From: Matthieu Patou Date: Tue, 15 Nov 2011 11:38:51 +0000 (+0100) Subject: s4-kcc: Remove also deleted objects that are not in the Deleted Object container X-Git-Tag: tevent-0.9.15~612 X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=34d549de34a10129dfb1d3a2f788f15c8110d3d4;hp=ea9fb5cad84595aca3544df521607616aec9041d;p=ddiss%2Fsamba.git s4-kcc: Remove also deleted objects that are not in the Deleted Object container For the configuration container we do a full scan at every run of the kcc-delete service. For the base DN we introduce a new parameter that avoid the full scan to kick just when samba starts. Signed-off-by: Stefan Metzmacher --- diff --git a/source4/dsdb/kcc/kcc_deleted.c b/source4/dsdb/kcc/kcc_deleted.c index 5d2585d60be..0e1a42826c3 100644 --- a/source4/dsdb/kcc/kcc_deleted.c +++ b/source4/dsdb/kcc/kcc_deleted.c @@ -44,8 +44,12 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) struct kccsrv_partition *part; int ret; uint32_t tombstoneLifetime; + bool do_fs = false; + time_t interval = lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv", + "check_deleted_full_scan_interval", 86400); time_t t = time(NULL); + if (t - s->last_deleted_check < lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv", "check_deleted_interval", 600)) { return NT_STATUS_OK; @@ -57,6 +61,22 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) DEBUG(1,(__location__ ": Failed to get tombstone lifetime\n")); return NT_STATUS_INTERNAL_DB_CORRUPTION; } + if (s->last_full_scan_deleted_check > 0 && ((t - s->last_full_scan_deleted_check) > interval )) { + do_fs = true; + s->last_full_scan_deleted_check = t; + } + + if (s->last_full_scan_deleted_check == 0) { + /* + * If we never made a full scan set the last full scan event to be in the past + * and that 9/10 of the full scan interval has already passed. + * This is done to avoid the full scan to fire just at the begining of samba + * or a couple of minutes after the start. + * With this "setup" and default values of interval, the full scan will fire + * 2.4 hours after the start of samba + */ + s->last_full_scan_deleted_check = t - ((9 * interval) / 10); + } for (part=s->partitions; part; part=part->next) { struct ldb_dn *do_dn; @@ -70,8 +90,18 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) container */ continue; } - ret = dsdb_search(s->samdb, do_dn, &res, do_dn, LDB_SCOPE_ONELEVEL, attrs, - DSDB_SEARCH_SHOW_RECYCLED, NULL); + + if (!do_fs && ldb_dn_compare(ldb_get_config_basedn(s->samdb), part->dn)) { + ret = dsdb_search(s->samdb, do_dn, &res, do_dn, LDB_SCOPE_ONELEVEL, attrs, + DSDB_SEARCH_SHOW_RECYCLED, NULL); + } else { + if (do_fs) { + DEBUG(1, ("Doing a full scan on %s and looking for deleted object\n", + ldb_dn_get_linearized(part->dn))); + } + ret = dsdb_search(s->samdb, part->dn, &res, part->dn, LDB_SCOPE_SUBTREE, attrs, + DSDB_SEARCH_SHOW_RECYCLED, "(isDeleted=TRUE)"); + } if (ret != LDB_SUCCESS) { DEBUG(1,(__location__ ": Failed to search for deleted objects in %s\n", @@ -84,6 +114,10 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) const char *tstring; time_t whenChanged = 0; + if (ldb_dn_compare(do_dn, res->msgs[i]->dn) == 0) { + /* Skip the Deleted Object Container */ + continue; + } tstring = ldb_msg_find_attr_as_string(res->msgs[i], "whenChanged", NULL); if (tstring) { whenChanged = ldb_string_to_time(tstring); diff --git a/source4/dsdb/kcc/kcc_service.h b/source4/dsdb/kcc/kcc_service.h index 1e6d35eb78b..b3ba226e726 100644 --- a/source4/dsdb/kcc/kcc_service.h +++ b/source4/dsdb/kcc/kcc_service.h @@ -88,6 +88,8 @@ struct kccsrv_service { time_t last_deleted_check; + time_t last_full_scan_deleted_check; + bool am_rodc; /* run new samba_kcc topology generator code */