From: Douglas Bagnall Date: Sat, 2 May 2026 10:12:38 +0000 (+1200) Subject: CVE-2026-4408: s3:samr-server: make check_password_complexity_internal() non-static... X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a54ef87bcdb36b53b8cb04c2cf3ddf2c9e559ce6;p=thirdparty%2Fsamba.git CVE-2026-4408: s3:samr-server: make check_password_complexity_internal() non-static, for easier testing BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034 Signed-off-by: Stefan Metzmacher Reviewed-by: Douglas Bagnall --- diff --git a/source3/rpc_server/samr/srv_samr_chgpasswd.c b/source3/rpc_server/samr/srv_samr_chgpasswd.c index 3ab050f6660..95c706ef6ae 100644 --- a/source3/rpc_server/samr/srv_samr_chgpasswd.c +++ b/source3/rpc_server/samr/srv_samr_chgpasswd.c @@ -1009,10 +1009,10 @@ static bool check_passwd_history(struct samu *sampass, const char *plaintext) /*********************************************************** ************************************************************/ -static NTSTATUS check_password_complexity_internal(TALLOC_CTX *tosctx, - const char *orig_cmd, - const char *username, - char **cmd_out) +NTSTATUS check_password_complexity_internal(TALLOC_CTX *tosctx, + const char *orig_cmd, + const char *username, + char **cmd_out) { const char *fallback_username = "__CVE-2026-4408_FallbackUsername__"; const char *inv = NULL; diff --git a/source3/rpc_server/samr/srv_samr_util.h b/source3/rpc_server/samr/srv_samr_util.h index 5e839ac77c0..a3a22012858 100644 --- a/source3/rpc_server/samr/srv_samr_util.h +++ b/source3/rpc_server/samr/srv_samr_util.h @@ -79,6 +79,11 @@ NTSTATUS pass_oem_change(char *user, const char *rhost, uchar password_encrypted_with_nt_hash[516], const uchar old_nt_hash_encrypted[16], enum samPwdChangeReason *reject_reason); + +NTSTATUS check_password_complexity_internal(TALLOC_CTX *mem_ctx, + const char *_orig_cmd, + const char *username, + char **cmd_out); NTSTATUS check_password_complexity(const char *username, const char *fullname, const char *password,