r12139: - fixed up the ace object flags checking

- allow for arbitrary access masks in sddl_encode_ace()
(This used to be commit 5e2b1bd6afafe2eb96e98c4636e0a62235693183)

diff --git a/source4/libcli/security/sddl.c b/source4/libcli/security/sddl.c
index a1b83469692b0cff354452e92816d75a8dbfb661..643cb7a82c335249538e0a0c7c44a03a89a2b6b3 100644 (file)
--- a/source4/libcli/security/sddl.c
+++ b/source4/libcli/security/sddl.c
@@ -221,6 +221,7 @@ static BOOL sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char
                if (!NT_STATUS_IS_OK(status)) {
                        return False;
                }
+               ace->object.object.flags |= SEC_ACE_OBJECT_TYPE_PRESENT;
        }
 
        /* inherit object */
@@ -230,6 +231,7 @@ static BOOL sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char
                if (!NT_STATUS_IS_OK(status)) {
                        return False;
                }
+               ace->object.object.flags |= SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT;
        }
 
        /* trustee */
@@ -460,18 +462,21 @@ static char *sddl_encode_ace(TALLOC_CTX *mem_ctx, const struct security_ace *ace
        if (s_flags == NULL) goto failed;
 
        s_mask = sddl_flags_to_string(tmp_ctx, ace_access_mask, ace->access_mask, True);
-       if (s_mask == NULL) goto failed;
+       if (s_mask == NULL) {
+               s_mask = talloc_asprintf(tmp_ctx, "0x%08x", ace->access_mask);
+               if (s_mask == NULL) goto failed;
+       }
 
        if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
            ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ||
            ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT ||
            ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) {
-               if (!GUID_all_zero(&ace->object.object.type.type)) {
+               if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
                        s_object = GUID_string(tmp_ctx, &ace->object.object.type.type);
                        if (s_object == NULL) goto failed;
                }
 
-               if (!GUID_all_zero(&ace->object.object.inherited_type.inherited_type)) {
+               if (ace->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
                        s_iobject = GUID_string(tmp_ctx, &ace->object.object.inherited_type.inherited_type);
                        if (s_iobject == NULL) goto failed;
                }