1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

lib/fuzzing: adjust access-check seed patch

Now that access_check.c includes headers for conditional ACEs, the patch
should take that into account.

Also, we check for a talloc failure.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Douglas Bagnall 2023-07-21 10:51:29 +12:00 committed by Andrew Bartlett
parent ea4caa45ab
commit cc17c3e21d

View File

@ -1,4 +1,4 @@
From bf2adac3a271fae551a726dc21dc9111bd7320be Mon Sep 17 00:00:00 2001 From b461fdf28c71b54ad5ebe663ea09212856e61973 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Mon, 17 Jul 2023 16:17:16 +1200 Date: Mon, 17 Jul 2023 16:17:16 +1200
Subject: [PATCH 1/2] libcli/security: save access check attempts for fuzz Subject: [PATCH 1/2] libcli/security: save access check attempts for fuzz
@ -36,23 +36,23 @@ down much, but it will capture your SIDs and ACLs.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
--- ---
libcli/security/access_check.c | 76 ++++++++++++++++++++++++++++++++++ libcli/security/access_check.c | 79 ++++++++++++++++++++++++++++++++++
1 file changed, 76 insertions(+) 1 file changed, 79 insertions(+)
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 81bacc90e78..9c3e4cfe966 100644 index 1364a15f4dd..d79a247455a 100644
--- a/libcli/security/access_check.c --- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c +++ b/libcli/security/access_check.c
@@ -24,6 +24,8 @@ @@ -26,6 +26,8 @@
#include "replace.h"
#include "lib/util/debug.h"
#include "libcli/security/security.h" #include "libcli/security/security.h"
#include "librpc/gen_ndr/conditional_ace.h"
#include "libcli/security/conditional_ace.h"
+#include "ndr/libndr.h" +#include "ndr/libndr.h"
+#include "gen_ndr/ndr_security.h" +#include "gen_ndr/ndr_security.h"
/* Map generic access rights to object specific rights. This technique is /* Map generic access rights to object specific rights. This technique is
used to give meaning to assigning read, write, execute and all access to used to give meaning to assigning read, write, execute and all access to
@@ -103,6 +105,74 @@ void se_map_standard(uint32_t *access_mask, const struct standard_mapping *mappi @@ -105,6 +107,77 @@ void se_map_standard(uint32_t *access_mask, const struct standard_mapping *mappi
} }
} }
@ -101,6 +101,9 @@ index 81bacc90e78..9c3e4cfe966 100644
+ } + }
+ } + }
+ tmp_ctx = talloc_new(NULL); + tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ return false;
+ }
+ +
+ n++; + n++;
+ ndr_err = ndr_push_struct_blob( + ndr_err = ndr_push_struct_blob(
@ -127,7 +130,7 @@ index 81bacc90e78..9c3e4cfe966 100644
/* /*
perform a SEC_FLAG_MAXIMUM_ALLOWED access check perform a SEC_FLAG_MAXIMUM_ALLOWED access check
*/ */
@@ -115,6 +185,8 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, @@ -117,6 +190,8 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
bool have_owner_rights_ace = false; bool have_owner_rights_ace = false;
unsigned i; unsigned i;
@ -136,7 +139,7 @@ index 81bacc90e78..9c3e4cfe966 100644
if (sd->dacl == NULL) { if (sd->dacl == NULL) {
if (security_token_has_sid(token, sd->owner_sid)) { if (security_token_has_sid(token, sd->owner_sid)) {
switch (implicit_owner_rights) { switch (implicit_owner_rights) {
@@ -211,6 +283,8 @@ static NTSTATUS se_access_check_implicit_owner(const struct security_descriptor @@ -222,6 +297,8 @@ static NTSTATUS se_access_check_implicit_owner(const struct security_descriptor
bool am_owner = false; bool am_owner = false;
bool have_owner_rights_ace = false; bool have_owner_rights_ace = false;
@ -145,7 +148,7 @@ index 81bacc90e78..9c3e4cfe966 100644
*access_granted = access_desired; *access_granted = access_desired;
bits_remaining = access_desired; bits_remaining = access_desired;
@@ -528,6 +602,8 @@ NTSTATUS sec_access_check_ds_implicit_owner(const struct security_descriptor *sd @@ -613,6 +690,8 @@ NTSTATUS sec_access_check_ds_implicit_owner(const struct security_descriptor *sd
uint32_t bits_remaining; uint32_t bits_remaining;
struct dom_sid self_sid; struct dom_sid self_sid;
@ -158,7 +161,7 @@ index 81bacc90e78..9c3e4cfe966 100644
2.34.1 2.34.1
From d79328bdac90ed16b9162cbfe10a4ed8bedbc073 Mon Sep 17 00:00:00 2001 From 12bf242cece202658fe61f1c7408709d092632ea Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Tue, 18 Jul 2023 16:07:11 +1200 Date: Tue, 18 Jul 2023 16:07:11 +1200
Subject: [PATCH 2/2] scripts: a script for deduplicating fuzz-seeds Subject: [PATCH 2/2] scripts: a script for deduplicating fuzz-seeds