From f0072e2b102f3b553533402d4ae42b1989b0370e Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 10 Mar 2015 13:01:21 +0100 Subject: SDAP: Make password change timeout configurable with ldap_opt_timeout Related: https://fedorahosted.org/sssd/ticket/1501 Reviewed-by: Pavel Reichl --- src/man/sssd-ldap.5.xml | 3 ++- src/providers/ldap/ldap_auth.c | 6 +++++- src/providers/ldap/sdap_async.c | 6 +++--- src/providers/ldap/sdap_async.h | 3 ++- 4 files changed, 12 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index e598d70c5..a93e6dfe7 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1236,7 +1236,8 @@ calls to synchronous LDAP APIs will abort if no response is received. Also controls the timeout when communicating with the KDC in case of SASL - bind and the timeout of an LDAP bind operation. + bind, the timeout of an LDAP bind operation and + password change extended operation. Default: 6 diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index 3147b49b0..42899fd0e 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -1046,6 +1046,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) } else { const char *password; const char *new_password; + int timeout; ret = sss_authtok_get_password(state->pd->authtok, &password, NULL); @@ -1060,9 +1061,12 @@ static void sdap_auth4chpass_done(struct tevent_req *req) goto done; } + timeout = dp_opt_get_int(state->ctx->opts->basic, SDAP_OPT_TIMEOUT); + subreq = sdap_exop_modify_passwd_send(state, be_ctx->ev, state->sh, state->dn, - password, new_password); + password, new_password, + timeout); if (!subreq) { DEBUG(SSSDBG_OP_FAILURE, "Failed to change password for %s\n", state->username); diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index c30a4578e..c979fbeac 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -494,7 +494,8 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, struct sdap_handle *sh, char *user_dn, const char *password, - const char *new_password) + const char *new_password, + int timeout) { struct tevent_req *req = NULL; struct sdap_exop_modify_passwd_state *state; @@ -562,9 +563,8 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, DEBUG(SSSDBG_TRACE_INTERNAL, "ldap_extended_operation sent, msgid = %d\n", msgid); - /* FIXME: get timeouts from configuration, for now 5 secs. */ ret = sdap_op_add(state, ev, state->sh, msgid, - sdap_exop_modify_passwd_done, req, 5, &state->op); + sdap_exop_modify_passwd_done, req, timeout, &state->op); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n"); ret = ERR_INTERNAL; diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 941b81a41..29afd8e1a 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -145,7 +145,8 @@ struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, struct sdap_handle *sh, char *user_dn, const char *password, - const char *new_password); + const char *new_password, + int timeout); errno_t sdap_exop_modify_passwd_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, char **user_error_msg); -- cgit