diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2011-02-18 09:33:42 -0500 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-02-21 10:11:26 -0500 |
commit | 29bdf3e4dc5f77970e40b1089c378c998fcb88f4 (patch) | |
tree | b078b3a38696c51688b198cdc716253adf88c97e | |
parent | d5fd77b35a64976fe5ac987de0017789402e6d66 (diff) | |
download | sssd-29bdf3e4dc5f77970e40b1089c378c998fcb88f4.tar.gz sssd-29bdf3e4dc5f77970e40b1089c378c998fcb88f4.tar.xz sssd-29bdf3e4dc5f77970e40b1089c378c998fcb88f4.zip |
Perform initgroups lookups for all domains
Previously, we were setting the client context PAM lookup timeout
after the first domain replied. However, if the user wasn't a
member of the first domain, their information wasn't being
updated.
This patch ensures that we only set this timeout after the user
has been found or all domains were searched.
-rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 79993d336..8035a6878 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -952,10 +952,12 @@ static void pam_check_user_dp_callback(uint16_t err_maj, uint32_t err_min, (unsigned int)err_maj, (unsigned int)err_min, err_msg)); } - /* Make sure we don't go to the ID provider too often */ - preq->cctx->pam_timeout = time(NULL) + pctx->id_timeout; - ret = pam_check_user_search(preq); + if (ret == EOK || ret == ENOENT) { + /* Make sure we don't go to the ID provider too often */ + preq->cctx->pam_timeout = time(NULL) + pctx->id_timeout; + } + if (ret == EOK) { pam_dom_forwarder(preq); } |