ndr: do not push ACE->coda.ignored blob

From 1e80221b2340de5ef5e2a17f10511bbc2c041163 (2008) until
c73034cf7c4392f5d3505319948bc84634c20fa5 (conditional ACEs, etc, 2023)
we had a manual ndr_pull_security_ace() that would discard trailing
bytes, which are those bytes that we now call the coda. The ACE types
that we handled then are those that end up with a coda.ignored data
blob.

With this we effectively restore the long-standing behaviour in the
event that we push and pull an ACE -- though now we discard the
ignored bytes on push rather than pull.

This change is not because the trailing bytes caused any problems (as
far as is known), but because it is much faster to not do the push.

It may be that such ACEs no longer occur.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit 2a60ec98409b161cfeb4b51414ba61feb26c01b9)

diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c
index ae4006b266326a92b77135a90b4d3f585fcd4f4c..98663a12ad9e43f957083211a5d458ef98308540 100644 (file)
--- a/librpc/ndr/ndr_sec_helper.c
+++ b/librpc/ndr/ndr_sec_helper.c
@@ -64,7 +64,11 @@ size_t ndr_size_security_ace(const struct security_ace *ace, libndr_flags flags)
        } else if (ace->type == SEC_ACE_TYPE_SYSTEM_RESOURCE_ATTRIBUTE) {
                ret += ndr_size_security_ace_coda(&ace->coda, ace->type, flags);
        } else {
-               ret += ace->coda.ignored.length;
+               /*
+                * Normal ACEs have a coda.ignored blob that is always or
+                * almost always empty. We aren't going to push it (it is
+                * ignored), so we don't add that length to the size.
+                */
        }
        /* round up to a multiple of 4  (MS-DTYP 2.4.4.1) */
        ret = (ret + 3ULL) & ~3ULL;
@@ -120,7 +124,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_ace(struct ndr_push *ndr, ndr_flags
                NDR_CHECK(ndr_push_set_switch_value(ndr, &r->object, sec_ace_object(r->type)));
                NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, NDR_SCALARS, &r->object));
                NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, &r->trustee));
-               if (sec_ace_has_extra_blob(r->type) || r->coda.ignored.length != 0) {
+               if (sec_ace_has_extra_blob(r->type)) {
                        struct ndr_push *_ndr_coda;
                        NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_coda, 0, ndr_subcontext_size_of_ace_coda(r, ndr_size_security_ace(r, ndr->flags), ndr->flags)));
                        NDR_CHECK(ndr_push_set_switch_value(_ndr_coda, &r->coda, r->type));