libcli/security:sddl_parse: add some top level error messages

the way we parse things, we can't really distinguish between complete
nonsense and an ACL that seems to end early because of bad flags. That
is, "D:ZZ(A;;;;;WD)" looks the same as "ZZ" to the parser. But at least
we can point to the right place in the string.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c
index 80db182ff9cfe34f0281e2c2c35cf1ef4d1d2cf7..898725bd4cdd93ff4147ae7531d697899e321d46 100644 (file)
--- a/libcli/security/sddl.c
+++ b/libcli/security/sddl.c
@@ -916,8 +916,12 @@ struct security_descriptor *sddl_decode_err_msg(TALLOC_CTX *mem_ctx, const char
        while (*sddl) {
                uint32_t flags;
                char c = sddl[0];
-               if (sddl[1] != ':') goto failed;
-
+               if (sddl[1] != ':') {
+                       *msg = talloc_strdup(mem_ctx,
+                                            "expected '[OGDS]:' section start "
+                                            "(or the previous section ended prematurely)");
+                       goto failed;
+               }
                sddl += 2;
                switch (c) {
                case 'D':
@@ -945,6 +949,7 @@ struct security_descriptor *sddl_decode_err_msg(TALLOC_CTX *mem_ctx, const char
                        if (sd->group_sid == NULL) goto failed;
                        break;
                default:
+                       *msg = talloc_strdup(mem_ctx, "unexpected character (expected [OGDS])");
                        goto failed;
                }
        }