s4:libnet: correctly handle gnutls_pbkdf2() errors

We should not ignore the error nor should we map
GNUTLS_E_UNWANTED_ALGORITHM to NT_STATUS_WRONG_PASSWORD,
instead we use NT_STATUS_CRYPTO_SYSTEM_INVALID as in most other places
in the same file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 14 13:35:20 UTC 2022 on sn-devel-184

diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
index 60d25689ba2ca3a7be61e15a3f9e48af94dd40b1..d7e9400b559beb5cbdc4397abd05b4503ffde19f 100644 (file)
--- a/source4/libnet/libnet_passwd.c
+++ b/source4/libnet/libnet_passwd.c
@@ -81,7 +81,10 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx,
                           cek.length);
        BURN_DATA(old_nt_key_data);
        if (rc < 0) {
-               status = gnutls_error_to_ntstatus(rc, NT_STATUS_WRONG_PASSWORD);
+               status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+               if (!NT_STATUS_IS_OK(status)) {
+                       goto done;
+               }
        }
 
        status = init_samr_CryptPasswordAES(mem_ctx,