From 7e6a8e7a6c37122fce8781e5f8e82458905960b3 Mon Sep 17 00:00:00 2001

From: Jakub Hrozek <jhrozek@redhat.com>

Date: Tue, 21 Mar 2017 14:26:54 +0100

Subject: [PATCH 36/36] KCM: Idle-terminate the responder if the secrets back

 end is used

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Existing with memory database would be fatal as we keep the ccaches in

memory then, but if the ccaches are stored in sssd-secrets, we can just

exit on idle.

Reviewed-by: Michal Židek <mzidek@redhat.com>

Reviewed-by: Simo Sorce <simo@redhat.com>

---

 src/config/cfg_rules.ini | 1 +

 src/responder/kcm/kcm.c  | 9 +++++++++

 2 files changed, 10 insertions(+)

diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini

index 67a5d1f5ad447a942b437ffd04a7f5d7cfe77d7f..933ebccd828189d923d2186753dfbc0b5c0814ce 100644

--- a/src/config/cfg_rules.ini

+++ b/src/config/cfg_rules.ini

@@ -281,6 +281,7 @@ option = client_idle_timeout

 option = description

 option = socket_path

 option = ccache_storage

+option = responder_idle_timeout

 [rule/allowed_domain_options]

 validator = ini_allowed_options

diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c

index 3ee978066c589a5cc38b0ae358f741d389d00e7a..2202f96381a2622a2c5433e281172287b325f960 100644

--- a/src/responder/kcm/kcm.c

+++ b/src/responder/kcm/kcm.c

@@ -133,6 +133,15 @@ static int kcm_get_config(struct kcm_ctx *kctx)

         goto done;

     }

+    if (kctx->cc_be == CCDB_BE_SECRETS) {

+        ret = responder_setup_idle_timeout_config(kctx->rctx);

+        if (ret != EOK) {

+            DEBUG(SSSDBG_MINOR_FAILURE,

+                  "Cannot set up idle responder timeout\n");

+            /* Not fatal */

+        }

+    }

+

     kctx->qctx = kcm_ops_queue_create(kctx);

     if (ret != EOK) {

         DEBUG(SSSDBG_OP_FAILURE,

-- 

2.9.3