diff options
| author | Michal Židek <mzidek@redhat.com> | 2015-08-13 14:03:24 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-08-17 15:10:03 +0200 |
| commit | 9da121c08b785b56733a11fa46e14c708dda62e9 (patch) | |
| tree | 7eb7086c606f796562341bc91787fbf711dc96b9 | |
| parent | 13f30f69eec02d0c0aaccc7b544dee1326a5e9d4 (diff) | |
| download | sssd-9da121c08b785b56733a11fa46e14c708dda62e9.tar.gz sssd-9da121c08b785b56733a11fa46e14c708dda62e9.tar.xz sssd-9da121c08b785b56733a11fa46e14c708dda62e9.zip | |
pam: Incerease p11 child timeout
Ticket:
https://fedorahosted.org/sssd/ticket/2746
It was timeouting often in CI machines.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
| -rw-r--r-- | Makefile.am | 1 | ||||
| -rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 9 |
2 files changed, 8 insertions, 2 deletions
diff --git a/Makefile.am b/Makefile.am index ed107fd5d..7dc4875c9 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1892,6 +1892,7 @@ pam_srv_tests_SOURCES = \ pam_srv_tests_CFLAGS = \ -U SSSD_LIBEXEC_PATH -DSSSD_LIBEXEC_PATH=\"$(abs_builddir)\" \ $(AM_CFLAGS) \ + -DSSS_P11_CHILD_TIMEOUT=30 \ $(NULL) pam_srv_tests_LDFLAGS = \ -Wl,-wrap,sss_packet_get_body \ diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 3b84fb864..aa5c20906 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -43,6 +43,11 @@ enum pam_verbosity { #define DEFAULT_PAM_VERBOSITY PAM_VERBOSITY_IMPORTANT +/* TODO: Should we make this configurable? */ +#ifndef SSS_P11_CHILD_TIMEOUT +#define SSS_P11_CHILD_TIMEOUT 10 +#endif + static errno_t pam_null_last_online_auth_with_curr_token(struct sss_domain_info *domain, const char *username); @@ -1122,7 +1127,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) if (may_do_cert_auth(pctx, pd)) { req = pam_check_cert_send(cctx, cctx->ev, pctx->p11_child_debug_fd, - pctx->nss_db, 10, pd); + pctx->nss_db, SSS_P11_CHILD_TIMEOUT, pd); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, "pam_check_cert_send failed.\n"); ret = ENOMEM; @@ -1338,7 +1343,7 @@ static void pam_forwarder_cb(struct tevent_req *req) if (may_do_cert_auth(pctx, pd)) { req = pam_check_cert_send(cctx, cctx->ev, pctx->p11_child_debug_fd, - pctx->nss_db, 10, pd); + pctx->nss_db, SSS_P11_CHILD_TIMEOUT, pd); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, "pam_check_cert_send failed.\n"); ret = ENOMEM; |