dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Blob Blame History Raw
From 99e2a107f01c625cb59cb88589db87294176d6c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 11 Jun 2019 13:37:23 +0200
Subject: [PATCH 10/12] failover: add dns_resolver_server_timeout option

Resolves:
https://pagure.io/SSSD/sssd/issue/3217

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
 src/config/SSSDConfig/__init__.py.in |  1 +
 src/config/SSSDConfigTest.py         |  2 ++
 src/config/cfg_rules.ini             |  1 +
 src/config/etc/sssd.api.conf         |  1 +
 src/man/include/failover.xml         | 17 ++++++++++++++++-
 src/providers/data_provider.h        |  1 +
 src/providers/data_provider_fo.c     |  3 +++
 src/resolv/async_resolv.c            | 10 ++++++----
 src/resolv/async_resolv.h            |  2 +-
 src/tests/cmocka/test_fo_srv.c       |  4 ++--
 src/tests/cmocka/test_resolv_fake.c  |  2 +-
 src/tests/fail_over-tests.c          |  2 +-
 src/tests/resolv-tests.c             |  2 +-
 13 files changed, 37 insertions(+), 11 deletions(-)

diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 9642fe6ba..2d1214e16 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -171,6 +171,7 @@ option_strings = {
     'entry_cache_timeout' : _('Entry cache timeout length (seconds)'),
     'lookup_family_order' : _('Restrict or prefer a specific address family when performing DNS lookups'),
     'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'),
+    'dns_resolver_server_timeout' : _('How long should SSSD talk to single DNS server before trying next server (miliseconds)'),
     'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'),
     'dns_discovery_domain' : _('The domain part of service discovery DNS query'),
     'override_gid' : _('Override GID value from the identity provider with this value'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 727df71ab..82b1a9700 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -606,6 +606,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
             'refresh_expired_interval',
             'lookup_family_order',
             'account_cache_expiration',
+            'dns_resolver_server_timeout',
             'dns_resolver_timeout',
             'dns_discovery_domain',
             'dyndns_update',
@@ -976,6 +977,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
             'refresh_expired_interval',
             'account_cache_expiration',
             'lookup_family_order',
+            'dns_resolver_server_timeout',
             'dns_resolver_timeout',
             'dns_discovery_domain',
             'dyndns_update',
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 929e6149a..a2efb3a67 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -367,6 +367,7 @@ option = account_cache_expiration
 option = pwd_expiration_warning
 option = filter_users
 option = filter_groups
+option = dns_resolver_server_timeout
 option = dns_resolver_timeout
 option = dns_discovery_domain
 option = override_gid
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index c6d6690fb..288b1cfe7 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -170,6 +170,7 @@ account_cache_expiration = int, None, false
 pwd_expiration_warning = int, None, false
 filter_users = list, str, false
 filter_groups = list, str, false
+dns_resolver_server_timeout = int, None, false
 dns_resolver_timeout = int, None, false
 dns_discovery_domain = str, None, false
 override_gid = int, None, false
diff --git a/src/man/include/failover.xml b/src/man/include/failover.xml
index 7b451d831..f2a01b933 100644
--- a/src/man/include/failover.xml
+++ b/src/man/include/failover.xml
@@ -71,6 +71,20 @@
             </citerefentry>,
             manual page.
             <variablelist>
+                <varlistentry>
+                    <term>
+                        dns_resolver_server_timeout
+                    </term>
+                    <listitem>
+                        <para>
+                            Time in milliseconds that sets how long would SSSD
+                            talk to a single DNS server before trying next one.
+                        </para>
+                        <para>
+                            Default: 2000
+                        </para>
+                    </listitem>
+                </varlistentry>
                 <varlistentry>
                     <term>
                         dns_resolver_op_timeout
@@ -111,7 +125,8 @@
             <quote>ldap_opt_timeout></quote> timeout should be set to
             a larger value than <quote>dns_resolver_timeout</quote>
             which in turn should be set to a larger value than
-            <quote>dns_resolver_op_timeout</quote>.
+            <quote>dns_resolver_op_timeout</quote> which should be larger
+            than <quote>dns_resolver_server_timeout</quote>.
         </para>
     </refsect2>
 </refsect1>
diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h
index a0a21cc12..2d10dbb5b 100644
--- a/src/providers/data_provider.h
+++ b/src/providers/data_provider.h
@@ -265,6 +265,7 @@ enum dp_res_opts {
     DP_RES_OPT_FAMILY_ORDER,
     DP_RES_OPT_RESOLVER_TIMEOUT,
     DP_RES_OPT_RESOLVER_OP_TIMEOUT,
+    DP_RES_OPT_RESOLVER_SERVER_TIMEOUT,
     DP_RES_OPT_DNS_DOMAIN,
 
     DP_RES_OPTS /* attrs counter */
diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c
index 473b667e5..a7af3e2a5 100644
--- a/src/providers/data_provider_fo.c
+++ b/src/providers/data_provider_fo.c
@@ -833,6 +833,7 @@ static struct dp_option dp_res_default_opts[] = {
     { "lookup_family_order", DP_OPT_STRING, { "ipv4_first" }, NULL_STRING },
     { "dns_resolver_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
     { "dns_resolver_op_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
+    { "dns_resolver_server_timeout", DP_OPT_NUMBER, { .number = 2000 }, NULL_NUMBER },
     { "dns_discovery_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     DP_OPTION_TERMINATOR
 };
@@ -894,6 +895,8 @@ errno_t be_res_init(struct be_ctx *ctx)
     ret = resolv_init(ctx, ctx->ev,
                       dp_opt_get_int(ctx->be_res->opts,
                                      DP_RES_OPT_RESOLVER_OP_TIMEOUT),
+                      dp_opt_get_int(ctx->be_res->opts,
+                                     DP_RES_OPT_RESOLVER_SERVER_TIMEOUT),
                       &ctx->be_res->resolv);
     if (ret != EOK) {
         talloc_zfree(ctx->be_res);
diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c
index 01d835ec9..00b9531d4 100644
--- a/src/resolv/async_resolv.c
+++ b/src/resolv/async_resolv.c
@@ -60,8 +60,6 @@
 #define DNS_RR_LEN(r)                   DNS__16BIT((r) + 8)
 #define DNS_RR_TTL(r)                   DNS__32BIT((r) + 4)
 
-#define RESOLV_TIMEOUTMS  2000
-
 enum host_database default_host_dbs[] = { DB_FILES, DB_DNS, DB_SENTINEL };
 
 struct fd_watch {
@@ -83,6 +81,9 @@ struct resolv_ctx {
     /* Time in milliseconds before canceling a DNS request */
     int timeout;
 
+    /* Time in milliseconds for communication with single DNS server. */
+    int ares_timeout;
+
     /* The timeout watcher periodically calls ares_process_fd() to check
      * if our pending requests didn't timeout. */
     int pending_requests;
@@ -423,7 +424,7 @@ recreate_ares_channel(struct resolv_ctx *ctx)
      */
     options.sock_state_cb = fd_event;
     options.sock_state_cb_data = ctx;
-    options.timeout = RESOLV_TIMEOUTMS;
+    options.timeout = ctx->ares_timeout;
     /* Only affects ares_gethostbyname */
     options.lookups = discard_const("f");
     options.tries = 1;
@@ -450,7 +451,7 @@ recreate_ares_channel(struct resolv_ctx *ctx)
 
 int
 resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx,
-            int timeout, struct resolv_ctx **ctxp)
+            int timeout, int ares_timeout, struct resolv_ctx **ctxp)
 {
     int ret;
     struct resolv_ctx *ctx;
@@ -467,6 +468,7 @@ resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx,
 
     ctx->ev_ctx = ev_ctx;
     ctx->timeout = timeout;
+    ctx->ares_timeout = ares_timeout;
 
     ret = recreate_ares_channel(ctx);
     if (ret != EOK) {
diff --git a/src/resolv/async_resolv.h b/src/resolv/async_resolv.h
index 90ed03707..d83a7be44 100644
--- a/src/resolv/async_resolv.h
+++ b/src/resolv/async_resolv.h
@@ -52,7 +52,7 @@
 struct resolv_ctx;
 
 int resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx,
-                int timeout, struct resolv_ctx **ctxp);
+                int timeout, int ares_timeout, struct resolv_ctx **ctxp);
 
 void resolv_reread_configuration(struct resolv_ctx *ctx);
 
diff --git a/src/tests/cmocka/test_fo_srv.c b/src/tests/cmocka/test_fo_srv.c
index a11ebbb54..c13cf3a69 100644
--- a/src/tests/cmocka/test_fo_srv.c
+++ b/src/tests/cmocka/test_fo_srv.c
@@ -49,7 +49,7 @@ struct resolv_ctx {
 
 /* mock resolver interface. The resolver test is separate */
 int resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx,
-                int timeout, struct resolv_ctx **ctxp)
+                int timeout, int ares_timeout, struct resolv_ctx **ctxp)
 {
     *ctxp = talloc(mem_ctx, struct resolv_ctx);
     return EOK;
@@ -230,7 +230,7 @@ static int test_fo_setup(void **state)
     assert_non_null(test_ctx->ctx);
 
     ret = resolv_init(test_ctx, test_ctx->ctx->ev,
-                      TEST_RESOLV_TIMEOUT, &test_ctx->resolv);
+                      TEST_RESOLV_TIMEOUT, 2000, &test_ctx->resolv);
     assert_non_null(test_ctx->resolv);
 
     memset(&fopts, 0, sizeof(fopts));
diff --git a/src/tests/cmocka/test_resolv_fake.c b/src/tests/cmocka/test_resolv_fake.c
index 4cb3d4027..0f4011a39 100644
--- a/src/tests/cmocka/test_resolv_fake.c
+++ b/src/tests/cmocka/test_resolv_fake.c
@@ -240,7 +240,7 @@ static int test_resolv_fake_setup(void **state)
     assert_non_null(test_ctx->ctx);
 
     ret = resolv_init(test_ctx, test_ctx->ctx->ev,
-                      TEST_DEFAULT_TIMEOUT, &test_ctx->resolv);
+                      TEST_DEFAULT_TIMEOUT, 2000, &test_ctx->resolv);
     assert_int_equal(ret, EOK);
 
     *state = test_ctx;
diff --git a/src/tests/fail_over-tests.c b/src/tests/fail_over-tests.c
index 5312b2772..b2269ef3b 100644
--- a/src/tests/fail_over-tests.c
+++ b/src/tests/fail_over-tests.c
@@ -73,7 +73,7 @@ setup_test(void)
         fail("Could not init tevent context");
     }
 
-    ret = resolv_init(ctx, ctx->ev, 5, &ctx->resolv);
+    ret = resolv_init(ctx, ctx->ev, 5, 2000, &ctx->resolv);
     if (ret != EOK) {
         talloc_free(ctx);
         fail("Could not init resolv context");
diff --git a/src/tests/resolv-tests.c b/src/tests/resolv-tests.c
index 4a2b3b904..bc4cd7cc1 100644
--- a/src/tests/resolv-tests.c
+++ b/src/tests/resolv-tests.c
@@ -76,7 +76,7 @@ static int setup_resolv_test(int timeout, struct resolv_test_ctx **ctx)
         return EFAULT;
     }
 
-    ret = resolv_init(test_ctx, test_ctx->ev, timeout, &test_ctx->resolv);
+    ret = resolv_init(test_ctx, test_ctx->ev, timeout, 2000, &test_ctx->resolv);
     if (ret != EOK) {
         fail("Could not init resolv context");
         talloc_free(test_ctx);
-- 
2.20.1