From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 14 Dec 2022 09:37:41 +0000 (+0100)
Subject: s4:libnet: correctly handle gnutls_pbkdf2() errors
X-Git-Tag: talloc-2.4.0~240
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb5df255faea7326a7b85c1e7ce5a66119a27c3a;p=thirdparty%2Fsamba.git

s4:libnet: correctly handle gnutls_pbkdf2() errors

We should not ignore the error nor should we map
GNUTLS_E_UNWANTED_ALGORITHM to NT_STATUS_WRONG_PASSWORD,
instead we use NT_STATUS_CRYPTO_SYSTEM_INVALID as in most other places
in the same file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 14 13:35:20 UTC 2022 on sn-devel-184
---

diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
index 60d25689ba2..d7e9400b559 100644
--- a/source4/libnet/libnet_passwd.c
+++ b/source4/libnet/libnet_passwd.c
@@ -81,7 +81,10 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx,
 			   cek.length);
 	BURN_DATA(old_nt_key_data);
 	if (rc < 0) {
-		status = gnutls_error_to_ntstatus(rc, NT_STATUS_WRONG_PASSWORD);
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
 	}
 
 	status = init_samr_CryptPasswordAES(mem_ctx,