From 8eb022f5a34e86b091c62fb0c9b30834021f1e23 Mon Sep 17 00:00:00 2001

From: Sumit Bose <sbose@redhat.com>

Date: Fri, 5 Dec 2014 11:03:48 +0100

Subject: [PATCH 162/167] IPA: make version check more precise

The call protected by the check does not only expect the version 1 of

the extdom plugin is used but a specific response type as well. Since

version 1 can return older response types as well we want to be on the

safe side.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

(cherry picked from commit 2fc12875f7d51248799016c19c1298b85e06a286)

---

 src/providers/ipa/ipa_s2n_exop.c | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c

index 1d9a79a383e47fcdd37f30a24327ae76facea5b9..b02387a827b7da27d944db8f7fa326f153e12715 100644

--- a/src/providers/ipa/ipa_s2n_exop.c

+++ b/src/providers/ipa/ipa_s2n_exop.c

@@ -759,7 +759,7 @@ static errno_t s2n_response_to_attrs(TALLOC_CTX *mem_ctx,

             attrs->a.user.pw_uid = uid;

             attrs->a.user.pw_gid = gid;

-            if (is_v1) {

+            if (is_v1 && type == RESP_USER_GROUPLIST) {

                 ret = add_v1_user_data(ber, attrs);

                 if (ret != EOK) {

                     DEBUG(SSSDBG_OP_FAILURE, "add_v1_user_data failed.\n");

@@ -798,7 +798,7 @@ static errno_t s2n_response_to_attrs(TALLOC_CTX *mem_ctx,

             attrs->a.group.gr_gid = gid;

-            if (is_v1) {

+            if (is_v1 && type == RESP_GROUP_MEMBERS) {

                 ret = add_v1_group_data(ber, attrs);

                 if (ret != EOK) {

                     DEBUG(SSSDBG_OP_FAILURE, "add_v1_group_data failed.\n");

-- 

2.1.0