From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Fri, 12 Mar 2021 01:41:13 +0000 (+1300)
Subject: s4:dsdb/password_hash: Add a more useful error message for passwords too long to... 
X-Git-Tag: tevent-0.11.0~1301
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=de28d915d7f135c43c35cf2b5167f9603e99b1f6;p=thirdparty%2Fsamba.git

s4:dsdb/password_hash: Add a more useful error message for passwords too long to be hashed

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index e48a8c9257b..c98b3401320 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1561,16 +1561,23 @@ static int setup_primary_userPassword_hash(
 	*/
 	if (hash == NULL || hash[0] == '*') {
 		char buf[1024];
-		int err = strerror_r(errno, buf, sizeof(buf));
-		if (err != 0) {
-			strlcpy(buf, "Unknown error", sizeof(buf)-1);
+		const char *reason = NULL;
+		if (errno == ERANGE) {
+			reason = "Password exceeds maximum length allowed for crypt() hashing";
+		} else {
+			int err = strerror_r(errno, buf, sizeof(buf));
+			if (err == 0) {
+				reason = buf;
+			} else {
+				reason = "Unknown error";
+			}
 		}
 		ldb_asprintf_errstring(
 			ldb,
 			"setup_primary_userPassword: generation of a %s "
 			"password hash failed: (%s)",
 			scheme,
-			buf);
+			reason);
 		TALLOC_FREE(frame);
 		return LDB_ERR_OPERATIONS_ERROR;
 	}