From 9da121c08b785b56733a11fa46e14c708dda62e9 Mon Sep 17 00:00:00 2001 From: Michal Židek Date: Aug 17 2015 13:10:03 +0000 Subject: pam: Incerease p11 child timeout Ticket: https://fedorahosted.org/sssd/ticket/2746 It was timeouting often in CI machines. Reviewed-by: Lukáš Slebodník --- diff --git a/Makefile.am b/Makefile.am index ed107fd..7dc4875 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1892,6 +1892,7 @@ pam_srv_tests_SOURCES = \ pam_srv_tests_CFLAGS = \ -U SSSD_LIBEXEC_PATH -DSSSD_LIBEXEC_PATH=\"$(abs_builddir)\" \ $(AM_CFLAGS) \ + -DSSS_P11_CHILD_TIMEOUT=30 \ $(NULL) pam_srv_tests_LDFLAGS = \ -Wl,-wrap,sss_packet_get_body \ diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 3b84fb8..aa5c209 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -43,6 +43,11 @@ enum pam_verbosity { #define DEFAULT_PAM_VERBOSITY PAM_VERBOSITY_IMPORTANT +/* TODO: Should we make this configurable? */ +#ifndef SSS_P11_CHILD_TIMEOUT +#define SSS_P11_CHILD_TIMEOUT 10 +#endif + static errno_t pam_null_last_online_auth_with_curr_token(struct sss_domain_info *domain, const char *username); @@ -1122,7 +1127,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) if (may_do_cert_auth(pctx, pd)) { req = pam_check_cert_send(cctx, cctx->ev, pctx->p11_child_debug_fd, - pctx->nss_db, 10, pd); + pctx->nss_db, SSS_P11_CHILD_TIMEOUT, pd); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, "pam_check_cert_send failed.\n"); ret = ENOMEM; @@ -1338,7 +1343,7 @@ static void pam_forwarder_cb(struct tevent_req *req) if (may_do_cert_auth(pctx, pd)) { req = pam_check_cert_send(cctx, cctx->ev, pctx->p11_child_debug_fd, - pctx->nss_db, 10, pd); + pctx->nss_db, SSS_P11_CHILD_TIMEOUT, pd); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, "pam_check_cert_send failed.\n"); ret = ENOMEM;