diff options
| author | Dave Olson <olson@cumulusnetworks.com> | 2016-11-21 18:14:26 -0800 |
|---|---|---|
| committer | Dave Olson <olson@cumulusnetworks.com> | 2016-11-28 15:16:07 -0800 |
| commit | 50884445bbe311a630c4cc899bd79a39ecf81e3b (patch) | |
| tree | e90b5193e187c5b42e8dcc24350c5214e0b6ad2d | |
| parent | a696b9f5bcdd67185cbd0426afcebff847551b61 (diff) | |
| download | libnss-tacplus-50884445bbe311a630c4cc899bd79a39ecf81e3b.tar.gz libnss-tacplus-50884445bbe311a630c4cc899bd79a39ecf81e3b.zip | |
Allow timeout parameter to be set
Ticket: CM-13688
Reviewed By: nobody
Testing Done: installed, verify shorter timeouts
I hadn't implemented timeout for any of the new packages I created.
This implements it (and sets timeout=10 in /etc/tacplus_servers)
For libnss, we want a shorter timeout, so set it to 5, following
the include of tacplus_servers.
| -rw-r--r-- | nss_tacplus.c | 7 | ||||
| -rw-r--r-- | tacplus_nss.conf | 10 |
2 files changed, 17 insertions, 0 deletions
diff --git a/nss_tacplus.c b/nss_tacplus.c index 0119343..cdc2c47 100644 --- a/nss_tacplus.c +++ b/nss_tacplus.c @@ -103,6 +103,13 @@ static int nss_tacplus_config(int *errnop, const char *cfile, int top) } else if(!strncmp(lbuf, "debug=", 6)) debug = strtoul(lbuf+6, NULL, 0); + else if (!strncmp (lbuf, "timeout=", 8)) { + tac_timeout = (int)strtoul(lbuf+8, NULL, 0); + if (tac_timeout < 0) /* explict neg values disable poll() use */ + tac_timeout = 0; + else /* poll() only used if timeout is explictly set */ + tac_readtimeout_enable = 1; + } /* * This next group is here to prevent a warning in the * final "else" case. We don't need them, but if there diff --git a/tacplus_nss.conf b/tacplus_nss.conf index f5c5f33..50d639b 100644 --- a/tacplus_nss.conf +++ b/tacplus_nss.conf @@ -39,6 +39,16 @@ exclude_users=root,cumulus,quagga,ntp # including the IP address and shared secret include=/etc/tacplus_servers +# The connection timeout for an NSS library should be short, since it is +# invoked for many programs and daemons, and a failure is usually not +# catastrophic. Not set or set to a negative value disables use of poll(). +# This follows the include of tacplus_servers, so it can override any +# timeout value set in that file. +# It's important to have this set in this file, even if the same value +# as in tacplus_servers, since tacplus_servers should not be readable +# by users other than root. +timeout=5 + # The server IP address can be optionally followed by a ':' and a port # number (server=1.1.1.1:49). #secret=SECRET1 |