s4-samr: Fix missing check for GnuTLS errors from E_old_pw_hash()

Not likely to be an issue in the real world as the earlier calls
will have failed if weak crypto was disabled, but this was missed
in dce944e8a1119034f184336f6b71a28080152a0a.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 12 03:18:42 UTC 2022 on sn-devel-184

diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 474ce1c271a1dd468249e89783ff84f9e07cba8f..0107c98da754ea2162dd7ae981707be2622f4548 100644 (file)
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -235,7 +235,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
        /* check NT verifier */
        mdfour(new_nt_hash, new_password.data, new_password.length);
 
-       E_old_pw_hash(new_nt_hash, nt_pwd->hash, nt_verifier.hash);
+       rc = E_old_pw_hash(new_nt_hash, nt_pwd->hash, nt_verifier.hash);
        if (rc != 0) {
                status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
                goto failed;