summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2011-02-18 09:33:42 -0500
committerStephen Gallagher <sgallagh@redhat.com>2011-02-21 10:11:26 -0500
commit29bdf3e4dc5f77970e40b1089c378c998fcb88f4 (patch)
treeb078b3a38696c51688b198cdc716253adf88c97e
parentd5fd77b35a64976fe5ac987de0017789402e6d66 (diff)
downloadsssd-29bdf3e4dc5f77970e40b1089c378c998fcb88f4.tar.gz
sssd-29bdf3e4dc5f77970e40b1089c378c998fcb88f4.tar.xz
sssd-29bdf3e4dc5f77970e40b1089c378c998fcb88f4.zip
Perform initgroups lookups for all domains
Previously, we were setting the client context PAM lookup timeout after the first domain replied. However, if the user wasn't a member of the first domain, their information wasn't being updated. This patch ensures that we only set this timeout after the user has been found or all domains were searched.
-rw-r--r--src/responder/pam/pamsrv_cmd.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 79993d336..8035a6878 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -952,10 +952,12 @@ static void pam_check_user_dp_callback(uint16_t err_maj, uint32_t err_min,
(unsigned int)err_maj, (unsigned int)err_min, err_msg));
}
- /* Make sure we don't go to the ID provider too often */
- preq->cctx->pam_timeout = time(NULL) + pctx->id_timeout;
-
ret = pam_check_user_search(preq);
+ if (ret == EOK || ret == ENOENT) {
+ /* Make sure we don't go to the ID provider too often */
+ preq->cctx->pam_timeout = time(NULL) + pctx->id_timeout;
+ }
+
if (ret == EOK) {
pam_dom_forwarder(preq);
}