summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/confdb/confdb.h1
-rw-r--r--src/config/SSSDConfig.py1
-rwxr-xr-xsrc/config/SSSDConfigTest.py2
-rw-r--r--src/config/etc/sssd.api.conf1
-rw-r--r--src/man/sssd.conf.5.xml15
-rw-r--r--src/providers/data_provider_fo.c10
-rw-r--r--src/resolv/async_resolv.c6
7 files changed, 34 insertions, 2 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 0e0a1b10e..be4dfb6f7 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -100,6 +100,7 @@
#define CONFDB_DOMAIN_MPG "magic_private_groups"
#define CONFDB_DOMAIN_FQ "use_fully_qualified_names"
#define CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT "entry_cache_timeout"
+#define CONFDB_DOMAIN_RESOLV_TIMEOUT "dns_resolver_timeout"
#define CONFDB_DOMAIN_FAMILY_ORDER "lookup_family_order"
#define CONFDB_DOMAIN_ACCOUNT_CACHE_EXPIRATION "account_cache_expiration"
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index 6dd8cac2b..18df97904 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -81,6 +81,7 @@ option_strings = {
'entry_cache_timeout' : _('Entry cache timeout length (seconds)'),
'lookup_family_order' : _('Restrict or prefer a specific address family when performing DNS lookups'),
'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'),
+ 'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'),
# [provider/ipa]
'ipa_domain' : _('IPA domain'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 127ad22cf..e88996534 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -478,6 +478,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'entry_cache_timeout',
'lookup_family_order',
'account_cache_expiration',
+ 'dns_resolver_timeout',
'id_provider',
'auth_provider',
'access_provider',
@@ -794,6 +795,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'entry_cache_timeout',
'account_cache_expiration',
'lookup_family_order',
+ 'dns_resolver_timeout',
'id_provider',
'auth_provider',
'access_provider',
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 3347d9fa4..7d0e20c77 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -58,6 +58,7 @@ lookup_family_order = str, None, false
account_cache_expiration = int, None, false
filter_users = list, str, false
filter_groups = list, str, false
+dns_resolver_timeout = int, None, false
# Special providers
[provider/permit]
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 93bc21905..c7071ab6c 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -641,6 +641,21 @@
</para>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term>dns_resolver_timeout (integer)</term>
+ <listitem>
+ <para>
+ Defines the amount of time (in seconds) to wait for a reply from
+ the DNS resolver before assuming that it is unreachable. If this
+ timeout is reached, the domain will continue to operate in
+ offline mode.
+ </para>
+ <para>
+ Default: 5
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</para>
diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c
index 482f74446..cbdb78624 100644
--- a/src/providers/data_provider_fo.c
+++ b/src/providers/data_provider_fo.c
@@ -93,6 +93,7 @@ static int be_fo_get_options(TALLOC_CTX *mem_ctx, struct be_ctx *ctx,
int be_init_failover(struct be_ctx *ctx)
{
int ret;
+ int fo_timeout;
struct fo_options fopts;
if (ctx->be_fo != NULL) {
@@ -104,7 +105,14 @@ int be_init_failover(struct be_ctx *ctx)
return ENOMEM;
}
- ret = resolv_init(ctx, ctx->ev, 5, &ctx->be_fo->resolv);
+ ret = confdb_get_int(ctx->cdb, ctx, ctx->conf_path,
+ CONFDB_DOMAIN_RESOLV_TIMEOUT,
+ 5, &fo_timeout);
+ if (ret != EOK) {
+ return ret;
+ }
+
+ ret = resolv_init(ctx, ctx->ev, fo_timeout, &ctx->be_fo->resolv);
if (ret != EOK) {
talloc_zfree(ctx->be_fo);
return ret;
diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c
index 70d60e373..363141b4a 100644
--- a/src/resolv/async_resolv.c
+++ b/src/resolv/async_resolv.c
@@ -325,7 +325,7 @@ recreate_ares_channel(struct resolv_ctx *ctx)
DEBUG(4, ("Initializing new c-ares channel\n"));
/* FIXME: the options would contain
* the nameservers to contact, the domains
- * to search, timeout... => get from confdb
+ * to search... => get from confdb
*/
options.sock_state_cb = fd_event;
options.sock_state_cb_data = ctx;
@@ -358,6 +358,10 @@ resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx,
int ret;
struct resolv_ctx *ctx;
+ if (timeout < 1) {
+ return EINVAL;
+ }
+
ctx = talloc_zero(mem_ctx, struct resolv_ctx);
if (ctx == NULL)
return ENOMEM;