summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-06-18 11:23:04 -0400
committerStephen Gallagher <sgallagh@redhat.com>2012-06-18 14:40:58 -0400
commitc041c677dcc194ec0280365c9621c46f92e56f7a (patch)
tree1d645fdffc304c25991c6928f0c5b1af986b22a5
parentce1ce193f2d2e07cdb66d26c4912f54de4bb1d92 (diff)
downloadsssd-c041c677dcc194ec0280365c9621c46f92e56f7a.tar.gz
sssd-c041c677dcc194ec0280365c9621c46f92e56f7a.tar.xz
sssd-c041c677dcc194ec0280365c9621c46f92e56f7a.zip
Make the client idle timeout configurable
-rw-r--r--src/confdb/confdb.h4
-rw-r--r--src/config/SSSDConfig.py1
-rwxr-xr-xsrc/config/SSSDConfigTest.py3
-rw-r--r--src/config/etc/sssd.api.conf1
-rw-r--r--src/man/sssd.conf.5.xml15
-rw-r--r--src/responder/common/responder.h1
-rw-r--r--src/responder/common/responder_common.c23
7 files changed, 43 insertions, 5 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 339d8e479..761fb6094 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -66,6 +66,10 @@
#define CONFDB_MONITOR_TRY_INOTIFY "try_inotify"
#define CONFDB_MONITOR_KRB5_RCACHEDIR "krb5_rcache_dir"
+/* Responders */
+#define CONFDB_RESPONDER_CLI_IDLE_TIMEOUT "client_idle_timeout"
+#define CONFDB_RESPONDER_CLI_IDLE_DEFAULT_TIMEOUT 60
+
/* NSS */
#define CONFDB_NSS_CONF_ENTRY "config/nss"
#define CONFDB_NSS_ENUM_CACHE_TIMEOUT "enum_cache_timeout"
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index 1004ab81b..4b62f196c 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -43,6 +43,7 @@ option_strings = {
'timeout' : _('Ping timeout before restarting service'),
'command' : _('Command to start service'),
'reconnection_retries' : _('Number of times to attempt connection to Data Providers'),
+ 'client_idle_timeout' : _('Idle time before automatic disconnection of a client'),
# [sssd]
'services' : _('SSSD Services to start'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index a64a73616..3c414207c 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -272,7 +272,8 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
'debug_microseconds',
'debug_to_files',
'command',
- 'reconnection_retries']
+ 'reconnection_retries',
+ 'client_idle_timeout']
self.assertTrue(type(options) == dict,
"Options should be a dictionary")
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 934346350..29b08a452 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -9,6 +9,7 @@ debug_microseconds = bool, None, false
debug_to_files = bool, None, false
command = str, None, false
reconnection_retries = int, None, false
+client_idle_timeout = int, None, false
[sssd]
# Monitor service
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 756ce19d2..decd56713 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -281,6 +281,21 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>client_idle_timeout</term>
+ <listitem>
+ <para>
+ This option specifies the number of seconds that
+ a client of an SSSD process can hold onto a file
+ descriptor without communicating on it. This value
+ is limited in order to avoid resource exhasution
+ on the system.
+ </para>
+ <para>
+ Default: 60
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect2>
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 8beabb6d8..e10e66ad5 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -86,6 +86,7 @@ struct resp_ctx {
struct be_conn *be_conns;
struct sss_domain_info *domains;
+ int client_idle_timeout;
struct sysdb_ctx_list *db_list;
struct sss_cmd_table *sss_cmds;
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 9a46c8882..e19480037 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -352,10 +352,8 @@ static void accept_fd_handler(struct tevent_context *ev,
static errno_t reset_idle_timer(struct cli_ctx *cctx)
{
- struct timeval tv;
-
- /* TODO: make this configurable */
- tv = tevent_timeval_current_ofs(60, 0);
+ struct timeval tv =
+ tevent_timeval_current_ofs(cctx->rctx->client_idle_timeout, 0);
talloc_zfree(cctx->idle);
@@ -619,6 +617,23 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
rctx->priv_sock_name = sss_priv_pipe_name;
rctx->confdb_service_path = confdb_service_path;
+ ret = confdb_get_int(rctx->cdb, NULL,
+ rctx->confdb_service_path,
+ CONFDB_RESPONDER_CLI_IDLE_TIMEOUT,
+ CONFDB_RESPONDER_CLI_IDLE_DEFAULT_TIMEOUT,
+ &rctx->client_idle_timeout);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Cannot get the client idle timeout [%d]: %s\n",
+ ret, strerror(ret)));
+ return ret;
+ }
+
+ /* Ensure that the client timeout is at least ten seconds */
+ if (rctx->client_idle_timeout < 10) {
+ rctx->client_idle_timeout = 10;
+ }
+
ret = confdb_get_domains(rctx->cdb, &rctx->domains);
if (ret != EOK) {
DEBUG(0, ("fatal error setting up domain map\n"));