s4:dsdb/password_hash: Add a more useful error message for passwords too long to...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index e48a8c9257ba960b5b34cf675aea648d5408575b..c98b3401320b1033b2696710313ea78326738e9d 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1561,16 +1561,23 @@ static int setup_primary_userPassword_hash(
        */
        if (hash == NULL || hash[0] == '*') {
                char buf[1024];
-               int err = strerror_r(errno, buf, sizeof(buf));
-               if (err != 0) {
-                       strlcpy(buf, "Unknown error", sizeof(buf)-1);
+               const char *reason = NULL;
+               if (errno == ERANGE) {
+                       reason = "Password exceeds maximum length allowed for crypt() hashing";
+               } else {
+                       int err = strerror_r(errno, buf, sizeof(buf));
+                       if (err == 0) {
+                               reason = buf;
+                       } else {
+                               reason = "Unknown error";
+                       }
                }
                ldb_asprintf_errstring(
                        ldb,
                        "setup_primary_userPassword: generation of a %s "
                        "password hash failed: (%s)",
                        scheme,
-                       buf);
+                       reason);
                TALLOC_FREE(frame);
                return LDB_ERR_OPERATIONS_ERROR;
        }