summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/winbindd/winbindd.c25
-rw-r--r--source3/winbindd/winbindd_cache.c27
-rw-r--r--source3/winbindd/winbindd_proto.h1
3 files changed, 52 insertions, 1 deletions
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index c0b42b811d..e4c22a610a 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -141,6 +141,29 @@ static void flush_caches(void)
}
}
+static void flush_caches_noinit(void)
+{
+ /*
+ * We need to invalidate cached user list entries on a SIGHUP
+ * otherwise cached access denied errors due to restrict anonymous
+ * hang around until the sequence number changes.
+ * NB
+ * Skip uninitialized domains when flush cache.
+ * If domain is not initialized, it means it is never
+ * used or never become online. look, wcache_invalidate_cache()
+ * -> get_cache() -> init_dc_connection(). It causes a lot of traffic
+ * for unused domains and large traffic for primay domain's DC if there
+ * are many domains..
+ */
+
+ if (!wcache_invalidate_cache_noinit()) {
+ DEBUG(0, ("invalidating the cache failed; revalidate the cache\n"));
+ if (!winbindd_cache_validate_and_initialize()) {
+ exit(1);
+ }
+ }
+}
+
/* Handle the signal by unlinking socket and exiting */
static void terminate(bool is_parent)
@@ -254,7 +277,7 @@ static void winbindd_sig_hup_handler(struct tevent_context *ev,
const char *file = (const char *)private_data;
DEBUG(1,("Reloading services after SIGHUP\n"));
- flush_caches();
+ flush_caches_noinit();
reload_services_file(file);
}
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index a9690aea1c..0e17253b7d 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -3023,6 +3023,33 @@ bool wcache_invalidate_cache(void)
return true;
}
+bool wcache_invalidate_cache_noinit(void)
+{
+ struct winbindd_domain *domain;
+
+ for (domain = domain_list(); domain; domain = domain->next) {
+ struct winbind_cache *cache;
+
+ /* Skip uninitialized domains. */
+ if (!domain->initialized && !domain->internal) {
+ continue;
+ }
+
+ cache = get_cache(domain);
+
+ DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
+ "entries for %s\n", domain->name));
+ if (cache) {
+ if (cache->tdb) {
+ tdb_traverse(cache->tdb, traverse_fn, NULL);
+ } else {
+ return false;
+ }
+ }
+ }
+ return true;
+}
+
bool init_wcache(void)
{
if (wcache == NULL) {
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index f6c4dade4a..d3371b27fe 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -104,6 +104,7 @@ NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
void wcache_invalidate_samlogon(struct winbindd_domain *domain,
struct netr_SamInfo3 *info3);
bool wcache_invalidate_cache(void);
+bool wcache_invalidate_cache_noinit(void);
bool init_wcache(void);
bool initialize_winbindd_cache(void);
void close_winbindd_cache(void);