From 0928744efa9901e2bc8ec2326a89d944472c8a03 Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Thu, 7 Mar 2024 07:29:52 +0800 Subject: [PATCH] [TACACS] Improve nss-tacplus TACACS connect timeout (#17460) Improve nss-tacplus TACACS connect timeout #### Why I did it TACACS login usually config multiple server, when a high priority server not reachable or high lantency, remote user login will slowly, also run SUDO command will slowly. To improve this issue, enable read timeout in nss-tacplus. ### How I did it Enable read timeout in nss-tacplus. #### How to verify it Pass all UT. ### Description for the changelog Improve nss-tacplus TACACS connect timeout. --- .../nss/patch/0001-Modify-user-map-profile.patch | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/tacacs/nss/patch/0001-Modify-user-map-profile.patch b/src/tacacs/nss/patch/0001-Modify-user-map-profile.patch index b1ca5f8e27..05d1c3906b 100644 --- a/src/tacacs/nss/patch/0001-Modify-user-map-profile.patch +++ b/src/tacacs/nss/patch/0001-Modify-user-map-profile.patch @@ -180,7 +180,7 @@ index 79e62b9..ecfa0b0 100644 /* * pwbuf is used to reduce number of arguments passed around; the strings in -@@ -63,255 +59,239 @@ struct pwbuf { +@@ -63,255 +59,245 @@ struct pwbuf { typedef struct { struct addrinfo *addr; char *key; @@ -445,9 +445,15 @@ index 79e62b9..ecfa0b0 100644 + tac_srv[tac_srv_no].key = strdup(token + 7); + } + else if(!strncmp(token, "timeout=", 8)) { -+ tac_srv[tac_srv_no].timeout = (int)strtoul(token + 8, NULL, 0); -+ if(tac_srv[tac_srv_no].timeout < 0) -+ tac_srv[tac_srv_no].timeout = 0; ++ int timeout = (int)strtoul(token + 8, NULL, 0); ++ if(timeout < 0) { ++ tac_srv[tac_srv_no].timeout = 0; ++ tac_readtimeout_enable = 0; ++ } ++ else { ++ tac_srv[tac_srv_no].timeout = timeout; ++ tac_readtimeout_enable = 1; ++ } + /* Limit timeout to make sure upper application not wait + * for a long time*/ + if(tac_srv[tac_srv_no].timeout > 5)