r20798: fix ndr_size_security_ace() it should include the optional sub object

for ADS style ace's

metze
(This used to be commit 161fea1a141de085eb6c84efc5b120e00cf95943)

1 files changed, 21 insertions, 2 deletions

diff --git a/source4/librpc/ndr/ndr_sec_helper.c b/source4/librpc/ndr/ndr_sec_helper.c
index 8059c0f4ea..0a2f3b37f5 100644
--- a/source4/librpc/ndr/ndr_sec_helper.c
+++ b/source4/librpc/ndr/ndr_sec_helper.c
@@ -54,10 +54,29 @@ size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags)
 */
 size_t ndr_size_security_ace(const struct security_ace *ace, int flags)
 {
+	size_t ret;
+
 	if (!ace) return 0;
-	return 8 + ndr_size_dom_sid(&ace->trustee, flags);
-}
 
+	ret = 8 + ndr_size_dom_sid(&ace->trustee, flags);
+
+	switch (ace->type) {
+	case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
+	case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
+	case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
+	case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
+		ret += 4; /* uint32 bitmap ace->object.object.flags */
+		if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
+			ret += 16; /* GUID ace->object.object.type.type */
+		}
+		if (ace->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
+			ret += 16; /* GUID ace->object.object.inherited_typeinherited_type */
+		}
+		break;
+	}
+
+	return ret;
+}
 
 /*
   return the wire size of a security_acl