1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s4:auth: Fix code spelling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
Andreas Schneider 2023-07-20 11:34:28 +02:00 committed by Andreas Schneider
parent 01c31c8f6d
commit 795e464cfa
14 changed files with 32 additions and 32 deletions

View File

@ -343,7 +343,7 @@ static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_securi
DEBUG(2, ("Error obtaining ticket we require to contact %s: (possibly due to clock skew between us and the KDC) %s\n", gensec_gssapi_state->target_principal, error_string));
return NT_STATUS_TIME_DIFFERENCE_AT_DC;
default:
DEBUG(1, ("Aquiring initiator credentials failed: %s\n", error_string));
DEBUG(1, ("Acquiring initiator credentials failed: %s\n", error_string));
return NT_STATUS_UNSUCCESSFUL;
}
@ -1511,7 +1511,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
&pac_blob);
/* IF we have the PAC - otherwise we need to get this
* data from elsewere - local ldb, or (TODO) lookup of some
* data from elsewhere - local ldb, or (TODO) lookup of some
* kind...
*/
if (NT_STATUS_IS_OK(nt_status)) {

View File

@ -296,7 +296,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
DEBUG(3, ("Error preparing credentials we require to contact %s : %s\n", principal, error_string));
return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */
default:
DEBUG(1, ("gensec_krb5_start: Aquiring initiator credentials failed: %s\n", error_string));
DEBUG(1, ("gensec_krb5_start: Acquiring initiator credentials failed: %s\n", error_string));
return NT_STATUS_UNSUCCESSFUL;
}
@ -612,7 +612,7 @@ static NTSTATUS gensec_krb5_update_internal(struct gensec_security *gensec_secur
server_in_keytab = NULL;
}
/* Parse the GSSAPI wrapping, if it's there... (win2k3 allows it to be omited) */
/* Parse the GSSAPI wrapping, if it's there... (win2k3 allows it to be omitted) */
if (gensec_krb5_state->gssapi
&& gensec_gssapi_parse_krb5_wrap(out_mem_ctx, &in, &unwrapped_in, tok_id)) {
inbuf.data = (char *)unwrapped_in.data;

View File

@ -13,7 +13,7 @@ hbd-samba4.c is the biggest piece of samba-to-krb glue layer, so the main
part of the port to MIT is to replace hdb-samba4 with a similar glue layer
that's designed for MIT's code.
PAC requirements are implemeneted in source4/kdc/pac-glue.c
PAC requirements are implemented in source4/kdc/pac-glue.c
The plugins (both of the above are Heimdal plugins) for the above are loaded
in source4/kdc/kdc.c
@ -142,9 +142,9 @@ just gssapi.
there's two kinds of name-canonicalization that can occur:
* lower-to-upper case conversion, because Windows domain names are
usually in upper case;
* an unrecognizable subsitution of names, such as might happen when
* an unrecognizable substitution of names, such as might happen when
a user requests a ticket for a NetBIOS domain name, but gets back
a ticket for the corresponging FQDN.
a ticket for the corresponding FQDN.
As developers, we should test if the AD KDC's name-canonicalisation
can be turned off with the KDCOption flags in the AS-REQ or TGS-REQ;
@ -410,7 +410,7 @@ IO handling, and run other events in the meantime. This uses a
library might be called again, while still in the send_to_kdc hook).
Heimdal has this 'state machine safety' in parts, and we have modified
the lorikeet branch to improve this behviour, when using a new,
the lorikeet branch to improve this behaviour, when using a new,
non-standard API to tunnelling a ccache (containing a set of tickets)
through the gssapi, by temporarily casting the ccache pointer to a
gss credential pointer.
@ -434,7 +434,7 @@ allows the caller to specify a keytab and ccache, for use by the
GSSAPI code. Therefore there is no need to use global variables to
communicate this information about keytab & ccache.
At a more theoritical level (simply counting static and global
At a more theoretical level (simply counting static and global
variables) Heimdal is not state machine safe for the GSSAPI layer.
(Heimdal is now (6/09) much more nearly free of globals.)
The Krb5 layer alone is much closer, as far as I can tell, blocking
@ -479,7 +479,7 @@ the kerberos libraries
- gsskrb5_get_initiator_subkey() (return the exact key that Samba3
has always asked for. gsskrb5_get_subkey() might do what we need
anyway). This is necessary, because in some spots, Microsoft uses
raw Kerberos keys, outside the Kerberos protocls, and not using Kerberos
raw Kerberos keys, outside the Kerberos protocols, and not using Kerberos
wrappings etc. Ie, as a direct input to MD5 and ARCFOUR, without using
the make_priv() or make_safe() calls.
@ -626,13 +626,13 @@ We currently define 3 classes:
- server (tgt)
- krbtgt (kinit, tgt) the kdc's own ldap record
I also now specify the kerberos principal as an explict parameter to LDB_fetch(),
I also now specify the kerberos principal as an explicit parameter to LDB_fetch(),
not an in/out value on the struct hdb_entry parameter itself.
Private Data pointer (and windc hooks) (see above):
In addition, I have added a new interface hdb_fetch_ex(), which
returns a structure including a private data-pointer, which may be used
by the windc plugin inferface functions. The windc plugin provides
by the windc plugin interface functions. The windc plugin provides
the hook for the PAC, as well as a function for the main access control routines.
A new windc plugin function should be added to increment the bad password counter
@ -659,7 +659,7 @@ See also the discussion about state machine safety above)
An important detail in the use of libkdc is that we use samba4's own socket
lib. This allows the KDC code to be as portable as the rest of samba
(this cuts both ways), but far more importantly it ensures a
consistancy in the handling of requests, binding to sockets etc.
consistency in the handling of requests, binding to sockets etc.
To handle TCP, we use of our socket layer in much the same way as
we deal with TCP for CIFS. Tridge created a generic packet handling

View File

@ -77,7 +77,7 @@ source code, as follows:
glue layer, so the main part of the port to MIT is
to replace hdb-samba4 with a similar glue layer
that's designed for MIT's code.
* Samba4's PAC requirements are implemeneted in
* Samba4's PAC requirements are implemented in
source4/kdc/pac-glue.c
* Both of the above two layers are Heimdal plugins, and
both get loaded in source4/kdc/kdc.c
@ -115,9 +115,9 @@ source code, as follows:
occur on Windows:
* Lower-to-upper case conversion, because Windows domain
names are usually in upper case;
* An unrecognizable subsitution of names, such as might
* An unrecognizable substitution of names, such as might
happen when a user requests a ticket for a NetBIOS domain
name, but gets back a ticket for the corresponging FQDN.
name, but gets back a ticket for the corresponding FQDN.
As developers, we should test if the AD KDC's name-canonical-
isation can be turned off with the KDCOption flags in the
AS-REQ or TGS-REQ; Windows clients always send the
@ -280,11 +280,11 @@ source code, as follows:
c. Turn on MIT-krb 1.7'sPAC handling.
In addition, I have added a new interface hdb_fetch_ex(),
which returns a structure including a private data-pointer,
which may be used by the windc plugin inferface functions.
which may be used by the windc plugin interface functions.
The windc plugin provides the hook for the PAC.
d. Samba4 needsaccess control hooks in the Heimdal& MIT
KDCs. We need to lockout accounts (eg, after 10 failed PW-
attemps), and perform other controls. This is standard
attempts), and perform other controls. This is standard
AD behavior, that Samba4 needs to get right, whether
Heimdal or MIT-krb is doing the ticket work.
- If PADL doesn't publish their patch for this,
@ -413,7 +413,7 @@ when using Kerberos and GSSAPI libraries
c. Make sure Samba4'sportable socket API works:
* An important detail in the use of libkdc is that we use samba4's
own socket lib. This allows the KDC code to be as portable as
the rest of samba, but more importantly it ensures consistancy
the rest of samba, but more importantly it ensures consistency
in the handling of requests, binding to sockets etc.
* To handle TCP, we use of our socket layer in much the same way as
we deal with TCP for CIFS. Tridge created a generic packet handling

View File

@ -305,7 +305,7 @@ static krb5_error_code smb_krb5_send_and_recv_func_int(struct smb_krb5_context *
* from the start (otherwise we may miss a socket
* drop) and mark as AUTOCLOSE along with the fde */
/* Ths is equivilant to EVENT_FD_READABLE(smb_krb5->fde) */
/* This is equivalent to EVENT_FD_READABLE(smb_krb5->fde) */
smb_krb5->fde = tevent_add_fd(ev, smb_krb5->sock,
socket_get_fd(smb_krb5->sock),
TEVENT_FD_READ,

View File

@ -99,7 +99,7 @@ _PUBLIC_ NTSTATUS auth_get_challenge(struct auth4_context *auth_ctx, uint8_t cha
*
* @param auth_ctx Supplies the challenges and some other data.
* Must be created with auth_context_create(), and the challenges should be
* filled in, either at creation or by calling the challenge geneation
* filled in, either at creation or by calling the challenge generation
* function auth_get_challenge().
*
* @param user_info Contains the user supplied components, including the passwords.
@ -542,7 +542,7 @@ static NTSTATUS auth_check_password_wrapper_recv(struct tevent_req *req,
/* Wrapper because we don't want to expose all callers to needing to
* know that session_info is generated from the main ldb, and because
* we need to break a depenency loop between the DCE/RPC layer and the
* we need to break a dependency loop between the DCE/RPC layer and the
* generation of unix tokens via IRPC */
static NTSTATUS auth_generate_session_info_wrapper(struct auth4_context *auth_context,
TALLOC_CTX *mem_ctx,

View File

@ -1,7 +1,7 @@
/*
Unix SMB/CIFS implementation.
Anonymous Authentification
Anonymous Authentication
Copyright (C) Stefan Metzmacher 2004-2005

View File

@ -43,7 +43,7 @@ static NTSTATUS name_to_ntstatus_want_check(struct auth_method_context *ctx,
/**
* Return an error based on username
*
* This function allows the testing of obsure errors, as well as the generation
* This function allows the testing of obscure errors, as well as the generation
* of NT_STATUS -> DOS error mapping tables.
*
* This module is of no value to end-users.

View File

@ -494,7 +494,7 @@ static NTSTATUS authsam_password_check_and_record(struct auth4_context *auth_con
* samdb_result_passwords_from_history() currently
* does not fail for missing attributes, it only sets
* nt_history_pwd = NULL, so "break" and fall down to
* the bad password count upate if this happens
* the bad password count update if this happens
*/
if (!NT_STATUS_IS_OK(nt_status)) {
break;

View File

@ -1,7 +1,7 @@
/*
Unix SMB/CIFS implementation.
Winbind authentication mechnism
Winbind authentication mechanism
Copyright (C) Tim Potter 2000
Copyright (C) Andrew Bartlett 2001 - 2002

View File

@ -88,7 +88,7 @@ const char *user_attrs[] = {
* This ordering (having msDS-ResultantPSO first) is
* important. By processing this attribute first it is
* available in the operational module for the other PSO
* attribute calcuations to use.
* attribute calculations to use.
*/
"msDS-ResultantPSO",
@ -1387,7 +1387,7 @@ error:
* level is raised to DS_BEHAVIOR_WIN2003 or higher, is calculated as
* 14 days minus a random percentage of 5 days", but we aren't doing
* that. The blogosphere seems to think that this randomised update
* happens everytime, but [MS-ADA1] doesn't agree.
* happens every time, but [MS-ADA1] doesn't agree.
*
* Dochelp referred us to the following blog post:
* http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx

View File

@ -20,7 +20,7 @@
*/
/* This code sets up GENSEC in the way that all Samba servers want
* (becaue they have presumed access to the sam.ldb etc */
* (because they have presumed access to the sam.ldb etc */
#include "includes.h"
#include "auth/auth.h"

View File

@ -270,7 +270,7 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
/* Fill out the auth_session_info with a cli_credentials based on the
* auth_session_info we were forwarded over named pipe forwarding.
*
* NOTE: The stucture members of session_info_transport are stolen
* NOTE: The structure members of session_info_transport are stolen
* with talloc_move() into auth_session_info for long term use
*/
struct auth_session_info *auth_session_info_from_transport(TALLOC_CTX *mem_ctx,
@ -409,7 +409,7 @@ NTSTATUS auth_session_info_transport_from_session(TALLOC_CTX *mem_ctx,
}
/* Produce a session_info for an arbitary DN or principal in the local
/* Produce a session_info for an arbitrary DN or principal in the local
* DB, assuming the local DB holds all the groups
*
* Supply either a principal or a DN

View File

@ -61,7 +61,7 @@ NTSTATUS auth_session_info_transport_from_session(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
struct auth_session_info_transport **transport_out);
/* Produce a session_info for an arbitary DN or principal in the local
/* Produce a session_info for an arbitrary DN or principal in the local
* DB, assuming the local DB holds all the groups
*
* Supply either a principal or a DN