From: Douglas Bagnall Date: Sun, 31 Dec 2023 04:45:36 +0000 (+1300) Subject: ndr: do not push ACE->coda.ignored blob X-Git-Tag: tdb-1.4.11~1805 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2a60ec98409b161cfeb4b51414ba61feb26c01b9;p=thirdparty%2Fsamba.git ndr: do not push ACE->coda.ignored blob From 1e80221b2340de5ef5e2a17f10511bbc2c041163 (2008) until c73034cf7c4392f5d3505319948bc84634c20fa5 (conditional ACEs, etc, 2023) we had a manual ndr_pull_security_ace() that would discard trailing bytes, which are those bytes that we now call the coda. The ACE types that we handled then are those that end up with a coda.ignored data blob. With this we effectively restore the long-standing behaviour in the event that we push and pull an ACE -- though now we discard the ignored bytes on push rather than pull. This change is not because the trailing bytes caused any problems (as far as is known), but because it is much faster to not do the push. It may be that such ACEs no longer occur. Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574 --- diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c index ae4006b2663..98663a12ad9 100644 --- a/librpc/ndr/ndr_sec_helper.c +++ b/librpc/ndr/ndr_sec_helper.c @@ -64,7 +64,11 @@ size_t ndr_size_security_ace(const struct security_ace *ace, libndr_flags flags) } else if (ace->type == SEC_ACE_TYPE_SYSTEM_RESOURCE_ATTRIBUTE) { ret += ndr_size_security_ace_coda(&ace->coda, ace->type, flags); } else { - ret += ace->coda.ignored.length; + /* + * Normal ACEs have a coda.ignored blob that is always or + * almost always empty. We aren't going to push it (it is + * ignored), so we don't add that length to the size. + */ } /* round up to a multiple of 4 (MS-DTYP 2.4.4.1) */ ret = (ret + 3ULL) & ~3ULL; @@ -120,7 +124,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_ace(struct ndr_push *ndr, ndr_flags NDR_CHECK(ndr_push_set_switch_value(ndr, &r->object, sec_ace_object(r->type))); NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, NDR_SCALARS, &r->object)); NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, &r->trustee)); - if (sec_ace_has_extra_blob(r->type) || r->coda.ignored.length != 0) { + if (sec_ace_has_extra_blob(r->type)) { struct ndr_push *_ndr_coda; NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_coda, 0, ndr_subcontext_size_of_ace_coda(r, ndr_size_security_ace(r, ndr->flags), ndr->flags))); NDR_CHECK(ndr_push_set_switch_value(_ndr_coda, &r->coda, r->type));