s4:libnet: correctly handle gnutls_pbkdf2() errors

We should not ignore the error nor should we map GNUTLS_E_UNWANTED_ALGORITHM to NT_STATUS_WRONG_PASSWORD, instead we use NT_STATUS_CRYPTO_SYSTEM_INVALID as in most other places in the same file. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Björn Baumbach <bbaumbach@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Dec 14 13:35:20 UTC 2022 on sn-devel-184
author: Stefan Metzmacher <metze@samba.org> 2022-12-14 10:37:41 +0100
committer: Stefan Metzmacher <metze@samba.org> 2022-12-14 13:35:20 +0000
commit: eb5df255faea7326a7b85c1e7ce5a66119a27c3a (patch)
tree: bfbcbcabe96c9d5437fea3d6439813bc6d2f6adc /source4/libnet
parent: 53d558365161be1793dad78ebcce877c732f2419 (diff)
download: samba-eb5df255faea7326a7b85c1e7ce5a66119a27c3a.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
index 60d25689ba2..d7e9400b559 100644
--- a/source4/libnet/libnet_passwd.c
+++ b/source4/libnet/libnet_passwd.c
@@ -81,7 +81,10 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx,
 			   cek.length);
 	BURN_DATA(old_nt_key_data);
 	if (rc < 0) {
-		status = gnutls_error_to_ntstatus(rc, NT_STATUS_WRONG_PASSWORD);
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto done;
+		}
 	}
 
 	status = init_samr_CryptPasswordAES(mem_ctx,
author	Stefan Metzmacher <metze@samba.org>	2022-12-14 10:37:41 +0100
committer	Stefan Metzmacher <metze@samba.org>	2022-12-14 13:35:20 +0000
commit	eb5df255faea7326a7b85c1e7ce5a66119a27c3a (patch)
tree	bfbcbcabe96c9d5437fea3d6439813bc6d2f6adc /source4/libnet
parent	53d558365161be1793dad78ebcce877c732f2419 (diff)
download	samba-eb5df255faea7326a7b85c1e7ce5a66119a27c3a.tar.gz