Blame SOURCES/0036-KCM-Idle-terminate-the-responder-if-the-secrets-back.patch

ecf709
From 7e6a8e7a6c37122fce8781e5f8e82458905960b3 Mon Sep 17 00:00:00 2001
ecf709
From: Jakub Hrozek <jhrozek@redhat.com>
ecf709
Date: Tue, 21 Mar 2017 14:26:54 +0100
ecf709
Subject: [PATCH 36/36] KCM: Idle-terminate the responder if the secrets back
ecf709
 end is used
ecf709
MIME-Version: 1.0
ecf709
Content-Type: text/plain; charset=UTF-8
ecf709
Content-Transfer-Encoding: 8bit
ecf709
ecf709
Existing with memory database would be fatal as we keep the ccaches in
ecf709
memory then, but if the ccaches are stored in sssd-secrets, we can just
ecf709
exit on idle.
ecf709
ecf709
Reviewed-by: Michal Židek <mzidek@redhat.com>
ecf709
Reviewed-by: Simo Sorce <simo@redhat.com>
ecf709
---
ecf709
 src/config/cfg_rules.ini | 1 +
ecf709
 src/responder/kcm/kcm.c  | 9 +++++++++
ecf709
 2 files changed, 10 insertions(+)
ecf709
ecf709
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
ecf709
index 67a5d1f5ad447a942b437ffd04a7f5d7cfe77d7f..933ebccd828189d923d2186753dfbc0b5c0814ce 100644
ecf709
--- a/src/config/cfg_rules.ini
ecf709
+++ b/src/config/cfg_rules.ini
ecf709
@@ -281,6 +281,7 @@ option = client_idle_timeout
ecf709
 option = description
ecf709
 option = socket_path
ecf709
 option = ccache_storage
ecf709
+option = responder_idle_timeout
ecf709
 
ecf709
 [rule/allowed_domain_options]
ecf709
 validator = ini_allowed_options
ecf709
diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c
ecf709
index 3ee978066c589a5cc38b0ae358f741d389d00e7a..2202f96381a2622a2c5433e281172287b325f960 100644
ecf709
--- a/src/responder/kcm/kcm.c
ecf709
+++ b/src/responder/kcm/kcm.c
ecf709
@@ -133,6 +133,15 @@ static int kcm_get_config(struct kcm_ctx *kctx)
ecf709
         goto done;
ecf709
     }
ecf709
 
ecf709
+    if (kctx->cc_be == CCDB_BE_SECRETS) {
ecf709
+        ret = responder_setup_idle_timeout_config(kctx->rctx);
ecf709
+        if (ret != EOK) {
ecf709
+            DEBUG(SSSDBG_MINOR_FAILURE,
ecf709
+                  "Cannot set up idle responder timeout\n");
ecf709
+            /* Not fatal */
ecf709
+        }
ecf709
+    }
ecf709
+
ecf709
     kctx->qctx = kcm_ops_queue_create(kctx);
ecf709
     if (ret != EOK) {
ecf709
         DEBUG(SSSDBG_OP_FAILURE,
ecf709
-- 
ecf709
2.9.3
ecf709