From 2f21344ef45ffa9327346037da0c65731734d747 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Fri, 18 Feb 2011 09:33:42 -0500 Subject: Perform initgroups lookups for all domains Previously, we were setting the client context PAM lookup timeout after the first domain replied. However, if the user wasn't a member of the first domain, their information wasn't being updated. This patch ensures that we only set this timeout after the user has been found or all domains were searched. --- src/responder/pam/pamsrv_cmd.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'src/responder') diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 79993d33..8035a687 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -952,10 +952,12 @@ static void pam_check_user_dp_callback(uint16_t err_maj, uint32_t err_min, (unsigned int)err_maj, (unsigned int)err_min, err_msg)); } - /* Make sure we don't go to the ID provider too often */ - preq->cctx->pam_timeout = time(NULL) + pctx->id_timeout; - ret = pam_check_user_search(preq); + if (ret == EOK || ret == ENOENT) { + /* Make sure we don't go to the ID provider too often */ + preq->cctx->pam_timeout = time(NULL) + pctx->id_timeout; + } + if (ret == EOK) { pam_dom_forwarder(preq); } -- cgit