Is the definition of security_ace_object in librpc/idl/security.idl correct?

Richard Sharpe realrichardsharpe at
Sun Apr 21 11:11:45 MDT 2013

Hi folks,

Perhaps I am mistaken, but my reading of the following from

        typedef struct {
                security_ace_object_flags flags;
                [switch_is(flags & SEC_ACE_OBJECT_TYPE_PRESENT)]
security_ace_object_type type;
                [switch_is(flags &
security_ace_object_inherited_type inherited_type;
        } security_ace_object;

suggests that the secuity_ace_object_type and
security_ace_object_inherited_type GUIDS will only be
marshalled/unmarshalled if the appropriate bits are set.

However, my reading of [MS-DTYP].PDF, section suggest that
those fields are present on the wire regardless of the bit values and
the flags field only serves to tell us whether those fields are valid.

Can anyone confirm?

I ask in the context of bug 9821 because there seems to be evidence
(not yet confirmed by a torture test) that Windows does not like it
when either of those fields is not physically there in the structure.

Richard Sharpe

More information about the samba-technical mailing list