diff options
author | Jeremy Allison <jra@samba.org> | 2005-11-02 02:13:08 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:05:17 -0500 |
commit | a306447aa4bc1c4f66bba58a8a1091426cc3ccce (patch) | |
tree | 178392c3fa13573de32b9a9e88485eb763ca0064 | |
parent | d6a68f8739488c1857b6dd8bdead24cda67a4800 (diff) | |
download | samba-a306447aa4bc1c4f66bba58a8a1091426cc3ccce.tar.gz samba-a306447aa4bc1c4f66bba58a8a1091426cc3ccce.tar.bz2 samba-a306447aa4bc1c4f66bba58a8a1091426cc3ccce.zip |
r11460: Improve error messages in parsing security descriptors.
Jeremy.
(This used to be commit 385f128de716b62bdfc82627a403fe6dd69bd39d)
-rw-r--r-- | source3/utils/smbcacls.c | 43 |
1 files changed, 38 insertions, 5 deletions
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 36efcc247d..01ca54c649 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -226,7 +226,7 @@ static void print_ace(FILE *f, SEC_ACE *ace) /* parse an ACE in the same format as print_ace() */ -static BOOL parse_ace(SEC_ACE *ace, char *str) +static BOOL parse_ace(SEC_ACE *ace, const char *orig_str) { char *p; const char *cp; @@ -235,10 +235,19 @@ static BOOL parse_ace(SEC_ACE *ace, char *str) DOM_SID sid; SEC_ACCESS mask; const struct perm_value *v; + char *str = SMB_STRDUP(orig_str); + + if (!str) { + return False; + } ZERO_STRUCTP(ace); p = strchr_m(str,':'); - if (!p) return False; + if (!p) { + printf("ACE '%s': missing ':'.\n", orig_str); + SAFE_FREE(str); + return False; + } *p = '\0'; p++; /* Try to parse numeric form */ @@ -251,11 +260,17 @@ static BOOL parse_ace(SEC_ACE *ace, char *str) /* Try to parse text form */ if (!StringToSid(&sid, str)) { + printf("ACE '%s': failed to convert '%s' to SID\n", + orig_str, str); + SAFE_FREE(str); return False; } cp = p; if (!next_token(&cp, tok, "/", sizeof(fstring))) { + printf("ACE '%s': failed to find '/' character.\n", + orig_str); + SAFE_FREE(str); return False; } @@ -264,6 +279,9 @@ static BOOL parse_ace(SEC_ACE *ace, char *str) } else if (strncmp(tok, "DENIED", strlen("DENIED")) == 0) { atype = SEC_ACE_TYPE_ACCESS_DENIED; } else { + printf("ACE '%s': missing 'ALLOWED' or 'DENIED' entry at '%s'\n", + orig_str, tok); + SAFE_FREE(str); return False; } @@ -271,15 +289,24 @@ static BOOL parse_ace(SEC_ACE *ace, char *str) if (!(next_token(&cp, tok, "/", sizeof(fstring)) && sscanf(tok, "%i", &aflags))) { + printf("ACE '%s': bad integer flags entry at '%s'\n", + orig_str, tok); + SAFE_FREE(str); return False; } if (!next_token(&cp, tok, "/", sizeof(fstring))) { + printf("ACE '%s': missing / at '%s'\n", + orig_str, tok); + SAFE_FREE(str); return False; } if (strncmp(tok, "0x", 2) == 0) { if (sscanf(tok, "%i", &amask) != 1) { + printf("ACE '%s': bad hex number at '%s'\n", + orig_str, tok); + SAFE_FREE(str); return False; } goto done; @@ -304,17 +331,24 @@ static BOOL parse_ace(SEC_ACE *ace, char *str) } } - if (!found) return False; + if (!found) { + printf("ACE '%s': bad permission value at '%s'\n", + orig_str, p); + SAFE_FREE(str); + return False; + } p++; } if (*p) { + SAFE_FREE(str); return False; } done: mask.mask = amask; init_sec_ace(ace, &sid, atype, mask, aflags); + SAFE_FREE(str); return True; } @@ -378,7 +412,6 @@ static SEC_DESC *sec_desc_parse(char *str) if (strncmp(tok,"ACL:", 4) == 0) { SEC_ACE ace; if (!parse_ace(&ace, tok+4)) { - printf("Failed to parse ACL %s\n", tok); return NULL; } if(!add_ace(&dacl, &ace)) { @@ -388,7 +421,7 @@ static SEC_DESC *sec_desc_parse(char *str) continue; } - printf("Failed to parse security descriptor\n"); + printf("Failed to parse token '%s' in security descriptor,\n", tok); return NULL; } |