diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2011-02-18 09:33:42 -0500 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-02-21 07:50:20 -0500 |
commit | 2f21344ef45ffa9327346037da0c65731734d747 (patch) | |
tree | 9fb05473b3234478e704aca869dd9351d2a6c9ca /src/responder/pam | |
parent | cc0f97794926a426ee82df343dc223c9648ed064 (diff) | |
download | sssd-2f21344ef45ffa9327346037da0c65731734d747.tar.gz sssd-2f21344ef45ffa9327346037da0c65731734d747.tar.xz sssd-2f21344ef45ffa9327346037da0c65731734d747.zip |
Perform initgroups lookups for all domains
Previously, we were setting the client context PAM lookup timeout
after the first domain replied. However, if the user wasn't a
member of the first domain, their information wasn't being
updated.
This patch ensures that we only set this timeout after the user
has been found or all domains were searched.
Diffstat (limited to 'src/responder/pam')
-rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 79993d336..8035a6878 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -952,10 +952,12 @@ static void pam_check_user_dp_callback(uint16_t err_maj, uint32_t err_min, (unsigned int)err_maj, (unsigned int)err_min, err_msg)); } - /* Make sure we don't go to the ID provider too often */ - preq->cctx->pam_timeout = time(NULL) + pctx->id_timeout; - ret = pam_check_user_search(preq); + if (ret == EOK || ret == ENOENT) { + /* Make sure we don't go to the ID provider too often */ + preq->cctx->pam_timeout = time(NULL) + pctx->id_timeout; + } + if (ret == EOK) { pam_dom_forwarder(preq); } |