From de3f8b862f4920c2804529698db86f3057fd3c8a Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Thu, 17 Jun 2010 10:47:06 -0400 Subject: Ensure that all domains are checked for users/groups There was a bug in the negative cache checks (probably a leftover from when filter_users was global-only) that meant that if a user was filtered out of a domain, the remaining domains would not be checked for that user. (Same for groups/initgroups) --- src/responder/nss/nsssrv_cmd.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index eb2a1644a..25e914bb2 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -534,7 +534,11 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx) /* if neg cached, return we didn't find it */ if (ret == EEXIST) { DEBUG(2, ("User [%s] does not exist! (negative cache)\n", name)); - return ENOENT; + /* if a multidomain search, try with next */ + if (cmdctx->check_next) { + dom = dom->next; + continue; + } } DEBUG(4, ("Requesting info for [%s@%s]\n", name, dom->name)); @@ -1604,7 +1608,11 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx) /* if neg cached, return we didn't find it */ if (ret == EEXIST) { DEBUG(2, ("Group [%s] does not exist! (negative cache)\n", name)); - return ENOENT; + /* if a multidomain search, try with next */ + if (cmdctx->check_next) { + dom = dom->next; + continue; + } } DEBUG(4, ("Requesting info for [%s@%s]\n", name, dom->name)); @@ -2449,7 +2457,11 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx) /* if neg cached, return we didn't find it */ if (ret == EEXIST) { DEBUG(2, ("User [%s] does not exist! (negative cache)\n", name)); - return ENOENT; + /* if a multidomain search, try with next */ + if (cmdctx->check_next) { + dom = dom->next; + continue; + } } DEBUG(4, ("Requesting info for [%s@%s]\n", name, dom->name)); -- cgit