Author: jra Date: 2005-11-02 02:13:08 +0000 (Wed, 02 Nov 2005) New Revision: 11460
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11460 Log: Improve error messages in parsing security descriptors. Jeremy. Modified: branches/SAMBA_3_0/source/utils/smbcacls.c Changeset: Modified: branches/SAMBA_3_0/source/utils/smbcacls.c =================================================================== --- branches/SAMBA_3_0/source/utils/smbcacls.c 2005-11-02 01:05:07 UTC (rev 11459) +++ branches/SAMBA_3_0/source/utils/smbcacls.c 2005-11-02 02:13:08 UTC (rev 11460) @@ -226,7 +226,7 @@ /* parse an ACE in the same format as print_ace() */ -static BOOL parse_ace(SEC_ACE *ace, char *str) +static BOOL parse_ace(SEC_ACE *ace, const char *orig_str) { char *p; const char *cp; @@ -235,10 +235,19 @@ DOM_SID sid; SEC_ACCESS mask; const struct perm_value *v; + char *str = SMB_STRDUP(orig_str); + if (!str) { + return False; + } + ZERO_STRUCTP(ace); p = strchr_m(str,':'); - if (!p) return False; + if (!p) { + printf("ACE '%s': missing ':'.\n", orig_str); + SAFE_FREE(str); + return False; + } *p = '\0'; p++; /* Try to parse numeric form */ @@ -251,11 +260,17 @@ /* Try to parse text form */ if (!StringToSid(&sid, str)) { + printf("ACE '%s': failed to convert '%s' to SID\n", + orig_str, str); + SAFE_FREE(str); return False; } cp = p; if (!next_token(&cp, tok, "/", sizeof(fstring))) { + printf("ACE '%s': failed to find '/' character.\n", + orig_str); + SAFE_FREE(str); return False; } @@ -264,6 +279,9 @@ } else if (strncmp(tok, "DENIED", strlen("DENIED")) == 0) { atype = SEC_ACE_TYPE_ACCESS_DENIED; } else { + printf("ACE '%s': missing 'ALLOWED' or 'DENIED' entry at '%s'\n", + orig_str, tok); + SAFE_FREE(str); return False; } @@ -271,15 +289,24 @@ if (!(next_token(&cp, tok, "/", sizeof(fstring)) && sscanf(tok, "%i", &aflags))) { + printf("ACE '%s': bad integer flags entry at '%s'\n", + orig_str, tok); + SAFE_FREE(str); return False; } if (!next_token(&cp, tok, "/", sizeof(fstring))) { + printf("ACE '%s': missing / at '%s'\n", + orig_str, tok); + SAFE_FREE(str); return False; } if (strncmp(tok, "0x", 2) == 0) { if (sscanf(tok, "%i", &amask) != 1) { + printf("ACE '%s': bad hex number at '%s'\n", + orig_str, tok); + SAFE_FREE(str); return False; } goto done; @@ -304,17 +331,24 @@ } } - if (!found) return False; + if (!found) { + printf("ACE '%s': bad permission value at '%s'\n", + orig_str, p); + SAFE_FREE(str); + return False; + } p++; } if (*p) { + SAFE_FREE(str); return False; } done: mask.mask = amask; init_sec_ace(ace, &sid, atype, mask, aflags); + SAFE_FREE(str); return True; } @@ -378,7 +412,6 @@ if (strncmp(tok,"ACL:", 4) == 0) { SEC_ACE ace; if (!parse_ace(&ace, tok+4)) { - printf("Failed to parse ACL %s\n", tok); return NULL; } if(!add_ace(&dacl, &ace)) { @@ -388,7 +421,7 @@ continue; } - printf("Failed to parse security descriptor\n"); + printf("Failed to parse token '%s' in security descriptor,\n", tok); return NULL; }
