[PATCH] Added configurable timeout to rlm_exec.

Philipp Hug philipp at hug.cx
Mon Sep 24 11:32:57 CEST 2012


Hi Alan,

1) you seem to be adding this exec patch to other places where external
> execution of code takes place - eg verification of the EAP cert - was that
> intentional?
>
> Yes, this is intended. I had to change radius_exec_program function which
is used in various places.
The verification of the EAP cert is executed with the default timeout (10s)
which is exactly the same behavior as before.
-                   (radius_exec_program(conf->make_cert_command, NULL, 1,
+                   (radius_exec_program(conf->make_cert_command, NULL, 1,
RADIUS_EXEC_DEFAULT_TIMEOUT,



> 2)  it appears that you are choosing to set the value to '0' when running
> some commands in debug mode - surely not the intention  (or my misreading
> of those few lines)....
>

The timeout value is ignored if exec_wait is set to zero.


>
> I agree that the timeout should be configurable.... perhaps, in an ideal
> world
> you could have a minimum and maximum. server starts with minimum value...if
> the reply doesnt happen quick enough and theres a failure, it could log
> the error
> and then incremement the value by one second...up until it reaches the
> ceiling value.
> errors messages would then alert admin to the issue and hopefully external
> systems
> fixed before the 'hard' error boundary reached (which is all we have right
> now..a hard
> boundary)
>
> I think it would be easier to have a timeout_warn and timeout_hard value
instead of dynamically changing it.
But for now, I'd prefer to just have one timeout value.

Philipp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20120924/6567527c/attachment.html>


More information about the Freeradius-Devel mailing list