config.mk b/source4/dsdb/config.mk index c5d1c24e043..35a0c84903b 100644 --- a/source4/dsdb/config.mk +++ b/source4/dsdb/config.mk @@ -83,6 +83,7 @@ PRIVATE_DEPENDENCIES = \ KCC_SRV_OBJ_FILES = $(addprefix $(dsdbsrcdir)/kcc/, \ kcc_service.o \ kcc_connection.o \ + kcc_deleted.o \ kcc_periodic.o) $(eval $(call proto_header_template,$(dsdbsrcdir)/kcc/kcc_service_proto.h,$(KCC_SRV_OBJ_FILES:.o=.c))) diff --git a/source4/dsdb/kcc/kcc_deleted.c b/source4/dsdb/kcc/kcc_deleted.c index 44f30702617..d19ac0cac29 100644 --- a/source4/dsdb/kcc/kcc_deleted.c +++ b/source4/dsdb/kcc/kcc_deleted.c @@ -35,6 +35,56 @@ #include "librpc/gen_ndr/ndr_drsblobs.h" #include "param/param.h" +/* + onelevel search with SHOW_DELETED control + */ +static int search_onelevel_with_deleted(struct ldb_context *ldb, + TALLOC_CTX *mem_ctx, + struct ldb_result **_res, + struct ldb_dn *basedn, + const char * const *attrs) +{ + struct ldb_request *req; + TALLOC_CTX *tmp_ctx; + struct ldb_result *res; + int ret; + + tmp_ctx = talloc_new(mem_ctx); + + res = talloc_zero(tmp_ctx, struct ldb_result); + if (!res) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_build_search_req(&req, ldb, tmp_ctx, + basedn, + LDB_SCOPE_ONELEVEL, + NULL, + attrs, + NULL, + res, + ldb_search_default_callback, + NULL); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + + ret = ldb_request_add_control(req, LDB_CONTROL_SHOW_DELETED_OID, true, NULL); + if (ret != LDB_SUCCESS) { + talloc_free(tmp_ctx); + return ret; + } + + ret = ldb_request(ldb, req); + if (ret == LDB_SUCCESS) { + ret = ldb_wait(req->handle, LDB_WAIT_ALL); + } + + talloc_free(req); + *_res = talloc_steal(mem_ctx, res); + return ret; +} /* check to see if any deleted objects need scavenging @@ -43,22 +93,64 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) { struct kccsrv_partition *part; int ret; + uint32_t tombstoneLifetime; time_t t = time(NULL); - if (t - s->last_deleted_check < lp_parm_int(task->lp_ctx, NULL, "kccsrv", + if (t - s->last_deleted_check < lp_parm_int(s->task->lp_ctx, NULL, "kccsrv", "check_deleted_interval", 600)) { return NT_STATUS_OK; } s->last_deleted_check = t; + ret = dsdb_tombstone_lifetime(s->samdb, &tombstoneLifetime); + if (ret != LDB_SUCCESS) { + DEBUG(1,(__location__ ": Failed to get tombstone lifetime\n")); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + for (part=s->partitions; part; part=part->next) { struct ldb_dn *do_dn; struct ldb_result *res; + const char *attrs[] = { "whenChanged", NULL }; + int i; ret = dsdb_get_deleted_objects_dn(s->samdb, mem_ctx, part->dn, &do_dn); - ret = ldb_search(s->samdb, mem_ctx, &res, do_dn, LDB_SCOPE_SUBTREE, - attrs, "isDeleted=TRUE"); - } + if (ret != LDB_SUCCESS) { + /* some partitions have no Deleted Objects + container */ + continue; + } + ret = search_onelevel_with_deleted(s->samdb, do_dn, &res, do_dn, attrs); + + if (ret != LDB_SUCCESS) { + DEBUG(1,(__location__ ": Failed to search for deleted objects in %s\n", + ldb_dn_get_linearized(do_dn))); + talloc_free(do_dn); + continue; + } + + for (i=0; icount; i++) { + const char *tstring; + time_t whenChanged = 0; + tstring = samdb_result_string(res->msgs[i], "whenChanged", NULL); + if (tstring) { + whenChanged = ldb_string_to_time(tstring); + } + if (t - whenChanged > tombstoneLifetime*60*60*24) { + ret = ldb_delete(s->samdb, res->msgs[i]->dn); + if (ret != LDB_SUCCESS) { + DEBUG(1,(__location__ ": Failed to remove deleted object %s\n", + ldb_dn_get_linearized(res->msgs[i]->dn))); + } else { + DEBUG(4,("Removed deleted object %s\n", + ldb_dn_get_linearized(res->msgs[i]->dn))); + } + } + } + + talloc_free(do_dn); + } + return NT_STATUS_OK; } diff --git a/source4/dsdb/kcc/kcc_periodic.c b/source4/dsdb/kcc/kcc_periodic.c index d24e5e90a5e..3b0d8a0551e 100644 --- a/source4/dsdb/kcc/kcc_periodic.c +++ b/source4/dsdb/kcc/kcc_periodic.c @@ -257,5 +257,10 @@ static void kccsrv_periodic_run(struct kccsrv_service *service) if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("kccsrv_simple_update failed - %s\n", nt_errstr(status))); } + + status = kccsrv_check_deleted(service, mem_ctx); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("kccsrv_check_deleted failed - %s\n", nt_errstr(status))); + } talloc_free(mem_ctx); } diff --git a/source4/dsdb/kcc/kcc_service.h b/source4/dsdb/kcc/kcc_service.h index 6a78d37a913..b4ce37bfc5a 100644 --- a/source4/dsdb/kcc/kcc_service.h +++ b/source4/dsdb/kcc/kcc_service.h @@ -78,6 +78,8 @@ struct kccsrv_service { /* here we have a reference to the timed event the schedules the periodic stuff */ struct tevent_timer *te; } periodic; + + time_t last_deleted_check; }; #include "dsdb/kcc/kcc_service_proto.h" -- 2.34.1