util: add a crypt strerror helper

This will be used by Python also.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

lib/util/util_crypt.c

@@ -88,3 +88,27 @@ int talloc_crypt_blob(TALLOC_CTX *mem_ctx,
 	}
 	return 0;
 }
+
+
+char *talloc_crypt_errstring(TALLOC_CTX *mem_ctx, int error)
+{
+	char buf[1024];
+	int err;
+	if (error == ERANGE) {
+		return talloc_strdup(
+			mem_ctx,
+			"Password exceeds maximum length allowed for crypt() hashing");
+	}
+	if (error == ENOTRECOVERABLE) {
+		/* probably weird RHEL7 crypt, see crypt_as_best_we_can() */
+		goto unknown;
+	}
+
+	err = strerror_r(error, buf, sizeof(buf));
+	if (err != 0) {
+		goto unknown;
+	}
+	return talloc_strndup(mem_ctx, buf, sizeof(buf));
+unknown:
+	return talloc_strdup(mem_ctx, "Unknown error");
+}

lib/util/util_crypt.h

@@ -3,3 +3,5 @@ int talloc_crypt_blob(TALLOC_CTX *mem_ctx,
 		      const char *phrase,
 		      const char *cmd,
 		      DATA_BLOB *blob);
+
+char *talloc_crypt_errstring(TALLOC_CTX *mem_ctx, int error);

source4/dsdb/samdb/ldb_modules/password_hash.c

@@ -1661,21 +1661,7 @@ static int setup_primary_userPassword_hash(
 				cmd,
 				hash_blob);
 	if (ret != 0) {
-		char buf[1024];
+		const char *reason = talloc_crypt_errstring(frame, ret);
-		const char *reason = NULL;
-		if (ret == ERANGE) {
-			reason = "Password exceeds maximum length allowed for crypt() hashing";
-		} else if (ret == ENOTRECOVERABLE) {
-			/* probably weird RHEL7 crypt, see talloc_crypt_blob() */
-			reason = "Unknown error";
-		} else {
-			int err = strerror_r(ret, buf, sizeof(buf));
-			if (err == 0) {
-				reason = buf;
-			} else {
-				reason = "Unknown error";
-			}
-		}
 		ldb_asprintf_errstring(
 			ldb,
 			"setup_primary_userPassword: generation of a %s "