CVE-2022-37966 s4:libnet: allow python bindings to force setting an nthash via SAMR level 18

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 4ebbe7e40754eeb1c8f221dd59018c3e681ab2ab)

1 files changed, 15 insertions, 3 deletions

diff --git a/source4/libnet/py_net.c b/source4/libnet/py_net.c
index df9280d8c18..fe5979e7a57 100644
--- a/source4/libnet/py_net.c
+++ b/source4/libnet/py_net.c
@@ -244,20 +244,32 @@ static PyObject *py_net_set_password(py_net_Object *self, PyObject *args, PyObje
 	NTSTATUS status;
 	TALLOC_CTX *mem_ctx;
 	struct tevent_context *ev;
-	const char *kwnames[] = { "account_name", "domain_name", "newpassword", NULL };
+	const char *kwnames[] = { "account_name", "domain_name", "newpassword", "force_samr_18", NULL };
+	PyObject *py_force_samr_18 = Py_False;
 
 	ZERO_STRUCT(r);
 
 	r.generic.level = LIBNET_SET_PASSWORD_GENERIC;
 
-	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sss:set_password",
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sss|O:set_password",
 					discard_const_p(char *, kwnames),
 					 &r.generic.in.account_name,
 					 &r.generic.in.domain_name,
-					 &r.generic.in.newpassword)) {
+					 &r.generic.in.newpassword,
+					 &py_force_samr_18)) {
 		return NULL;
 	}
 
+	if (py_force_samr_18) {
+		if (!PyBool_Check(py_force_samr_18)) {
+			PyErr_SetString(PyExc_TypeError, "Expected boolean force_samr_18");
+			return NULL;
+		}
+		if (py_force_samr_18 == Py_True) {
+			r.generic.samr_level = LIBNET_SET_PASSWORD_SAMR_HANDLE_18;
+		}
+	}
+
 	/* FIXME: we really need to get a context from the caller or we may end
 	 * up with 2 event contexts */
 	ev = s4_event_context_init(NULL);