use the "subcontext" magic flag for sec_desc_buf

source/librpc/idl/lsa.idl

@@ -51,6 +51,12 @@
 
 	/******************/
 	/* Function: 0x03 */
+
+	typedef struct {
+		uint32 size;
+		[subcontext] security_descriptor *sd;
+	} sec_desc_buf;
+
 	NTSTATUS lsa_QuerySecObj (
 		[in,ref]     policy_handle *handle,
 		[in]         uint32 sec_info,

source/librpc/ndr/ndr.c

@@ -370,3 +370,38 @@ NTSTATUS ndr_push_error(struct ndr_push *ndr, enum ndr_err_code err, const char
 	/* we should map to different status codes */
 	return NT_STATUS_INVALID_PARAMETER;
 }
+
+
+/*
+  handle subcontext buffers, which in midl land are user-marshalled, but
+  we use magic in pidl to make them easier to cope with
+*/
+NTSTATUS ndr_pull_subcontext_fn(struct ndr_pull *ndr, 
+				void *base,
+				NTSTATUS (*fn)(struct ndr_pull *, void *))
+{
+	uint32 size;
+	struct ndr_pull ndr2;
+
+	NDR_CHECK(ndr_pull_uint32(ndr, &size));
+	NDR_CHECK(ndr_pull_subcontext(ndr, &ndr2, size));
+	NDR_CHECK(fn(&ndr2, base));
+	NDR_CHECK(ndr_pull_advance(ndr, size));
+	return NT_STATUS_OK;
+}
+
+
+NTSTATUS ndr_pull_subcontext_flags_fn(struct ndr_pull *ndr, 
+				      void *base,
+				      NTSTATUS (*fn)(struct ndr_pull *, int , void *))
+{
+	uint32 size;
+	struct ndr_pull ndr2;
+
+	NDR_CHECK(ndr_pull_uint32(ndr, &size));
+	NDR_CHECK(ndr_pull_subcontext(ndr, &ndr2, size));
+	NDR_CHECK(fn(&ndr2, NDR_SCALARS|NDR_BUFFERS, base));
+	NDR_CHECK(ndr_pull_advance(ndr, size));
+	return NT_STATUS_OK;
+}
+

source/librpc/ndr/ndr_basic.c

@@ -510,3 +510,5 @@ void ndr_print_GUID(struct ndr_print *ndr, const char *name, struct GUID *guid)
 		   guid->info[10], guid->info[11], guid->info[12], guid->info[13], 
 		   guid->info[14], guid->info[15]);
 }
+
+

source/librpc/ndr/ndr_lsa.c

@@ -21,7 +21,7 @@ static NTSTATUS ndr_push_lsa_Name(struct ndr_push *ndr, int ndr_flags, struct ls
 	if (!(ndr_flags & NDR_SCALARS)) goto buffers;
 	NDR_CHECK(ndr_push_align(ndr, 4));
 	NDR_CHECK(ndr_push_uint16(ndr, 2*strlen_m(r->name)));
-	NDR_CHECK(ndr_push_uint16(ndr, 2*strlen_m(r->name)));
+	NDR_CHECK(ndr_push_uint16(ndr, r->name_len));
 	NDR_CHECK(ndr_push_ptr(ndr, r->name));
 buffers:
 	if (!(ndr_flags & NDR_BUFFERS)) goto done;
@@ -582,6 +582,27 @@ NTSTATUS ndr_pull_lsa_EnumPrivs(struct ndr_pull *ndr, struct lsa_EnumPrivs *r)
 	return NT_STATUS_OK;
 }
 
+static NTSTATUS ndr_pull_sec_desc_buf(struct ndr_pull *ndr, int ndr_flags, struct sec_desc_buf *r)
+{
+	uint32 _ptr_sd;
+	if (!(ndr_flags & NDR_SCALARS)) goto buffers;
+	NDR_CHECK(ndr_pull_align(ndr, 4));
+	NDR_CHECK(ndr_pull_uint32(ndr, &r->size));
+	NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_sd));
+	if (_ptr_sd) {
+		NDR_ALLOC(ndr, r->sd);
+	} else {
+		r->sd = NULL;
+	}
+buffers:
+	if (!(ndr_flags & NDR_BUFFERS)) goto done;
+	if (r->sd) {
+	NDR_CHECK(ndr_pull_subcontext_fn(ndr, r->sd, (ndr_pull_fn_t) ndr_pull_security_descriptor));
+	}
+done:
+	return NT_STATUS_OK;
+}
+
 NTSTATUS ndr_pull_lsa_QuerySecObj(struct ndr_pull *ndr, struct lsa_QuerySecObj *r)
 {
 	uint32 _ptr_sd;
@@ -1622,6 +1643,20 @@ void ndr_print_lsa_PrivArray(struct ndr_print *ndr, const char *name, struct lsa
 	ndr->depth--;
 }
 
+void ndr_print_sec_desc_buf(struct ndr_print *ndr, const char *name, struct sec_desc_buf *r)
+{
+	ndr_print_struct(ndr, name, "sec_desc_buf");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "size", r->size);
+	ndr_print_ptr(ndr, "sd", r->sd);
+	ndr->depth++;
+	if (r->sd) {
+		ndr_print_security_descriptor(ndr, "sd", r->sd);
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
 void ndr_print_lsa_QosInfo(struct ndr_print *ndr, const char *name, struct lsa_QosInfo *r)
 {
 	ndr_print_struct(ndr, name, "lsa_QosInfo");

source/librpc/ndr/ndr_lsa.h

@@ -55,6 +55,11 @@ struct lsa_EnumPrivs {
 
 };
 
+struct sec_desc_buf {
+	uint32 size;
+	struct security_descriptor *sd;
+};
+
 struct lsa_QuerySecObj {
 	struct {
 		struct policy_handle *handle;

source/librpc/ndr/ndr_sec.c

@@ -424,52 +424,3 @@ void ndr_print_security_descriptor(struct ndr_print *ndr,
 	ndr->depth--;
 }
 
-
-
-/*
-  implementation of sec_desc_buf - an encapsulated security descriptor
-*/
-NTSTATUS ndr_pull_sec_desc_buf(struct ndr_pull *ndr, int ndr_flags, 
-			       struct sec_desc_buf *sdbuf)
-{
-	if (ndr_flags & NDR_SCALARS) {
-		uint32 _ptr;
-		NDR_CHECK(ndr_pull_uint32(ndr, &sdbuf->size));		
-		NDR_CHECK(ndr_pull_uint32(ndr, &_ptr));
-		if (_ptr) {
-			NDR_ALLOC(ndr, sdbuf->sd);
-		} else {
-			sdbuf->sd = NULL;
-		}
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		if (sdbuf->sd) {
-			struct ndr_pull ndr2;
-			uint32 size;
-			NDR_CHECK(ndr_pull_uint32(ndr, &size));
-			if (size != sdbuf->size) {
-				return NT_STATUS_INFO_LENGTH_MISMATCH;
-			}
-			NDR_CHECK(ndr_pull_subcontext(ndr, &ndr2, sdbuf->size));
-			NDR_CHECK(ndr_pull_security_descriptor(&ndr2, sdbuf->sd));
-			NDR_CHECK(ndr_pull_advance(ndr, sdbuf->size));
-		}
-	}
-	return NT_STATUS_OK;
-}
-
-
-/*
-  print a sec_desc_buf
-*/
-void ndr_print_sec_desc_buf(struct ndr_print *ndr, const char *name,
-			    struct sec_desc_buf *sdbuf)
-{
-	ndr_print_struct(ndr, name, "sec_desc_buf");
-	ndr->depth++;
-	ndr_print_uint32(ndr, "size", sdbuf->size);
-	ndr_print_ptr(ndr, "sd", sdbuf->sd);
-	if (sdbuf->sd) {
-		ndr_print_security_descriptor(ndr, "sd", sdbuf->sd);
-	}
-}

source/librpc/ndr/ndr_sec.h

@@ -73,22 +73,6 @@ struct security_descriptor {
 };
 
 
-/*
-  a security descriptor encapsulated in a buffer.
-  It is like this IDL:
-  typedef struct {
-       uint32 size;
-       [size_is(size)] uint8 *buf;
-  } sec_desc_buf;
-*/
-struct sec_desc_buf {
-	uint32 size; /* the sd wire size - auto-generated */
-	struct security_descriptor *sd;
-};
-
-
-
-
 /* query security descriptor */
 struct smb_query_secdesc {
 	struct {