From cb85329bf73f55f6433d3a9194d2b87c631aea4a Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 8 Jan 2014 17:12:17 +0100
Subject: LDAP: Add a new error code for malformed access control filter

https://fedorahosted.org/sssd/ticket/2164

The patch adds a new error code and special cases the new code so that
access is denied and a nicer log message is shown.
---
 src/providers/ldap/sdap_access.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/providers/ldap/sdap_access.c')

diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
index f0df24e7f..29e83eb43 100644
--- a/src/providers/ldap/sdap_access.c
+++ b/src/providers/ldap/sdap_access.c
@@ -855,9 +855,15 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
             }
         } else if (dp_error == DP_ERR_OFFLINE) {
             ret = sdap_access_filter_decide_offline(req);
+        } else if (ret == ERR_INVALID_FILTER) {
+            sss_log(SSS_LOG_ERR,
+                    "Malformed access control filter [%s]\n", state->filter);
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                ("Malformed access control filter [%s]\n", state->filter));
+            ret = ERR_ACCESS_DENIED;
         } else {
             DEBUG(1, ("sdap_get_generic_send() returned error [%d][%s]\n",
-                      ret, strerror(ret)));
+                      ret, sss_strerror(ret)));
         }
 
         goto done;
-- 
cgit