From 83bc461f812b3c3df260b5f75d84b34bb1135062 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Mon, 26 Apr 2010 13:02:04 -0400
Subject: Add dns_resolver_timeout option

We had a hard-coded timeout of five seconds for DNS lookups in the
async resolver. This patch adds an option 'dns_resolver_timeout'
to specify this value (Default: 5)
---
 src/confdb/confdb.h              |  1 +
 src/config/SSSDConfig.py         |  1 +
 src/config/SSSDConfigTest.py     |  2 ++
 src/config/etc/sssd.api.conf     |  1 +
 src/man/sssd.conf.5.xml          | 15 +++++++++++++++
 src/providers/data_provider_fo.c | 10 +++++++++-
 src/resolv/async_resolv.c        |  6 +++++-
 7 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 0e0a1b10e..be4dfb6f7 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -100,6 +100,7 @@
 #define CONFDB_DOMAIN_MPG "magic_private_groups"
 #define CONFDB_DOMAIN_FQ "use_fully_qualified_names"
 #define CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT "entry_cache_timeout"
+#define CONFDB_DOMAIN_RESOLV_TIMEOUT "dns_resolver_timeout"
 #define CONFDB_DOMAIN_FAMILY_ORDER "lookup_family_order"
 #define CONFDB_DOMAIN_ACCOUNT_CACHE_EXPIRATION "account_cache_expiration"
 
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index 6dd8cac2b..18df97904 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -81,6 +81,7 @@ option_strings = {
     'entry_cache_timeout' : _('Entry cache timeout length (seconds)'),
     'lookup_family_order' : _('Restrict or prefer a specific address family when performing DNS lookups'),
     'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'),
+    'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'),
 
     # [provider/ipa]
     'ipa_domain' : _('IPA domain'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 127ad22cf..e88996534 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -478,6 +478,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
             'entry_cache_timeout',
             'lookup_family_order',
             'account_cache_expiration',
+            'dns_resolver_timeout',
             'id_provider',
             'auth_provider',
             'access_provider',
@@ -794,6 +795,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
             'entry_cache_timeout',
             'account_cache_expiration',
             'lookup_family_order',
+            'dns_resolver_timeout',
             'id_provider',
             'auth_provider',
             'access_provider',
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 3347d9fa4..7d0e20c77 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -58,6 +58,7 @@ lookup_family_order = str, None, false
 account_cache_expiration = int, None, false
 filter_users = list, str, false
 filter_groups = list, str, false
+dns_resolver_timeout = int, None, false
 
 # Special providers
 [provider/permit]
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 93bc21905..c7071ab6c 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -641,6 +641,21 @@
                         </para>
                     </listitem>
                 </varlistentry>
+
+                <varlistentry>
+                    <term>dns_resolver_timeout (integer)</term>
+                    <listitem>
+                        <para>
+                            Defines the amount of time (in seconds) to wait for a reply from
+                            the DNS resolver before assuming that it is unreachable. If this
+                            timeout is reached, the domain will continue to operate in
+                            offline mode.
+                        </para>
+                        <para>
+                            Default: 5
+                        </para>
+                    </listitem>
+                </varlistentry>
             </variablelist>
         </para>
 
diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c
index 482f74446..cbdb78624 100644
--- a/src/providers/data_provider_fo.c
+++ b/src/providers/data_provider_fo.c
@@ -93,6 +93,7 @@ static int be_fo_get_options(TALLOC_CTX *mem_ctx, struct be_ctx *ctx,
 int be_init_failover(struct be_ctx *ctx)
 {
     int ret;
+    int fo_timeout;
     struct fo_options fopts;
 
     if (ctx->be_fo != NULL) {
@@ -104,7 +105,14 @@ int be_init_failover(struct be_ctx *ctx)
         return ENOMEM;
     }
 
-    ret = resolv_init(ctx, ctx->ev, 5, &ctx->be_fo->resolv);
+    ret = confdb_get_int(ctx->cdb, ctx, ctx->conf_path,
+                         CONFDB_DOMAIN_RESOLV_TIMEOUT,
+                         5, &fo_timeout);
+    if (ret != EOK) {
+        return ret;
+    }
+
+    ret = resolv_init(ctx, ctx->ev, fo_timeout, &ctx->be_fo->resolv);
     if (ret != EOK) {
         talloc_zfree(ctx->be_fo);
         return ret;
diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c
index 70d60e373..363141b4a 100644
--- a/src/resolv/async_resolv.c
+++ b/src/resolv/async_resolv.c
@@ -325,7 +325,7 @@ recreate_ares_channel(struct resolv_ctx *ctx)
     DEBUG(4, ("Initializing new c-ares channel\n"));
     /* FIXME: the options would contain
      * the nameservers to contact, the domains
-     * to search, timeout... => get from confdb
+     * to search... => get from confdb
      */
     options.sock_state_cb = fd_event;
     options.sock_state_cb_data = ctx;
@@ -358,6 +358,10 @@ resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx,
     int ret;
     struct resolv_ctx *ctx;
 
+    if (timeout < 1) {
+        return EINVAL;
+    }
+
     ctx = talloc_zero(mem_ctx, struct resolv_ctx);
     if (ctx == NULL)
         return ENOMEM;
-- 
cgit