From 7e6a8e7a6c37122fce8781e5f8e82458905960b3 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 21 Mar 2017 14:26:54 +0100
Subject: [PATCH 36/36] KCM: Idle-terminate the responder if the secrets back
 end is used
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Existing with memory database would be fatal as we keep the ccaches in
memory then, but if the ccaches are stored in sssd-secrets, we can just
exit on idle.

Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
---
 src/config/cfg_rules.ini | 1 +
 src/responder/kcm/kcm.c  | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 67a5d1f5ad447a942b437ffd04a7f5d7cfe77d7f..933ebccd828189d923d2186753dfbc0b5c0814ce 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -281,6 +281,7 @@ option = client_idle_timeout
 option = description
 option = socket_path
 option = ccache_storage
+option = responder_idle_timeout
 
 [rule/allowed_domain_options]
 validator = ini_allowed_options
diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c
index 3ee978066c589a5cc38b0ae358f741d389d00e7a..2202f96381a2622a2c5433e281172287b325f960 100644
--- a/src/responder/kcm/kcm.c
+++ b/src/responder/kcm/kcm.c
@@ -133,6 +133,15 @@ static int kcm_get_config(struct kcm_ctx *kctx)
         goto done;
     }
 
+    if (kctx->cc_be == CCDB_BE_SECRETS) {
+        ret = responder_setup_idle_timeout_config(kctx->rctx);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  "Cannot set up idle responder timeout\n");
+            /* Not fatal */
+        }
+    }
+
     kctx->qctx = kcm_ops_queue_create(kctx);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE,
-- 
2.9.3