diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2010-06-17 10:47:06 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-06-17 15:40:12 -0400 |
| commit | de3f8b862f4920c2804529698db86f3057fd3c8a (patch) | |
| tree | 957cc4a32714bf80c15ec6687957b340600461dc | |
| parent | c892981d8272a02c44900d4c7b081da0bff6e4b3 (diff) | |
| download | sssd-de3f8b862f4920c2804529698db86f3057fd3c8a.tar.gz sssd-de3f8b862f4920c2804529698db86f3057fd3c8a.tar.xz sssd-de3f8b862f4920c2804529698db86f3057fd3c8a.zip | |
Ensure that all domains are checked for users/groups
There was a bug in the negative cache checks (probably a leftover
from when filter_users was global-only) that meant that if a user
was filtered out of a domain, the remaining domains would not be
checked for that user. (Same for groups/initgroups)
| -rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index eb2a1644a..25e914bb2 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -534,7 +534,11 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx) /* if neg cached, return we didn't find it */ if (ret == EEXIST) { DEBUG(2, ("User [%s] does not exist! (negative cache)\n", name)); - return ENOENT; + /* if a multidomain search, try with next */ + if (cmdctx->check_next) { + dom = dom->next; + continue; + } } DEBUG(4, ("Requesting info for [%s@%s]\n", name, dom->name)); @@ -1604,7 +1608,11 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx) /* if neg cached, return we didn't find it */ if (ret == EEXIST) { DEBUG(2, ("Group [%s] does not exist! (negative cache)\n", name)); - return ENOENT; + /* if a multidomain search, try with next */ + if (cmdctx->check_next) { + dom = dom->next; + continue; + } } DEBUG(4, ("Requesting info for [%s@%s]\n", name, dom->name)); @@ -2449,7 +2457,11 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx) /* if neg cached, return we didn't find it */ if (ret == EEXIST) { DEBUG(2, ("User [%s] does not exist! (negative cache)\n", name)); - return ENOENT; + /* if a multidomain search, try with next */ + if (cmdctx->check_next) { + dom = dom->next; + continue; + } } DEBUG(4, ("Requesting info for [%s@%s]\n", name, dom->name)); |