diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2011-02-18 09:33:42 -0500 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-02-21 07:50:20 -0500 |
| commit | 2f21344ef45ffa9327346037da0c65731734d747 (patch) | |
| tree | 9fb05473b3234478e704aca869dd9351d2a6c9ca | |
| parent | cc0f97794926a426ee82df343dc223c9648ed064 (diff) | |
| download | sssd-2f21344ef45ffa9327346037da0c65731734d747.tar.gz sssd-2f21344ef45ffa9327346037da0c65731734d747.tar.bz2 sssd-2f21344ef45ffa9327346037da0c65731734d747.zip | |
Perform initgroups lookups for all domains
Previously, we were setting the client context PAM lookup timeout
after the first domain replied. However, if the user wasn't a
member of the first domain, their information wasn't being
updated.
This patch ensures that we only set this timeout after the user
has been found or all domains were searched.
| -rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 79993d33..8035a687 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -952,10 +952,12 @@ static void pam_check_user_dp_callback(uint16_t err_maj, uint32_t err_min, (unsigned int)err_maj, (unsigned int)err_min, err_msg)); } - /* Make sure we don't go to the ID provider too often */ - preq->cctx->pam_timeout = time(NULL) + pctx->id_timeout; - ret = pam_check_user_search(preq); + if (ret == EOK || ret == ENOENT) { + /* Make sure we don't go to the ID provider too often */ + preq->cctx->pam_timeout = time(NULL) + pctx->id_timeout; + } + if (ret == EOK) { pam_dom_forwarder(preq); } |