This of course doesn't exercise the object tree or default SID code,
but it still covers a lot to the *_ds access_check functions.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
goto end;
}
+
+#ifdef FUZZ_SEC_ACCESS_CHECK_DS
+ /*
+ * The sec_access_check_ds() function has two arguments not found in
+ * se_access_check, and also not found in our fuzzing examples.
+ *
+ * One is a struct object_tree, which is used for object ACE types.
+ * The other is a SID, which is used as a default if an ACE lacks a
+ * SID.
+ */
+ sec_access_check_ds(&p.sd,
+ &p.token,
+ p.access_desired,
+ &access_granted,
+ NULL,
+ NULL);
+#else
se_access_check(&p.sd,
&p.token,
p.access_desired,
&access_granted);
+#endif
end:
talloc_free(mem_ctx);
deps='fuzzing samba-security afl-fuzz-main',
fuzzer=True)
+bld.SAMBA_BINARY('fuzz_security_token_vs_descriptor_ds',
+ cflags='-DFUZZ_SEC_ACCESS_CHECK_DS=1',
+ source='fuzz_security_token_vs_descriptor.c',
+ deps='fuzzing samba-security afl-fuzz-main',
+ fuzzer=True)
+
# The fuzz_type and fuzz_function parameters make the built
# fuzzer take the same input as ndrdump and so the same that
projects / thirdparty / samba.git / commitdiff
