summaryrefslogtreecommitdiffstats
path: root/src/responder/pam
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2011-02-18 09:33:42 -0500
committerStephen Gallagher <sgallagh@redhat.com>2011-02-21 07:50:20 -0500
commit2f21344ef45ffa9327346037da0c65731734d747 (patch)
tree9fb05473b3234478e704aca869dd9351d2a6c9ca /src/responder/pam
parentcc0f97794926a426ee82df343dc223c9648ed064 (diff)
downloadsssd-2f21344ef45ffa9327346037da0c65731734d747.tar.gz
sssd-2f21344ef45ffa9327346037da0c65731734d747.tar.xz
sssd-2f21344ef45ffa9327346037da0c65731734d747.zip
Perform initgroups lookups for all domains
Previously, we were setting the client context PAM lookup timeout after the first domain replied. However, if the user wasn't a member of the first domain, their information wasn't being updated. This patch ensures that we only set this timeout after the user has been found or all domains were searched.
Diffstat (limited to 'src/responder/pam')
-rw-r--r--src/responder/pam/pamsrv_cmd.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 79993d336..8035a6878 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -952,10 +952,12 @@ static void pam_check_user_dp_callback(uint16_t err_maj, uint32_t err_min,
(unsigned int)err_maj, (unsigned int)err_min, err_msg));
}
- /* Make sure we don't go to the ID provider too often */
- preq->cctx->pam_timeout = time(NULL) + pctx->id_timeout;
-
ret = pam_check_user_search(preq);
+ if (ret == EOK || ret == ENOENT) {
+ /* Make sure we don't go to the ID provider too often */
+ preq->cctx->pam_timeout = time(NULL) + pctx->id_timeout;
+ }
+
if (ret == EOK) {
pam_dom_forwarder(preq);
}