From 95424817274295c56da3d3a5dc1ba3b2d75b0f8d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 23 Oct 2006 06:06:35 +0000
Subject: r19464: Reject passwords that cannot be converted into UCS2.

Andrew Bartlett
(This used to be commit c843fce7a0e9b91c4d2de44e7a9ad9599b33ec5c)
---
 source4/dsdb/samdb/samdb.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'source4/dsdb')

diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index e6752716ab..506c17a5fd 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -1249,7 +1249,13 @@ _PUBLIC_ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ct
 		if (E_deshash(new_pass, local_lmNewHash.hash)) {
 			lmNewHash = &local_lmNewHash;
 		}
-		E_md4hash(new_pass, local_ntNewHash.hash);
+		if (!E_md4hash(new_pass, local_ntNewHash.hash)) {
+			/* If we can't convert this password to UCS2, then we should not accept it */
+			if (reject_reason) {
+				*reject_reason = SAMR_REJECT_OTHER;
+			}
+			return NT_STATUS_PASSWORD_RESTRICTION;
+		}
 		ntNewHash = &local_ntNewHash;
 	}
 
-- 
cgit