diff options
-rw-r--r-- | source3/winbindd/winbindd.c | 25 | ||||
-rw-r--r-- | source3/winbindd/winbindd_cache.c | 27 | ||||
-rw-r--r-- | source3/winbindd/winbindd_proto.h | 1 |
3 files changed, 52 insertions, 1 deletions
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index c0b42b811d..e4c22a610a 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -141,6 +141,29 @@ static void flush_caches(void) } } +static void flush_caches_noinit(void) +{ + /* + * We need to invalidate cached user list entries on a SIGHUP + * otherwise cached access denied errors due to restrict anonymous + * hang around until the sequence number changes. + * NB + * Skip uninitialized domains when flush cache. + * If domain is not initialized, it means it is never + * used or never become online. look, wcache_invalidate_cache() + * -> get_cache() -> init_dc_connection(). It causes a lot of traffic + * for unused domains and large traffic for primay domain's DC if there + * are many domains.. + */ + + if (!wcache_invalidate_cache_noinit()) { + DEBUG(0, ("invalidating the cache failed; revalidate the cache\n")); + if (!winbindd_cache_validate_and_initialize()) { + exit(1); + } + } +} + /* Handle the signal by unlinking socket and exiting */ static void terminate(bool is_parent) @@ -254,7 +277,7 @@ static void winbindd_sig_hup_handler(struct tevent_context *ev, const char *file = (const char *)private_data; DEBUG(1,("Reloading services after SIGHUP\n")); - flush_caches(); + flush_caches_noinit(); reload_services_file(file); } diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index a9690aea1c..0e17253b7d 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -3023,6 +3023,33 @@ bool wcache_invalidate_cache(void) return true; } +bool wcache_invalidate_cache_noinit(void) +{ + struct winbindd_domain *domain; + + for (domain = domain_list(); domain; domain = domain->next) { + struct winbind_cache *cache; + + /* Skip uninitialized domains. */ + if (!domain->initialized && !domain->internal) { + continue; + } + + cache = get_cache(domain); + + DEBUG(10, ("wcache_invalidate_cache: invalidating cache " + "entries for %s\n", domain->name)); + if (cache) { + if (cache->tdb) { + tdb_traverse(cache->tdb, traverse_fn, NULL); + } else { + return false; + } + } + } + return true; +} + bool init_wcache(void) { if (wcache == NULL) { diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index f6c4dade4a..d3371b27fe 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -104,6 +104,7 @@ NTSTATUS wcache_save_creds(struct winbindd_domain *domain, void wcache_invalidate_samlogon(struct winbindd_domain *domain, struct netr_SamInfo3 *info3); bool wcache_invalidate_cache(void); +bool wcache_invalidate_cache_noinit(void); bool init_wcache(void); bool initialize_winbindd_cache(void); void close_winbindd_cache(void); |