* sec_auth.cc (get_server_groups): Call get_user_local_groups only if

	get_logon_server succeeded.

2 files changed, 11 insertions, 3 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 2975beef5..431aba3c9 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,10 @@
 2014-05-22  Corinna Vinschen  <corinna@vinschen.de>
 
+	* sec_auth.cc (get_server_groups): Call get_user_local_groups only if
+	get_logon_server succeeded.
+
+2014-05-22  Corinna Vinschen  <corinna@vinschen.de>
+
 	* ldap.cc (cyg_ldap::fetch_ad_account): Take additional domain string
 	parameter.  Convert into likely rootDSE string if not NULL, and use in
 	subsequent call to ldap_search_stW.  Add comment to explain that this
diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc
index ac116ea22..3615588ef 100644
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@@ -467,12 +467,15 @@ get_server_groups (cygsidlist &grp_list, PSID usersid, struct passwd *pw)
       return false;
     }
   /* If the SID does NOT start with S-1-5-21, the domain is some builtin
-     domain.  The search for a logon server is moot. */
+     domain.  The search for a logon server and fetching group accounts
+     is moot. */
   if (sid_id_auth (usersid) == 5 /* SECURITY_NT_AUTHORITY */
       && sid_sub_auth (usersid, 0) == SECURITY_NT_NON_UNIQUE
       && get_logon_server (domain, server, DS_IS_FLAT_NAME))
-    get_user_groups (server, grp_list, user, domain);
-  get_user_local_groups (server, domain, grp_list, user);
+    {
+      get_user_groups (server, grp_list, user, domain);
+      get_user_local_groups (server, domain, grp_list, user);
+    }
   return true;
 }