From cbddae005f1e6e787be925fab6e4b34f2a3471f0 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Tue, 12 Dec 2000 06:06:10 +0000
Subject: Better error checking for ACL parsing.

Print an error when attempting to delete a non-existent ACL.
(This used to be commit d119782d0d8d2738650da47fa11134d26134ce17)
---
 source3/utils/smbcacls.c | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

(limited to 'source3/utils')

diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 4d6622b0ef..aff5244fc5 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -281,10 +281,12 @@ static SEC_DESC *sec_desc_parse(char *str)
 
 		if (strncmp(tok,"REVISION:", 9) == 0) {
 			revision = strtol(tok+9, NULL, 16);
+			continue;
 		}
 
 		if (strncmp(tok,"TYPE:", 5) == 0) {
 			type = strtol(tok+5, NULL, 16);
+			continue;
 		}
 
 		if (strncmp(tok,"OWNER:", 6) == 0) {
@@ -294,6 +296,7 @@ static SEC_DESC *sec_desc_parse(char *str)
 				printf("Failed to parse owner sid\n");
 				return NULL;
 			}
+			continue;
 		}
 
 		if (strncmp(tok,"GROUP:", 6) == 0) {
@@ -303,6 +306,7 @@ static SEC_DESC *sec_desc_parse(char *str)
 				printf("Failed to parse group sid\n");
 				return NULL;
 			}
+			continue;
 		}
 
 		if (strncmp(tok,"ACL:", 4) == 0) {
@@ -312,7 +316,11 @@ static SEC_DESC *sec_desc_parse(char *str)
 				printf("Failed to parse ACL\n");
 				return NULL;
 			}
+			continue;
 		}
+
+		printf("Failed to parse security descriptor\n");
+		return NULL;
 	}
 
 	ret = make_sec_desc(revision, owner_sid, grp_sid, 
@@ -405,11 +413,8 @@ static void cacl_set(struct cli_state *cli, char *filename,
 	unsigned sd_size;
 
 	sd = sec_desc_parse(acl);
-	if (!sd) {
-		printf("Failed to parse security descriptor\n");
-		return;
-	}
 
+	if (!sd) return;
 	if (test_args) return;
 
 	/* the desired access below is the only one I could find that works with
@@ -426,6 +431,8 @@ static void cacl_set(struct cli_state *cli, char *filename,
 	switch (mode) {
 	case ACL_DELETE:
 		for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
+			BOOL found = False;
+
 			for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
 				if (sec_ace_equal(&sd->dacl->ace[i],
 						  &old->dacl->ace[j])) {
@@ -440,9 +447,17 @@ static void cacl_set(struct cli_state *cli, char *filename,
 						old->dacl = NULL;
 						old->off_dacl = 0;
 					}
+					found = True;
 					break;
 				}
 			}
+
+			if (!found) {
+				fstring str;
+
+				SidToString(str, &sd->dacl->ace[i].sid);
+				printf("ACL for SID %s not found\n", str);
+			}
 		}
 		break;
 
@@ -475,10 +490,9 @@ static void cacl_set(struct cli_state *cli, char *filename,
 		break;
 
 	case ACL_SET:
-		free_sec_desc(&old);
-		old = sd;
+ 		free_sec_desc(&old);
+ 		old = sd;
 		break;
-		
 	}
 
 	if (sd != old) {
-- 
cgit