On Mon, Sep 07, 2015 at 03:38:32PM +0200, Michal Židek wrote:
Hi,
patch for ticket
https://fedorahosted.org/sssd/ticket/2773
is attached.
Michal
From 96215f618f61b8b2b303f0398a41af94292ccf57 Mon Sep 17 00:00:00
2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek(a)redhat.com>
Date: Mon, 7 Sep 2015 15:19:53 +0200
Subject: [PATCH] PAM: Make p11_child timeout configurable
Ticket:
https://fedorahosted.org/sssd/ticket/2773
---
Makefile.am | 2 +-
src/confdb/confdb.h | 1 +
src/config/SSSDConfig/__init__.py.in | 1 +
src/man/sssd.conf.5.xml | 12 ++++++++++++
src/responder/pam/pamsrv_cmd.c | 35 ++++++++++++++++++++++++++++++-----
5 files changed, 45 insertions(+), 6 deletions(-)
Please also add the new parameter to src/config/etc/sssd.api.conf.
One style-question inline (but really, more of a question..)
static errno_t
@@ -1126,8 +1125,21 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
}
if (may_do_cert_auth(pctx, pd)) {
+ int p11_child_timeout;
I wonder if the block starts getting so big that it makes sense to add
variables to its scope..isn't it better to just split the block into tis
own function?
Especially if the block is unit-tested?
+
+ ret = confdb_get_int(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY,
+ CONFDB_PAM_P11_CHILD_TIMEOUT,
+ SSS_P11_CHILD_TIMEOUT_DEFAULT,
+ &p11_child_timeout);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to read p11_child_timeout from confdb: [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto done;
+ }
+
req = pam_check_cert_send(cctx, cctx->ev, pctx->p11_child_debug_fd,
- pctx->nss_db, SSS_P11_CHILD_TIMEOUT, pd);
+ pctx->nss_db, p11_child_timeout, pd);
if (req == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "pam_check_cert_send failed.\n");
ret = ENOMEM;