From 7942ebf653ca387cffa0b8a2b1404736bc0ae93f Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 5 Dec 2014 11:03:48 +0100 Subject: [PATCH 2/8] IPA: make version check more precise The call protected by the check does not only expect the version 1 of the extdom plugin is used but a specific response type as well. Since version 1 can return older response types as well we want to be on the safe side. --- src/providers/ipa/ipa_s2n_exop.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 1d9a79a383e47fcdd37f30a24327ae76facea5b9..b02387a827b7da27d944db8f7fa326f153e12715 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -759,7 +759,7 @@ static errno_t s2n_response_to_attrs(TALLOC_CTX *mem_ctx, attrs->a.user.pw_uid = uid; attrs->a.user.pw_gid = gid; - if (is_v1) { + if (is_v1 && type == RESP_USER_GROUPLIST) { ret = add_v1_user_data(ber, attrs); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "add_v1_user_data failed.\n"); @@ -798,7 +798,7 @@ static errno_t s2n_response_to_attrs(TALLOC_CTX *mem_ctx, attrs->a.group.gr_gid = gid; - if (is_v1) { + if (is_v1 && type == RESP_GROUP_MEMBERS) { ret = add_v1_group_data(ber, attrs); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "add_v1_group_data failed.\n"); -- 2.1.0