fix: Add timeout when connecting to authd socket in PAM (#260)

This call could hang forever if the file was present but not ready yet, so we should add a timeout instead to prevent deadlocks. UDENG-2508
ubuntu · Mar 19, 2024 · fa7e748 · fa7e748
2 parents 860faa3 + defd072
commit fa7e748
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 4 deletions.
diff --git a/nss/src/lib.rs b/nss/src/lib.rs
@@ -22,7 +22,7 @@ mod logs;
 
 mod client;
 
-const REQUEST_TIMEOUT: Duration = Duration::from_secs(10);
+const REQUEST_TIMEOUT: Duration = Duration::from_secs(5);
 
 /// socket_path returns the socket path to connect to the gRPC server.
 ///

diff --git a/pam/pam.go b/pam/pam.go
@@ -354,12 +354,20 @@ func (h *pamModule) AcctMgmt(mTx pam.ModuleTransaction, flags pam.Flags, args []
 
 // newClient returns a new GRPC client ready to emit requests.
 func newClient(args map[string]string) (client authd.PAMClient, close func(), err error) {
-	conn, err := grpc.Dial("unix://"+getSocketPath(args), grpc.WithTransportCredentials(insecure.NewCredentials()))
+	dialCtx, dialCancel := context.WithTimeout(context.TODO(), time.Second*5)
+	defer dialCancel()
+	conn, err := grpc.DialContext(
+		dialCtx,
+		"unix://"+getSocketPath(args),
+		grpc.WithTransportCredentials(insecure.NewCredentials()),
+		grpc.WithBlock(),
+	)
 	if err != nil {
 		return nil, nil, fmt.Errorf("could not connect to authd: %v", err)
 	}
-	waitCtx, cancel := context.WithTimeout(context.TODO(), time.Second*5)
-	defer cancel()
+
+	waitCtx, waitCancel := context.WithTimeout(context.TODO(), time.Second*5)
+	defer waitCancel()
 	for conn.GetState() != connectivity.Ready {
 		if !conn.WaitForStateChange(waitCtx, conn.GetState()) {
 			conn.Close()