dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0036-KCM-Idle-terminate-the-responder-if-the-secrets-back.patch

bb7cd1
From 7e6a8e7a6c37122fce8781e5f8e82458905960b3 Mon Sep 17 00:00:00 2001
bb7cd1
From: Jakub Hrozek <jhrozek@redhat.com>
bb7cd1
Date: Tue, 21 Mar 2017 14:26:54 +0100
bb7cd1
Subject: [PATCH 36/36] KCM: Idle-terminate the responder if the secrets back
bb7cd1
 end is used
bb7cd1
MIME-Version: 1.0
bb7cd1
Content-Type: text/plain; charset=UTF-8
bb7cd1
Content-Transfer-Encoding: 8bit
bb7cd1
bb7cd1
Existing with memory database would be fatal as we keep the ccaches in
bb7cd1
memory then, but if the ccaches are stored in sssd-secrets, we can just
bb7cd1
exit on idle.
bb7cd1
bb7cd1
Reviewed-by: Michal Židek <mzidek@redhat.com>
bb7cd1
Reviewed-by: Simo Sorce <simo@redhat.com>
bb7cd1
---
bb7cd1
 src/config/cfg_rules.ini | 1 +
bb7cd1
 src/responder/kcm/kcm.c  | 9 +++++++++
bb7cd1
 2 files changed, 10 insertions(+)
bb7cd1
bb7cd1
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
bb7cd1
index 67a5d1f5ad447a942b437ffd04a7f5d7cfe77d7f..933ebccd828189d923d2186753dfbc0b5c0814ce 100644
bb7cd1
--- a/src/config/cfg_rules.ini
bb7cd1
+++ b/src/config/cfg_rules.ini
bb7cd1
@@ -281,6 +281,7 @@ option = client_idle_timeout
bb7cd1
 option = description
bb7cd1
 option = socket_path
bb7cd1
 option = ccache_storage
bb7cd1
+option = responder_idle_timeout
bb7cd1
 
bb7cd1
 [rule/allowed_domain_options]
bb7cd1
 validator = ini_allowed_options
bb7cd1
diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c
bb7cd1
index 3ee978066c589a5cc38b0ae358f741d389d00e7a..2202f96381a2622a2c5433e281172287b325f960 100644
bb7cd1
--- a/src/responder/kcm/kcm.c
bb7cd1
+++ b/src/responder/kcm/kcm.c
bb7cd1
@@ -133,6 +133,15 @@ static int kcm_get_config(struct kcm_ctx *kctx)
bb7cd1
         goto done;
bb7cd1
     }
bb7cd1
 
bb7cd1
+    if (kctx->cc_be == CCDB_BE_SECRETS) {
bb7cd1
+        ret = responder_setup_idle_timeout_config(kctx->rctx);
bb7cd1
+        if (ret != EOK) {
bb7cd1
+            DEBUG(SSSDBG_MINOR_FAILURE,
bb7cd1
+                  "Cannot set up idle responder timeout\n");
bb7cd1
+            /* Not fatal */
bb7cd1
+        }
bb7cd1
+    }
bb7cd1
+
bb7cd1
     kctx->qctx = kcm_ops_queue_create(kctx);
bb7cd1
     if (ret != EOK) {
bb7cd1
         DEBUG(SSSDBG_OP_FAILURE,
bb7cd1
-- 
bb7cd1
2.9.3
bb7cd1