IPA: set SYSDB_INITGR_EXPIRE for RESP_USER_GROUPLIST

Since RESP_USER_GROUPLIST contains all group memberships it is
effectively an initgroups request hence SYSDB_INITGR_EXPIRE will be set.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 62d919aea98edd1095f6a22241903d4c045b46ed)

1 files changed, 14 insertions, 0 deletions

diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
index 0aa12f371..e7c2d9bb9 100644
--- a/src/providers/ipa/ipa_s2n_exop.c
+++ b/src/providers/ipa/ipa_s2n_exop.c
@@ -1911,6 +1911,20 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
                 }
             }
 
+            if (attrs->response_type == RESP_USER_GROUPLIST) {
+                /* Since RESP_USER_GROUPLIST contains all group memberships it
+                 * is effectively an initgroups request hence
+                 * SYSDB_INITGR_EXPIRE will be set.*/
+                ret = sysdb_attrs_add_time_t(attrs->sysdb_attrs,
+                                             SYSDB_INITGR_EXPIRE,
+                                             time(NULL) + timeout);
+                if (ret != EOK) {
+                    DEBUG(SSSDBG_OP_FAILURE,
+                          "sysdb_attrs_add_time_t failed.\n");
+                    goto done;
+                }
+            }
+
             gid = 0;
             if (dom->mpg == false) {
                 gid = attrs->a.user.pw_gid;