From 7d2260cdd18b7354c372d6e8833d1554ab7894d0 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Sat, 13 Nov 2010 12:47:53 +0100 Subject: s4:password_hash LDB module - return "ERR_CONSTRAINT_VIOLATION" on password conversion errors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This errors can happen also on a regular basis - then we shouldn't return ERR_OPERATIONS_ERROR (this error code is reserved for very serious failures). Autobuild-User: Matthias Dieter Wallnöfer Autobuild-Date: Sat Nov 13 12:37:36 UTC 2010 on sn-devel-104 --- source4/dsdb/samdb/ldb_modules/password_hash.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules/password_hash.c') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 1d09f4d517..b218a57189 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1301,12 +1301,14 @@ static int setup_given_passwords(struct setup_password_fields_io *io, (void *)&cleartext_utf16_blob->data, &cleartext_utf16_blob->length, false)) { + talloc_free(cleartext_utf16_blob); ldb_asprintf_errstring(ldb, - "setup_password_fields: " - "failed to generate UTF16 password from cleartext UTF8 password"); - return LDB_ERR_OPERATIONS_ERROR; + "setup_password_fields: " + "failed to generate UTF16 password from cleartext UTF8 password for user %s", io->u.sAMAccountName); + return LDB_ERR_CONSTRAINT_VIOLATION; + } else { + g->cleartext_utf16 = cleartext_utf16_blob; } - g->cleartext_utf16 = cleartext_utf16_blob; } else if (g->cleartext_utf16) { char *cleartext_utf8_str; struct ldb_val *cleartext_utf8_blob; @@ -1322,12 +1324,13 @@ static int setup_given_passwords(struct setup_password_fields_io *io, g->cleartext_utf16->length, (void *)&cleartext_utf8_str, &converted_pw_len, false)) { - /* We must bail out here, the input wasn't even a multiple of 2 bytes */ + /* We must bail out here, the input wasn't even a + * multiple of 2 bytes */ talloc_free(cleartext_utf8_blob); ldb_asprintf_errstring(ldb, "setup_password_fields: " "UTF16 password for user %s had odd length (length must be a multiple of 2)", io->u.sAMAccountName); - return LDB_ERR_OPERATIONS_ERROR; + return LDB_ERR_CONSTRAINT_VIOLATION; } else { *cleartext_utf8_blob = data_blob_const(cleartext_utf8_str, converted_pw_len); -- cgit