mirror of
https://github.com/samba-team/samba.git
synced 2025-01-10 01:18:15 +03:00
lib/fuzzing: adjust access-check seed patch
Now that access_check.c includes headers for conditional ACEs, the patch should take that into account. Also, we check for a talloc failure. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
ea4caa45ab
commit
cc17c3e21d
@ -1,4 +1,4 @@
|
|||||||
From bf2adac3a271fae551a726dc21dc9111bd7320be Mon Sep 17 00:00:00 2001
|
From b461fdf28c71b54ad5ebe663ea09212856e61973 Mon Sep 17 00:00:00 2001
|
||||||
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
||||||
Date: Mon, 17 Jul 2023 16:17:16 +1200
|
Date: Mon, 17 Jul 2023 16:17:16 +1200
|
||||||
Subject: [PATCH 1/2] libcli/security: save access check attempts for fuzz
|
Subject: [PATCH 1/2] libcli/security: save access check attempts for fuzz
|
||||||
@ -36,23 +36,23 @@ down much, but it will capture your SIDs and ACLs.
|
|||||||
|
|
||||||
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
||||||
---
|
---
|
||||||
libcli/security/access_check.c | 76 ++++++++++++++++++++++++++++++++++
|
libcli/security/access_check.c | 79 ++++++++++++++++++++++++++++++++++
|
||||||
1 file changed, 76 insertions(+)
|
1 file changed, 79 insertions(+)
|
||||||
|
|
||||||
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
|
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
|
||||||
index 81bacc90e78..9c3e4cfe966 100644
|
index 1364a15f4dd..d79a247455a 100644
|
||||||
--- a/libcli/security/access_check.c
|
--- a/libcli/security/access_check.c
|
||||||
+++ b/libcli/security/access_check.c
|
+++ b/libcli/security/access_check.c
|
||||||
@@ -24,6 +24,8 @@
|
@@ -26,6 +26,8 @@
|
||||||
#include "replace.h"
|
|
||||||
#include "lib/util/debug.h"
|
|
||||||
#include "libcli/security/security.h"
|
#include "libcli/security/security.h"
|
||||||
|
#include "librpc/gen_ndr/conditional_ace.h"
|
||||||
|
#include "libcli/security/conditional_ace.h"
|
||||||
+#include "ndr/libndr.h"
|
+#include "ndr/libndr.h"
|
||||||
+#include "gen_ndr/ndr_security.h"
|
+#include "gen_ndr/ndr_security.h"
|
||||||
|
|
||||||
/* Map generic access rights to object specific rights. This technique is
|
/* Map generic access rights to object specific rights. This technique is
|
||||||
used to give meaning to assigning read, write, execute and all access to
|
used to give meaning to assigning read, write, execute and all access to
|
||||||
@@ -103,6 +105,74 @@ void se_map_standard(uint32_t *access_mask, const struct standard_mapping *mappi
|
@@ -105,6 +107,77 @@ void se_map_standard(uint32_t *access_mask, const struct standard_mapping *mappi
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -101,6 +101,9 @@ index 81bacc90e78..9c3e4cfe966 100644
|
|||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
+ tmp_ctx = talloc_new(NULL);
|
+ tmp_ctx = talloc_new(NULL);
|
||||||
|
+ if (tmp_ctx == NULL) {
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
+
|
+
|
||||||
+ n++;
|
+ n++;
|
||||||
+ ndr_err = ndr_push_struct_blob(
|
+ ndr_err = ndr_push_struct_blob(
|
||||||
@ -127,7 +130,7 @@ index 81bacc90e78..9c3e4cfe966 100644
|
|||||||
/*
|
/*
|
||||||
perform a SEC_FLAG_MAXIMUM_ALLOWED access check
|
perform a SEC_FLAG_MAXIMUM_ALLOWED access check
|
||||||
*/
|
*/
|
||||||
@@ -115,6 +185,8 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
|
@@ -117,6 +190,8 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
|
||||||
bool have_owner_rights_ace = false;
|
bool have_owner_rights_ace = false;
|
||||||
unsigned i;
|
unsigned i;
|
||||||
|
|
||||||
@ -136,7 +139,7 @@ index 81bacc90e78..9c3e4cfe966 100644
|
|||||||
if (sd->dacl == NULL) {
|
if (sd->dacl == NULL) {
|
||||||
if (security_token_has_sid(token, sd->owner_sid)) {
|
if (security_token_has_sid(token, sd->owner_sid)) {
|
||||||
switch (implicit_owner_rights) {
|
switch (implicit_owner_rights) {
|
||||||
@@ -211,6 +283,8 @@ static NTSTATUS se_access_check_implicit_owner(const struct security_descriptor
|
@@ -222,6 +297,8 @@ static NTSTATUS se_access_check_implicit_owner(const struct security_descriptor
|
||||||
bool am_owner = false;
|
bool am_owner = false;
|
||||||
bool have_owner_rights_ace = false;
|
bool have_owner_rights_ace = false;
|
||||||
|
|
||||||
@ -145,7 +148,7 @@ index 81bacc90e78..9c3e4cfe966 100644
|
|||||||
*access_granted = access_desired;
|
*access_granted = access_desired;
|
||||||
bits_remaining = access_desired;
|
bits_remaining = access_desired;
|
||||||
|
|
||||||
@@ -528,6 +602,8 @@ NTSTATUS sec_access_check_ds_implicit_owner(const struct security_descriptor *sd
|
@@ -613,6 +690,8 @@ NTSTATUS sec_access_check_ds_implicit_owner(const struct security_descriptor *sd
|
||||||
uint32_t bits_remaining;
|
uint32_t bits_remaining;
|
||||||
struct dom_sid self_sid;
|
struct dom_sid self_sid;
|
||||||
|
|
||||||
@ -158,7 +161,7 @@ index 81bacc90e78..9c3e4cfe966 100644
|
|||||||
2.34.1
|
2.34.1
|
||||||
|
|
||||||
|
|
||||||
From d79328bdac90ed16b9162cbfe10a4ed8bedbc073 Mon Sep 17 00:00:00 2001
|
From 12bf242cece202658fe61f1c7408709d092632ea Mon Sep 17 00:00:00 2001
|
||||||
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
||||||
Date: Tue, 18 Jul 2023 16:07:11 +1200
|
Date: Tue, 18 Jul 2023 16:07:11 +1200
|
||||||
Subject: [PATCH 2/2] scripts: a script for deduplicating fuzz-seeds
|
Subject: [PATCH 2/2] scripts: a script for deduplicating fuzz-seeds
|
||||||
|
Loading…
Reference in New Issue
Block a user