diff options
-rw-r--r-- | src/confdb/confdb.c | 8 | ||||
-rw-r--r-- | src/confdb/confdb.h | 2 | ||||
-rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 1 | ||||
-rwxr-xr-x | src/config/SSSDConfigTest.py | 6 | ||||
-rw-r--r-- | src/config/etc/sssd.api.conf | 1 | ||||
-rw-r--r-- | src/providers/ad/ad_subdomains.c | 8 | ||||
-rw-r--r-- | src/providers/ipa/ipa_subdomains.c | 7 |
7 files changed, 24 insertions, 9 deletions
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 6527ede4b..c5cb0c864 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -1142,6 +1142,14 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, } } + ret = get_entry_as_uint32(res->msgs[0], &domain->subdomain_refresh_interval, + CONFDB_DOMAIN_SUBDOMAIN_REFRESH, 14400); + if (ret != EOK || domain->subdomain_refresh_interval == 0) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", CONFDB_DOMAIN_SUBDOMAIN_REFRESH)); + goto done; + } + *_domain = domain; ret = EOK; done: diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index d1587cd4a..c997e6e94 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -163,6 +163,7 @@ #define CONFDB_DOMAIN_SUBDOMAIN_HOMEDIR "subdomain_homedir" #define CONFDB_DOMAIN_DEFAULT_SUBDOMAIN_HOMEDIR "/home/%d/%u" #define CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS "ignore_group_members" +#define CONFDB_DOMAIN_SUBDOMAIN_REFRESH "subdomain_refresh_interval" #define CONFDB_DOMAIN_USER_CACHE_TIMEOUT "entry_cache_user_timeout" #define CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT "entry_cache_group_timeout" @@ -227,6 +228,7 @@ struct sss_domain_info { uint32_t sudo_timeout; uint32_t refresh_expired_interval; + uint32_t subdomain_refresh_interval; int pwd_expiration_warning; diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index f073419e9..af5903c65 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -134,6 +134,7 @@ option_strings = { 'dyndns_force_tcp' : _("Whether the nsupdate utility should default to using TCP"), 'dyndns_auth' : _("What kind of authentication should be used to perform the DNS update"), 'subdomain_enumerate' : _('Control enumeration of trusted domains'), + 'subdomain_refresh_interval' : _('How often should subdomains list be refreshed'), # [provider/ipa] 'ipa_domain' : _('IPA domain'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index acec3e6f4..b6c1d74aa 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -533,7 +533,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'session_provider', 'hostid_provider', 'subdomains_provider', - 'realmd_tags'] + 'realmd_tags', + 'subdomain_refresh_interval'] self.assertTrue(type(options) == dict, "Options should be a dictionary") @@ -888,7 +889,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'session_provider', 'hostid_provider', 'subdomains_provider', - 'realmd_tags'] + 'realmd_tags', + 'subdomain_refresh_interval'] self.assertTrue(type(options) == dict, "Options should be a dictionary") diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 4b8e97ba1..ed65d2d78 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -116,6 +116,7 @@ override_shell = str, None, false default_shell = str, None, false description = str, None, false realmd_tags = str, None, false +subdomain_refresh_interval = int, None, false #Entry cache timeouts entry_cache_user_timeout = int, None, false diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 30c510c97..1d6b72c34 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -58,9 +58,6 @@ /* do not refresh more often than every 5 seconds for now */ #define AD_SUBDOMAIN_REFRESH_LIMIT 5 -/* refresh automatically every 4 hours */ -#define AD_SUBDOMAIN_REFRESH_PERIOD (3600 * 4) - struct ad_subdomains_ctx { struct be_ctx *be_ctx; struct sdap_id_ctx *sdap_id_ctx; @@ -528,6 +525,7 @@ static void ad_subdom_online_cb(void *pvt) struct ad_subdomains_ctx *ctx; struct be_req *be_req; struct timeval tv; + uint32_t refresh_interval; ctx = talloc_get_type(pvt, struct ad_subdomains_ctx); if (!ctx) { @@ -535,6 +533,8 @@ static void ad_subdom_online_cb(void *pvt) return; } + refresh_interval = ctx->be_ctx->domain->subdomain_refresh_interval; + be_req = be_req_create(ctx, NULL, ctx->be_ctx, ad_subdom_be_req_callback, NULL); if (be_req == NULL) { @@ -544,7 +544,7 @@ static void ad_subdom_online_cb(void *pvt) ad_subdomains_retrieve(ctx, be_req); - tv = tevent_timeval_current_ofs(AD_SUBDOMAIN_REFRESH_PERIOD, 0); + tv = tevent_timeval_current_ofs(refresh_interval, 0); ctx->timer_event = tevent_add_timer(ctx->be_ctx->ev, ctx, tv, ad_subdom_timer_refresh, ctx); if (!ctx->timer_event) { diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index d873c5b27..64db70dde 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -47,8 +47,6 @@ /* do not refresh more often than every 5 seconds for now */ #define IPA_SUBDOMAIN_REFRESH_LIMIT 5 -/* refresh automatically every 4 hours */ -#define IPA_SUBDOMAIN_REFRESH_PERIOD (3600 * 4) #define IPA_SUBDOMAIN_DISABLED_PERIOD 3600 enum ipa_subdomains_req_type { @@ -1126,6 +1124,7 @@ static void ipa_subdom_online_cb(void *pvt) struct ipa_subdomains_ctx *ctx; struct be_req *be_req; struct timeval tv; + uint32_t refresh_interval; ctx = talloc_get_type(pvt, struct ipa_subdomains_ctx); if (!ctx) { @@ -1135,6 +1134,8 @@ static void ipa_subdom_online_cb(void *pvt) ctx->disabled_until = 0; + refresh_interval = ctx->be_ctx->domain->subdomain_refresh_interval; + be_req = be_req_create(ctx, NULL, ctx->be_ctx, ipa_subdom_be_req_callback, NULL); if (be_req == NULL) { @@ -1144,7 +1145,7 @@ static void ipa_subdom_online_cb(void *pvt) ipa_subdomains_retrieve(ctx, be_req); - tv = tevent_timeval_current_ofs(IPA_SUBDOMAIN_REFRESH_PERIOD, 0); + tv = tevent_timeval_current_ofs(refresh_interval, 0); ctx->timer_event = tevent_add_timer(ctx->be_ctx->ev, ctx, tv, ipa_subdom_timer_refresh, ctx); if (!ctx->timer_event) { |