Add missing KADM5_AUTH_GET_KEYS error and use it.

2011-07-19 14:01:56 -05:00
parent ed511e06f9
commit 87742e8118
2 changed files with 2 additions and 1 deletions
--- a/lib/kadm5/acl.c
+++ b/lib/kadm5/acl.c
@@ -179,7 +179,7 @@ check_flags (unsigned op,
    if(res & KADM5_PRIV_GET)
 	return KADM5_AUTH_GET;
    if(res & KADM5_PRIV_GET_KEYS)
-	return KADM5_AUTH_GET;
+	return KADM5_AUTH_GET_KEYS;
    if(res & KADM5_PRIV_ADD)
 	return KADM5_AUTH_ADD;
    if(res & KADM5_PRIV_MODIFY)
--- a/lib/kadm5/kadm5_err.et
+++ b/lib/kadm5/kadm5_err.et
@@ -62,3 +62,4 @@ error_code SETKEY3_ETYPE_MISMATCH,	"Key/salt tuples don't match keys"
 error_code DECRYPT_USAGE_NOSUPP,	"Given usage of kadm5_decrypt() not supported"
 error_code POLICY_OP_NOSUPP,	"Policy operations not supported"
 error_code KEEPOLD_NOSUPP,	"Keep old keys option not supported"
+error_code AUTH_GET_KEYS,	"Operation requires `get-keys' privilege"