s4:dsdb: Check errno to determine if crypt or crypt_r succeeded

The behavior of these functions upon errors depends on the implementation.
The GNU libc implementation seems to return a null hash, but others like
libxcrypt returns a invalid hash string '*0'.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 804be6a4307e2d0a567771456edb4a1aee421b31..a010d4b902644572e045fc15b790b729cf1a1fb8 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1484,6 +1484,7 @@ static int setup_primary_userPassword_hash(
         * Relies on the assertion that cleartext_utf8->data is a zero
         * terminated UTF-8 string
         */
+       errno = 0;
 #ifdef HAVE_CRYPT_R
        hash = crypt_r((char *)io->n.cleartext_utf8->data, cmd, &crypt_data);
 #else
@@ -1493,7 +1494,10 @@ static int setup_primary_userPassword_hash(
         */
        hash = crypt((char *)io->n.cleartext_utf8->data, cmd);
 #endif
-       if (hash == NULL) {
+       /* crypt_r and crypt may return a null pointer upon error depending on
+        * how libcrypt was configured. POSIX specifies returning a null
+        * pointer and setting errno. */
+       if (hash == NULL || errno != 0) {
                char buf[1024];
                int err = strerror_r(errno, buf, sizeof(buf));
                if (err != 0) {