summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/confdb/confdb.c8
-rw-r--r--src/confdb/confdb.h2
-rw-r--r--src/config/SSSDConfig/__init__.py.in1
-rwxr-xr-xsrc/config/SSSDConfigTest.py6
-rw-r--r--src/config/etc/sssd.api.conf1
-rw-r--r--src/providers/ad/ad_subdomains.c8
-rw-r--r--src/providers/ipa/ipa_subdomains.c7
7 files changed, 24 insertions, 9 deletions
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index 6527ede4b..c5cb0c864 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -1142,6 +1142,14 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
}
}
+ ret = get_entry_as_uint32(res->msgs[0], &domain->subdomain_refresh_interval,
+ CONFDB_DOMAIN_SUBDOMAIN_REFRESH, 14400);
+ if (ret != EOK || domain->subdomain_refresh_interval == 0) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ ("Invalid value for [%s]\n", CONFDB_DOMAIN_SUBDOMAIN_REFRESH));
+ goto done;
+ }
+
*_domain = domain;
ret = EOK;
done:
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index d1587cd4a..c997e6e94 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -163,6 +163,7 @@
#define CONFDB_DOMAIN_SUBDOMAIN_HOMEDIR "subdomain_homedir"
#define CONFDB_DOMAIN_DEFAULT_SUBDOMAIN_HOMEDIR "/home/%d/%u"
#define CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS "ignore_group_members"
+#define CONFDB_DOMAIN_SUBDOMAIN_REFRESH "subdomain_refresh_interval"
#define CONFDB_DOMAIN_USER_CACHE_TIMEOUT "entry_cache_user_timeout"
#define CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT "entry_cache_group_timeout"
@@ -227,6 +228,7 @@ struct sss_domain_info {
uint32_t sudo_timeout;
uint32_t refresh_expired_interval;
+ uint32_t subdomain_refresh_interval;
int pwd_expiration_warning;
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index f073419e9..af5903c65 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -134,6 +134,7 @@ option_strings = {
'dyndns_force_tcp' : _("Whether the nsupdate utility should default to using TCP"),
'dyndns_auth' : _("What kind of authentication should be used to perform the DNS update"),
'subdomain_enumerate' : _('Control enumeration of trusted domains'),
+ 'subdomain_refresh_interval' : _('How often should subdomains list be refreshed'),
# [provider/ipa]
'ipa_domain' : _('IPA domain'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index acec3e6f4..b6c1d74aa 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -533,7 +533,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'session_provider',
'hostid_provider',
'subdomains_provider',
- 'realmd_tags']
+ 'realmd_tags',
+ 'subdomain_refresh_interval']
self.assertTrue(type(options) == dict,
"Options should be a dictionary")
@@ -888,7 +889,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'session_provider',
'hostid_provider',
'subdomains_provider',
- 'realmd_tags']
+ 'realmd_tags',
+ 'subdomain_refresh_interval']
self.assertTrue(type(options) == dict,
"Options should be a dictionary")
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 4b8e97ba1..ed65d2d78 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -116,6 +116,7 @@ override_shell = str, None, false
default_shell = str, None, false
description = str, None, false
realmd_tags = str, None, false
+subdomain_refresh_interval = int, None, false
#Entry cache timeouts
entry_cache_user_timeout = int, None, false
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index 30c510c97..1d6b72c34 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -58,9 +58,6 @@
/* do not refresh more often than every 5 seconds for now */
#define AD_SUBDOMAIN_REFRESH_LIMIT 5
-/* refresh automatically every 4 hours */
-#define AD_SUBDOMAIN_REFRESH_PERIOD (3600 * 4)
-
struct ad_subdomains_ctx {
struct be_ctx *be_ctx;
struct sdap_id_ctx *sdap_id_ctx;
@@ -528,6 +525,7 @@ static void ad_subdom_online_cb(void *pvt)
struct ad_subdomains_ctx *ctx;
struct be_req *be_req;
struct timeval tv;
+ uint32_t refresh_interval;
ctx = talloc_get_type(pvt, struct ad_subdomains_ctx);
if (!ctx) {
@@ -535,6 +533,8 @@ static void ad_subdom_online_cb(void *pvt)
return;
}
+ refresh_interval = ctx->be_ctx->domain->subdomain_refresh_interval;
+
be_req = be_req_create(ctx, NULL, ctx->be_ctx,
ad_subdom_be_req_callback, NULL);
if (be_req == NULL) {
@@ -544,7 +544,7 @@ static void ad_subdom_online_cb(void *pvt)
ad_subdomains_retrieve(ctx, be_req);
- tv = tevent_timeval_current_ofs(AD_SUBDOMAIN_REFRESH_PERIOD, 0);
+ tv = tevent_timeval_current_ofs(refresh_interval, 0);
ctx->timer_event = tevent_add_timer(ctx->be_ctx->ev, ctx, tv,
ad_subdom_timer_refresh, ctx);
if (!ctx->timer_event) {
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index d873c5b27..64db70dde 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -47,8 +47,6 @@
/* do not refresh more often than every 5 seconds for now */
#define IPA_SUBDOMAIN_REFRESH_LIMIT 5
-/* refresh automatically every 4 hours */
-#define IPA_SUBDOMAIN_REFRESH_PERIOD (3600 * 4)
#define IPA_SUBDOMAIN_DISABLED_PERIOD 3600
enum ipa_subdomains_req_type {
@@ -1126,6 +1124,7 @@ static void ipa_subdom_online_cb(void *pvt)
struct ipa_subdomains_ctx *ctx;
struct be_req *be_req;
struct timeval tv;
+ uint32_t refresh_interval;
ctx = talloc_get_type(pvt, struct ipa_subdomains_ctx);
if (!ctx) {
@@ -1135,6 +1134,8 @@ static void ipa_subdom_online_cb(void *pvt)
ctx->disabled_until = 0;
+ refresh_interval = ctx->be_ctx->domain->subdomain_refresh_interval;
+
be_req = be_req_create(ctx, NULL, ctx->be_ctx,
ipa_subdom_be_req_callback, NULL);
if (be_req == NULL) {
@@ -1144,7 +1145,7 @@ static void ipa_subdom_online_cb(void *pvt)
ipa_subdomains_retrieve(ctx, be_req);
- tv = tevent_timeval_current_ofs(IPA_SUBDOMAIN_REFRESH_PERIOD, 0);
+ tv = tevent_timeval_current_ofs(refresh_interval, 0);
ctx->timer_event = tevent_add_timer(ctx->be_ctx->ev, ctx, tv,
ipa_subdom_timer_refresh, ctx);
if (!ctx->timer_event) {