Hello, I am fighting with adding new option to sssd.conf. I slowly running out of breath.
I know proxy could be id, auth or chpass provider. I don't know where is the right place for my option. And the second issue is it breaks test for SSSD config. :-( Is there anyone who would like to join to the fight? Please, see attached patch. Regards -- Petr^4 Čech
>From 252b62b56d0079323dc6771907d76f4f883ffbe4 Mon Sep 17 00:00:00 2001 From: Petr Cech <pc...@redhat.com> Date: Wed, 24 Aug 2016 14:41:09 +0200 Subject: [PATCH] WIP: PROXY: Adding proxy_max_children option Resolves: https://fedorahosted.org/sssd/ticket/3153 --- src/confdb/confdb.h | 1 + src/config/SSSDConfig/__init__.py.in | 1 + src/config/cfg_rules.ini | 1 + src/config/etc/sssd.api.d/sssd-proxy.conf | 4 +--- src/man/sssd.conf.5.xml | 12 ++++++++++++ src/providers/proxy/proxy_init.c | 17 +++++++++++++++-- 6 files changed, 31 insertions(+), 5 deletions(-) diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 72adbd80ea534eb0becd3e517c00b0c26d00444c..dddf3e94fc4a083dfe23549c50c75b8fe1e47c9f 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -220,6 +220,7 @@ #define CONFDB_PROXY_LIBNAME "proxy_lib_name" #define CONFDB_PROXY_PAM_TARGET "proxy_pam_target" #define CONFDB_PROXY_FAST_ALIAS "proxy_fast_alias" +#define CONFDB_PROXY_MAX_CHILDREN "proxy_max_children" /* Secrets Service */ #define CONFDB_SEC_CONF_ENTRY "config/secrets" diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index b3f04ac26309bb5b518fb87cd0dae2962e853179..50917322da74211a54db69fee05589bdddaebd33 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -435,6 +435,7 @@ option_strings = { 'proxy_fast_alias' : _('Whether to look up canonical group name from cache if possible'), # [provider/proxy/auth] + 'proxy_max_children' : _('The number of preforked proxy children.'), 'proxy_pam_target' : _('PAM stack to use') } diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index df10538dee4a547a1b1af62a4cfe37b89e236b18..1b3c840199d64fe1a9088147c9c5c836216b25eb 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -323,6 +323,7 @@ option = base_directory option = proxy_lib_name option = proxy_fast_alias option = proxy_pam_target +option = proxy_max_children # simple access provider specific options option = simple_allow_users diff --git a/src/config/etc/sssd.api.d/sssd-proxy.conf b/src/config/etc/sssd.api.d/sssd-proxy.conf index 89a6503f9b84b7eab5fb3b0dd591dea905b43adb..96e2d4a8d101ff2f7769aaaf5f80af882bcd9b4d 100644 --- a/src/config/etc/sssd.api.d/sssd-proxy.conf +++ b/src/config/etc/sssd.api.d/sssd-proxy.conf @@ -1,11 +1,9 @@ -[provider/proxy] - [provider/proxy/id] proxy_lib_name = str, None, true proxy_fast_alias = bool, None, true [provider/proxy/auth] proxy_pam_target = str, None, true +proxy_max_children = int, None, false [provider/proxy/chpass] - diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index e95a7e7e213e07c15e79185730d481e5afceb69c..bb44cf5f1d566b2b88fe6fbcd51c3973bd45ef8e 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -2497,6 +2497,18 @@ subdomain_inherit = ldap_purge_cache_timeout </listitem> </varlistentry> + <varlistentry> + <term>proxy_max_children (integer)</term> + <listitem> + <para> + The number of preforked proxy children. + </para> + <para> + Default: 10 + </para> + </listitem> + </varlistentry> + </variablelist> </para> diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c index 1edf4fd64e54f4f0df7a78a9e56eb232a1d3e948..b000bde0bbd655b0f73fcc90c7f7910e8a410d35 100644 --- a/src/providers/proxy/proxy_init.c +++ b/src/providers/proxy/proxy_init.c @@ -220,6 +220,7 @@ static errno_t proxy_init_auth_ctx(TALLOC_CTX *mem_ctx, struct proxy_auth_ctx *auth_ctx; errno_t ret; int hret; + int max_children; auth_ctx = talloc_zero(mem_ctx, struct proxy_auth_ctx); if (auth_ctx == NULL) { @@ -241,8 +242,20 @@ static errno_t proxy_init_auth_ctx(TALLOC_CTX *mem_ctx, } /* Set up request hash table */ - /* FIXME: get max_children from configuration file */ - auth_ctx->max_children = 10; + ret = confdb_get_int(be_ctx->cdb, be_ctx->conf_path, + CONFDB_PROXY_MAX_CHILDREN, 10, + &max_children); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to read confdb [%d]: %s\n", + ret, sss_strerror(ret)); + goto done; + } + if (max_children < 1) { + DEBUG(SSSDBG_CRIT_FAILURE, "Option %s must be bigger then 1\n", + CONFDB_PROXY_MAX_CHILDREN); + goto done; + } + auth_ctx->max_children = max_children; hret = hash_create(auth_ctx->max_children * 2, &auth_ctx->request_table, NULL, NULL); -- 2.7.4
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
