summaryrefslogtreecommitdiffstats
path: root/src/providers
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2014-10-01 20:42:31 -0400
committerJakub Hrozek <jhrozek@redhat.com>2014-10-02 14:13:16 +0200
commit7f4270ee333c1128a87fce6e6a3de64d263733e1 (patch)
tree8c0cb0befa2812457d57742c4004692a75440b29 /src/providers
parent01a9d08ecd35809265d1b3008436130f79d0ba84 (diff)
downloadsssd-7f4270ee333c1128a87fce6e6a3de64d263733e1.tar.gz
sssd-7f4270ee333c1128a87fce6e6a3de64d263733e1.tar.xz
sssd-7f4270ee333c1128a87fce6e6a3de64d263733e1.zip
AD GPO: Fix incorrect return of EACCES
In the access providers, we expect to receive ERR_ACCESS_DENIED when access is denied, but we were returning EACCES here. The effect was the same, except that it presented ultimately as a system error instead of a proper denial. Related: https://fedorahosted.org/sssd/ticket/2437 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/ad/ad_gpo.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
index 4e31a4832..7cb9619ca 100644
--- a/src/providers/ad/ad_gpo.c
+++ b/src/providers/ad/ad_gpo.c
@@ -1123,7 +1123,7 @@ ad_gpo_access_check(TALLOC_CTX *mem_ctx,
} else {
switch (gpo_mode) {
case GPO_ACCESS_CONTROL_ENFORCING:
- return EACCES;
+ return ERR_ACCESS_DENIED;
case GPO_ACCESS_CONTROL_PERMISSIVE:
DEBUG(SSSDBG_TRACE_FUNC, "access denied: permissive mode\n");
sss_log_ext(SSS_LOG_WARNING, LOG_AUTHPRIV, "Warning: user would " \
@@ -1271,7 +1271,7 @@ ad_gpo_access_send(TALLOC_CTX *mem_ctx,
if (gpo_map_type == GPO_MAP_DENY) {
switch (ctx->gpo_access_control_mode) {
case GPO_ACCESS_CONTROL_ENFORCING:
- ret = EACCES;
+ ret = ERR_ACCESS_DENIED;
goto immediately;
case GPO_ACCESS_CONTROL_PERMISSIVE:
DEBUG(SSSDBG_TRACE_FUNC, "access denied: permissive mode\n");