diff options
-rw-r--r-- | src/confdb/confdb.h | 1 | ||||
-rw-r--r-- | src/config/SSSDConfig.py | 1 | ||||
-rwxr-xr-x | src/config/SSSDConfigTest.py | 2 | ||||
-rw-r--r-- | src/config/etc/sssd.api.conf | 1 | ||||
-rw-r--r-- | src/man/sssd.conf.5.xml | 15 | ||||
-rw-r--r-- | src/providers/data_provider_fo.c | 10 | ||||
-rw-r--r-- | src/resolv/async_resolv.c | 6 |
7 files changed, 34 insertions, 2 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 0e0a1b10..be4dfb6f 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -100,6 +100,7 @@ #define CONFDB_DOMAIN_MPG "magic_private_groups" #define CONFDB_DOMAIN_FQ "use_fully_qualified_names" #define CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT "entry_cache_timeout" +#define CONFDB_DOMAIN_RESOLV_TIMEOUT "dns_resolver_timeout" #define CONFDB_DOMAIN_FAMILY_ORDER "lookup_family_order" #define CONFDB_DOMAIN_ACCOUNT_CACHE_EXPIRATION "account_cache_expiration" diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index 6dd8cac2..18df9790 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -81,6 +81,7 @@ option_strings = { 'entry_cache_timeout' : _('Entry cache timeout length (seconds)'), 'lookup_family_order' : _('Restrict or prefer a specific address family when performing DNS lookups'), 'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'), + 'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'), # [provider/ipa] 'ipa_domain' : _('IPA domain'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 127ad22c..e8899653 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -478,6 +478,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'entry_cache_timeout', 'lookup_family_order', 'account_cache_expiration', + 'dns_resolver_timeout', 'id_provider', 'auth_provider', 'access_provider', @@ -794,6 +795,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'entry_cache_timeout', 'account_cache_expiration', 'lookup_family_order', + 'dns_resolver_timeout', 'id_provider', 'auth_provider', 'access_provider', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 3347d9fa..7d0e20c7 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -58,6 +58,7 @@ lookup_family_order = str, None, false account_cache_expiration = int, None, false filter_users = list, str, false filter_groups = list, str, false +dns_resolver_timeout = int, None, false # Special providers [provider/permit] diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 93bc2190..c7071ab6 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -641,6 +641,21 @@ </para> </listitem> </varlistentry> + + <varlistentry> + <term>dns_resolver_timeout (integer)</term> + <listitem> + <para> + Defines the amount of time (in seconds) to wait for a reply from + the DNS resolver before assuming that it is unreachable. If this + timeout is reached, the domain will continue to operate in + offline mode. + </para> + <para> + Default: 5 + </para> + </listitem> + </varlistentry> </variablelist> </para> diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c index 482f7444..cbdb7862 100644 --- a/src/providers/data_provider_fo.c +++ b/src/providers/data_provider_fo.c @@ -93,6 +93,7 @@ static int be_fo_get_options(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, int be_init_failover(struct be_ctx *ctx) { int ret; + int fo_timeout; struct fo_options fopts; if (ctx->be_fo != NULL) { @@ -104,7 +105,14 @@ int be_init_failover(struct be_ctx *ctx) return ENOMEM; } - ret = resolv_init(ctx, ctx->ev, 5, &ctx->be_fo->resolv); + ret = confdb_get_int(ctx->cdb, ctx, ctx->conf_path, + CONFDB_DOMAIN_RESOLV_TIMEOUT, + 5, &fo_timeout); + if (ret != EOK) { + return ret; + } + + ret = resolv_init(ctx, ctx->ev, fo_timeout, &ctx->be_fo->resolv); if (ret != EOK) { talloc_zfree(ctx->be_fo); return ret; diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c index 70d60e37..363141b4 100644 --- a/src/resolv/async_resolv.c +++ b/src/resolv/async_resolv.c @@ -325,7 +325,7 @@ recreate_ares_channel(struct resolv_ctx *ctx) DEBUG(4, ("Initializing new c-ares channel\n")); /* FIXME: the options would contain * the nameservers to contact, the domains - * to search, timeout... => get from confdb + * to search... => get from confdb */ options.sock_state_cb = fd_event; options.sock_state_cb_data = ctx; @@ -358,6 +358,10 @@ resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx, int ret; struct resolv_ctx *ctx; + if (timeout < 1) { + return EINVAL; + } + ctx = talloc_zero(mem_ctx, struct resolv_ctx); if (ctx == NULL) return ENOMEM; |