Blame SOURCES/0058-IPA-Implement-background-refresh-for-IPA-domains.patch

5fca41
From 7c4055f0701c9be44f478a713c45e43e5d5914a9 Mon Sep 17 00:00:00 2001
5fca41
From: Jakub Hrozek <jhrozek@redhat.com>
5fca41
Date: Wed, 8 May 2019 14:39:23 +0200
5fca41
Subject: [PATCH 58/64] IPA: Implement background refresh for IPA domains
5fca41
5fca41
Split out the actual useful functionality from the IPA account lookup
5fca41
handler into a tevent request. This tevent request is then used in a new
5fca41
ipa_refresh module.
5fca41
5fca41
Related:
5fca41
https://pagure.io/SSSD/sssd/issue/4012
5fca41
5fca41
Reviewed-by: Sumit Bose <sbose@redhat.com>
5fca41
(cherry picked from commit d76756ef472da9593c691f94186d09226bb49916)
5fca41
5fca41
Reviewed-by: Sumit Bose <sbose@redhat.com>
5fca41
---
5fca41
 Makefile.am                     |   1 +
5fca41
 src/providers/ipa/ipa_common.h  |   3 +
5fca41
 src/providers/ipa/ipa_id.c      | 140 +++++++++++++----
5fca41
 src/providers/ipa/ipa_id.h      |   8 +
5fca41
 src/providers/ipa/ipa_init.c    |   2 +-
5fca41
 src/providers/ipa/ipa_refresh.c | 264 ++++++++++++++++++++++++++++++++
5fca41
 6 files changed, 386 insertions(+), 32 deletions(-)
5fca41
 create mode 100644 src/providers/ipa/ipa_refresh.c
5fca41
5fca41
diff --git a/Makefile.am b/Makefile.am
5fca41
index 7d83b6847..e74de422d 100644
5fca41
--- a/Makefile.am
5fca41
+++ b/Makefile.am
5fca41
@@ -4171,6 +4171,7 @@ libsss_ipa_la_SOURCES = \
5fca41
     src/providers/ipa/ipa_srv.c \
5fca41
     src/providers/ipa/ipa_idmap.c \
5fca41
     src/providers/ipa/ipa_dn.c \
5fca41
+    src/providers/ipa/ipa_refresh.c \
5fca41
     src/providers/ad/ad_opts.c \
5fca41
     src/providers/ad/ad_common.c \
5fca41
     src/providers/ad/ad_dyndns.c \
5fca41
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
5fca41
index 31e671eb5..6bb1739ef 100644
5fca41
--- a/src/providers/ipa/ipa_common.h
5fca41
+++ b/src/providers/ipa/ipa_common.h
5fca41
@@ -301,4 +301,7 @@ errno_t ipa_get_host_attrs(struct dp_option *ipa_options,
5fca41
                            struct sysdb_attrs **hosts,
5fca41
                            struct sysdb_attrs **_ipa_host);
5fca41
 
5fca41
+errno_t ipa_refresh_init(struct be_ctx *be_ctx,
5fca41
+                         struct ipa_id_ctx *id_ctx);
5fca41
+
5fca41
 #endif /* _IPA_COMMON_H_ */
5fca41
diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c
5fca41
index e644af5ff..9abee34cb 100644
5fca41
--- a/src/providers/ipa/ipa_id.c
5fca41
+++ b/src/providers/ipa/ipa_id.c
5fca41
@@ -1344,43 +1344,39 @@ ipa_decide_account_info_type(struct dp_id_data *data, struct be_ctx *be_ctx)
5fca41
     return IPA_ACCOUNT_INFO_OTHER;
5fca41
 }
5fca41
 
5fca41
-struct ipa_account_info_handler_state {
5fca41
+struct ipa_account_info_state {
5fca41
     enum ipa_account_info_type type;
5fca41
-    struct dp_reply_std reply;
5fca41
+
5fca41
+    const char *err_msg;
5fca41
+    int dp_error;
5fca41
 };
5fca41
 
5fca41
-static void ipa_account_info_handler_done(struct tevent_req *subreq);
5fca41
+static void ipa_account_info_done(struct tevent_req *subreq);
5fca41
 
5fca41
 struct tevent_req *
5fca41
-ipa_account_info_handler_send(TALLOC_CTX *mem_ctx,
5fca41
-                              struct ipa_id_ctx *id_ctx,
5fca41
-                              struct dp_id_data *data,
5fca41
-                              struct dp_req_params *params)
5fca41
+ipa_account_info_send(TALLOC_CTX *mem_ctx,
5fca41
+                      struct be_ctx *be_ctx,
5fca41
+                      struct ipa_id_ctx *id_ctx,
5fca41
+                      struct dp_id_data *data)
5fca41
 {
5fca41
-    struct ipa_account_info_handler_state *state;
5fca41
+    struct ipa_account_info_state *state = NULL;
5fca41
+    struct tevent_req *req = NULL;
5fca41
     struct tevent_req *subreq = NULL;
5fca41
-    struct tevent_req *req;
5fca41
     errno_t ret;
5fca41
 
5fca41
     req = tevent_req_create(mem_ctx, &state,
5fca41
-                            struct ipa_account_info_handler_state);
5fca41
+                            struct ipa_account_info_state);
5fca41
     if (req == NULL) {
5fca41
         DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
5fca41
         return NULL;
5fca41
     }
5fca41
 
5fca41
-    state->type = ipa_decide_account_info_type(data, params->be_ctx);
5fca41
-
5fca41
-    if (sdap_is_enum_request(data)) {
5fca41
-        DEBUG(SSSDBG_TRACE_LIBS, "Skipping enumeration on demand\n");
5fca41
-        ret = EOK;
5fca41
-        goto immediately;
5fca41
-    }
5fca41
+    state->type = ipa_decide_account_info_type(data, be_ctx);
5fca41
 
5fca41
     switch (state->type) {
5fca41
     case IPA_ACCOUNT_INFO_SUBDOMAIN:
5fca41
         /* Subdomain lookups are handled differently on server and client. */
5fca41
-        subreq = ipa_subdomain_account_send(state, params->ev, id_ctx, data);
5fca41
+        subreq = ipa_subdomain_account_send(state, be_ctx->ev, id_ctx, data);
5fca41
         break;
5fca41
     case IPA_ACCOUNT_INFO_NETGROUP:
5fca41
         if (data->filter_type != BE_FILTER_NAME) {
5fca41
@@ -1388,11 +1384,11 @@ ipa_account_info_handler_send(TALLOC_CTX *mem_ctx,
5fca41
             goto immediately;
5fca41
         }
5fca41
 
5fca41
-        subreq = ipa_id_get_netgroup_send(state, params->ev, id_ctx,
5fca41
+        subreq = ipa_id_get_netgroup_send(state, be_ctx->ev, id_ctx,
5fca41
                                           data->filter_value);
5fca41
         break;
5fca41
     case IPA_ACCOUNT_INFO_OTHER:
5fca41
-        subreq = ipa_id_get_account_info_send(state, params->ev, id_ctx, data);
5fca41
+        subreq = ipa_id_get_account_info_send(state, be_ctx->ev, id_ctx, data);
5fca41
         break;
5fca41
     }
5fca41
 
5fca41
@@ -1400,7 +1396,99 @@ ipa_account_info_handler_send(TALLOC_CTX *mem_ctx,
5fca41
         ret = ENOMEM;
5fca41
         goto immediately;
5fca41
     }
5fca41
+    tevent_req_set_callback(subreq, ipa_account_info_done, req);
5fca41
+    return req;
5fca41
+
5fca41
+immediately:
5fca41
+    tevent_req_error(req, ret);
5fca41
+    tevent_req_post(req, be_ctx->ev);
5fca41
+    return req;
5fca41
+}
5fca41
+
5fca41
+static void ipa_account_info_done(struct tevent_req *subreq)
5fca41
+{
5fca41
+    struct ipa_account_info_state *state = NULL;
5fca41
+    struct tevent_req *req = NULL;
5fca41
+    errno_t ret;
5fca41
+
5fca41
+    req = tevent_req_callback_data(subreq, struct tevent_req);
5fca41
+    state = tevent_req_data(req, struct ipa_account_info_state);
5fca41
+
5fca41
+    switch (state->type) {
5fca41
+    case IPA_ACCOUNT_INFO_SUBDOMAIN:
5fca41
+        ret = ipa_subdomain_account_recv(subreq, &state->dp_error);
5fca41
+        break;
5fca41
+    case IPA_ACCOUNT_INFO_NETGROUP:
5fca41
+        ret = ipa_id_get_netgroup_recv(subreq, &state->dp_error);
5fca41
+        break;
5fca41
+    case IPA_ACCOUNT_INFO_OTHER:
5fca41
+        ret = ipa_id_get_account_info_recv(subreq, &state->dp_error);
5fca41
+        break;
5fca41
+    default:
5fca41
+        ret = EINVAL;
5fca41
+        break;
5fca41
+    }
5fca41
+    talloc_zfree(subreq);
5fca41
+
5fca41
+    if (ret != EOK) {
5fca41
+        tevent_req_error(req, ret);
5fca41
+        return;
5fca41
+    }
5fca41
+
5fca41
+    tevent_req_done(req);
5fca41
+}
5fca41
 
5fca41
+errno_t ipa_account_info_recv(struct tevent_req *req,
5fca41
+                              int *_dp_error)
5fca41
+{
5fca41
+    struct ipa_account_info_state *state = NULL;
5fca41
+
5fca41
+    state = tevent_req_data(req, struct ipa_account_info_state);
5fca41
+
5fca41
+    /* Fail the request after collecting the dp_error */
5fca41
+    if (_dp_error) {
5fca41
+        *_dp_error = state->dp_error;
5fca41
+    }
5fca41
+
5fca41
+    TEVENT_REQ_RETURN_ON_ERROR(req);
5fca41
+    return EOK;
5fca41
+}
5fca41
+
5fca41
+struct ipa_account_info_handler_state {
5fca41
+    struct dp_reply_std reply;
5fca41
+};
5fca41
+
5fca41
+static void ipa_account_info_handler_done(struct tevent_req *subreq);
5fca41
+
5fca41
+struct tevent_req *
5fca41
+ipa_account_info_handler_send(TALLOC_CTX *mem_ctx,
5fca41
+                              struct ipa_id_ctx *id_ctx,
5fca41
+                              struct dp_id_data *data,
5fca41
+                              struct dp_req_params *params)
5fca41
+{
5fca41
+    struct ipa_account_info_handler_state *state;
5fca41
+    struct tevent_req *subreq = NULL;
5fca41
+    struct tevent_req *req;
5fca41
+    errno_t ret;
5fca41
+
5fca41
+    req = tevent_req_create(mem_ctx, &state,
5fca41
+                            struct ipa_account_info_handler_state);
5fca41
+    if (req == NULL) {
5fca41
+        DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
5fca41
+        return NULL;
5fca41
+    }
5fca41
+
5fca41
+    if (sdap_is_enum_request(data)) {
5fca41
+        DEBUG(SSSDBG_TRACE_LIBS, "Skipping enumeration on demand\n");
5fca41
+        ret = EOK;
5fca41
+        goto immediately;
5fca41
+    }
5fca41
+
5fca41
+    subreq = ipa_account_info_send(state, params->be_ctx, id_ctx, data);
5fca41
+    if (subreq == NULL) {
5fca41
+        ret = ENOMEM;
5fca41
+        goto immediately;
5fca41
+    }
5fca41
     tevent_req_set_callback(subreq, ipa_account_info_handler_done, req);
5fca41
 
5fca41
     return req;
5fca41
@@ -1425,17 +1513,7 @@ static void ipa_account_info_handler_done(struct tevent_req *subreq)
5fca41
     req = tevent_req_callback_data(subreq, struct tevent_req);
5fca41
     state = tevent_req_data(req, struct ipa_account_info_handler_state);
5fca41
 
5fca41
-    switch (state->type) {
5fca41
-    case IPA_ACCOUNT_INFO_SUBDOMAIN:
5fca41
-        ret = ipa_subdomain_account_recv(subreq, &dp_error);
5fca41
-        break;
5fca41
-    case IPA_ACCOUNT_INFO_NETGROUP:
5fca41
-        ret = ipa_id_get_netgroup_recv(subreq, &dp_error);
5fca41
-        break;
5fca41
-    case IPA_ACCOUNT_INFO_OTHER:
5fca41
-        ret = ipa_id_get_account_info_recv(subreq, &dp_error);
5fca41
-        break;
5fca41
-    }
5fca41
+    ret = ipa_account_info_recv(subreq, &dp_error);
5fca41
     talloc_zfree(subreq);
5fca41
 
5fca41
     /* TODO For backward compatibility we always return EOK to DP now. */
5fca41
diff --git a/src/providers/ipa/ipa_id.h b/src/providers/ipa/ipa_id.h
5fca41
index 4b2549882..fe9acfeef 100644
5fca41
--- a/src/providers/ipa/ipa_id.h
5fca41
+++ b/src/providers/ipa/ipa_id.h
5fca41
@@ -33,6 +33,14 @@
5fca41
 
5fca41
 #define IPA_DEFAULT_VIEW_NAME "Default Trust View"
5fca41
 
5fca41
+struct tevent_req *
5fca41
+ipa_account_info_send(TALLOC_CTX *mem_ctx,
5fca41
+                      struct be_ctx *be_ctx,
5fca41
+                      struct ipa_id_ctx *id_ctx,
5fca41
+                      struct dp_id_data *data);
5fca41
+errno_t ipa_account_info_recv(struct tevent_req *req,
5fca41
+                              int *_dp_error);
5fca41
+
5fca41
 struct tevent_req *
5fca41
 ipa_account_info_handler_send(TALLOC_CTX *mem_ctx,
5fca41
                               struct ipa_id_ctx *id_ctx,
5fca41
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
5fca41
index b3060e228..cdfd11d7a 100644
5fca41
--- a/src/providers/ipa/ipa_init.c
5fca41
+++ b/src/providers/ipa/ipa_init.c
5fca41
@@ -594,7 +594,7 @@ static errno_t ipa_init_misc(struct be_ctx *be_ctx,
5fca41
         }
5fca41
     }
5fca41
 
5fca41
-    ret = sdap_refresh_init(be_ctx, sdap_id_ctx);
5fca41
+    ret = ipa_refresh_init(be_ctx, ipa_id_ctx);
5fca41
     if (ret != EOK && ret != EEXIST) {
5fca41
         DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh "
5fca41
               "will not work [%d]: %s\n", ret, sss_strerror(ret));
5fca41
diff --git a/src/providers/ipa/ipa_refresh.c b/src/providers/ipa/ipa_refresh.c
5fca41
new file mode 100644
5fca41
index 000000000..72051cfdd
5fca41
--- /dev/null
5fca41
+++ b/src/providers/ipa/ipa_refresh.c
5fca41
@@ -0,0 +1,264 @@
5fca41
+/*
5fca41
+    Copyright (C) 2019 Red Hat
5fca41
+
5fca41
+    This program is free software; you can redistribute it and/or modify
5fca41
+    it under the terms of the GNU General Public License as published by
5fca41
+    the Free Software Foundation; either version 3 of the License, or
5fca41
+    (at your option) any later version.
5fca41
+
5fca41
+    This program is distributed in the hope that it will be useful,
5fca41
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
5fca41
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
5fca41
+    GNU General Public License for more details.
5fca41
+
5fca41
+    You should have received a copy of the GNU General Public License
5fca41
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
5fca41
+*/
5fca41
+
5fca41
+#include <talloc.h>
5fca41
+#include <tevent.h>
5fca41
+
5fca41
+#include "providers/ipa/ipa_common.h"
5fca41
+#include "providers/ipa/ipa_id.h"
5fca41
+
5fca41
+struct ipa_refresh_state {
5fca41
+    struct tevent_context *ev;
5fca41
+    struct be_ctx *be_ctx;
5fca41
+    struct dp_id_data *account_req;
5fca41
+    struct ipa_id_ctx *id_ctx;
5fca41
+    char **names;
5fca41
+    size_t index;
5fca41
+};
5fca41
+
5fca41
+static errno_t ipa_refresh_step(struct tevent_req *req);
5fca41
+static void ipa_refresh_done(struct tevent_req *subreq);
5fca41
+
5fca41
+static struct tevent_req *ipa_refresh_send(TALLOC_CTX *mem_ctx,
5fca41
+                                            struct tevent_context *ev,
5fca41
+                                            struct be_ctx *be_ctx,
5fca41
+                                            struct sss_domain_info *domain,
5fca41
+                                            int entry_type,
5fca41
+                                            char **names,
5fca41
+                                            void *pvt)
5fca41
+{
5fca41
+    struct ipa_refresh_state *state = NULL;
5fca41
+    struct tevent_req *req = NULL;
5fca41
+    errno_t ret;
5fca41
+
5fca41
+    req = tevent_req_create(mem_ctx, &state,
5fca41
+                            struct ipa_refresh_state);
5fca41
+    if (req == NULL) {
5fca41
+        DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
5fca41
+        return NULL;
5fca41
+    }
5fca41
+
5fca41
+    if (names == NULL) {
5fca41
+        ret = EOK;
5fca41
+        goto immediately;
5fca41
+    }
5fca41
+
5fca41
+    state->ev = ev;
5fca41
+    state->be_ctx = be_ctx;
5fca41
+    state->id_ctx = talloc_get_type(pvt, struct ipa_id_ctx);
5fca41
+    state->names = names;
5fca41
+    state->index = 0;
5fca41
+
5fca41
+    state->account_req = be_refresh_acct_req(state, entry_type,
5fca41
+                                             BE_FILTER_NAME, domain);
5fca41
+    if (state->account_req == NULL) {
5fca41
+        ret = ENOMEM;
5fca41
+        goto immediately;
5fca41
+    }
5fca41
+
5fca41
+    ret = ipa_refresh_step(req);
5fca41
+    if (ret == EOK) {
5fca41
+        DEBUG(SSSDBG_TRACE_FUNC, "Nothing to refresh\n");
5fca41
+        goto immediately;
5fca41
+    } else if (ret != EAGAIN) {
5fca41
+        DEBUG(SSSDBG_CRIT_FAILURE, "ipa_refresh_step() failed "
5fca41
+                                   "[%d]: %s\n", ret, sss_strerror(ret));
5fca41
+        goto immediately;
5fca41
+    }
5fca41
+
5fca41
+    return req;
5fca41
+
5fca41
+immediately:
5fca41
+    if (ret == EOK) {
5fca41
+        tevent_req_done(req);
5fca41
+    } else {
5fca41
+        tevent_req_error(req, ret);
5fca41
+    }
5fca41
+    tevent_req_post(req, ev);
5fca41
+
5fca41
+    return req;
5fca41
+}
5fca41
+
5fca41
+static errno_t ipa_refresh_step(struct tevent_req *req)
5fca41
+{
5fca41
+    struct ipa_refresh_state *state = NULL;
5fca41
+    struct tevent_req *subreq = NULL;
5fca41
+    errno_t ret;
5fca41
+
5fca41
+    state = tevent_req_data(req, struct ipa_refresh_state);
5fca41
+
5fca41
+    if (state->names == NULL) {
5fca41
+        ret = EOK;
5fca41
+        goto done;
5fca41
+    }
5fca41
+
5fca41
+    state->account_req->filter_value = state->names[state->index];
5fca41
+    if (state->account_req->filter_value == NULL) {
5fca41
+        ret = EOK;
5fca41
+        goto done;
5fca41
+    }
5fca41
+
5fca41
+    subreq = ipa_account_info_send(state, state->be_ctx, state->id_ctx,
5fca41
+                                  state->account_req);
5fca41
+    if (subreq == NULL) {
5fca41
+        ret = ENOMEM;
5fca41
+        goto done;
5fca41
+    }
5fca41
+
5fca41
+    tevent_req_set_callback(subreq, ipa_refresh_done, req);
5fca41
+
5fca41
+    state->index++;
5fca41
+    ret = EAGAIN;
5fca41
+
5fca41
+done:
5fca41
+    return ret;
5fca41
+}
5fca41
+
5fca41
+static void ipa_refresh_done(struct tevent_req *subreq)
5fca41
+{
5fca41
+    struct ipa_refresh_state *state = NULL;
5fca41
+    struct tevent_req *req = NULL;
5fca41
+    errno_t dp_error;
5fca41
+    errno_t ret;
5fca41
+
5fca41
+    req = tevent_req_callback_data(subreq, struct tevent_req);
5fca41
+    state = tevent_req_data(req, struct ipa_refresh_state);
5fca41
+
5fca41
+    ret = ipa_account_info_recv(subreq, &dp_error);
5fca41
+    talloc_zfree(subreq);
5fca41
+    if (ret != EOK) {
5fca41
+        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to refresh %s [dp_error: %d, "
5fca41
+              "errno: %d]\n", be_req2str(state->account_req->entry_type),
5fca41
+              dp_error, ret);
5fca41
+        goto done;
5fca41
+    }
5fca41
+
5fca41
+    ret = ipa_refresh_step(req);
5fca41
+    if (ret == EAGAIN) {
5fca41
+        return;
5fca41
+    }
5fca41
+
5fca41
+done:
5fca41
+    if (ret != EOK) {
5fca41
+        tevent_req_error(req, ret);
5fca41
+        return;
5fca41
+    }
5fca41
+
5fca41
+    tevent_req_done(req);
5fca41
+}
5fca41
+
5fca41
+static errno_t ipa_refresh_recv(struct tevent_req *req)
5fca41
+{
5fca41
+    TEVENT_REQ_RETURN_ON_ERROR(req);
5fca41
+
5fca41
+    return EOK;
5fca41
+}
5fca41
+
5fca41
+static struct tevent_req *
5fca41
+ipa_refresh_users_send(TALLOC_CTX *mem_ctx,
5fca41
+                        struct tevent_context *ev,
5fca41
+                        struct be_ctx *be_ctx,
5fca41
+                        struct sss_domain_info *domain,
5fca41
+                        char **names,
5fca41
+                        void *pvt)
5fca41
+{
5fca41
+    return ipa_refresh_send(mem_ctx, ev, be_ctx, domain,
5fca41
+                           BE_REQ_USER, names, pvt);
5fca41
+}
5fca41
+
5fca41
+static errno_t ipa_refresh_users_recv(struct tevent_req *req)
5fca41
+{
5fca41
+    return ipa_refresh_recv(req);
5fca41
+}
5fca41
+
5fca41
+static struct tevent_req *
5fca41
+ipa_refresh_groups_send(TALLOC_CTX *mem_ctx,
5fca41
+                         struct tevent_context *ev,
5fca41
+                         struct be_ctx *be_ctx,
5fca41
+                         struct sss_domain_info *domain,
5fca41
+                         char **names,
5fca41
+                         void *pvt)
5fca41
+{
5fca41
+    return ipa_refresh_send(mem_ctx, ev, be_ctx, domain,
5fca41
+                           BE_REQ_GROUP, names, pvt);
5fca41
+}
5fca41
+
5fca41
+static errno_t ipa_refresh_groups_recv(struct tevent_req *req)
5fca41
+{
5fca41
+    return ipa_refresh_recv(req);
5fca41
+}
5fca41
+
5fca41
+static struct tevent_req *
5fca41
+ipa_refresh_netgroups_send(TALLOC_CTX *mem_ctx,
5fca41
+                            struct tevent_context *ev,
5fca41
+                            struct be_ctx *be_ctx,
5fca41
+                            struct sss_domain_info *domain,
5fca41
+                            char **names,
5fca41
+                            void *pvt)
5fca41
+{
5fca41
+    return ipa_refresh_send(mem_ctx, ev, be_ctx, domain,
5fca41
+                           BE_REQ_NETGROUP, names, pvt);
5fca41
+}
5fca41
+
5fca41
+static errno_t ipa_refresh_netgroups_recv(struct tevent_req *req)
5fca41
+{
5fca41
+    return ipa_refresh_recv(req);
5fca41
+}
5fca41
+
5fca41
+errno_t ipa_refresh_init(struct be_ctx *be_ctx,
5fca41
+                         struct ipa_id_ctx *id_ctx)
5fca41
+{
5fca41
+    errno_t ret;
5fca41
+
5fca41
+    ret = be_refresh_ctx_init(be_ctx, SYSDB_NAME);
5fca41
+    if (ret != EOK) {
5fca41
+        DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize refresh_ctx\n");
5fca41
+        return ENOMEM;
5fca41
+    }
5fca41
+
5fca41
+    ret = be_refresh_add_cb(be_ctx->refresh_ctx,
5fca41
+                            BE_REFRESH_TYPE_USERS,
5fca41
+                            ipa_refresh_users_send,
5fca41
+                            ipa_refresh_users_recv,
5fca41
+                            id_ctx);
5fca41
+    if (ret != EOK && ret != EEXIST) {
5fca41
+        DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of users "
5fca41
+              "will not work [%d]: %s\n", ret, strerror(ret));
5fca41
+    }
5fca41
+
5fca41
+    ret = be_refresh_add_cb(be_ctx->refresh_ctx,
5fca41
+                            BE_REFRESH_TYPE_GROUPS,
5fca41
+                            ipa_refresh_groups_send,
5fca41
+                            ipa_refresh_groups_recv,
5fca41
+                            id_ctx);
5fca41
+    if (ret != EOK && ret != EEXIST) {
5fca41
+        DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of groups "
5fca41
+              "will not work [%d]: %s\n", ret, strerror(ret));
5fca41
+    }
5fca41
+
5fca41
+    ret = be_refresh_add_cb(be_ctx->refresh_ctx,
5fca41
+                            BE_REFRESH_TYPE_NETGROUPS,
5fca41
+                            ipa_refresh_netgroups_send,
5fca41
+                            ipa_refresh_netgroups_recv,
5fca41
+                            id_ctx);
5fca41
+    if (ret != EOK && ret != EEXIST) {
5fca41
+        DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of netgroups "
5fca41
+              "will not work [%d]: %s\n", ret, strerror(ret));
5fca41
+    }
5fca41
+
5fca41
+    return ret;
5fca41
+}
5fca41
-- 
5fca41
2.20.1
5fca41