* sec_auth.cc (get_server_groups): Call get_user_local_groups only if

	get_logon_server succeeded.

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 2975beef5b92621055cba340f5db2a75e262cc8d..431aba3c99e43de11b0edfdd68fbc07d8ddaebb3 100644 (file)
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,8 @@
+2014-05-22  Corinna Vinschen  <corinna@vinschen.de>
+
+       * sec_auth.cc (get_server_groups): Call get_user_local_groups only if
+       get_logon_server succeeded.
+
 2014-05-22  Corinna Vinschen  <corinna@vinschen.de>
 
        * ldap.cc (cyg_ldap::fetch_ad_account): Take additional domain string

diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc
index ac116ea225e5337cee791fb10d62f7be88f1f615..3615588ef2ee0cad74eac67d3235c8839446fbe2 100644 (file)
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@@ -467,12 +467,15 @@ get_server_groups (cygsidlist &grp_list, PSID usersid, struct passwd *pw)
       return false;
     }
   /* If the SID does NOT start with S-1-5-21, the domain is some builtin
-     domain.  The search for a logon server is moot. */
+     domain.  The search for a logon server and fetching group accounts
+     is moot. */
   if (sid_id_auth (usersid) == 5 /* SECURITY_NT_AUTHORITY */
       && sid_sub_auth (usersid, 0) == SECURITY_NT_NON_UNIQUE
       && get_logon_server (domain, server, DS_IS_FLAT_NAME))
-    get_user_groups (server, grp_list, user, domain);
-  get_user_local_groups (server, domain, grp_list, user);
+    {
+      get_user_groups (server, grp_list, user, domain);
+      get_user_local_groups (server, domain, grp_list, user);
+    }
   return true;
 }