summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/smbcacls.c43
1 files changed, 38 insertions, 5 deletions
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 36efcc247d..01ca54c649 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -226,7 +226,7 @@ static void print_ace(FILE *f, SEC_ACE *ace)
/* parse an ACE in the same format as print_ace() */
-static BOOL parse_ace(SEC_ACE *ace, char *str)
+static BOOL parse_ace(SEC_ACE *ace, const char *orig_str)
{
char *p;
const char *cp;
@@ -235,10 +235,19 @@ static BOOL parse_ace(SEC_ACE *ace, char *str)
DOM_SID sid;
SEC_ACCESS mask;
const struct perm_value *v;
+ char *str = SMB_STRDUP(orig_str);
+
+ if (!str) {
+ return False;
+ }
ZERO_STRUCTP(ace);
p = strchr_m(str,':');
- if (!p) return False;
+ if (!p) {
+ printf("ACE '%s': missing ':'.\n", orig_str);
+ SAFE_FREE(str);
+ return False;
+ }
*p = '\0';
p++;
/* Try to parse numeric form */
@@ -251,11 +260,17 @@ static BOOL parse_ace(SEC_ACE *ace, char *str)
/* Try to parse text form */
if (!StringToSid(&sid, str)) {
+ printf("ACE '%s': failed to convert '%s' to SID\n",
+ orig_str, str);
+ SAFE_FREE(str);
return False;
}
cp = p;
if (!next_token(&cp, tok, "/", sizeof(fstring))) {
+ printf("ACE '%s': failed to find '/' character.\n",
+ orig_str);
+ SAFE_FREE(str);
return False;
}
@@ -264,6 +279,9 @@ static BOOL parse_ace(SEC_ACE *ace, char *str)
} else if (strncmp(tok, "DENIED", strlen("DENIED")) == 0) {
atype = SEC_ACE_TYPE_ACCESS_DENIED;
} else {
+ printf("ACE '%s': missing 'ALLOWED' or 'DENIED' entry at '%s'\n",
+ orig_str, tok);
+ SAFE_FREE(str);
return False;
}
@@ -271,15 +289,24 @@ static BOOL parse_ace(SEC_ACE *ace, char *str)
if (!(next_token(&cp, tok, "/", sizeof(fstring)) &&
sscanf(tok, "%i", &aflags))) {
+ printf("ACE '%s': bad integer flags entry at '%s'\n",
+ orig_str, tok);
+ SAFE_FREE(str);
return False;
}
if (!next_token(&cp, tok, "/", sizeof(fstring))) {
+ printf("ACE '%s': missing / at '%s'\n",
+ orig_str, tok);
+ SAFE_FREE(str);
return False;
}
if (strncmp(tok, "0x", 2) == 0) {
if (sscanf(tok, "%i", &amask) != 1) {
+ printf("ACE '%s': bad hex number at '%s'\n",
+ orig_str, tok);
+ SAFE_FREE(str);
return False;
}
goto done;
@@ -304,17 +331,24 @@ static BOOL parse_ace(SEC_ACE *ace, char *str)
}
}
- if (!found) return False;
+ if (!found) {
+ printf("ACE '%s': bad permission value at '%s'\n",
+ orig_str, p);
+ SAFE_FREE(str);
+ return False;
+ }
p++;
}
if (*p) {
+ SAFE_FREE(str);
return False;
}
done:
mask.mask = amask;
init_sec_ace(ace, &sid, atype, mask, aflags);
+ SAFE_FREE(str);
return True;
}
@@ -378,7 +412,6 @@ static SEC_DESC *sec_desc_parse(char *str)
if (strncmp(tok,"ACL:", 4) == 0) {
SEC_ACE ace;
if (!parse_ace(&ace, tok+4)) {
- printf("Failed to parse ACL %s\n", tok);
return NULL;
}
if(!add_ace(&dacl, &ace)) {
@@ -388,7 +421,7 @@ static SEC_DESC *sec_desc_parse(char *str)
continue;
}
- printf("Failed to parse security descriptor\n");
+ printf("Failed to parse token '%s' in security descriptor,\n", tok);
return NULL;
}