40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
From 4ef3fd7c5d0defbc1e2fca745853f0d292201f28 Mon Sep 17 00:00:00 2001
|
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
|
Date: Fri, 18 Feb 2011 09:33:42 -0500
|
|
Subject: [PATCH 5/6] Perform initgroups lookups for all domains
|
|
|
|
Previously, we were setting the client context PAM lookup timeout
|
|
after the first domain replied. However, if the user wasn't a
|
|
member of the first domain, their information wasn't being
|
|
updated.
|
|
|
|
This patch ensures that we only set this timeout after the user
|
|
has been found or all domains were searched.
|
|
---
|
|
src/responder/pam/pamsrv_cmd.c | 8 +++++---
|
|
1 files changed, 5 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
|
|
index 79993d3366073c75f1873ee8176eb4a70f2a383d..8035a687846fa6f4305fe129d1ec87d3291a7fc8 100644
|
|
--- a/src/responder/pam/pamsrv_cmd.c
|
|
+++ b/src/responder/pam/pamsrv_cmd.c
|
|
@@ -952,10 +952,12 @@ static void pam_check_user_dp_callback(uint16_t err_maj, uint32_t err_min,
|
|
(unsigned int)err_maj, (unsigned int)err_min, err_msg));
|
|
}
|
|
|
|
- /* Make sure we don't go to the ID provider too often */
|
|
- preq->cctx->pam_timeout = time(NULL) + pctx->id_timeout;
|
|
-
|
|
ret = pam_check_user_search(preq);
|
|
+ if (ret == EOK || ret == ENOENT) {
|
|
+ /* Make sure we don't go to the ID provider too often */
|
|
+ preq->cctx->pam_timeout = time(NULL) + pctx->id_timeout;
|
|
+ }
|
|
+
|
|
if (ret == EOK) {
|
|
pam_dom_forwarder(preq);
|
|
}
|
|
--
|
|
1.7.4
|
|
|