From a306447aa4bc1c4f66bba58a8a1091426cc3ccce Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 2 Nov 2005 02:13:08 +0000
Subject: r11460: Improve error messages in parsing security descriptors.
 Jeremy. (This used to be commit 385f128de716b62bdfc82627a403fe6dd69bd39d)

---
 source3/utils/smbcacls.c | 43 ++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 38 insertions(+), 5 deletions(-)

(limited to 'source3/utils')

diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 36efcc247d..01ca54c649 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -226,7 +226,7 @@ static void print_ace(FILE *f, SEC_ACE *ace)
 
 
 /* parse an ACE in the same format as print_ace() */
-static BOOL parse_ace(SEC_ACE *ace, char *str)
+static BOOL parse_ace(SEC_ACE *ace, const char *orig_str)
 {
 	char *p;
 	const char *cp;
@@ -235,10 +235,19 @@ static BOOL parse_ace(SEC_ACE *ace, char *str)
 	DOM_SID sid;
 	SEC_ACCESS mask;
 	const struct perm_value *v;
+	char *str = SMB_STRDUP(orig_str);
+
+	if (!str) {
+		return False;
+	}
 
 	ZERO_STRUCTP(ace);
 	p = strchr_m(str,':');
-	if (!p) return False;
+	if (!p) {
+		printf("ACE '%s': missing ':'.\n", orig_str);
+		SAFE_FREE(str);
+		return False;
+	}
 	*p = '\0';
 	p++;
 	/* Try to parse numeric form */
@@ -251,11 +260,17 @@ static BOOL parse_ace(SEC_ACE *ace, char *str)
 	/* Try to parse text form */
 
 	if (!StringToSid(&sid, str)) {
+		printf("ACE '%s': failed to convert '%s' to SID\n",
+			orig_str, str);
+		SAFE_FREE(str);
 		return False;
 	}
 
 	cp = p;
 	if (!next_token(&cp, tok, "/", sizeof(fstring))) {
+		printf("ACE '%s': failed to find '/' character.\n",
+			orig_str);
+		SAFE_FREE(str);
 		return False;
 	}
 
@@ -264,6 +279,9 @@ static BOOL parse_ace(SEC_ACE *ace, char *str)
 	} else if (strncmp(tok, "DENIED", strlen("DENIED")) == 0) {
 		atype = SEC_ACE_TYPE_ACCESS_DENIED;
 	} else {
+		printf("ACE '%s': missing 'ALLOWED' or 'DENIED' entry at '%s'\n",
+			orig_str, tok);
+		SAFE_FREE(str);
 		return False;
 	}
 
@@ -271,15 +289,24 @@ static BOOL parse_ace(SEC_ACE *ace, char *str)
 
 	if (!(next_token(&cp, tok, "/", sizeof(fstring)) &&
 	      sscanf(tok, "%i", &aflags))) {
+		printf("ACE '%s': bad integer flags entry at '%s'\n",
+			orig_str, tok);
+		SAFE_FREE(str);
 		return False;
 	}
 
 	if (!next_token(&cp, tok, "/", sizeof(fstring))) {
+		printf("ACE '%s': missing / at '%s'\n",
+			orig_str, tok);
+		SAFE_FREE(str);
 		return False;
 	}
 
 	if (strncmp(tok, "0x", 2) == 0) {
 		if (sscanf(tok, "%i", &amask) != 1) {
+			printf("ACE '%s': bad hex number at '%s'\n",
+				orig_str, tok);
+			SAFE_FREE(str);
 			return False;
 		}
 		goto done;
@@ -304,17 +331,24 @@ static BOOL parse_ace(SEC_ACE *ace, char *str)
 			}
 		}
 
-		if (!found) return False;
+		if (!found) {
+			printf("ACE '%s': bad permission value at '%s'\n",
+				orig_str, p);
+			SAFE_FREE(str);
+		 	return False;
+		}
 		p++;
 	}
 
 	if (*p) {
+		SAFE_FREE(str);
 		return False;
 	}
 
  done:
 	mask.mask = amask;
 	init_sec_ace(ace, &sid, atype, mask, aflags);
+	SAFE_FREE(str);
 	return True;
 }
 
@@ -378,7 +412,6 @@ static SEC_DESC *sec_desc_parse(char *str)
 		if (strncmp(tok,"ACL:", 4) == 0) {
 			SEC_ACE ace;
 			if (!parse_ace(&ace, tok+4)) {
-				printf("Failed to parse ACL %s\n", tok);
 				return NULL;
 			}
 			if(!add_ace(&dacl, &ace)) {
@@ -388,7 +421,7 @@ static SEC_DESC *sec_desc_parse(char *str)
 			continue;
 		}
 
-		printf("Failed to parse security descriptor\n");
+		printf("Failed to parse token '%s' in security descriptor,\n", tok);
 		return NULL;
 	}
 
-- 
cgit