[SSSD] [sssd PR#180][synchronized] SECRETS: Shutdown the responder in case it becomes idle

Sun, 05 Mar 2017 02:28:38 -0800 

   URL: https://github.com/SSSD/sssd/pull/180
Author: fidencio
 Title: #180: SECRETS: Shutdown the responder in case it becomes idle
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/180/head:pr180
git checkout pr180

From 1107128aa4ad0097df6e0f063cd79c491f6f3366 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com>
Date: Thu, 2 Mar 2017 17:36:02 +0100
Subject: [PATCH 1/2] RESPONDER: Wrap up the code to setup the idle timeout
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

As secrets responder will make use of this very same code in the future,
let's wrap it up into a new function in order to avoid code duplication.

Related:
https://pagure.io/SSSD/sssd/issue/3316

Signed-off-by: Fabiano FidĂȘncio <fiden...@redhat.com>
---
 src/responder/common/responder.h        |  2 +
 src/responder/common/responder_common.c | 87 ++++++++++++++++++++-------------
 2 files changed, 54 insertions(+), 35 deletions(-)

diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 3515f76..66a55c7 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -344,6 +344,8 @@ void responder_set_fd_limit(rlim_t fd_limit);
 
 errno_t reset_client_idle_timer(struct cli_ctx *cctx);
 
+errno_t responder_get_idle_timer_config_option(struct resp_ctx *rctx);
+
 #define GET_DOMAINS_DEFAULT_TIMEOUT 60
 
 struct tevent_req *sss_dp_get_domains_send(TALLOC_CTX *mem_ctx,
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 1959247..629b9a8 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -1095,44 +1095,10 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
     }
 
     if (rctx->socket_activated || rctx->dbus_activated) {
-        ret = confdb_get_int(rctx->cdb, rctx->confdb_service_path,
-                             CONFDB_RESPONDER_IDLE_TIMEOUT,
-                             CONFDB_RESPONDER_IDLE_DEFAULT_TIMEOUT,
-                             &rctx->idle_timeout);
+        ret = responder_get_idle_timer_config_option(rctx);
         if (ret != EOK) {
-            DEBUG(SSSDBG_OP_FAILURE,
-                  "Cannot get the responder idle timeout [%d]: %s\n",
-                  ret, sss_strerror(ret));
             goto fail;
         }
-
-        /* Idle timeout set to 0 means that no timeout will be set up to
-         * the responder */
-        if (rctx->idle_timeout == 0) {
-            DEBUG(SSSDBG_TRACE_INTERNAL,
-                  "Responder idle timeout won't be set up as the "
-                  "responder_idle_timeout is set to 0");
-        } else {
-            /* Ensure that the responder timeout is at least sixty seconds */
-            if (rctx->idle_timeout < 60) {
-                DEBUG(SSSDBG_TRACE_INTERNAL,
-                      "responder_idle_timeout is set to a value lower than "
-                      "the minimum allowed (60s).\n"
-                      "The minimum allowed value will be used.");
-
-                rctx->idle_timeout = 60;
-            }
-
-            ret = setup_responder_idle_timer(rctx);
-            if (ret != EOK) {
-                DEBUG(SSSDBG_MINOR_FAILURE,
-                      "An error ocurrend when setting up the responder's idle "
-                      "timeout for the responder [%p]: %s [%d].\n"
-                      "The responder won't be automatically shutdown after %d "
-                      "seconds inactive. \n",
-                      rctx, sss_strerror(ret), ret, rctx->idle_timeout);
-            }
-        }
     }
 
     ret = confdb_get_int(rctx->cdb, rctx->confdb_service_path,
@@ -1425,3 +1391,54 @@ void responder_set_fd_limit(rlim_t fd_limit)
                "Proceeding with system values\n");
     }
 }
+
+errno_t responder_get_idle_timer_config_option(struct resp_ctx *rctx)
+{
+    errno_t ret;
+
+    ret = confdb_get_int(rctx->cdb, rctx->confdb_service_path,
+                         CONFDB_RESPONDER_IDLE_TIMEOUT,
+                         CONFDB_RESPONDER_IDLE_DEFAULT_TIMEOUT,
+                         &rctx->idle_timeout);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE,
+              "Cannot get the responder idle timeout [%d]: %s\n",
+              ret, sss_strerror(ret));
+        goto fail;
+    }
+
+    /* Idle timeout set to 0 means that no timeout will be set up to
+     * the responder */
+    if (rctx->idle_timeout == 0) {
+        DEBUG(SSSDBG_TRACE_INTERNAL,
+              "Responder idle timeout won't be set up as the "
+              "responder_idle_timeout is set to 0");
+    } else {
+        /* Ensure that the responder timeout is at least sixty seconds */
+        if (rctx->idle_timeout < 60) {
+            DEBUG(SSSDBG_TRACE_INTERNAL,
+                  "responder_idle_timeout is set to a value lower than "
+                  "the minimum allowed (60s).\n"
+                  "The minimum allowed value will be used.");
+
+            rctx->idle_timeout = 60;
+        }
+
+        ret = setup_responder_idle_timer(rctx);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  "An error ocurrend when setting up the responder's idle "
+                  "timeout for the responder [%p]: %s [%d].\n"
+                  "The responder won't be automatically shutdown after %d "
+                  "seconds inactive. \n",
+                  rctx, sss_strerror(ret), ret,
+                  rctx->idle_timeout);
+        }
+    }
+
+    ret = EOK;
+
+fail:
+    return ret;
+
+}

From 933c5194a7099b40162005fcd590345426d002b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com>
Date: Thu, 2 Mar 2017 17:23:15 +0100
Subject: [PATCH 2/2] SECRETS: Shutdown the responder in case it becomes idle
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Similarly to what has been done for the other responders, let's shutdown
the secrets responder in case it becomes idle.

Resolves:
https://pagure.io/SSSD/sssd/issue/3316

Signed-off-by: Fabiano FidĂȘncio <fiden...@redhat.com>
---
 src/config/cfg_rules.ini       | 1 +
 src/responder/secrets/secsrv.c | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index dd0f04b..c01aa85 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -239,6 +239,7 @@ option = description
 option = containers_nest_level
 option = max_secrets
 option = max_payload_size
+option = responder_idle_timeout
 
 [rule/allowed_sec_users_options]
 validator = ini_allowed_options
diff --git a/src/responder/secrets/secsrv.c b/src/responder/secrets/secsrv.c
index 28eca9d..ce210bd 100644
--- a/src/responder/secrets/secsrv.c
+++ b/src/responder/secrets/secsrv.c
@@ -100,6 +100,11 @@ static int sec_get_config(struct sec_ctx *sctx)
         sctx->rctx->client_idle_timeout = 10;
     }
 
+    ret = responder_get_idle_timer_config_option(sctx->rctx);
+    if (ret != EOK) {
+        goto fail;
+    }
+
     ret = EOK;
 
 fail:

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

Reply via email to