From 1066ab5054b5ea324ec3c38dde7de4fe6723c559 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 14 Dec 2022 10:32:31 +0100 Subject: [PATCH 1/2] s4:libnet: fix error string for failing samr_ChangePasswordUser4() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Baumbach (cherry picked from commit 53d558365161be1793dad78ebcce877c732f2419) --- source4/libnet/libnet_passwd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c index 8fc4715a209..60d25689ba2 100644 --- a/source4/libnet/libnet_passwd.c +++ b/source4/libnet/libnet_passwd.c @@ -105,13 +105,13 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx, goto done; } if (!NT_STATUS_IS_OK(r.out.result)) { + status = r.out.result; *error_string = talloc_asprintf(mem_ctx, "samr_ChangePasswordUser4 for " "'%s\\%s' failed: %s", server->string, account->string, nt_errstr(status)); - status = r.out.result; goto done; } -- 2.34.1 From de68ee2bf3d866a820743179587886b983fbe0d3 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 14 Dec 2022 10:37:41 +0100 Subject: [PATCH 2/2] s4:libnet: correctly handle gnutls_pbkdf2() errors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We should not ignore the error nor should we map GNUTLS_E_UNWANTED_ALGORITHM to NT_STATUS_WRONG_PASSWORD, instead we use NT_STATUS_CRYPTO_SYSTEM_INVALID as in most other places in the same file. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Baumbach Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Wed Dec 14 13:35:20 UTC 2022 on sn-devel-184 (cherry picked from commit eb5df255faea7326a7b85c1e7ce5a66119a27c3a) --- source4/libnet/libnet_passwd.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c index 60d25689ba2..d7e9400b559 100644 --- a/source4/libnet/libnet_passwd.c +++ b/source4/libnet/libnet_passwd.c @@ -81,7 +81,10 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx, cek.length); BURN_DATA(old_nt_key_data); if (rc < 0) { - status = gnutls_error_to_ntstatus(rc, NT_STATUS_WRONG_PASSWORD); + status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } } status = init_samr_CryptPasswordAES(mem_ctx, -- 2.34.1