search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 9b57d5c) | patch
libcli/security: add sddl_decode_err_msg()
commit93347aa5af151c4441b768580d174a0d26fb5b91
authorDouglas Bagnall <douglas.bagnall@catalyst.net.nz>
Thu, 26 Oct 2023 03:55:33 +0000 (26 16:55 +1300)
committerAndrew Bartlett <abartlet@samba.org>
Wed, 1 Nov 2023 20:10:45 +0000 (1 20:10 +0000)
tree1cbb2b29c3803b8ac986ec08a63be2786f46bf9ctree | snapshot (tar.gz zip)
parent9b57d5cd5c880e1cd2ea43b586686481cb347aa6commit | diff
libcli/security: add sddl_decode_err_msg()

This will return an error message, if it can, along with an indicative
position.

For conditional ACEs the message might be accurate, and the position
fine-grained. For example, you might be able to construct the message
like this:

D:(XA;;CC;;;S-1-2-3;(@User.Title == !(@User.Title)))
                                    ^
 16: unexpected operator

For non-conditional ACEs, the position typically points to the beginning
of the ACE, like this:

D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A; OICI; GRGWGX;;;AU)
                                  ^
 unknown error

Here the error is in the spaces either side of " OICI; ", but the pointer
points to the beginning of the ACE.

The old sddl_decode() function becomes a wrapper around the new function,
which inherits the guts of the old function.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security/sddl.c diff | blob | blame | history
libcli/security/sddl.h diff | blob | blame | history
Samba GIT mirror