confdb: add entry_cache_sudo_timeout option

5 files changed, 17 insertions, 0 deletions

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index cbd427147..5915f2f36 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -922,6 +922,17 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
         goto done;
     }
 
+    /* Override the sudo cache timeout, if specified */
+    ret = get_entry_as_uint32(res->msgs[0], &domain->sudo_timeout,
+                              CONFDB_DOMAIN_SUDO_CACHE_TIMEOUT,
+                              entry_cache_timeout);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE,
+              ("Invalid value for [%s]\n",
+               CONFDB_DOMAIN_SUDO_CACHE_TIMEOUT));
+        goto done;
+    }
+
     /* Set the PAM warning time, if specified */
     val = ldb_msg_find_attr_as_int(res->msgs[0],
                                    CONFDB_DOMAIN_PWD_EXPIRATION_WARNING,
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 0c04112ec..cdbd1ff12 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -163,6 +163,7 @@
 #define CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT "entry_cache_netgroup_timeout"
 #define CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT "entry_cache_service_timeout"
 #define CONFDB_DOMAIN_AUTOFS_CACHE_TIMEOUT "entry_cache_autofs_timeout"
+#define CONFDB_DOMAIN_SUDO_CACHE_TIMEOUT "entry_cache_sudo_timeout"
 #define CONFDB_DOMAIN_PWD_EXPIRATION_WARNING "pwd_expiration_warning"
 
 /* Local Provider */
@@ -211,6 +212,7 @@ struct sss_domain_info {
     uint32_t netgroup_timeout;
     uint32_t service_timeout;
     uint32_t autofsmap_timeout;
+    uint32_t sudo_timeout;
 
     int pwd_expiration_warning;
 
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 23784fdc0..9d7084fc2 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -118,6 +118,7 @@ option_strings = {
     'entry_cache_netgroup_timeout' : _('Entry cache timeout length (seconds)'),
     'entry_cache_service_timeout' : _('Entry cache timeout length (seconds)'),
     'entry_cache_autofs_timeout' : _('Entry cache timeout length (seconds)'),
+    'entry_cache_sudo_timeout' : _('Entry cache timeout length (seconds)'),
 
     # [provider/ipa]
     'ipa_domain' : _('IPA domain'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index ef696e98c..c5bc8bc71 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -487,6 +487,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
             'entry_cache_netgroup_timeout',
             'entry_cache_service_timeout',
             'entry_cache_autofs_timeout',
+            'entry_cache_sudo_timeout',
             'lookup_family_order',
             'account_cache_expiration',
             'dns_resolver_timeout',
@@ -817,6 +818,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
             'entry_cache_netgroup_timeout',
             'entry_cache_service_timeout',
             'entry_cache_autofs_timeout',
+            'entry_cache_sudo_timeout',
             'account_cache_expiration',
             'lookup_family_order',
             'dns_resolver_timeout',
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index c3d6fa811..2cf5713f9 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -109,6 +109,7 @@ entry_cache_group_timeout = int, None, false
 entry_cache_netgroup_timeout = int, None, false
 entry_cache_service_timeout = int, None, false
 entry_cache_autofs_timeout = int, None, false
+entry_cache_sudo_timeout = int, None, false
 
 # Special providers
 [provider/permit]