SDAP: Make password change timeout configurable with ldap_opt_timeout

Related:
https://fedorahosted.org/sssd/ticket/1501

Reviewed-by: Pavel Reichl <preichl@redhat.com>

3 files changed, 10 insertions, 5 deletions

diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index 3147b49b0..42899fd0e 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -1046,6 +1046,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
         } else {
             const char *password;
             const char *new_password;
+            int timeout;
 
             ret = sss_authtok_get_password(state->pd->authtok,
                                            &password, NULL);
@@ -1060,9 +1061,12 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
                 goto done;
             }
 
+            timeout = dp_opt_get_int(state->ctx->opts->basic, SDAP_OPT_TIMEOUT);
+
             subreq = sdap_exop_modify_passwd_send(state, be_ctx->ev,
                                                   state->sh, state->dn,
-                                                  password, new_password);
+                                                  password, new_password,
+                                                  timeout);
             if (!subreq) {
                 DEBUG(SSSDBG_OP_FAILURE,
                       "Failed to change password for %s\n", state->username);
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index c30a4578e..c979fbeac 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -494,7 +494,8 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx,
                                            struct sdap_handle *sh,
                                            char *user_dn,
                                            const char *password,
-                                           const char *new_password)
+                                           const char *new_password,
+                                           int timeout)
 {
     struct tevent_req *req = NULL;
     struct sdap_exop_modify_passwd_state *state;
@@ -562,9 +563,8 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx,
     DEBUG(SSSDBG_TRACE_INTERNAL,
           "ldap_extended_operation sent, msgid = %d\n", msgid);
 
-    /* FIXME: get timeouts from configuration, for now 5 secs. */
     ret = sdap_op_add(state, ev, state->sh, msgid,
-                      sdap_exop_modify_passwd_done, req, 5, &state->op);
+                      sdap_exop_modify_passwd_done, req, timeout, &state->op);
     if (ret) {
         DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n");
         ret = ERR_INTERNAL;
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index 941b81a41..29afd8e1a 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -145,7 +145,8 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx,
                                                 struct sdap_handle *sh,
                                                 char *user_dn,
                                                 const char *password,
-                                                const char *new_password);
+                                                const char *new_password,
+                                                int timeout);
 errno_t sdap_exop_modify_passwd_recv(struct tevent_req *req,
                                      TALLOC_CTX *mem_ctx,
                                      char **user_error_msg);