r11460: Improve error messages in parsing security descriptors.

author Jeremy Allison <jra@samba.org>

Wed, 2 Nov 2005 02:13:08 +0000 (02:13 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 16:05:17 +0000 (11:05 -0500)
author Jeremy Allison <jra@samba.org>
Wed, 2 Nov 2005 02:13:08 +0000 (02:13 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 16:05:17 +0000 (11:05 -0500)
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c

index 36efcc247d56bd364120b849ade959d55ffeb86c..01ca54c649176c0b83045a690c15f64fb98b9a09 100644 (file)
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -226,7 +226,7 @@ static void print_ace(FILE *f, SEC_ACE *ace)
  
  
  /* parse an ACE in the same format as print_ace() */
-static BOOL parse_ace(SEC_ACE *ace, char *str)
+static BOOL parse_ace(SEC_ACE *ace, const char *orig_str)
  {
         char *p;
         const char *cp;
@@ -235,10 +235,19 @@ static BOOL parse_ace(SEC_ACE *ace, char *str)
         DOM_SID sid;
         SEC_ACCESS mask;
         const struct perm_value *v;
+       char *str = SMB_STRDUP(orig_str);
+
+       if (!str) {
+               return False;
+       }
  
         ZERO_STRUCTP(ace);
         p = strchr_m(str,':');
-       if (!p) return False;
+       if (!p) {
+               printf("ACE '%s': missing ':'.\n", orig_str);
+               SAFE_FREE(str);
+               return False;
+       }
         *p = '\0';
         p++;
         /* Try to parse numeric form */
@@ -251,11 +260,17 @@ static BOOL parse_ace(SEC_ACE *ace, char *str)
         /* Try to parse text form */
  
         if (!StringToSid(&sid, str)) {
+               printf("ACE '%s': failed to convert '%s' to SID\n",
+                       orig_str, str);
+               SAFE_FREE(str);
                 return False;
         }
  
         cp = p;
         if (!next_token(&cp, tok, "/", sizeof(fstring))) {
+               printf("ACE '%s': failed to find '/' character.\n",
+                       orig_str);
+               SAFE_FREE(str);
                 return False;
         }
  
@@ -264,6 +279,9 @@ static BOOL parse_ace(SEC_ACE *ace, char *str)
         } else if (strncmp(tok, "DENIED", strlen("DENIED")) == 0) {
                 atype = SEC_ACE_TYPE_ACCESS_DENIED;
         } else {
+               printf("ACE '%s': missing 'ALLOWED' or 'DENIED' entry at '%s'\n",
+                       orig_str, tok);
+               SAFE_FREE(str);
                 return False;
         }
  
@@ -271,15 +289,24 @@ static BOOL parse_ace(SEC_ACE *ace, char *str)
  
         if (!(next_token(&cp, tok, "/", sizeof(fstring)) &&
               sscanf(tok, "%i", &aflags))) {
+               printf("ACE '%s': bad integer flags entry at '%s'\n",
+                       orig_str, tok);
+               SAFE_FREE(str);
                 return False;
         }
  
         if (!next_token(&cp, tok, "/", sizeof(fstring))) {
+               printf("ACE '%s': missing / at '%s'\n",
+                       orig_str, tok);
+               SAFE_FREE(str);
                 return False;
         }
  
         if (strncmp(tok, "0x", 2) == 0) {
                 if (sscanf(tok, "%i", &amask) != 1) {
+                       printf("ACE '%s': bad hex number at '%s'\n",
+                               orig_str, tok);
+                       SAFE_FREE(str);
                         return False;
                 }
                 goto done;
@@ -304,17 +331,24 @@ static BOOL parse_ace(SEC_ACE *ace, char *str)
                         }
                 }
  
-               if (!found) return False;
+               if (!found) {
+                       printf("ACE '%s': bad permission value at '%s'\n",
+                               orig_str, p);
+                       SAFE_FREE(str);
+                       return False;
+               }
                 p++;
         }
  
         if (*p) {
+               SAFE_FREE(str);
                 return False;
         }
  
   done:
         mask.mask = amask;
         init_sec_ace(ace, &sid, atype, mask, aflags);
+       SAFE_FREE(str);
         return True;
  }
  
@@ -378,7 +412,6 @@ static SEC_DESC *sec_desc_parse(char *str)
                 if (strncmp(tok,"ACL:", 4) == 0) {
                         SEC_ACE ace;
                         if (!parse_ace(&ace, tok+4)) {
-                               printf("Failed to parse ACL %s\n", tok);
                                 return NULL;
                         }
                         if(!add_ace(&dacl, &ace)) {
@@ -388,7 +421,7 @@ static SEC_DESC *sec_desc_parse(char *str)
                         continue;
                 }
  
-               printf("Failed to parse security descriptor\n");
+               printf("Failed to parse token '%s' in security descriptor,\n", tok);
                 return NULL;
         }
author	Jeremy Allison <jra@samba.org>
	Wed, 2 Nov 2005 02:13:08 +0000 (02:13 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 16:05:17 +0000 (11:05 -0500)