diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2015-03-10 13:01:21 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-03-23 08:33:53 +0100 |
| commit | f0072e2b102f3b553533402d4ae42b1989b0370e (patch) | |
| tree | 369b362e2d788f05b90d0c7b1ead95ce403cd35e /src | |
| parent | b123a618dd8837f8a2db385542f0d7f3d7679d9b (diff) | |
| download | sssd-f0072e2b102f3b553533402d4ae42b1989b0370e.tar.gz sssd-f0072e2b102f3b553533402d4ae42b1989b0370e.tar.xz sssd-f0072e2b102f3b553533402d4ae42b1989b0370e.zip | |
SDAP: Make password change timeout configurable with ldap_opt_timeout
Related:
https://fedorahosted.org/sssd/ticket/1501
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/man/sssd-ldap.5.xml | 3 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_auth.c | 6 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async.c | 6 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async.h | 3 |
4 files changed, 12 insertions, 6 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index e598d70c5..a93e6dfe7 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1236,7 +1236,8 @@ calls to synchronous LDAP APIs will abort if no response is received. Also controls the timeout when communicating with the KDC in case of SASL - bind and the timeout of an LDAP bind operation. + bind, the timeout of an LDAP bind operation and + password change extended operation. </para> <para> Default: 6 diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index 3147b49b0..42899fd0e 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -1046,6 +1046,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) } else { const char *password; const char *new_password; + int timeout; ret = sss_authtok_get_password(state->pd->authtok, &password, NULL); @@ -1060,9 +1061,12 @@ static void sdap_auth4chpass_done(struct tevent_req *req) goto done; } + timeout = dp_opt_get_int(state->ctx->opts->basic, SDAP_OPT_TIMEOUT); + subreq = sdap_exop_modify_passwd_send(state, be_ctx->ev, state->sh, state->dn, - password, new_password); + password, new_password, + timeout); if (!subreq) { DEBUG(SSSDBG_OP_FAILURE, "Failed to change password for %s\n", state->username); diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index c30a4578e..c979fbeac 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -494,7 +494,8 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, struct sdap_handle *sh, char *user_dn, const char *password, - const char *new_password) + const char *new_password, + int timeout) { struct tevent_req *req = NULL; struct sdap_exop_modify_passwd_state *state; @@ -562,9 +563,8 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, DEBUG(SSSDBG_TRACE_INTERNAL, "ldap_extended_operation sent, msgid = %d\n", msgid); - /* FIXME: get timeouts from configuration, for now 5 secs. */ ret = sdap_op_add(state, ev, state->sh, msgid, - sdap_exop_modify_passwd_done, req, 5, &state->op); + sdap_exop_modify_passwd_done, req, timeout, &state->op); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n"); ret = ERR_INTERNAL; diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 941b81a41..29afd8e1a 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -145,7 +145,8 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, struct sdap_handle *sh, char *user_dn, const char *password, - const char *new_password); + const char *new_password, + int timeout); errno_t sdap_exop_modify_passwd_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, char **user_error_msg); |