ndr: ACE push avoids no-op coda pushes

We don't expect an ordinary ACE to have a non-empty coda, and we don't
really want to push it if it does, but for this patch we still will.

This will not change the data on the wire.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574

diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c
index b3de2f65f23a93fc82e5ddbe5a08ce52f037e2f2..ae4006b266326a92b77135a90b4d3f585fcd4f4c 100644 (file)
--- a/librpc/ndr/ndr_sec_helper.c
+++ b/librpc/ndr/ndr_sec_helper.c
@@ -120,7 +120,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_ace(struct ndr_push *ndr, ndr_flags
                NDR_CHECK(ndr_push_set_switch_value(ndr, &r->object, sec_ace_object(r->type)));
                NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, NDR_SCALARS, &r->object));
                NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, &r->trustee));
-               {
+               if (sec_ace_has_extra_blob(r->type) || r->coda.ignored.length != 0) {
                        struct ndr_push *_ndr_coda;
                        NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_coda, 0, ndr_subcontext_size_of_ace_coda(r, ndr_size_security_ace(r, ndr->flags), ndr->flags)));
                        NDR_CHECK(ndr_push_set_switch_value(_ndr_coda, &r->coda, r->type));