1 files changed, 15 insertions, 1 deletions

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index d8ef9176fd..6f24c7fa4c 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -102,7 +102,7 @@ static int add_password_hashes(struct ldb_module *module, struct ldb_message *ms
 	
 	sambaPassword = ldb_msg_find_attr_as_string(msg, "sambaPassword", NULL);
 	if (sambaPassword == NULL) { /* impossible, what happened ?! */
-		return LDB_ERR_OPERATIONS_ERROR;
+		return LDB_ERR_CONSTRAINT_VIOLATION;
 	}
 
 	if (is_mod) {
@@ -634,6 +634,20 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
 		return LDB_ERR_CONSTRAINT_VIOLATION;
 	}
 
+	if (sambaAttr && sambaAttr->num_values == 0) {
+		ldb_set_errstring(module->ldb, "sambaPassword must have a value!\n");
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	if (ntAttr && (ntAttr->num_values == 0)) {
+		ldb_set_errstring(module->ldb, "lmPwdHash must have a value!\n");
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+	if (lmAttr && (lmAttr->num_values == 0)) {
+		ldb_set_errstring(module->ldb, "lmPwdHash must have a value!\n");
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
 	h = ph_init_handle(req, module, PH_ADD);
 	if (!h) {
 		return LDB_ERR_OPERATIONS_ERROR;