summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichal Židek <mzidek@redhat.com>2015-08-13 14:03:24 +0200
committerJakub Hrozek <jhrozek@redhat.com>2015-08-17 15:10:03 +0200
commit9da121c08b785b56733a11fa46e14c708dda62e9 (patch)
tree7eb7086c606f796562341bc91787fbf711dc96b9
parent13f30f69eec02d0c0aaccc7b544dee1326a5e9d4 (diff)
downloadsssd-9da121c08b785b56733a11fa46e14c708dda62e9.tar.gz
sssd-9da121c08b785b56733a11fa46e14c708dda62e9.tar.xz
sssd-9da121c08b785b56733a11fa46e14c708dda62e9.zip
pam: Incerease p11 child timeout
Ticket: https://fedorahosted.org/sssd/ticket/2746 It was timeouting often in CI machines. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-rw-r--r--Makefile.am1
-rw-r--r--src/responder/pam/pamsrv_cmd.c9
2 files changed, 8 insertions, 2 deletions
diff --git a/Makefile.am b/Makefile.am
index ed107fd5d..7dc4875c9 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1892,6 +1892,7 @@ pam_srv_tests_SOURCES = \
pam_srv_tests_CFLAGS = \
-U SSSD_LIBEXEC_PATH -DSSSD_LIBEXEC_PATH=\"$(abs_builddir)\" \
$(AM_CFLAGS) \
+ -DSSS_P11_CHILD_TIMEOUT=30 \
$(NULL)
pam_srv_tests_LDFLAGS = \
-Wl,-wrap,sss_packet_get_body \
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 3b84fb864..aa5c20906 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -43,6 +43,11 @@ enum pam_verbosity {
#define DEFAULT_PAM_VERBOSITY PAM_VERBOSITY_IMPORTANT
+/* TODO: Should we make this configurable? */
+#ifndef SSS_P11_CHILD_TIMEOUT
+#define SSS_P11_CHILD_TIMEOUT 10
+#endif
+
static errno_t
pam_null_last_online_auth_with_curr_token(struct sss_domain_info *domain,
const char *username);
@@ -1122,7 +1127,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
if (may_do_cert_auth(pctx, pd)) {
req = pam_check_cert_send(cctx, cctx->ev, pctx->p11_child_debug_fd,
- pctx->nss_db, 10, pd);
+ pctx->nss_db, SSS_P11_CHILD_TIMEOUT, pd);
if (req == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "pam_check_cert_send failed.\n");
ret = ENOMEM;
@@ -1338,7 +1343,7 @@ static void pam_forwarder_cb(struct tevent_req *req)
if (may_do_cert_auth(pctx, pd)) {
req = pam_check_cert_send(cctx, cctx->ev, pctx->p11_child_debug_fd,
- pctx->nss_db, 10, pd);
+ pctx->nss_db, SSS_P11_CHILD_TIMEOUT, pd);
if (req == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "pam_check_cert_send failed.\n");
ret = ENOMEM;