From 4ef3fd7c5d0defbc1e2fca745853f0d292201f28 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Fri, 18 Feb 2011 09:33:42 -0500 Subject: [PATCH 5/6] Perform initgroups lookups for all domains Previously, we were setting the client context PAM lookup timeout after the first domain replied. However, if the user wasn't a member of the first domain, their information wasn't being updated. This patch ensures that we only set this timeout after the user has been found or all domains were searched. --- src/responder/pam/pamsrv_cmd.c | 8 +++++--- 1 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 79993d3366073c75f1873ee8176eb4a70f2a383d..8035a687846fa6f4305fe129d1ec87d3291a7fc8 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -952,10 +952,12 @@ static void pam_check_user_dp_callback(uint16_t err_maj, uint32_t err_min, (unsigned int)err_maj, (unsigned int)err_min, err_msg)); } - /* Make sure we don't go to the ID provider too often */ - preq->cctx->pam_timeout = time(NULL) + pctx->id_timeout; - ret = pam_check_user_search(preq); + if (ret == EOK || ret == ENOENT) { + /* Make sure we don't go to the ID provider too often */ + preq->cctx->pam_timeout = time(NULL) + pctx->id_timeout; + } + if (ret == EOK) { pam_dom_forwarder(preq); } -- 1.7.4