diff options
Diffstat (limited to 'source3/utils')
-rw-r--r-- | source3/utils/smbcacls.c | 43 |
1 files changed, 38 insertions, 5 deletions
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 36efcc247d..01ca54c649 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -226,7 +226,7 @@ static void print_ace(FILE *f, SEC_ACE *ace) /* parse an ACE in the same format as print_ace() */ -static BOOL parse_ace(SEC_ACE *ace, char *str) +static BOOL parse_ace(SEC_ACE *ace, const char *orig_str) { char *p; const char *cp; @@ -235,10 +235,19 @@ static BOOL parse_ace(SEC_ACE *ace, char *str) DOM_SID sid; SEC_ACCESS mask; const struct perm_value *v; + char *str = SMB_STRDUP(orig_str); + + if (!str) { + return False; + } ZERO_STRUCTP(ace); p = strchr_m(str,':'); - if (!p) return False; + if (!p) { + printf("ACE '%s': missing ':'.\n", orig_str); + SAFE_FREE(str); + return False; + } *p = '\0'; p++; /* Try to parse numeric form */ @@ -251,11 +260,17 @@ static BOOL parse_ace(SEC_ACE *ace, char *str) /* Try to parse text form */ if (!StringToSid(&sid, str)) { + printf("ACE '%s': failed to convert '%s' to SID\n", + orig_str, str); + SAFE_FREE(str); return False; } cp = p; if (!next_token(&cp, tok, "/", sizeof(fstring))) { + printf("ACE '%s': failed to find '/' character.\n", + orig_str); + SAFE_FREE(str); return False; } @@ -264,6 +279,9 @@ static BOOL parse_ace(SEC_ACE *ace, char *str) } else if (strncmp(tok, "DENIED", strlen("DENIED")) == 0) { atype = SEC_ACE_TYPE_ACCESS_DENIED; } else { + printf("ACE '%s': missing 'ALLOWED' or 'DENIED' entry at '%s'\n", + orig_str, tok); + SAFE_FREE(str); return False; } @@ -271,15 +289,24 @@ static BOOL parse_ace(SEC_ACE *ace, char *str) if (!(next_token(&cp, tok, "/", sizeof(fstring)) && sscanf(tok, "%i", &aflags))) { + printf("ACE '%s': bad integer flags entry at '%s'\n", + orig_str, tok); + SAFE_FREE(str); return False; } if (!next_token(&cp, tok, "/", sizeof(fstring))) { + printf("ACE '%s': missing / at '%s'\n", + orig_str, tok); + SAFE_FREE(str); return False; } if (strncmp(tok, "0x", 2) == 0) { if (sscanf(tok, "%i", &amask) != 1) { + printf("ACE '%s': bad hex number at '%s'\n", + orig_str, tok); + SAFE_FREE(str); return False; } goto done; @@ -304,17 +331,24 @@ static BOOL parse_ace(SEC_ACE *ace, char *str) } } - if (!found) return False; + if (!found) { + printf("ACE '%s': bad permission value at '%s'\n", + orig_str, p); + SAFE_FREE(str); + return False; + } p++; } if (*p) { + SAFE_FREE(str); return False; } done: mask.mask = amask; init_sec_ace(ace, &sid, atype, mask, aflags); + SAFE_FREE(str); return True; } @@ -378,7 +412,6 @@ static SEC_DESC *sec_desc_parse(char *str) if (strncmp(tok,"ACL:", 4) == 0) { SEC_ACE ace; if (!parse_ace(&ace, tok+4)) { - printf("Failed to parse ACL %s\n", tok); return NULL; } if(!add_ace(&dacl, &ace)) { @@ -388,7 +421,7 @@ static SEC_DESC *sec_desc_parse(char *str) continue; } - printf("Failed to parse security descriptor\n"); + printf("Failed to parse token '%s' in security descriptor,\n", tok); return NULL; } |