From 2aa125200689eeb80f04b496acc5933bb09bee75 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Mon, 18 Jun 2012 11:23:04 -0400
Subject: Make the client idle timeout configurable

---
 src/confdb/confdb.h                     |  4 ++++
 src/config/SSSDConfig.py                |  1 +
 src/config/SSSDConfigTest.py            |  3 ++-
 src/config/etc/sssd.api.conf            |  1 +
 src/man/sssd.conf.5.xml                 | 15 +++++++++++++++
 src/responder/common/responder.h        |  1 +
 src/responder/common/responder_common.c | 23 +++++++++++++++++++----
 7 files changed, 43 insertions(+), 5 deletions(-)

diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 4d6157612..985ffe06b 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -65,6 +65,10 @@
 #define CONFDB_MONITOR_TRY_INOTIFY "try_inotify"
 #define CONFDB_MONITOR_KRB5_RCACHEDIR "krb5_rcache_dir"
 
+/* Responders */
+#define CONFDB_RESPONDER_CLI_IDLE_TIMEOUT "client_idle_timeout"
+#define CONFDB_RESPONDER_CLI_IDLE_DEFAULT_TIMEOUT 60
+
 /* NSS */
 #define CONFDB_NSS_CONF_ENTRY "config/nss"
 #define CONFDB_NSS_ENUM_CACHE_TIMEOUT "enum_cache_timeout"
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index 2ba9ea4e1..df22d16d0 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -42,6 +42,7 @@ option_strings = {
     'timeout' : _('Ping timeout before restarting service'),
     'command' : _('Command to start service'),
     'reconnection_retries' : _('Number of times to attempt connection to Data Providers'),
+    'client_idle_timeout' : _('Idle time before automatic disconnection of a client'),
 
     # [sssd]
     'services' : _('SSSD Services to start'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index f3145a00a..71397409b 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -271,7 +271,8 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
             'debug_timestamps',
             'debug_to_files',
             'command',
-            'reconnection_retries']
+            'reconnection_retries',
+            'client_idle_timeout']
 
         self.assertTrue(type(options) == dict,
                         "Options should be a dictionary")
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 045802932..f952673a7 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -8,6 +8,7 @@ debug_timestamps = bool, None, false
 debug_to_files = bool, None, false
 command = str, None, false
 reconnection_retries = int, None, false
+client_idle_timeout = int, None, false
 
 [sssd]
 # Monitor service
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index bed06eb5b..3d470d709 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -279,6 +279,21 @@
                         </para>
                     </listitem>
                 </varlistentry>
+                <varlistentry>
+                    <term>client_idle_timeout</term>
+                    <listitem>
+                        <para>
+                            This option specifies the number of seconds that
+                            a client of an SSSD process can hold onto a file
+                            descriptor without communicating on it. This value
+                            is limited in order to avoid resource exhasution
+                            on the system.
+                        </para>
+                        <para>
+                            Default: 60
+                        </para>
+                    </listitem>
+                </varlistentry>
             </variablelist>
         </refsect2>
 
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 6301af314..5d8248005 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -81,6 +81,7 @@ struct resp_ctx {
     struct be_conn *be_conns;
 
     struct sss_domain_info *domains;
+    int client_idle_timeout;
     struct sysdb_ctx_list *db_list;
 
     struct sss_cmd_table *sss_cmds;
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index e15f3916f..68acb2d83 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -440,10 +440,8 @@ static int sss_monitor_init(struct resp_ctx *rctx,
 
 static errno_t reset_idle_timer(struct cli_ctx *cctx)
 {
-    struct timeval tv;
-
-    /* TODO: make this configurable */
-    tv = tevent_timeval_current_ofs(60, 0);
+    struct timeval tv =
+            tevent_timeval_current_ofs(cctx->rctx->client_idle_timeout, 0);
 
     talloc_zfree(cctx->idle);
 
@@ -693,6 +691,23 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
     rctx->priv_sock_name = sss_priv_pipe_name;
     rctx->confdb_service_path = confdb_service_path;
 
+    ret = confdb_get_int(rctx->cdb, NULL,
+                         rctx->confdb_service_path,
+                         CONFDB_RESPONDER_CLI_IDLE_TIMEOUT,
+                         CONFDB_RESPONDER_CLI_IDLE_DEFAULT_TIMEOUT,
+                         &rctx->client_idle_timeout);
+    if (ret != EOK) {
+        DEBUG(2,
+              ("Cannot get the client idle timeout [%d]: %s\n",
+               ret, strerror(ret)));
+        return ret;
+    }
+
+    /* Ensure that the client timeout is at least ten seconds */
+    if (rctx->client_idle_timeout < 10) {
+        rctx->client_idle_timeout = 10;
+    }
+
     ret = confdb_get_domains(rctx->cdb, &rctx->domains);
     if (ret != EOK) {
         DEBUG(0, ("fatal error setting up domain map\n"));
-- 
cgit