CVE-2022-37966 s4:libnet: allow python bindings to force setting an nthash via SAMR...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/libnet/py_net.c b/source4/libnet/py_net.c
index df9280d8c18deda6d4188f017db40c1191d2a806..fe5979e7a57a655fe55f4dcd761d6c3b715e6c20 100644 (file)
--- a/source4/libnet/py_net.c
+++ b/source4/libnet/py_net.c
@@ -244,20 +244,32 @@ static PyObject *py_net_set_password(py_net_Object *self, PyObject *args, PyObje
        NTSTATUS status;
        TALLOC_CTX *mem_ctx;
        struct tevent_context *ev;
-       const char *kwnames[] = { "account_name", "domain_name", "newpassword", NULL };
+       const char *kwnames[] = { "account_name", "domain_name", "newpassword", "force_samr_18", NULL };
+       PyObject *py_force_samr_18 = Py_False;
 
        ZERO_STRUCT(r);
 
        r.generic.level = LIBNET_SET_PASSWORD_GENERIC;
 
-       if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sss:set_password",
+       if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sss|O:set_password",
                                        discard_const_p(char *, kwnames),
                                         &r.generic.in.account_name,
                                         &r.generic.in.domain_name,
-                                        &r.generic.in.newpassword)) {
+                                        &r.generic.in.newpassword,
+                                        &py_force_samr_18)) {
                return NULL;
        }
 
+       if (py_force_samr_18) {
+               if (!PyBool_Check(py_force_samr_18)) {
+                       PyErr_SetString(PyExc_TypeError, "Expected boolean force_samr_18");
+                       return NULL;
+               }
+               if (py_force_samr_18 == Py_True) {
+                       r.generic.samr_level = LIBNET_SET_PASSWORD_SAMR_HANDLE_18;
+               }
+       }
+
        /* FIXME: we really need to get a context from the caller or we may end
         * up with 2 event contexts */
        ev = s4_event_context_init(NULL);