diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-08-15 18:05:29 +0200 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-08-15 19:42:40 +0200 |
commit | 3fcd76237d1c621e6bb876c4c33706e0db2056e2 (patch) | |
tree | ebe7fcc8e4df2456089f8318c7348f38cd925ca2 /source4/dsdb/common | |
parent | 2dbff00b6dd3affc95c717296d52343daf49361b (diff) | |
download | samba-3fcd76237d1c621e6bb876c4c33706e0db2056e2.tar.gz samba-3fcd76237d1c621e6bb876c4c33706e0db2056e2.tar.bz2 samba-3fcd76237d1c621e6bb876c4c33706e0db2056e2.zip |
s4:samdb_set_password - implement the extended LDAP error code detection
Diffstat (limited to 'source4/dsdb/common')
-rw-r--r-- | source4/dsdb/common/util.c | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index be8e3a9d11..3ce0b2c050 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -2021,7 +2021,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_request *req; struct dsdb_control_password_change_status *pwd_stat = NULL; int ret; - NTSTATUS status; + NTSTATUS status = NT_STATUS_OK; #define CHECK_RET(x) \ if (x != LDB_SUCCESS) { \ @@ -2141,18 +2141,26 @@ NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, talloc_free(pwd_stat); } - /* TODO: Error results taken from "password_hash" module. Are they - correct? */ - if (ret == LDB_ERR_UNWILLING_TO_PERFORM) { - status = NT_STATUS_WRONG_PASSWORD; - } else if (ret == LDB_ERR_CONSTRAINT_VIOLATION) { - status = NT_STATUS_PASSWORD_RESTRICTION; + if (ret == LDB_ERR_CONSTRAINT_VIOLATION) { + const char *errmsg = ldb_errstring(ldb); + char *endptr = NULL; + WERROR werr = WERR_GENERAL_FAILURE; + status = NT_STATUS_UNSUCCESSFUL; + if (errmsg != NULL) { + werr = W_ERROR(strtol(errmsg, &endptr, 16)); + } + if (endptr != errmsg) { + if (W_ERROR_EQUAL(werr, WERR_INVALID_PASSWORD)) { + status = NT_STATUS_WRONG_PASSWORD; + } + if (W_ERROR_EQUAL(werr, WERR_PASSWORD_RESTRICTION)) { + status = NT_STATUS_PASSWORD_RESTRICTION; } + } } else if (ret == LDB_ERR_NO_SUCH_OBJECT) { + /* don't let the caller know if an account doesn't exist */ status = NT_STATUS_WRONG_PASSWORD; } else if (ret != LDB_SUCCESS) { status = NT_STATUS_UNSUCCESSFUL; - } else { - status = NT_STATUS_OK; } return status; |