mirror of
https://github.com/samba-team/samba.git
synced 2025-08-03 04:22:09 +03:00
ndr: fix coda logic around in ndr_pull_security_ace()
Sometimes an access allowed object ACE has unneeded trailing bytes,
like this:
aces: struct security_ace
type : SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
flags : 0x00 (0)
0: SEC_ACE_FLAG_OBJECT_INHERIT
0: SEC_ACE_FLAG_CONTAINER_INHERIT
0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
0: SEC_ACE_FLAG_INHERIT_ONLY
0: SEC_ACE_FLAG_INHERITED_ACE
0x00: SEC_ACE_FLAG_VALID_INHERIT (0)
0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0: SEC_ACE_FLAG_FAILED_ACCESS
size : 0x0048 (72)
access_mask : 0x00000100 (256)
object : union security_ace_object_ctr(case 1)
object: struct security_ace_object
flags : 0x00000001 (1)
1: SEC_ACE_OBJECT_TYPE_PRESENT
0: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
type : union security_ace_object_type(case 1)
type : edacfd8f-ffb3-11d1-b41d-00a0c968f939
inherited_type : union security_ace_object_inherited_type(case 0)
trustee : S-1-3-0
coda : union security_ace_coda(case 5)
ignored : DATA_BLOB length=32
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
which we need to pull in order to ignore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15738
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Feb 13 15:15:40 UTC 2025 on atb-devel-224
(cherry picked from commit 67b09b481b)
[bugzilla link added in backport]
This commit is contained in:
Douglas Bagnall
committed by
Jule Anger
Jule Anger
parent
a74d5beb2a
commit
f3d65a377a
@ -104,6 +104,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_ace(struct ndr_pull *ndr, ndr_flags
|
||||
{
|
||||
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
|
||||
if (ndr_flags & NDR_SCALARS) {
|
||||
ssize_t sub_size;
|
||||
NDR_CHECK(ndr_pull_align(ndr, 5));
|
||||
NDR_CHECK(ndr_pull_security_ace_type(ndr, NDR_SCALARS, &r->type));
|
||||
NDR_CHECK(ndr_pull_security_ace_flags(ndr, NDR_SCALARS, &r->flags));
|
||||
@ -111,12 +112,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_ace(struct ndr_pull *ndr, ndr_flags
|
||||
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->access_mask));
|
||||
NDR_CHECK(ndr_maybe_pull_security_ace_object_ctr(ndr, NDR_SCALARS, r));
|
||||
NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->trustee));
|
||||
if (!sec_ace_has_extra_blob(r->type)) {
|
||||
sub_size = ndr_subcontext_size_of_ace_coda(r, r->size, ndr->flags);
|
||||
if (sub_size == 0 && !sec_ace_has_extra_blob(r->type)) {
|
||||
r->coda.ignored.data = NULL;
|
||||
r->coda.ignored.length = 0;
|
||||
} else {
|
||||
struct ndr_pull *_ndr_coda;
|
||||
ssize_t sub_size = ndr_subcontext_size_of_ace_coda(r, r->size, ndr->flags);
|
||||
NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_coda, 0, sub_size));
|
||||
NDR_CHECK(ndr_pull_set_switch_value(_ndr_coda, &r->coda, r->type));
|
||||
NDR_CHECK(ndr_pull_security_ace_coda(_ndr_coda, NDR_SCALARS|NDR_BUFFERS, &r->coda));
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
samba.tests.ndr.sd.samba.tests.ndr.sd.SDTestCase.test_sd_sd_04_object_ace_with_trailing_zeros
|
||||
samba.tests.ndr.sd.samba.tests.ndr.sd.SDTestCase.test_sd_sd_07_object_ace_with_trailing_zeros
|
||||
samba.tests.ndr.sd.samba.tests.ndr.sd.SDTestCase.test_sd_sd_10_object_ace_with_trailing_zeros
|
||||
Reference in New Issue
Block a user