mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
ndr: do not push ACE->coda.ignored blob
From1e80221b23
(2008) untilc73034cf7c
(conditional ACEs, etc, 2023) we had a manual ndr_pull_security_ace() that would discard trailing bytes, which are those bytes that we now call the coda. The ACE types that we handled then are those that end up with a coda.ignored data blob. With this we effectively restore the long-standing behaviour in the event that we push and pull an ACE -- though now we discard the ignored bytes on push rather than pull. This change is not because the trailing bytes caused any problems (as far as is known), but because it is much faster to not do the push. It may be that such ACEs no longer occur. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574 (cherry picked from commit2a60ec9840
)
This commit is contained in:
parent
d4547daf5e
commit
5c0f6a2074
@ -64,7 +64,11 @@ size_t ndr_size_security_ace(const struct security_ace *ace, libndr_flags flags)
|
||||
} else if (ace->type == SEC_ACE_TYPE_SYSTEM_RESOURCE_ATTRIBUTE) {
|
||||
ret += ndr_size_security_ace_coda(&ace->coda, ace->type, flags);
|
||||
} else {
|
||||
ret += ace->coda.ignored.length;
|
||||
/*
|
||||
* Normal ACEs have a coda.ignored blob that is always or
|
||||
* almost always empty. We aren't going to push it (it is
|
||||
* ignored), so we don't add that length to the size.
|
||||
*/
|
||||
}
|
||||
/* round up to a multiple of 4 (MS-DTYP 2.4.4.1) */
|
||||
ret = (ret + 3ULL) & ~3ULL;
|
||||
@ -120,7 +124,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_ace(struct ndr_push *ndr, ndr_flags
|
||||
NDR_CHECK(ndr_push_set_switch_value(ndr, &r->object, sec_ace_object(r->type)));
|
||||
NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, NDR_SCALARS, &r->object));
|
||||
NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, &r->trustee));
|
||||
if (sec_ace_has_extra_blob(r->type) || r->coda.ignored.length != 0) {
|
||||
if (sec_ace_has_extra_blob(r->type)) {
|
||||
struct ndr_push *_ndr_coda;
|
||||
NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_coda, 0, ndr_subcontext_size_of_ace_coda(r, ndr_size_security_ace(r, ndr->flags), ndr->flags)));
|
||||
NDR_CHECK(ndr_push_set_switch_value(_ndr_coda, &r->coda, r->type));
|
||||
|
Loading…
Reference in New Issue
Block a user