bug in smbcacls

Thu Feb 4 23:57:01 UTC 2016

On Thu, Feb 04, 2016 at 10:16:21AM -0800, Herb Lewis wrote:
> The following diff is against master. I also added a suggested
> change to allow
> the word None for flags as well.
> 
> --- a/source3/lib/util_sd.c
> +++ b/source3/lib/util_sd.c
> @@ -356,7 +356,13 @@ static bool parse_ace_flags(const char *str,
> unsigned int *pflags)
>         *pflags = 0;
> 
>         while (*p) {
> -               if (strnequal(p, "OI", 2)) {
> +               if (strnequal(p, "None", 2)) {
> +                       p += 4;
> +                       if (*p != '\0') {
> +                               return false;
> +                       }
> +                       return true;
> +               } else if (strnequal(p, "OI", 2)) {
>                         *pflags |= SEC_ACE_FLAG_OBJECT_INHERIT;
>                         p += 2;
>                 } else if (strnequal(p, "CI", 2)) {
> @@ -420,7 +426,7 @@ bool parse_ace(struct cli_state *cli, struct
> security_ace *ace,
>         p++;
>         /* Try to parse numeric form */
> 
> -       if (sscanf(p, "%u/%u/%u", &atype, &aflags, &amask) == 3 &&
> +       if (sscanf(p, "%i/%i/%i", &atype, &aflags, &amask) == 3 &&
>             StringToSid(cli, &sid, str)) {
>                 goto done;
>         }

Thank you. It probably makes sense to split this in two patches. We can
also easily add a test in source3/script/tests/test_sharesec.sh, since
that executes the same code path. I started working on this, maybe it
should also mentioned in the manpages.

Can i add your Signed-off-by to the patches above? I can then repost it
together with the test and man page updates.

Christof