lib/fuzzing: adapt fuzz_sddl_access_check for AD variant

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

2 files changed, 25 insertions, 0 deletions

diff --git a/lib/fuzzing/fuzz_sddl_access_check.c b/lib/fuzzing/fuzz_sddl_access_check.c
index d4247272e4d..e6231d7da5f 100644
--- a/lib/fuzzing/fuzz_sddl_access_check.c
+++ b/lib/fuzzing/fuzz_sddl_access_check.c
@@ -118,7 +118,26 @@ int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
 	if (sd == NULL) {
 		goto end;
 	}
+
+#ifdef FUZZ_SEC_ACCESS_CHECK_DS
+	/*
+	 * The sec_access_check_ds() function has two arguments not found in
+	 * se_access_check, and also not found in our fuzzing examples.
+	 *
+	 * One is a struct object_tree, which is used for object ACE types.
+	 * The other is a SID, which is used as a default if an ACE lacks a
+	 * SID.
+	 */
+	sec_access_check_ds(sd,
+			    &token,
+			    access_desired,
+			    &access_granted,
+			    NULL,
+			    NULL);
+#else
 	status = se_access_check(sd, &token, access_desired, &access_granted);
+#endif
+
 end:
 	talloc_free(mem_ctx);
 	return 0;
diff --git a/lib/fuzzing/wscript_build b/lib/fuzzing/wscript_build
index 7a138a47468..e0f4173b989 100644
--- a/lib/fuzzing/wscript_build
+++ b/lib/fuzzing/wscript_build
@@ -47,6 +47,12 @@ bld.SAMBA_BINARY('fuzz_sddl_access_check',
                  deps='fuzzing samba-security  afl-fuzz-main',
                  fuzzer=True)
 
+bld.SAMBA_BINARY('fuzz_sddl_access_check_ds',
+                 cflags='-DFUZZ_SEC_ACCESS_CHECK_DS=1',
+                 source='fuzz_sddl_access_check.c',
+                 deps='fuzzing samba-security  afl-fuzz-main',
+                 fuzzer=True)
+
 bld.SAMBA_BINARY('fuzz_regfio',
                  source='fuzz_regfio.c',
                  deps='fuzzing samba3-util smbconf REGFIO afl-fuzz-main',