diff options
Diffstat (limited to 'source3')
54 files changed, 338 insertions, 206 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 1de9869f90..40a2985600 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -124,7 +124,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result))); if (!lp_client_schannel()) { /* We need to set up a creds chain on an unauthenticated netlogon pipe. */ - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS; + uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS; uint32 sec_chan_type = 0; unsigned char machine_pwd[16]; const char *account_name; diff --git a/source3/client/client.c b/source3/client/client.c index 28b4a2b24b..c934310491 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -1463,6 +1463,7 @@ static int cmd_mkdir(void) struct cli_state *targetcli; char *targetname = NULL; char *p = NULL; + char *saveptr; ddir2 = talloc_strdup(ctx, ""); if (!ddir2) { @@ -1478,7 +1479,7 @@ static int cmd_mkdir(void) return 1; } trim_char(ddir,'.','\0'); - p = strtok(ddir,"/\\"); + p = strtok_r(ddir, "/\\", &saveptr); while (p) { ddir2 = talloc_asprintf_append(ddir2, p); if (!ddir2) { @@ -1491,7 +1492,7 @@ static int cmd_mkdir(void) if (!ddir2) { return 1; } - p = strtok(NULL,"/\\"); + p = strtok_r(NULL, "/\\", &saveptr); } } else { do_mkdir(mask); diff --git a/source3/client/clitar.c b/source3/client/clitar.c index 135815c3cd..816e7b1710 100644 --- a/source3/client/clitar.c +++ b/source3/client/clitar.c @@ -513,6 +513,7 @@ static bool ensurepath(const char *fname) char *partpath, *ffname; const char *p=fname; char *basehack; + char *saveptr; DEBUG(5, ( "Ensurepath called with: %s\n", fname)); @@ -528,7 +529,7 @@ static bool ensurepath(const char *fname) *partpath = 0; - /* fname copied to ffname so can strtok */ + /* fname copied to ffname so can strtok_r */ safe_strcpy(ffname, fname, strlen(fname)); @@ -541,7 +542,7 @@ static bool ensurepath(const char *fname) *basehack='\0'; } - p=strtok(ffname, "\\"); + p=strtok_r(ffname, "\\", &saveptr); while (p) { safe_strcat(partpath, p, strlen(fname) + 1); @@ -558,7 +559,7 @@ static bool ensurepath(const char *fname) } safe_strcat(partpath, "\\", strlen(fname) + 1); - p = strtok(NULL,"/\\"); + p = strtok_r(NULL, "/\\", &saveptr); } SAFE_FREE(partpath); diff --git a/source3/client/smbmnt.c b/source3/client/smbmnt.c index 7f1e1d5003..79c55b2f90 100644 --- a/source3/client/smbmnt.c +++ b/source3/client/smbmnt.c @@ -162,6 +162,7 @@ do_mount(char *share_name, unsigned int flags, struct smb_mount_data *data) char *release, *major, *minor; char *data1, *data2; int ret; + char *saveptr; if (asprintf(&opts, "version=7,uid=%d,gid=%d,file_mode=0%o,dir_mode=0%o,%s", @@ -172,8 +173,8 @@ do_mount(char *share_name, unsigned int flags, struct smb_mount_data *data) uname(&uts); release = uts.release; - major = strtok(release, "."); - minor = strtok(NULL, "."); + major = strtok_r(release, ".", &saveptr); + minor = strtok_r(NULL, ".", &saveptr); if (major && minor && atoi(major) == 2 && atoi(minor) < 4) { /* < 2.4, assume struct */ data1 = (char *) data; diff --git a/source3/client/smbmount.c b/source3/client/smbmount.c index 98c61a30d8..9fe2d36bd3 100644 --- a/source3/client/smbmount.c +++ b/source3/client/smbmount.c @@ -764,6 +764,7 @@ static void parse_mount_smb(int argc, char **argv) char *opts; char *opteq; int val; + char *saveptr; TALLOC_CTX *ctx = talloc_tos(); /* FIXME: This function can silently fail if the arguments are @@ -813,7 +814,8 @@ static void parse_mount_smb(int argc, char **argv) /* * option parsing from nfsmount.c (util-linux-2.9u) */ - for (opts = strtok(optarg, ","); opts; opts = strtok(NULL, ",")) { + for (opts = strtok_r(optarg, ",", &saveptr); opts; + opts = strtok_r(NULL, ",", &saveptr)) { DEBUG(3, ("opts: %s\n", opts)); if ((opteq = strchr_m(opts, '='))) { val = atoi(opteq + 1); diff --git a/source3/include/debug.h b/source3/include/debug.h index 284671c730..d8dafcbd45 100644 --- a/source3/include/debug.h +++ b/source3/include/debug.h @@ -176,11 +176,14 @@ extern bool *DEBUGLEVEL_CLASS_ISSET; #define unlikely(x) (x) #endif -#define DEBUGLVL( level ) \ +#define CHECK_DEBUGLVL( level ) \ ( ((level) <= MAX_DEBUG_LEVEL) && \ unlikely((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))|| \ (!DEBUGLEVEL_CLASS_ISSET[ DBGC_CLASS ] && \ - DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \ + DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) ) + +#define DEBUGLVL( level ) \ + ( CHECK_DEBUGLVL(level) \ && dbghdr( level, DBGC_CLASS, __FILE__, FUNCTION_MACRO, (__LINE__) ) ) diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h index f162196524..ec08eb5f8f 100644 --- a/source3/include/rpc_dce.h +++ b/source3/include/rpc_dce.h @@ -106,6 +106,8 @@ enum RPC_PKT_TYPE { /* these are the flags that ADS clients use */ #define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL) +#define NETLOGON_NEG_SELECT_AUTH2_FLAGS ((lp_security() == SEC_ADS) ? NETLOGON_NEG_AUTH2_ADS_FLAGS : NETLOGON_NEG_AUTH2_FLAGS) + enum schannel_direction { SENDER_IS_INITIATOR, SENDER_IS_ACCEPTOR diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h index 9274e37682..5ddb877b90 100644 --- a/source3/include/rpc_samr.h +++ b/source3/include/rpc_samr.h @@ -145,6 +145,31 @@ SamrTestPrivateFunctionsUser #define SAMR_CHGPASSWD_USER3 0x3F #define SAMR_CONNECT5 0x40 +/* SAMR account creation flags/permissions */ +#define SAMR_USER_GETNAME 0x1 +#define SAMR_USER_GETLOCALE 0x2 +#define SAMR_USER_GETLOCCOM 0x4 +#define SAMR_USER_GETLOGONINFO 0x8 +#define SAMR_USER_GETATTR 0x10 +#define SAMR_USER_SETATTR 0x20 +#define SAMR_USER_CHPASS 0x40 +#define SAMR_USER_SETPASS 0x80 +#define SAMR_USER_GETGROUPS 0x100 +#define SAMR_USER_GETMEMBERSHIP 0x200 +#define SAMR_USER_CHMEMBERSHIP 0x400 +#define SAMR_STANDARD_DELETE 0x10000 +#define SAMR_STANDARD_READCTRL 0x20000 +#define SAMR_STANDARD_WRITEDAC 0x40000 +#define SAMR_STANDARD_WRITEOWNER 0x80000 +#define SAMR_STANDARD_SYNC 0x100000 +#define SAMR_GENERIC_ACCESSSACL 0x800000 +#define SAMR_GENERIC_MAXALLOWED 0x2000000 +#define SAMR_GENERIC_ALL 0x10000000 +#define SAMR_GENERIC_EXECUTE 0x20000000 +#define SAMR_GENERIC_WRITE 0x40000000 +#define SAMR_GENERIC_READ 0x80000000 + + typedef struct logon_hours_info { uint32 max_len; /* normally 1260 bytes */ @@ -1555,7 +1580,7 @@ typedef struct q_samr_create_user_info UNISTR2 uni_name; /* unicode account name */ uint32 acb_info; /* account control info */ - uint32 access_mask; /* 0xe005 00b0 */ + uint32 acct_flags; /* 0xe005 00b0 */ } SAMR_Q_CREATE_USER; diff --git a/source3/include/smb.h b/source3/include/smb.h index 25421115c8..f3cf1db6f8 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1904,6 +1904,8 @@ struct ea_list { #define SAMBA_POSIX_INHERITANCE_EA_NAME "user.SAMBA_PAI" /* EA to use for DOS attributes */ #define SAMBA_XATTR_DOS_ATTRIB "user.DOSATTRIB" +/* Prefix for DosStreams in the vfs_streams_xattr module */ +#define SAMBA_XATTR_DOSSTREAM_PREFIX "user.DosStream." #define UUID_SIZE 16 @@ -1934,4 +1936,15 @@ enum usershare_err { /* Different reasons for closing a file. */ enum file_close_type {NORMAL_CLOSE=0,SHUTDOWN_CLOSE,ERROR_CLOSE}; +/* Used in SMB_FS_OBJECTID_INFORMATION requests. Must be exactly 48 bytes. */ +#define SAMBA_EXTENDED_INFO_MAGIC 0x536d4261 /* "SmBa" */ +#define SAMBA_EXTENDED_INFO_VERSION_STRING_LENGTH 28 +struct smb_extended_info { + uint32 samba_magic; /* Always SAMBA_EXTRA_INFO_MAGIC */ + uint32 samba_version; /* Major/Minor/Release/Revision */ + uint32 samba_subversion; /* Prerelease/RC/Vendor patch */ + NTTIME samba_gitcommitdate; + char samba_version_string[SAMBA_EXTENDED_INFO_VERSION_STRING_LENGTH]; +}; + #endif /* _SMB_H */ diff --git a/source3/include/vfs.h b/source3/include/vfs.h index cda28a1680..ca176aabb2 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -149,6 +149,7 @@ typedef enum _vfs_op_type { SMB_VFS_OP_SET_QUOTA, SMB_VFS_OP_GET_SHADOW_COPY_DATA, SMB_VFS_OP_STATVFS, + SMB_VFS_OP_FS_CAPABILITIES, /* Directory operations */ @@ -284,6 +285,7 @@ struct vfs_ops { int (*set_quota)(struct vfs_handle_struct *handle, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *qt); int (*get_shadow_copy_data)(struct vfs_handle_struct *handle, struct files_struct *fsp, SHADOW_COPY_DATA *shadow_copy_data, bool labels); int (*statvfs)(struct vfs_handle_struct *handle, const char *path, struct vfs_statvfs_struct *statbuf); + uint32_t (*fs_capabilities)(struct vfs_handle_struct *handle); /* Directory operations */ @@ -435,6 +437,7 @@ struct vfs_ops { struct vfs_handle_struct *set_quota; struct vfs_handle_struct *get_shadow_copy_data; struct vfs_handle_struct *statvfs; + struct vfs_handle_struct *fs_capabilities; /* Directory operations */ diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h index 1674f26326..1e64bd5ac3 100644 --- a/source3/include/vfs_macros.h +++ b/source3/include/vfs_macros.h @@ -34,6 +34,7 @@ #define SMB_VFS_SET_QUOTA(conn, qtype, id, qt) ((conn)->vfs.ops.set_quota((conn)->vfs.handles.set_quota, (qtype), (id), (qt))) #define SMB_VFS_GET_SHADOW_COPY_DATA(fsp,shadow_copy_data,labels) ((fsp)->conn->vfs.ops.get_shadow_copy_data((fsp)->conn->vfs.handles.get_shadow_copy_data,(fsp),(shadow_copy_data),(labels))) #define SMB_VFS_STATVFS(conn, path, statbuf) ((conn)->vfs.ops.statvfs((conn)->vfs.handles.statvfs, (path), (statbuf))) +#define SMB_VFS_FS_CAPABILITIES(conn) ((conn)->vfs.ops.fs_capabilities((conn)->vfs.handles.fs_capabilities)) /* Directory operations */ #define SMB_VFS_OPENDIR(conn, fname, mask, attr) ((conn)->vfs.ops.opendir((conn)->vfs.handles.opendir, (fname), (mask), (attr))) @@ -159,6 +160,7 @@ #define SMB_VFS_OPAQUE_SET_QUOTA(conn, qtype, id, qt) ((conn)->vfs_opaque.ops.set_quota((conn)->vfs_opaque.handles.set_quota, (qtype), (id), (qt))) #define SMB_VFS_OPAQUE_GET_SHADOW_COPY_DATA(fsp,shadow_copy_data,labels) ((fsp)->conn->vfs_opaque.ops.get_shadow_copy_data((fsp)->conn->vfs_opaque.handles.get_shadow_copy_data,(fsp),(shadow_copy_data),(labels))) #define SMB_VFS_OPAQUE_STATVFS(conn, path, statbuf) ((conn)->vfs_opaque.ops.statvfs((conn)->vfs_opaque.handles.statvfs, (path), (statbuf))) +#define SMB_VFS_OPAQUE_FS_CAPABILITIES(conn) ((conn)->vfs_opaque.ops.fs_capabilities((conn)->vfs_opaque.handles.fs_capabilities)) /* Directory operations */ #define SMB_VFS_OPAQUE_OPENDIR(conn, fname, mask, attr) ((conn)->vfs_opaque.ops.opendir((conn)->vfs_opaque.handles.opendir, (fname), (mask), (attr))) @@ -284,6 +286,7 @@ #define SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt) ((handle)->vfs_next.ops.set_quota((handle)->vfs_next.handles.set_quota, (qtype), (id), (qt))) #define SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data ,labels) ((handle)->vfs_next.ops.get_shadow_copy_data((handle)->vfs_next.handles.get_shadow_copy_data,(fsp),(shadow_copy_data),(labels))) #define SMB_VFS_NEXT_STATVFS(handle, path, statbuf) ((handle)->vfs_next.ops.statvfs((handle)->vfs_next.handles.statvfs, (path), (statbuf))) +#define SMB_VFS_NEXT_FS_CAPABILITIES(handle) ((handle)->vfs_next.ops.fs_capabilities((handle)->vfs_next.handles.fs_capabilities)) /* Directory operations */ #define SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr) ((handle)->vfs_next.ops.opendir((handle)->vfs_next.handles.opendir, (fname), (mask), (attr))) diff --git a/source3/lib/afs_settoken.c b/source3/lib/afs_settoken.c index aeef1c3520..444f09efca 100644 --- a/source3/lib/afs_settoken.c +++ b/source3/lib/afs_settoken.c @@ -53,20 +53,21 @@ static bool afs_decode_token(const char *string, char **cell, { DATA_BLOB blob; struct ClearToken result_ct; + char *saveptr; char *s = SMB_STRDUP(string); char *t; - if ((t = strtok(s, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); + if ((t = strtok_r(s, "\n", &saveptr)) == NULL) { + DEBUG(10, ("strtok_r failed\n")); return False; } *cell = SMB_STRDUP(t); - if ((t = strtok(NULL, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); + if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) { + DEBUG(10, ("strtok_r failed\n")); return False; } @@ -75,8 +76,8 @@ static bool afs_decode_token(const char *string, char **cell, return False; } - if ((t = strtok(NULL, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); + if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) { + DEBUG(10, ("strtok_r failed\n")); return False; } @@ -93,8 +94,8 @@ static bool afs_decode_token(const char *string, char **cell, data_blob_free(&blob); - if ((t = strtok(NULL, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); + if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) { + DEBUG(10, ("strtok_r failed\n")); return False; } @@ -103,8 +104,8 @@ static bool afs_decode_token(const char *string, char **cell, return False; } - if ((t = strtok(NULL, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); + if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) { + DEBUG(10, ("strtok_r failed\n")); return False; } @@ -113,8 +114,8 @@ static bool afs_decode_token(const char *string, char **cell, return False; } - if ((t = strtok(NULL, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); + if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) { + DEBUG(10, ("strtok_r failed\n")); return False; } @@ -123,8 +124,8 @@ static bool afs_decode_token(const char *string, char **cell, return False; } - if ((t = strtok(NULL, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); + if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) { + DEBUG(10, ("strtok_r failed\n")); return False; } diff --git a/source3/lib/debug.c b/source3/lib/debug.c index 6c1bfea04f..51bb0d7541 100644 --- a/source3/lib/debug.c +++ b/source3/lib/debug.c @@ -429,8 +429,9 @@ static bool debug_parse_params(char **params) /* Fill in new debug class levels */ for (; i < debug_num_classes && params[i]; i++) { - if ((class_name=strtok(params[i],":")) && - (class_level=strtok(NULL, "\0")) && + char *saveptr; + if ((class_name = strtok_r(params[i],":", &saveptr)) && + (class_level = strtok_r(NULL, "\0", &saveptr)) && ((ndx = debug_lookup_classname(class_name)) != -1)) { DEBUGLEVEL_CLASS[ndx] = atoi(class_level); DEBUGLEVEL_CLASS_ISSET[ndx] = True; diff --git a/source3/lib/replace/system/config.m4 b/source3/lib/replace/system/config.m4 index 799187af7d..1c05733126 100644 --- a/source3/lib/replace/system/config.m4 +++ b/source3/lib/replace/system/config.m4 @@ -73,6 +73,18 @@ AC_VERIFY_C_PROTOTYPE([struct passwd *getpwent_r(struct passwd *src, char *buf, #include <unistd.h> #include <pwd.h> ]) +AC_VERIFY_C_PROTOTYPE([struct passwd *getpwent_r(struct passwd *src, char *buf, size_t buflen)], + [ + #ifndef HAVE_GETPWENT_R_DECL + #error missing getpwent_r prototype + #endif + return NULL; + ],[ + AC_DEFINE(SOLARIS_GETPWENT_R, 1, [getpwent_r irix (similar to solaris) function prototype]) + ],[],[ + #include <unistd.h> + #include <pwd.h> + ]) AC_CHECK_FUNCS(getgrnam_r getgrgid_r getgrent_r) AC_HAVE_DECL(getgrent_r, [ #include <unistd.h> @@ -91,6 +103,19 @@ AC_VERIFY_C_PROTOTYPE([struct group *getgrent_r(struct group *src, char *buf, in #include <grp.h> ]) +AC_VERIFY_C_PROTOTYPE([struct group *getgrent_r(struct group *src, char *buf, size_t buflen)], + [ + #ifndef HAVE_GETGRENT_R_DECL + #error missing getgrent_r prototype + #endif + return NULL; + ],[ + AC_DEFINE(SOLARIS_GETGRENT_R, 1, [getgrent_r irix (similar to solaris) function prototype]) + ],[],[ + #include <unistd.h> + #include <grp.h> + ]) + # locale AC_CHECK_HEADERS(ctype.h locale.h) diff --git a/source3/lib/util.c b/source3/lib/util.c index 11f3660df8..e5ac3752f5 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -2182,7 +2182,7 @@ void dump_data_pw(const char *msg, const uchar * data, size_t len) const char *tab_depth(int level, int depth) { - if( DEBUGLVL(level) ) { + if( CHECK_DEBUGLVL(level) ) { dbgtext("%*s", depth*4, ""); } return ""; diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index f524d0d826..fb8f41513b 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -1054,44 +1054,7 @@ ssize_t read_socket_with_timeout(int fd, ssize_t read_data(int fd,char *buffer,size_t N, enum smb_read_errors *pre) { - ssize_t ret; - size_t total=0; - char addr[INET6_ADDRSTRLEN]; - - set_smb_read_error(pre,SMB_READ_OK); - - while (total < N) { - ret = sys_read(fd,buffer + total,N - total); - - if (ret == 0) { - DEBUG(10,("read_data: read of %d returned 0. " - "Error = %s\n", - (int)(N - total), strerror(errno) )); - set_smb_read_error(pre,SMB_READ_EOF); - return 0; - } - - if (ret == -1) { - if (fd == get_client_fd()) { - /* Try and give an error message saying - * what client failed. */ - DEBUG(0,("read_data: read failure for %d " - "bytes to client %s. Error = %s\n", - (int)(N - total), - get_peer_addr(fd,addr,sizeof(addr)), - strerror(errno) )); - } else { - DEBUG(0,("read_data: read failure for %d. " - "Error = %s\n", - (int)(N - total), - strerror(errno) )); - } - set_smb_read_error(pre,SMB_READ_ERROR); - return -1; - } - total += ret; - } - return (ssize_t)total; + return read_socket_with_timeout(fd, buffer, N, N, 0, pre); } /**************************************************************************** @@ -2083,7 +2046,8 @@ const char *get_mydnsfullname(void) if (!memcache_lookup(NULL, SINGLETON_CACHE, data_blob_string_const("get_mydnsfullname"), &tmp)) { - tmp = data_blob_string_const(res->ai_canonname); + tmp = data_blob_talloc(talloc_tos(), res->ai_canonname, + strlen(res->ai_canonname) + 1); } freeaddrinfo(res); diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 44bcdf76ea..8cc2f1215e 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -29,7 +29,8 @@ char *ads_build_path(const char *realm, const char *sep, const char *field, int int numbits = 0; char *ret; int len; - + char *saveptr; + r = SMB_STRDUP(realm); if (!r || !*r) { @@ -51,11 +52,11 @@ char *ads_build_path(const char *realm, const char *sep, const char *field, int } strlcpy(ret,field, len); - p=strtok(r,sep); + p=strtok_r(r, sep, &saveptr); if (p) { strlcat(ret, p, len); - while ((p=strtok(NULL,sep))) { + while ((p=strtok_r(NULL, sep, &saveptr)) != NULL) { char *s; if (reverse) asprintf(&s, "%s%s,%s", field, p, ret); diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index d20e10b141..4d998acad8 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -48,6 +48,10 @@ static WERROR libnet_conf_add_string_to_array(TALLOC_CTX *mem_ctx, } new_array[count] = talloc_strdup(new_array, string); + if (new_array[count] == NULL) { + TALLOC_FREE(new_array); + return WERR_NOMEM; + } *array = new_array; @@ -134,6 +138,10 @@ static WERROR libnet_conf_reg_open_service_key(TALLOC_CTX *mem_ctx, } path = talloc_asprintf(mem_ctx, "%s\\%s", KEY_SMBCONF, servicename); + if (path == NULL) { + werr = WERR_NOMEM; + goto done; + } werr = libnet_conf_reg_open_path(mem_ctx, ctx, path, desired_access, key); @@ -191,7 +199,7 @@ static WERROR libnet_conf_reg_create_service_key(TALLOC_CTX *mem_ctx, /* create a new talloc ctx for creation. it will hold * the intermediate parent key (SMBCONF) for creation * and will be destroyed when leaving this function... */ - if (!(create_ctx = talloc_new(mem_ctx))) { + if (!(create_ctx = talloc_stackframe())) { werr = WERR_NOMEM; goto done; } @@ -316,8 +324,12 @@ static char *libnet_conf_format_registry_value(TALLOC_CTX *mem_ctx, case REG_MULTI_SZ: { uint32 j; for (j = 0; j < value->v.multi_sz.num_strings; j++) { - result = talloc_asprintf(mem_ctx, "\"%s\" ", + result = talloc_asprintf(mem_ctx, "%s \"%s\" ", + result, value->v.multi_sz.strings[j]); + if (result == NULL) { + break; + } } break; } @@ -357,7 +369,7 @@ static WERROR libnet_conf_reg_get_values(TALLOC_CTX *mem_ctx, goto done; } - tmp_ctx = talloc_new(mem_ctx); + tmp_ctx = talloc_stackframe(); if (tmp_ctx == NULL) { werr = WERR_NOMEM; goto done; @@ -540,7 +552,7 @@ WERROR libnet_conf_get_config(TALLOC_CTX *mem_ctx, goto done; } - tmp_ctx = talloc_new(mem_ctx); + tmp_ctx = talloc_stackframe(); if (tmp_ctx == NULL) { werr = WERR_NOMEM; goto done; @@ -615,7 +627,7 @@ WERROR libnet_conf_get_share_names(TALLOC_CTX *mem_ctx, goto done; } - tmp_ctx = talloc_new(mem_ctx); + tmp_ctx = talloc_stackframe(); if (tmp_ctx == NULL) { werr = WERR_NOMEM; goto done; diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index a9978ba4b8..538cca7994 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -684,10 +684,15 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, const_acct_name = acct_name; if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) { + uint32 acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | + SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | + SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | + SAMR_USER_GETATTR | SAMR_USER_SETATTR; + status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, acct_name, ACB_WSTRUST, - 0xe005000b, &user_pol, + acct_flags, &user_pol, &user_rid); if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { if (!(r->in.join_flags & diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 4560521d4a..f3926b777b 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -872,13 +872,27 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, !strequal(star_smbserver_name, cli->desthost)) { char *realm = NULL; + char *machine = NULL; + char *host = NULL; DEBUG(3,("cli_session_setup_spnego: got a " "bad server principal, trying to guess ...\n")); + host = strchr_m(cli->desthost, '.'); + if (host) { + machine = SMB_STRNDUP(cli->desthost, + host - cli->desthost); + } else { + machine = SMB_STRDUP(cli->desthost); + } + if (machine == NULL) { + return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + } + realm = kerberos_get_default_realm_from_ccache(); if (realm && *realm) { if (asprintf(&principal, "%s$@%s", - cli->desthost, realm) < 0) { + machine, realm) < 0) { + SAFE_FREE(machine); SAFE_FREE(realm); return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); } @@ -886,6 +900,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, "server principal=%s\n", principal ? principal : "<null>")); } + SAFE_FREE(machine); SAFE_FREE(realm); } diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index ecef293d07..042b3bdfb0 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -180,12 +180,8 @@ bool cli_receive_smb(struct cli_state *cli) ssize_t cli_receive_smb_data(struct cli_state *cli, char *buffer, size_t len) { - if (cli->timeout > 0) { - return read_socket_with_timeout(cli->fd, buffer, len, - len, cli->timeout, &cli->smb_rw_error); - } else { - return read_data(cli->fd, buffer, len, &cli->smb_rw_error); - } + return read_socket_with_timeout(cli->fd, buffer, len, len, + cli->timeout, &cli->smb_rw_error); } /**************************************************************************** diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c index 732dc78c75..1ca7d56a83 100644 --- a/source3/libsmb/trusts_util.c +++ b/source3/libsmb/trusts_util.c @@ -40,7 +40,7 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX already have valid creds. If not we must set them up. */ if (cli->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) { - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS; + uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS; result = rpccli_netlogon_setup_creds(cli, cli->cli->desthost, /* server name */ diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index 2e620d04cc..cf135dfd03 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -90,6 +90,17 @@ static int vfswrap_statvfs(struct vfs_handle_struct *handle, const char *path, return sys_statvfs(path, statbuf); } +static uint32_t vfswrap_fs_capabilities(struct vfs_handle_struct *handle) +{ +#if defined(DARWINOS) + struct vfs_statvfs_struct statbuf; + ZERO_STRUCT(statbuf); + sys_statvfs(handle->conn->connectpath, &statbuf); + return statbuf.FsCapabilities; +#endif + return FILE_CASE_SENSITIVE_SEARCH | FILE_CASE_PRESERVED_NAMES; +} + /* Directory operations */ static SMB_STRUCT_DIR *vfswrap_opendir(vfs_handle_struct *handle, const char *fname, const char *mask, uint32 attr) @@ -950,7 +961,6 @@ static NTSTATUS vfswrap_streaminfo(vfs_handle_struct *handle, struct stream_struct **pstreams) { SMB_STRUCT_STAT sbuf; - NTSTATUS status; unsigned int num_streams = 0; struct stream_struct *streams = NULL; int ret; @@ -1330,6 +1340,8 @@ static vfs_op_tuple vfs_default_ops[] = { SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(vfswrap_statvfs), SMB_VFS_OP_STATVFS, SMB_VFS_LAYER_OPAQUE}, + {SMB_VFS_OP(vfswrap_fs_capabilities), SMB_VFS_OP_FS_CAPABILITIES, + SMB_VFS_LAYER_OPAQUE}, /* Directory operations */ diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c index fef65efa77..da1716719a 100644 --- a/source3/modules/vfs_recycle.c +++ b/source3/modules/vfs_recycle.c @@ -269,6 +269,7 @@ static bool recycle_create_dir(vfs_handle_struct *handle, const char *dname) char *token; char *tok_str; bool ret = False; + char *saveptr; mode = recycle_directory_mode(handle); @@ -286,7 +287,8 @@ static bool recycle_create_dir(vfs_handle_struct *handle, const char *dname) } /* Create directory tree if neccessary */ - for(token = strtok(tok_str, "/"); token; token = strtok(NULL, "/")) { + for(token = strtok_r(tok_str, "/", &saveptr); token; + token = strtok_r(NULL, "/", &saveptr)) { safe_strcat(new_dir, token, len); if (recycle_directory_exist(handle, new_dir)) DEBUG(10, ("recycle: dir %s already exists\n", new_dir)); diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c index 68e7a75947..fa85ea4a57 100644 --- a/source3/modules/vfs_streams_depot.c +++ b/source3/modules/vfs_streams_depot.c @@ -610,22 +610,15 @@ static NTSTATUS streams_depot_streaminfo(vfs_handle_struct *handle, return NT_STATUS_OK; } -static int streams_depot_statvfs(struct vfs_handle_struct *handle, - const char *path, - struct vfs_statvfs_struct *statbuf) +static uint32_t streams_depot_fs_capabilities(struct vfs_handle_struct *handle) { - int ret; - - ret = SMB_VFS_NEXT_STATVFS(handle, path, statbuf); - statbuf->FsCapabilities |= FILE_NAMED_STREAMS; - return ret; - + return SMB_VFS_NEXT_FS_CAPABILITIES(handle) | FILE_NAMED_STREAMS; } /* VFS operations structure */ static vfs_op_tuple streams_depot_ops[] = { - {SMB_VFS_OP(streams_depot_statvfs), SMB_VFS_OP_STATVFS, + {SMB_VFS_OP(streams_depot_fs_capabilities), SMB_VFS_OP_FS_CAPABILITIES, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(streams_depot_open), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_TRANSPARENT}, diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index 7ce90ab30b..766e7d10ab 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -26,8 +26,6 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_VFS -#define XATTR_DOSSTREAM_PREFIX "user.DosStream." - struct stream_io { char *base; char *xattr_name; @@ -140,7 +138,7 @@ static int streams_xattr_stat(vfs_handle_struct *handle, const char *fname, } xattr_name = talloc_asprintf(talloc_tos(), "%s%s", - XATTR_DOSSTREAM_PREFIX, sname); + SAMBA_XATTR_DOSSTREAM_PREFIX, sname); if (xattr_name == NULL) { errno = ENOMEM; goto fail; @@ -187,7 +185,7 @@ static int streams_xattr_lstat(vfs_handle_struct *handle, const char *fname, } xattr_name = talloc_asprintf(talloc_tos(), "%s%s", - XATTR_DOSSTREAM_PREFIX, sname); + SAMBA_XATTR_DOSSTREAM_PREFIX, sname); if (xattr_name == NULL) { errno = ENOMEM; goto fail; @@ -239,7 +237,7 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, } xattr_name = talloc_asprintf(talloc_tos(), "%s%s", - XATTR_DOSSTREAM_PREFIX, sname); + SAMBA_XATTR_DOSSTREAM_PREFIX, sname); if (xattr_name == NULL) { errno = ENOMEM; goto fail; @@ -373,7 +371,7 @@ static int streams_xattr_unlink(vfs_handle_struct *handle, const char *fname) } xattr_name = talloc_asprintf(talloc_tos(), "%s%s", - XATTR_DOSSTREAM_PREFIX, sname); + SAMBA_XATTR_DOSSTREAM_PREFIX, sname); if (xattr_name == NULL) { errno = ENOMEM; goto fail; @@ -403,7 +401,7 @@ static NTSTATUS walk_xattr_streams(connection_struct *conn, files_struct *fsp, NTSTATUS status; char **names; size_t i, num_names; - size_t prefix_len = strlen(XATTR_DOSSTREAM_PREFIX); + size_t prefix_len = strlen(SAMBA_XATTR_DOSSTREAM_PREFIX); status = get_ea_names_from_file(talloc_tos(), conn, fsp, fname, &names, &num_names); @@ -414,7 +412,7 @@ static NTSTATUS walk_xattr_streams(connection_struct *conn, files_struct *fsp, for (i=0; i<num_names; i++) { struct ea_struct ea; - if (strncmp(names[i], XATTR_DOSSTREAM_PREFIX, + if (strncmp(names[i], SAMBA_XATTR_DOSSTREAM_PREFIX, prefix_len) != 0) { continue; } @@ -560,16 +558,9 @@ static NTSTATUS streams_xattr_streaminfo(vfs_handle_struct *handle, return NT_STATUS_OK; } -static int streams_xattr_statvfs(struct vfs_handle_struct *handle, - const char *path, - struct vfs_statvfs_struct *statbuf) +static uint32_t streams_xattr_fs_capabilities(struct vfs_handle_struct *handle) { - int ret; - - ret = SMB_VFS_NEXT_STATVFS(handle, path, statbuf); - statbuf->FsCapabilities |= FILE_NAMED_STREAMS; - return ret; - + return SMB_VFS_NEXT_FS_CAPABILITIES(handle) | FILE_NAMED_STREAMS; } static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle, @@ -663,7 +654,7 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle, /* VFS operations structure */ static vfs_op_tuple streams_xattr_ops[] = { - {SMB_VFS_OP(streams_xattr_statvfs), SMB_VFS_OP_STATVFS, + {SMB_VFS_OP(streams_xattr_fs_capabilities), SMB_VFS_OP_FS_CAPABILITIES, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(streams_xattr_open), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_TRANSPARENT}, diff --git a/source3/nmbd/nmbd_processlogon.c b/source3/nmbd/nmbd_processlogon.c index 0ff0afd12d..10833e8089 100644 --- a/source3/nmbd/nmbd_processlogon.c +++ b/source3/nmbd/nmbd_processlogon.c @@ -399,6 +399,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", char *component, *dc, *q1; char *q_orig = q; int str_offset; + char *saveptr; domain = get_mydnsdomname(talloc_tos()); if (!domain) { @@ -444,7 +445,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", str_offset = q - q_orig; dc = domain; q1 = q; - while ((component = strtok(dc, "."))) { + while ((component = strtok_r(dc, ".", &saveptr)) != NULL) { dc = NULL; if (sizeof(outbuf) - PTR_DIFF(q, outbuf) < 1) { return; diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 0796a78dd3..c1d26af989 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -4709,6 +4709,7 @@ static void lp_add_auto_services(char *str) char *s; char *p; int homes; + char *saveptr; if (!str) return; @@ -4719,7 +4720,8 @@ static void lp_add_auto_services(char *str) homes = lp_servicenumber(HOMES_NAME); - for (p = strtok(s, LIST_SEP); p; p = strtok(NULL, LIST_SEP)) { + for (p = strtok_r(s, LIST_SEP, &saveptr); p; + p = strtok_r(NULL, LIST_SEP, &saveptr)) { char *home; if (lp_servicenumber(p) >= 0) diff --git a/source3/printing/load.c b/source3/printing/load.c index f8aba3996d..23144d5a95 100644 --- a/source3/printing/load.c +++ b/source3/printing/load.c @@ -28,6 +28,7 @@ static void add_auto_printers(void) const char *p; int pnum = lp_servicenumber(PRINTERS_NAME); char *str; + char *saveptr; if (pnum < 0) return; @@ -35,7 +36,8 @@ static void add_auto_printers(void) if ((str = SMB_STRDUP(lp_auto_services())) == NULL) return; - for (p = strtok(str, LIST_SEP); p; p = strtok(NULL, LIST_SEP)) { + for (p = strtok_r(str, LIST_SEP, &saveptr); p; + p = strtok_r(NULL, LIST_SEP, &saveptr)) { if (lp_servicenumber(p) >= 0) continue; diff --git a/source3/printing/lpq_parse.c b/source3/printing/lpq_parse.c index 6dcddb6f1b..afa3b4850a 100644 --- a/source3/printing/lpq_parse.c +++ b/source3/printing/lpq_parse.c @@ -127,6 +127,7 @@ static bool parse_lpq_bsd(char *line,print_queue_struct *buf,bool first) int count = 0; TALLOC_CTX *ctx = talloc_tos(); char *line2 = NULL; + char *saveptr; line2 = talloc_strdup(ctx, line); if (!line2) { @@ -144,10 +145,11 @@ static bool parse_lpq_bsd(char *line,print_queue_struct *buf,bool first) #endif /* OSF1 */ /* FIXME: Use next_token_talloc rather than strtok! */ - tok[0] = strtok(line2," \t"); + tok[0] = strtok_r(line2," \t", &saveptr); count++; - while ((count < MAXTOK) && ((tok[count] = strtok(NULL," \t")) != NULL)) { + while ((count < MAXTOK) + && ((tok[count] = strtok_r(NULL, " \t", &saveptr)) != NULL)) { count++; } diff --git a/source3/printing/print_aix.c b/source3/printing/print_aix.c index fd85ca0833..57590cc39e 100644 --- a/source3/printing/print_aix.c +++ b/source3/printing/print_aix.c @@ -59,8 +59,9 @@ bool aix_cache_reload(void) continue; if ((p = strchr_m(line, ':'))) { + char *saveptr; *p = '\0'; - p = strtok(line, ":"); + p = strtok_r(line, ":", &saveptr); if (strcmp(p, "bsh") != 0) { name = talloc_strdup(ctx, p); if (!name) { diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index f4cb424527..81b2ea5d68 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2596,7 +2596,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state const char *password, NTSTATUS *perr) { - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; + uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; struct rpc_pipe_client *netlogon_pipe = NULL; struct rpc_pipe_client *result = NULL; @@ -2630,7 +2630,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_schannel(struct cli_state *cli, const char *domain, NTSTATUS *perr) { - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; + uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; struct rpc_pipe_client *netlogon_pipe = NULL; struct rpc_pipe_client *result = NULL; diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index bf8313816c..7cf8726052 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -1643,7 +1643,7 @@ NTSTATUS rpccli_samr_lookup_names(struct rpc_pipe_client *cli, TALLOC_CTX *mem_c NTSTATUS rpccli_samr_create_dom_user(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *domain_pol, const char *acct_name, - uint32 acb_info, uint32 access_mask, + uint32 acb_info, uint32 acct_flags, POLICY_HND *user_pol, uint32 *rid) { prs_struct qbuf, rbuf; @@ -1658,7 +1658,7 @@ NTSTATUS rpccli_samr_create_dom_user(struct rpc_pipe_client *cli, TALLOC_CTX *me /* Marshall data and send request */ - init_samr_q_create_user(&q, domain_pol, acct_name, acb_info, access_mask); + init_samr_q_create_user(&q, domain_pol, acct_name, acb_info, acct_flags); CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CREATE_USER, q, r, diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index 614a80dd6f..23add3dffd 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -5172,7 +5172,7 @@ reads or writes a structure. void init_samr_q_create_user(SAMR_Q_CREATE_USER * q_u, POLICY_HND *pol, const char *name, - uint32 acb_info, uint32 access_mask) + uint32 acb_info, uint32 acct_flags) { DEBUG(5, ("samr_init_samr_q_create_user\n")); @@ -5182,7 +5182,7 @@ void init_samr_q_create_user(SAMR_Q_CREATE_USER * q_u, init_uni_hdr(&q_u->hdr_name, &q_u->uni_name); q_u->acb_info = acb_info; - q_u->access_mask = access_mask; + q_u->acct_flags = acct_flags; } /******************************************************************* @@ -5213,7 +5213,7 @@ bool samr_io_q_create_user(const char *desc, SAMR_Q_CREATE_USER * q_u, return False; if(!prs_uint32("acb_info ", ps, depth, &q_u->acb_info)) return False; - if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask)) + if(!prs_uint32("acct_flags", ps, depth, &q_u->acct_flags)) return False; return True; diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index 171027fa49..5b42c6bc0e 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -1450,7 +1450,7 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli, NTSTATUS result = NT_STATUS_UNSUCCESSFUL; const char *acct_name; uint32 acb_info; - uint32 user_rid; + uint32 acct_flags, user_rid; uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; if ((argc < 2) || (argc > 3)) { @@ -1459,7 +1459,7 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli, } acct_name = argv[1]; - + if (argc > 2) sscanf(argv[2], "%x", &access_mask); @@ -1483,10 +1483,13 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli, /* Create domain user */ acb_info = ACB_NORMAL; - access_mask = 0xe005000b; + acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | + SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | + SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | + SAMR_USER_GETATTR | SAMR_USER_SETATTR; result = rpccli_samr_create_dom_user(cli, mem_ctx, &domain_pol, - acct_name, acb_info, access_mask, + acct_name, acb_info, acct_flags, &user_pol, &user_rid); if (!NT_STATUS_IS_OK(result)) diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c index a7969bddd1..d98cb99276 100644 --- a/source3/rpcclient/cmd_spoolss.c +++ b/source3/rpcclient/cmd_spoolss.c @@ -1222,9 +1222,10 @@ void set_drv_info_3_env (DRIVER_INFO_3 *info, const char *arch) static char* get_driver_3_param (char* str, const char* delim, UNISTR* dest) { char *ptr; + char *saveptr; /* get the next token */ - ptr = strtok(str, delim); + ptr = strtok_r(str, delim, &saveptr); /* a string of 'NULL' is used to represent an empty parameter because two consecutive delimiters @@ -1251,7 +1252,8 @@ static bool init_drv_info_3_members ( TALLOC_CTX *mem_ctx, DRIVER_INFO_3 *info, { char *str, *str2; uint32 len, i; - + char *saveptr; + /* fill in the UNISTR fields */ str = get_driver_3_param (args, ":", &info->name); str = get_driver_3_param (NULL, ":", &info->driverpath); @@ -1266,13 +1268,13 @@ static bool init_drv_info_3_members ( TALLOC_CTX *mem_ctx, DRIVER_INFO_3 *info, str = str2; /* begin to strip out each filename */ - str = strtok(str, ","); + str = strtok_r(str, ",", &saveptr); len = 0; while (str != NULL) { /* keep a cumlative count of the str lengths */ len += strlen(str)+1; - str = strtok(NULL, ","); + str = strtok_r(NULL, ",", &saveptr); } /* allocate the space; add one extra slot for a terminating NULL. diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 081e0fb15e..7b499918b0 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -605,7 +605,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, } if (cmd_entry->pipe_idx == PI_NETLOGON) { - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS; + uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS; uint32 sec_channel_type; uchar trust_password[16]; diff --git a/source3/services/services_db.c b/source3/services/services_db.c index b1daae4df8..d4e144d5ff 100644 --- a/source3/services/services_db.c +++ b/source3/services/services_db.c @@ -526,7 +526,7 @@ SEC_DESC *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN * SAFE_FREE(path); if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) { - DEBUG(0,("add_new_svc_name: talloc() failed!\n")); + DEBUG(0,("svcctl_get_secdesc: talloc() failed!\n")); TALLOC_FREE( key ); return NULL; } @@ -582,7 +582,7 @@ bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, SEC_DESC *sec_desc, SAFE_FREE(path); if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) { - DEBUG(0,("add_new_svc_name: talloc() failed!\n")); + DEBUG(0,("svcctl_set_secdesc: talloc() failed!\n")); TALLOC_FREE( key ); return False; } diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c index 4ae735633b..8ffa0f7751 100644 --- a/source3/smbd/msdfs.c +++ b/source3/smbd/msdfs.c @@ -288,12 +288,13 @@ static bool parse_msdfs_symlink(TALLOC_CTX *ctx, char **alt_path = NULL; int count = 0, i; struct referral *reflist; + char *saveptr; temp = talloc_strdup(ctx, target); if (!temp) { return False; } - prot = strtok(temp,":"); + prot = strtok_r(temp, ":", &saveptr); if (!prot) { DEBUG(0,("parse_msdfs_symlink: invalid path !\n")); return False; @@ -306,7 +307,7 @@ static bool parse_msdfs_symlink(TALLOC_CTX *ctx, /* parse out the alternate paths */ while((count<MAX_REFERRAL_COUNT) && - ((alt_path[count] = strtok(NULL,",")) != NULL)) { + ((alt_path[count] = strtok_r(NULL, ",", &saveptr)) != NULL)) { count++; } diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 9fca38e3ed..aa4bc48f3d 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -3034,8 +3034,7 @@ NTSTATUS create_file(connection_struct *conn, goto fail; } - SET_STAT_INVALID(sbuf); - + ZERO_STRUCT(sbuf); goto done; } } diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 6b517c3d86..85e1ccf0a7 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -759,6 +759,7 @@ bool authorise_login(int snum, fstring user, DATA_BLOB password, if (!ok) { char *auser; char *user_list = NULL; + char *saveptr; if ( session_userlist ) user_list = SMB_STRDUP(session_userlist); @@ -768,8 +769,9 @@ bool authorise_login(int snum, fstring user, DATA_BLOB password, if (!user_list) return(False); - for (auser=strtok(user_list,LIST_SEP); !ok && auser; - auser = strtok(NULL,LIST_SEP)) { + for (auser = strtok_r(user_list, LIST_SEP, &saveptr); + !ok && auser; + auser = strtok_r(NULL, LIST_SEP, &saveptr)) { fstring user2; fstrcpy(user2,auser); if (!user_ok(user2,snum)) @@ -792,6 +794,7 @@ bool authorise_login(int snum, fstring user, DATA_BLOB password, TALLOC_CTX *ctx = talloc_tos(); char *auser; char *user_list = talloc_strdup(ctx, lp_username(snum)); + char *saveptr; if (!user_list) { goto check_guest; @@ -806,8 +809,9 @@ bool authorise_login(int snum, fstring user, DATA_BLOB password, goto check_guest; } - for (auser=strtok(user_list,LIST_SEP); auser && !ok; - auser = strtok(NULL,LIST_SEP)) { + for (auser = strtok_r(user_list, LIST_SEP, &saveptr); + auser && !ok; + auser = strtok_r(NULL, LIST_SEP, &saveptr)) { if (*auser == '@') { auser = validate_group(auser+1,password,snum); if (auser) { diff --git a/source3/smbd/process.c b/source3/smbd/process.c index a5bdb96650..d961f98cc0 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -23,7 +23,6 @@ extern struct auth_context *negprot_global_auth_context; extern int smb_echo_count; -const int total_buffer_size = (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN); static enum smb_read_errors smb_read_error = SMB_READ_OK; /* @@ -156,16 +155,8 @@ static ssize_t read_packet_remainder(int fd, return len; } - if (timeout > 0) { - ret = read_socket_with_timeout(fd, - buffer, - len, - len, - timeout, - get_srv_read_error()); - } else { - ret = read_data(fd, buffer, len, get_srv_read_error()); - } + ret = read_socket_with_timeout(fd, buffer, len, len, timeout, + get_srv_read_error()); if (ret != len) { cond_set_smb_read_error(get_srv_read_error(), @@ -207,19 +198,10 @@ static ssize_t receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx, memcpy(writeX_header, lenbuf, sizeof(lenbuf)); - if (timeout > 0) { - ret = read_socket_with_timeout(fd, - writeX_header + 4, - STANDARD_WRITE_AND_X_HEADER_SIZE, - STANDARD_WRITE_AND_X_HEADER_SIZE, - timeout, - get_srv_read_error()); - } else { - ret = read_data(fd, - writeX_header+4, - STANDARD_WRITE_AND_X_HEADER_SIZE, - get_srv_read_error()); - } + ret = read_socket_with_timeout(fd, writeX_header + 4, + STANDARD_WRITE_AND_X_HEADER_SIZE, + STANDARD_WRITE_AND_X_HEADER_SIZE, + timeout, get_srv_read_error()); if (ret != STANDARD_WRITE_AND_X_HEADER_SIZE) { cond_set_smb_read_error(get_srv_read_error(), diff --git a/source3/smbd/service.c b/source3/smbd/service.c index ed8061e2f7..a8aa25405a 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -1171,16 +1171,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, * assumes that all the filesystem mounted withing a share path have * the same characteristics, which is likely but not guaranteed. */ - { - vfs_statvfs_struct svfs; - - conn->fs_capabilities = - FILE_CASE_SENSITIVE_SEARCH | FILE_CASE_PRESERVED_NAMES; - if (SMB_VFS_STATVFS(conn, conn->connectpath, &svfs) == 0) { - conn->fs_capabilities = svfs.FsCapabilities; - } - } + conn->fs_capabilities = SMB_VFS_FS_CAPABILITIES(conn); /* * Print out the 'connected as' stuff here as we need diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 9c48cdfbba..fb845220cd 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -105,9 +105,13 @@ static bool samba_private_attr_name(const char *unix_ea_name) for (i = 0; prohibited_ea_names[i]; i++) { if (strequal( prohibited_ea_names[i], unix_ea_name)) - return True; + return true; } - return False; + if (StrnCaseCmp(unix_ea_name, SAMBA_XATTR_DOSSTREAM_PREFIX, + strlen(SAMBA_XATTR_DOSSTREAM_PREFIX)) == 0) { + return true; + } + return false; } /**************************************************************************** @@ -210,7 +214,7 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, ea_namelist_size); } - if ((sizeret == -1) && (errno = ERANGE)) { + if ((sizeret == -1) && (errno == ERANGE)) { ea_namelist_size *= 2; } else { @@ -2455,6 +2459,40 @@ unsigned char *create_volume_objectid(connection_struct *conn, unsigned char obj return objid; } +static void samba_extended_info_version(struct smb_extended_info *extended_info) +{ + SMB_ASSERT(extended_info != NULL); + + extended_info->samba_magic = SAMBA_EXTENDED_INFO_MAGIC; + extended_info->samba_version = ((SAMBA_VERSION_MAJOR & 0xff) << 24) + | ((SAMBA_VERSION_MINOR & 0xff) << 16) + | ((SAMBA_VERSION_RELEASE & 0xff) << 8); +#ifdef SAMBA_VERSION_REVISION + extended_info->samba_version |= (tolower(*SAMBA_VERSION_REVISION) - 'a' + 1) & 0xff; +#endif +#ifdef SAMBA_VERSION_RC_RELEASE + extended_info->samba_subversion |= (SAMBA_VERSION_RC_RELEASE & 0xff) << 24; +#else +#ifdef SAMBA_VERSION_PRE_RELEASE + extended_info->samba_subversion |= (SAMBA_VERSION_PRE_RELEASE & 0xff) << 16; +#endif +#endif +#ifdef SAMBA_VERSION_VENDOR_PATCH + extended_info->samba_subversion |= (SAMBA_VERSION_VENDOR_PATCH & 0xffff); +#endif + /* FIXME: samba_gitcommitdate should contain the git commit date. */ +#ifdef SAMBA_VERSION_GIT_COMMIT_TIME + unix_to_nt_time(&extended_info->samba_gitcommitdate, SAMBA_VERSION_GIT_COMMIT_TIME); +#endif + + memset(extended_info->samba_version_string, 0, + sizeof(extended_info->samba_version_string)); + + snprintf (extended_info->samba_version_string, + sizeof(extended_info->samba_version_string), + "%s", samba_version_string()); +} + /**************************************************************************** Reply to a TRANS2_QFSINFO (query filesystem info). ****************************************************************************/ @@ -2793,7 +2831,14 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned case SMB_FS_OBJECTID_INFORMATION: { unsigned char objid[16]; + struct smb_extended_info extended_info; memcpy(pdata,create_volume_objectid(conn, objid),16); + samba_extended_info_version (&extended_info); + SIVAL(pdata,16,extended_info.samba_magic); + SIVAL(pdata,20,extended_info.samba_version); + SIVAL(pdata,24,extended_info.samba_subversion); + SBIG_UINT(pdata,28,extended_info.samba_gitcommitdate); + memcpy(pdata+36,extended_info.samba_version_string,28); data_len = 64; break; } diff --git a/source3/smbd/utmp.c b/source3/smbd/utmp.c index e82bbea3b3..5931b2b1d0 100644 --- a/source3/smbd/utmp.c +++ b/source3/smbd/utmp.c @@ -223,7 +223,7 @@ static char *uw_pathname(TALLOC_CTX *ctx, } /* For u-files and non-explicit w-dir, look for "utmp dir" */ - if (!dirname == 0 || strlen(dirname) == 0) { + if ((dirname == NULL) || (strlen(dirname) == 0)) { dirname = talloc_strdup(ctx, lp_utmpdir()); if (!dirname) { return NULL; diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 070474cf6f..8d67e512fe 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -890,6 +890,7 @@ static bool run_netbench(int client) } while (fgets(line, sizeof(line)-1, f)) { + char *saveptr; line_count++; line[strlen(line)-1] = 0; @@ -899,9 +900,9 @@ static bool run_netbench(int client) all_string_sub(line,"client1", cname, sizeof(line)); /* parse the command parameters */ - params[0] = strtok(line," "); + params[0] = strtok_r(line, " ", &saveptr); i = 0; - while (params[i]) params[++i] = strtok(NULL," "); + while (params[i]) params[++i] = strtok_r(NULL, " ", &saveptr); params[i] = ""; diff --git a/source3/utils/net_domain.c b/source3/utils/net_domain.c index da5e61caf0..a98f090e62 100644 --- a/source3/utils/net_domain.c +++ b/source3/utils/net_domain.c @@ -208,6 +208,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, uint32 num_rids, *name_types, *user_rids; uint32 flags = 0x3e8; uint32 acb_info = ACB_WSTRUST; + uint32 acct_flags; uint32 fields_present; uchar pwbuf[532]; SAM_USERINFO_CTR ctr; @@ -245,8 +246,13 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, /* Don't try to set any acb_info flags other than ACB_WSTRUST */ + acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | + SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | + SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR | + SAMR_USER_SETATTR; + DEBUG(10, ("Creating account with flags: %d\n",acct_flags)); status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, - acct_name, acb_info, 0xe005000b, &user_pol, &user_rid); + acct_name, acb_info, acct_flags, &user_pol, &user_rid); if ( !NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 677924649c..b08a93627d 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -588,7 +588,7 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, NTSTATUS result = NT_STATUS_UNSUCCESSFUL; const char *acct_name; uint32 acb_info; - uint32 access_mask, user_rid; + uint32 acct_flags, user_rid; if (argc < 1) { d_printf("User must be specified\n"); @@ -618,10 +618,13 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, /* Create domain user */ acb_info = ACB_NORMAL; - access_mask = 0xe005000b; + acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | + SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | + SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR | + SAMR_USER_SETATTR; result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, - acct_name, acb_info, access_mask, + acct_name, acb_info, acct_flags, &user_pol, &user_rid); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -5341,7 +5344,8 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, NTSTATUS result = NT_STATUS_UNSUCCESSFUL; char *acct_name; uint32 acb_info; - uint32 unknown, user_rid; + uint32 acct_flags=0; + uint32 user_rid; if (argc != 2) { d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n"); @@ -5375,11 +5379,13 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, /* Create trusting domain's account */ acb_info = ACB_NORMAL; - unknown = 0xe00500b0; /* No idea what this is - a permission mask? - mimir: yes, most probably it is */ + acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | + SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | + SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR | + SAMR_USER_SETATTR; result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, - acct_name, acb_info, unknown, + acct_name, acb_info, acct_flags, &user_pol, &user_rid); if (!NT_STATUS_IS_OK(result)) { goto done; diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index 6e37f3c84c..5c3fb2b2ff 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -45,7 +45,7 @@ NTSTATUS net_rpc_join_ok(const char *domain, const char *server, { enum security_types sec; unsigned int conn_flags = NET_FLAGS_PDC; - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; + uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_hnd = NULL; struct rpc_pipe_client *netlogon_pipe = NULL; @@ -132,7 +132,7 @@ int net_rpc_join_newstyle(int argc, const char **argv) struct cli_state *cli; TALLOC_CTX *mem_ctx; uint32 acb_info = ACB_WSTRUST; - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0); + uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0); uint32 sec_channel_type; struct rpc_pipe_client *pipe_hnd = NULL; @@ -160,6 +160,7 @@ int net_rpc_join_newstyle(int argc, const char **argv) uint32 flags = 0x3e8; char *acct_name; const char *const_acct_name; + uint32 acct_flags=0; /* check what type of join */ if (argc >= 0) { @@ -249,9 +250,14 @@ int net_rpc_join_newstyle(int argc, const char **argv) strlower_m(acct_name); const_acct_name = acct_name; + acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | + SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | + SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR | + SAMR_USER_SETATTR; + DEBUG(10, ("Creating account with flags: %d\n",acct_flags)); result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, acct_name, acb_info, - 0xe005000b, &user_pol, + acct_flags, &user_pol, &user_rid); if (!NT_STATUS_IS_OK(result) && diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index d0fcfe3aeb..e1f0cd3751 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -237,7 +237,7 @@ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; uchar trust_password[16]; - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS; + uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS; uint32 sec_channel_type = 0; if (!secrets_fetch_trust_account_password(domain_name, diff --git a/source3/web/cgi.c b/source3/web/cgi.c index 07a6fbcf54..c6233b0869 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -164,7 +164,9 @@ void cgi_load_variables(void) open("/dev/null", O_RDWR); if ((s=query_string) || (s=getenv("QUERY_STRING"))) { - for (tok=strtok(s,"&;");tok;tok=strtok(NULL,"&;")) { + char *saveptr; + for (tok=strtok_r(s, "&;", &saveptr); tok; + tok=strtok_r(NULL, "&;", &saveptr)) { p = strchr_m(tok,'='); if (!p) continue; diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index ef159f0670..dbc664da8c 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -694,11 +694,15 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain, /* this is at least correct when domain is our domain, * which is the only case, when this is currently used: */ - if ((machine_krb5_principal != NULL) && - (asprintf(machine_krb5_principal, "%s$@%s", account_name, - domain->alt_name) == -1)) + if (machine_krb5_principal != NULL) { - return NT_STATUS_NO_MEMORY; + if (asprintf(machine_krb5_principal, "%s$@%s", + account_name, domain->alt_name) == -1) + { + return NT_STATUS_NO_MEMORY; + } + + strupper_m(*machine_krb5_principal); } return NT_STATUS_OK; @@ -2298,7 +2302,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, struct winbindd_cm_conn *conn; NTSTATUS result; - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS; + uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS; uint8 mach_pwd[16]; uint32 sec_chan_type; const char *account_name; diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index 778886d8e2..e21524689b 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -480,7 +480,6 @@ void winbind_child_died(pid_t pid) child->event.fd = 0; child->event.flags = 0; child->pid = 0; - SAFE_FREE(child->logfilename); schedule_async_request(child); } diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index dc48fdef8b..0381053331 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -41,7 +41,7 @@ extern struct winbindd_methods passdb_methods; individual winbindd_domain structures cannot be made. Keep a copy of the domain name instead. */ -static struct winbindd_domain *_domain_list; +static struct winbindd_domain *_domain_list = NULL; /** When was the last scan of trusted domains done? |