diff options
author | Andrew Tridgell <tridge@samba.org> | 2001-09-04 07:13:01 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2001-09-04 07:13:01 +0000 |
commit | 19fea3242cf6234786b6cbb60631e0071f31ff9f (patch) | |
tree | 1de6e79890a80a1e03cf0dce5813513aaf51bc59 /source3/nsswitch | |
parent | 55cf37488f66eba2826dba08e80dd4ab6df33fc3 (diff) | |
download | samba-19fea3242cf6234786b6cbb60631e0071f31ff9f.tar.gz samba-19fea3242cf6234786b6cbb60631e0071f31ff9f.tar.bz2 samba-19fea3242cf6234786b6cbb60631e0071f31ff9f.zip |
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work
(This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r-- | source3/nsswitch/winbindd_glue.c | 130 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_group.c | 7 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_misc.c | 18 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 8 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_proto.h | 2 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_user.c | 12 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_util.c | 21 |
7 files changed, 94 insertions, 104 deletions
diff --git a/source3/nsswitch/winbindd_glue.c b/source3/nsswitch/winbindd_glue.c index e9792c6d47..0b721e36d2 100644 --- a/source3/nsswitch/winbindd_glue.c +++ b/source3/nsswitch/winbindd_glue.c @@ -34,7 +34,7 @@ BOOL wb_lsa_open_policy(char *server, BOOL sec_qos, uint32 des_access, struct ntuser_creds creds; struct in_addr dest_ip; fstring dest_host; - uint32 result = NT_STATUS_UNSUCCESSFUL; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; extern pstring global_myname; ZERO_STRUCTP(pol); @@ -79,13 +79,13 @@ BOOL wb_lsa_open_policy(char *server, BOOL sec_qos, uint32 des_access, des_access, &pol->handle); done: - if (result != NT_STATUS_OK && pol->cli) { + if (!NT_STATUS_IS_OK(result) && pol->cli) { if (pol->cli->initialised) cli_shutdown(pol->cli); free(pol->cli); } - return (result == NT_STATUS_OK); + return NT_STATUS_IS_OK(result); } /**************************************************************************** @@ -94,12 +94,12 @@ do a LSA Enumerate Trusted Domain BOOL wb_lsa_enum_trust_dom(CLI_POLICY_HND *hnd, uint32 *enum_ctx, uint32 * num_doms, char ***names, DOM_SID **sids) { - uint32 ret; + NTSTATUS ret; ret = cli_lsa_enum_trust_dom(hnd->cli, hnd->mem_ctx, &hnd->handle, enum_ctx, num_doms, names, sids); - return (ret == NT_STATUS_OK); + return NT_STATUS_IS_OK(ret); } /**************************************************************************** @@ -108,12 +108,12 @@ do a LSA Query Info Policy BOOL wb_lsa_query_info_pol(CLI_POLICY_HND *hnd, uint16 info_class, fstring domain_name, DOM_SID *domain_sid) { - uint32 ret; + NTSTATUS ret; ret = cli_lsa_query_info_policy(hnd->cli, hnd->mem_ctx, &hnd->handle, info_class, domain_name, domain_sid); - return (ret == NT_STATUS_OK); + return NT_STATUS_IS_OK(ret); } /**************************************************************************** @@ -122,12 +122,12 @@ do a LSA Lookup Names BOOL wb_lsa_lookup_names(CLI_POLICY_HND *hnd, int num_names, char **names, DOM_SID **sids, uint32 **types, int *num_sids) { - uint32 ret; + NTSTATUS ret; ret = cli_lsa_lookup_names(hnd->cli, hnd->mem_ctx, &hnd->handle, num_names, names, sids, types, num_sids); - return (ret == NT_STATUS_OK); + return NT_STATUS_IS_OK(ret); } /**************************************************************************** @@ -136,12 +136,12 @@ do a LSA Lookup SIDS BOOL wb_lsa_lookup_sids(CLI_POLICY_HND *hnd, int num_sids, DOM_SID *sids, char ***names, uint32 **types, int *num_names) { - uint32 ret; + NTSTATUS ret; ret = cli_lsa_lookup_sids(hnd->cli, hnd->mem_ctx, &hnd->handle, num_sids, sids, names, types, num_names); - return (ret == NT_STATUS_OK); + return NT_STATUS_IS_OK(ret); } /**************************************************************************** @@ -149,11 +149,11 @@ lsa_close glue ****************************************************************************/ BOOL wb_lsa_close(CLI_POLICY_HND *hnd) { - uint32 ret; + NTSTATUS ret; ret = cli_lsa_close(hnd->cli, hnd->mem_ctx, &hnd->handle); - return (ret == NT_STATUS_OK); + return NT_STATUS_IS_OK(ret); } @@ -162,11 +162,11 @@ samr_close glue ****************************************************************************/ BOOL wb_samr_close(CLI_POLICY_HND *hnd) { - uint32 ret; + NTSTATUS ret; ret = cli_samr_close(hnd->cli, hnd->mem_ctx, &hnd->handle); - return (ret == NT_STATUS_OK); + return NT_STATUS_IS_OK(ret); } @@ -179,7 +179,7 @@ BOOL wb_samr_connect(char *server, uint32 access_mask, CLI_POLICY_HND *pol) struct ntuser_creds creds; struct in_addr dest_ip; fstring dest_host; - uint32 result = NT_STATUS_UNSUCCESSFUL; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; extern pstring global_myname; ZERO_STRUCTP(pol); @@ -225,13 +225,13 @@ BOOL wb_samr_connect(char *server, uint32 access_mask, CLI_POLICY_HND *pol) access_mask, &pol->handle); done: - if (result != NT_STATUS_OK && pol->cli) { + if (!NT_STATUS_IS_OK(result) && pol->cli) { if (pol->cli->initialised) cli_shutdown(pol->cli); free(pol->cli); } - return (result == NT_STATUS_OK); + return NT_STATUS_IS_OK(result); } @@ -241,7 +241,7 @@ samr_open_domain glue BOOL wb_samr_open_domain(CLI_POLICY_HND *connect_pol, uint32 ace_perms, DOM_SID *sid, CLI_POLICY_HND *domain_pol) { - uint32 ret; + NTSTATUS ret; ret = cli_samr_open_domain(connect_pol->cli, connect_pol->mem_ctx, @@ -250,7 +250,7 @@ BOOL wb_samr_open_domain(CLI_POLICY_HND *connect_pol, uint32 ace_perms, sid, &domain_pol->handle); - if (ret == NT_STATUS_OK) { + if NT_STATUS_IS_OK(ret) { domain_pol->cli = connect_pol->cli; domain_pol->mem_ctx = connect_pol->mem_ctx; return True; @@ -262,16 +262,12 @@ BOOL wb_samr_open_domain(CLI_POLICY_HND *connect_pol, uint32 ace_perms, /**************************************************************************** do a SAMR enumerate groups ****************************************************************************/ -uint32 wb_samr_enum_dom_groups(CLI_POLICY_HND *pol, uint32 *start_idx, +NTSTATUS wb_samr_enum_dom_groups(CLI_POLICY_HND *pol, uint32 *start_idx, uint32 size, struct acct_info **sam, uint32 *num_sam_groups) { - uint32 ret; - - ret = cli_samr_enum_dom_groups(pol->cli, pol->mem_ctx, &pol->handle, - start_idx, size, sam, num_sam_groups); - - return (ret == NT_STATUS_OK); + return cli_samr_enum_dom_groups(pol->cli, pol->mem_ctx, &pol->handle, + start_idx, size, sam, num_sam_groups); } /**************************************************************************** @@ -282,25 +278,25 @@ BOOL wb_get_samr_query_userinfo(CLI_POLICY_HND *pol, uint32 info_level, { POLICY_HND user_pol; BOOL got_user_pol = False; - uint32 result; + NTSTATUS result; - if ((result = cli_samr_open_user(pol->cli, pol->mem_ctx, - &pol->handle, MAXIMUM_ALLOWED_ACCESS, - user_rid, &user_pol)) - != NT_STATUS_OK) + result = cli_samr_open_user(pol->cli, pol->mem_ctx, + &pol->handle, MAXIMUM_ALLOWED_ACCESS, + user_rid, &user_pol); + if (!NT_STATUS_IS_OK(result)) goto done; got_user_pol = True; - if ((result = cli_samr_query_userinfo(pol->cli, pol->mem_ctx, - &user_pol, info_level, ctr)) - != NT_STATUS_OK) + result = cli_samr_query_userinfo(pol->cli, pol->mem_ctx, + &user_pol, info_level, ctr); + if (!NT_STATUS_IS_OK(result)) goto done; done: if (got_user_pol) cli_samr_close(pol->cli, pol->mem_ctx, &user_pol); - return (result == NT_STATUS_OK); + return NT_STATUS_IS_OK(result); } /**************************************************************************** @@ -309,23 +305,23 @@ do a SAMR enumerate groups BOOL wb_samr_open_user(CLI_POLICY_HND *pol, uint32 access_mask, uint32 rid, POLICY_HND *user_pol) { - uint32 ret; + NTSTATUS ret; ret = cli_samr_open_user(pol->cli, pol->mem_ctx, &pol->handle, access_mask, rid, user_pol); - return (ret == NT_STATUS_OK); + return NT_STATUS_IS_OK(ret); } BOOL wb_samr_query_usergroups(CLI_POLICY_HND *pol, uint32 *num_groups, DOM_GID **gid) { - uint32 ret; + NTSTATUS ret; ret = cli_samr_query_usergroups(pol->cli, pol->mem_ctx, &pol->handle, num_groups, gid); - return (ret == NT_STATUS_OK); + return NT_STATUS_IS_OK(ret); } BOOL wb_get_samr_query_groupinfo(CLI_POLICY_HND *pol, uint32 info_level, @@ -333,25 +329,23 @@ BOOL wb_get_samr_query_groupinfo(CLI_POLICY_HND *pol, uint32 info_level, { POLICY_HND group_pol; BOOL got_group_pol = False; - uint32 result; + NTSTATUS result; - if ((result = cli_samr_open_group(pol->cli, pol->mem_ctx, - &pol->handle, MAXIMUM_ALLOWED_ACCESS, - group_rid, &group_pol)) - != NT_STATUS_OK) + result = cli_samr_open_group(pol->cli, pol->mem_ctx, + &pol->handle, MAXIMUM_ALLOWED_ACCESS, + group_rid, &group_pol); + if (!NT_STATUS_IS_OK(result)) goto done; got_group_pol = True; - if ((result = cli_samr_query_groupinfo(pol->cli, pol->mem_ctx, - &group_pol, info_level, - ctr)) != NT_STATUS_OK) - goto done; - + result = cli_samr_query_groupinfo(pol->cli, pol->mem_ctx, + &group_pol, info_level, + ctr); done: if (got_group_pol) cli_samr_close(pol->cli, pol->mem_ctx, &group_pol); - return (result == NT_STATUS_OK); + return NT_STATUS_IS_OK(result); } BOOL wb_sam_query_groupmem(CLI_POLICY_HND *pol, uint32 group_rid, @@ -360,20 +354,21 @@ BOOL wb_sam_query_groupmem(CLI_POLICY_HND *pol, uint32 group_rid, { BOOL got_group_pol = False; POLICY_HND group_pol; - uint32 result, i, total_names = 0; + NTSTATUS result; + uint32 i, total_names = 0; - if ((result = cli_samr_open_group(pol->cli, pol->mem_ctx, - &pol->handle, MAXIMUM_ALLOWED_ACCESS, - group_rid, &group_pol)) - != NT_STATUS_OK) + result = cli_samr_open_group(pol->cli, pol->mem_ctx, + &pol->handle, MAXIMUM_ALLOWED_ACCESS, + group_rid, &group_pol); + if (!NT_STATUS_IS_OK(result)) goto done; got_group_pol = True; - if ((result = cli_samr_query_groupmem(pol->cli, pol->mem_ctx, - &group_pol, num_names, rid_mem, - name_types)) - != NT_STATUS_OK) + result = cli_samr_query_groupmem(pol->cli, pol->mem_ctx, + &group_pol, num_names, rid_mem, + name_types); + if (!NT_STATUS_IS_OK(result)) goto done; /* Call cli_samr_lookup_rids() in bunches of ~1000 rids to avoid @@ -398,8 +393,7 @@ BOOL wb_sam_query_groupmem(CLI_POLICY_HND *pol, uint32 group_rid, &(*rid_mem)[i], &tmp_num_names, &tmp_names, &tmp_types); - - if (result != NT_STATUS_OK) + if (!NT_STATUS_IS_OK(result)) goto done; /* Copy result into array. The talloc system will take @@ -420,26 +414,26 @@ BOOL wb_sam_query_groupmem(CLI_POLICY_HND *pol, uint32 group_rid, if (got_group_pol) cli_samr_close(pol->cli, pol->mem_ctx, &group_pol); - return (result == NT_STATUS_OK); + return NT_STATUS_IS_OK(result); } BOOL wb_samr_query_dom_info(CLI_POLICY_HND *pol, uint16 switch_value, SAM_UNK_CTR *ctr) { - uint32 ret; + NTSTATUS ret; ret = cli_samr_query_dom_info(pol->cli, pol->mem_ctx, &pol->handle, switch_value, ctr); - return (ret == NT_STATUS_OK); + return NT_STATUS_IS_OK(ret); } /* Unlike all the others, the status code of this function is actually used by winbindd. */ -uint32 wb_samr_query_dispinfo(CLI_POLICY_HND *pol, uint32 *start_ndx, - uint16 info_level, uint32 *num_entries, - SAM_DISPINFO_CTR *ctr) +NTSTATUS wb_samr_query_dispinfo(CLI_POLICY_HND *pol, uint32 *start_ndx, + uint16 info_level, uint32 *num_entries, + SAM_DISPINFO_CTR *ctr) { return cli_samr_query_dispinfo(pol->cli, pol->mem_ctx, &pol->handle, start_ndx, diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index 99b48bd5d3..c937f7848f 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -465,7 +465,8 @@ enum winbindd_result winbindd_endgrent(struct winbindd_cli_state *state) static BOOL get_sam_group_entries(struct getent_state *ent) { - uint32 status, num_entries; + NTSTATUS status; + uint32 num_entries; struct acct_info *name_list = NULL; if (ent->got_all_sam_entries) { @@ -526,7 +527,7 @@ static BOOL get_sam_group_entries(struct getent_state *ent) ent->num_sam_entries += num_entries; - if (status != STATUS_MORE_ENTRIES) + if (NT_STATUS_V(status) != NT_STATUS_V(STATUS_MORE_ENTRIES)) break; } while (ent->num_sam_entries < MAX_FETCH_SAM_ENTRIES); @@ -542,7 +543,7 @@ static BOOL get_sam_group_entries(struct getent_state *ent) ent->sam_entries = name_list; ent->sam_entry_index = 0; - ent->got_all_sam_entries = (status != STATUS_MORE_ENTRIES); + ent->got_all_sam_entries = (NT_STATUS_V(status) != NT_STATUS_V(STATUS_MORE_ENTRIES)); return ent->num_sam_entries > 0; } diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c index b98e89888b..d0851f5113 100644 --- a/source3/nsswitch/winbindd_misc.c +++ b/source3/nsswitch/winbindd_misc.c @@ -61,10 +61,9 @@ BOOL _get_trust_account_password(char *domain, unsigned char *ret_pwd, /* Check the machine account password is valid */ -enum winbindd_result winbindd_check_machine_acct( - struct winbindd_cli_state *state) +enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *state) { - int result = WINBINDD_ERROR; + NTSTATUS status; uchar trust_passwd[16]; struct in_addr *ip_list = NULL; int count; @@ -79,7 +78,7 @@ enum winbindd_result winbindd_check_machine_acct( again: if (!_get_trust_account_password(lp_workgroup(), trust_passwd, NULL)) { - result = NT_STATUS_INTERNAL_ERROR; + status = NT_STATUS_INTERNAL_ERROR; goto done; } @@ -90,7 +89,7 @@ enum winbindd_result winbindd_check_machine_acct( controller)) { DEBUG(0, ("could not find domain controller for " "domain %s\n", lp_workgroup())); - result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; + status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; goto done; } @@ -102,7 +101,7 @@ enum winbindd_result winbindd_check_machine_acct( global_myname); #if 0 /* XXX */ - result = cli_nt_setup_creds(controller, lp_workgroup(), global_myname, + status = cli_nt_setup_creds(controller, lp_workgroup(), global_myname, trust_account, trust_passwd, SEC_CHAN_WKSTA, &validation_level); #endif @@ -115,7 +114,7 @@ enum winbindd_result winbindd_check_machine_acct( #define MAX_RETRIES 8 if ((num_retries < MAX_RETRIES) && - result == NT_STATUS_ACCESS_DENIED) { + NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) { num_retries++; goto again; } @@ -123,11 +122,10 @@ enum winbindd_result winbindd_check_machine_acct( /* Pass back result code - zero for success, other values for specific failures. */ - DEBUG(3, ("secret is %s\n", (result == NT_STATUS_OK) ? - "good" : "bad")); + DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(status) ? "good" : "bad")); done: - state->response.data.num_entries = result; + state->response.data.num_entries = NT_STATUS_V(status); return WINBINDD_OK; } diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 40762b1f0b..b5c3a80422 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -54,7 +54,7 @@ static void parse_domain_user(char *domuser, fstring domain, fstring user) enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) { - uint32 result; + NTSTATUS result; fstring name_domain, name_user; int passlen; unsigned char trust_passwd[16]; @@ -135,14 +135,14 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) server_state.controller, trust_passwd, last_change_time); - return (result == NT_STATUS_OK) ? WINBINDD_OK : WINBINDD_ERROR; + return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; } /* Challenge Response Authentication Protocol */ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) { - uint32 result; + NTSTATUS result; fstring name_domain, name_user; unsigned char trust_passwd[16]; time_t last_change_time; @@ -206,7 +206,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) server_state.controller, trust_passwd, last_change_time); - return (result == NT_STATUS_OK) ? WINBINDD_OK : WINBINDD_ERROR; + return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; } /* Change a user password */ diff --git a/source3/nsswitch/winbindd_proto.h b/source3/nsswitch/winbindd_proto.h index 3c61b1f872..96ce772bd3 100644 --- a/source3/nsswitch/winbindd_proto.h +++ b/source3/nsswitch/winbindd_proto.h @@ -138,7 +138,7 @@ void free_getent_state(struct getent_state *state); BOOL winbindd_param_init(void); char *winbindd_cmd_to_string(enum winbindd_cmd cmd); uint32 domain_sequence_number(char *domain_name); -uint32 winbindd_query_dispinfo(struct winbindd_domain *domain, +NTSTATUS winbindd_query_dispinfo(struct winbindd_domain *domain, uint32 *start_ndx, uint16 info_level, uint32 *num_entries, SAM_DISPINFO_CTR *ctr); BOOL check_domain_env(char *domain_env, char *domain); diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c index 6f887e8735..22fbfa30ab 100644 --- a/source3/nsswitch/winbindd_user.c +++ b/source3/nsswitch/winbindd_user.c @@ -356,7 +356,8 @@ enum winbindd_result winbindd_endpwent(struct winbindd_cli_state *state) static BOOL get_sam_user_entries(struct getent_state *ent) { - NTSTATUS status, num_entries; + NTSTATUS status; + uint32 num_entries; SAM_DISPINFO_1 info1; SAM_DISPINFO_CTR ctr; struct getpwent_user *name_list = NULL; @@ -455,7 +456,7 @@ static BOOL get_sam_user_entries(struct getent_state *ent) ent->num_sam_entries += num_entries; - if (status != STATUS_MORE_ENTRIES) { + if (NT_STATUS_V(status) != NT_STATUS_V(STATUS_MORE_ENTRIES)) { break; } @@ -472,7 +473,7 @@ static BOOL get_sam_user_entries(struct getent_state *ent) ent->sam_entries = name_list; ent->sam_entry_index = 0; - ent->got_all_sam_entries = (status != STATUS_MORE_ENTRIES); + ent->got_all_sam_entries = (NT_STATUS_V(status) != NT_STATUS_V(STATUS_MORE_ENTRIES)); return ent->num_sam_entries > 0; } @@ -614,7 +615,8 @@ enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state) ctr.sam.info1 = &info1; for (domain = domain_list; domain; domain = domain->next) { - NTSTATUS status, start_ndx = 0; + NTSTATUS status; + uint32 start_ndx = 0; /* Skip domains other than WINBINDD_DOMAIN environment variable */ @@ -680,7 +682,7 @@ enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state) extra_data[extra_data_len++] = ','; } - } while (status == STATUS_MORE_ENTRIES); + } while (NT_STATUS_V(status) == NT_STATUS_V(STATUS_MORE_ENTRIES)); } /* Assign extra_data fields in response structure */ diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index e24e15429f..13f8e07c61 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -591,10 +591,9 @@ BOOL winbindd_lookup_usergroups(struct winbindd_domain *domain, return False; } - if (cli_samr_query_usergroups(domain->sam_dom_handle.cli, - domain->sam_dom_handle.mem_ctx, - &user_pol, num_groups, user_groups) - != NT_STATUS_OK) { + if (!NT_STATUS_IS_OK(cli_samr_query_usergroups(domain->sam_dom_handle.cli, + domain->sam_dom_handle.mem_ctx, + &user_pol, num_groups, user_groups))) { result = False; goto done; } @@ -867,16 +866,12 @@ uint32 domain_sequence_number(char *domain_name) bit extra to give an overview of domain users for the User Manager application. */ -uint32 winbindd_query_dispinfo(struct winbindd_domain *domain, - uint32 *start_ndx, uint16 info_level, - uint32 *num_entries, SAM_DISPINFO_CTR *ctr) +NTSTATUS winbindd_query_dispinfo(struct winbindd_domain *domain, + uint32 *start_ndx, uint16 info_level, + uint32 *num_entries, SAM_DISPINFO_CTR *ctr) { - NTSTATUS status; - - status = wb_samr_query_dispinfo(&domain->sam_dom_handle, start_ndx, - info_level, num_entries, ctr); - - return status; + return wb_samr_query_dispinfo(&domain->sam_dom_handle, start_ndx, + info_level, num_entries, ctr); } /* Check if a domain is present in a comma-separated list of domains */ |