From 210bc14aac190bbb043272821aeb3342c995a4f6 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 25 Jul 2014 17:55:33 +0200
Subject: AD: Check return value of ad_gpo_evaluate_dacl

Reviewed-by: Pavel Reichl <preichl@redhat.com>
---
 src/providers/ad/ad_gpo.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
index e33ea72e9..7c05afa39 100644
--- a/src/providers/ad/ad_gpo.c
+++ b/src/providers/ad/ad_gpo.c
@@ -559,8 +559,13 @@ ad_gpo_filter_gpos_by_dacl(TALLOC_CTX *mem_ctx,
             break;
         }
 
-        ad_gpo_evaluate_dacl(dacl, idmap_ctx, user_sid, group_sids,
-                             group_size, &access_allowed);
+        ret = ad_gpo_evaluate_dacl(dacl, idmap_ctx, user_sid, group_sids,
+                                   group_size, &access_allowed);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_MINOR_FAILURE, "Could not determine if GPO is applicable\n");
+            continue;
+        }
+
         if (access_allowed) {
             DEBUG(SSSDBG_TRACE_ALL,
                   "GPO applicable to target per security filtering\n");
-- 
cgit