diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index cca19646dfc..f460c6d2424 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -343,7 +343,7 @@ static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_securi DEBUG(2, ("Error obtaining ticket we require to contact %s: (possibly due to clock skew between us and the KDC) %s\n", gensec_gssapi_state->target_principal, error_string)); return NT_STATUS_TIME_DIFFERENCE_AT_DC; default: - DEBUG(1, ("Aquiring initiator credentials failed: %s\n", error_string)); + DEBUG(1, ("Acquiring initiator credentials failed: %s\n", error_string)); return NT_STATUS_UNSUCCESSFUL; } @@ -1511,7 +1511,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi &pac_blob); /* IF we have the PAC - otherwise we need to get this - * data from elsewere - local ldb, or (TODO) lookup of some + * data from elsewhere - local ldb, or (TODO) lookup of some * kind... */ if (NT_STATUS_IS_OK(nt_status)) { diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index 104e4639c44..d6a160f38c2 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -296,7 +296,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s DEBUG(3, ("Error preparing credentials we require to contact %s : %s\n", principal, error_string)); return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */ default: - DEBUG(1, ("gensec_krb5_start: Aquiring initiator credentials failed: %s\n", error_string)); + DEBUG(1, ("gensec_krb5_start: Acquiring initiator credentials failed: %s\n", error_string)); return NT_STATUS_UNSUCCESSFUL; } @@ -612,7 +612,7 @@ static NTSTATUS gensec_krb5_update_internal(struct gensec_security *gensec_secur server_in_keytab = NULL; } - /* Parse the GSSAPI wrapping, if it's there... (win2k3 allows it to be omited) */ + /* Parse the GSSAPI wrapping, if it's there... (win2k3 allows it to be omitted) */ if (gensec_krb5_state->gssapi && gensec_gssapi_parse_krb5_wrap(out_mem_ctx, &in, &unwrapped_in, tok_id)) { inbuf.data = (char *)unwrapped_in.data; diff --git a/source4/auth/kerberos/kerberos-notes.txt b/source4/auth/kerberos/kerberos-notes.txt index 69541290ef7..cb8f0a9afed 100644 --- a/source4/auth/kerberos/kerberos-notes.txt +++ b/source4/auth/kerberos/kerberos-notes.txt @@ -13,7 +13,7 @@ hbd-samba4.c is the biggest piece of samba-to-krb glue layer, so the main part of the port to MIT is to replace hdb-samba4 with a similar glue layer that's designed for MIT's code. -PAC requirements are implemeneted in source4/kdc/pac-glue.c +PAC requirements are implemented in source4/kdc/pac-glue.c The plugins (both of the above are Heimdal plugins) for the above are loaded in source4/kdc/kdc.c @@ -142,9 +142,9 @@ just gssapi. there's two kinds of name-canonicalization that can occur: * lower-to-upper case conversion, because Windows domain names are usually in upper case; - * an unrecognizable subsitution of names, such as might happen when + * an unrecognizable substitution of names, such as might happen when a user requests a ticket for a NetBIOS domain name, but gets back - a ticket for the corresponging FQDN. + a ticket for the corresponding FQDN. As developers, we should test if the AD KDC's name-canonicalisation can be turned off with the KDCOption flags in the AS-REQ or TGS-REQ; @@ -410,7 +410,7 @@ IO handling, and run other events in the meantime. This uses a library might be called again, while still in the send_to_kdc hook). Heimdal has this 'state machine safety' in parts, and we have modified -the lorikeet branch to improve this behviour, when using a new, +the lorikeet branch to improve this behaviour, when using a new, non-standard API to tunnelling a ccache (containing a set of tickets) through the gssapi, by temporarily casting the ccache pointer to a gss credential pointer. @@ -434,7 +434,7 @@ allows the caller to specify a keytab and ccache, for use by the GSSAPI code. Therefore there is no need to use global variables to communicate this information about keytab & ccache. -At a more theoritical level (simply counting static and global +At a more theoretical level (simply counting static and global variables) Heimdal is not state machine safe for the GSSAPI layer. (Heimdal is now (6/09) much more nearly free of globals.) The Krb5 layer alone is much closer, as far as I can tell, blocking @@ -479,7 +479,7 @@ the kerberos libraries - gsskrb5_get_initiator_subkey() (return the exact key that Samba3 has always asked for. gsskrb5_get_subkey() might do what we need anyway). This is necessary, because in some spots, Microsoft uses - raw Kerberos keys, outside the Kerberos protocls, and not using Kerberos + raw Kerberos keys, outside the Kerberos protocols, and not using Kerberos wrappings etc. Ie, as a direct input to MD5 and ARCFOUR, without using the make_priv() or make_safe() calls. @@ -626,13 +626,13 @@ We currently define 3 classes: - server (tgt) - krbtgt (kinit, tgt) the kdc's own ldap record -I also now specify the kerberos principal as an explict parameter to LDB_fetch(), +I also now specify the kerberos principal as an explicit parameter to LDB_fetch(), not an in/out value on the struct hdb_entry parameter itself. Private Data pointer (and windc hooks) (see above): In addition, I have added a new interface hdb_fetch_ex(), which returns a structure including a private data-pointer, which may be used - by the windc plugin inferface functions. The windc plugin provides + by the windc plugin interface functions. The windc plugin provides the hook for the PAC, as well as a function for the main access control routines. A new windc plugin function should be added to increment the bad password counter @@ -659,7 +659,7 @@ See also the discussion about state machine safety above) An important detail in the use of libkdc is that we use samba4's own socket lib. This allows the KDC code to be as portable as the rest of samba (this cuts both ways), but far more importantly it ensures a -consistancy in the handling of requests, binding to sockets etc. +consistency in the handling of requests, binding to sockets etc. To handle TCP, we use of our socket layer in much the same way as we deal with TCP for CIFS. Tridge created a generic packet handling diff --git a/source4/auth/kerberos/kerberos-porting-to-mit-notes.txt b/source4/auth/kerberos/kerberos-porting-to-mit-notes.txt index 9b478bbd1c1..9df3a13d495 100644 --- a/source4/auth/kerberos/kerberos-porting-to-mit-notes.txt +++ b/source4/auth/kerberos/kerberos-porting-to-mit-notes.txt @@ -77,7 +77,7 @@ source code, as follows: glue layer, so the main part of the port to MIT is to replace hdb-samba4 with a similar glue layer that's designed for MIT's code. - * Samba4's PAC requirements are implemeneted in + * Samba4's PAC requirements are implemented in source4/kdc/pac-glue.c * Both of the above two layers are Heimdal plugins, and both get loaded in source4/kdc/kdc.c @@ -115,9 +115,9 @@ source code, as follows: occur on Windows: * Lower-to-upper case conversion, because Windows domain names are usually in upper case; - * An unrecognizable subsitution of names, such as might + * An unrecognizable substitution of names, such as might happen when a user requests a ticket for a NetBIOS domain - name, but gets back a ticket for the corresponging FQDN. + name, but gets back a ticket for the corresponding FQDN. As developers, we should test if the AD KDC's name-canonical- isation can be turned off with the KDCOption flags in the AS-REQ or TGS-REQ; Windows clients always send the @@ -280,11 +280,11 @@ source code, as follows: c. Turn on MIT-krb 1.7'sPAC handling. In addition, I have added a new interface hdb_fetch_ex(), which returns a structure including a private data-pointer, - which may be used by the windc plugin inferface functions. + which may be used by the windc plugin interface functions. The windc plugin provides the hook for the PAC. d. Samba4 needsaccess control hooks in the Heimdal& MIT KDCs. We need to lockout accounts (eg, after 10 failed PW- - attemps), and perform other controls. This is standard + attempts), and perform other controls. This is standard AD behavior, that Samba4 needs to get right, whether Heimdal or MIT-krb is doing the ticket work. - If PADL doesn't publish their patch for this, @@ -413,7 +413,7 @@ when using Kerberos and GSSAPI libraries c. Make sure Samba4'sportable socket API works: * An important detail in the use of libkdc is that we use samba4's own socket lib. This allows the KDC code to be as portable as - the rest of samba, but more importantly it ensures consistancy + the rest of samba, but more importantly it ensures consistency in the handling of requests, binding to sockets etc. * To handle TCP, we use of our socket layer in much the same way as we deal with TCP for CIFS. Tridge created a generic packet handling diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index 48cb256486e..e8114af7ab2 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -305,7 +305,7 @@ static krb5_error_code smb_krb5_send_and_recv_func_int(struct smb_krb5_context * * from the start (otherwise we may miss a socket * drop) and mark as AUTOCLOSE along with the fde */ - /* Ths is equivilant to EVENT_FD_READABLE(smb_krb5->fde) */ + /* This is equivalent to EVENT_FD_READABLE(smb_krb5->fde) */ smb_krb5->fde = tevent_add_fd(ev, smb_krb5->sock, socket_get_fd(smb_krb5->sock), TEVENT_FD_READ, diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c index 9f5cb92f89f..3c48c77ec5b 100644 --- a/source4/auth/ntlm/auth.c +++ b/source4/auth/ntlm/auth.c @@ -99,7 +99,7 @@ _PUBLIC_ NTSTATUS auth_get_challenge(struct auth4_context *auth_ctx, uint8_t cha * * @param auth_ctx Supplies the challenges and some other data. * Must be created with auth_context_create(), and the challenges should be - * filled in, either at creation or by calling the challenge geneation + * filled in, either at creation or by calling the challenge generation * function auth_get_challenge(). * * @param user_info Contains the user supplied components, including the passwords. @@ -542,7 +542,7 @@ static NTSTATUS auth_check_password_wrapper_recv(struct tevent_req *req, /* Wrapper because we don't want to expose all callers to needing to * know that session_info is generated from the main ldb, and because - * we need to break a depenency loop between the DCE/RPC layer and the + * we need to break a dependency loop between the DCE/RPC layer and the * generation of unix tokens via IRPC */ static NTSTATUS auth_generate_session_info_wrapper(struct auth4_context *auth_context, TALLOC_CTX *mem_ctx, diff --git a/source4/auth/ntlm/auth_anonymous.c b/source4/auth/ntlm/auth_anonymous.c index 0f71830259c..328347a2dad 100644 --- a/source4/auth/ntlm/auth_anonymous.c +++ b/source4/auth/ntlm/auth_anonymous.c @@ -1,7 +1,7 @@ /* Unix SMB/CIFS implementation. - Anonymous Authentification + Anonymous Authentication Copyright (C) Stefan Metzmacher 2004-2005 diff --git a/source4/auth/ntlm/auth_developer.c b/source4/auth/ntlm/auth_developer.c index 7b9610cc85e..89db15d0ee7 100644 --- a/source4/auth/ntlm/auth_developer.c +++ b/source4/auth/ntlm/auth_developer.c @@ -43,7 +43,7 @@ static NTSTATUS name_to_ntstatus_want_check(struct auth_method_context *ctx, /** * Return an error based on username * - * This function allows the testing of obsure errors, as well as the generation + * This function allows the testing of obscure errors, as well as the generation * of NT_STATUS -> DOS error mapping tables. * * This module is of no value to end-users. diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index 74cdcc50c29..7b65b3084f8 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -494,7 +494,7 @@ static NTSTATUS authsam_password_check_and_record(struct auth4_context *auth_con * samdb_result_passwords_from_history() currently * does not fail for missing attributes, it only sets * nt_history_pwd = NULL, so "break" and fall down to - * the bad password count upate if this happens + * the bad password count update if this happens */ if (!NT_STATUS_IS_OK(nt_status)) { break; diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c index 4049c3ac209..2b1cc51cd03 100644 --- a/source4/auth/ntlm/auth_winbind.c +++ b/source4/auth/ntlm/auth_winbind.c @@ -1,7 +1,7 @@ /* Unix SMB/CIFS implementation. - Winbind authentication mechnism + Winbind authentication mechanism Copyright (C) Tim Potter 2000 Copyright (C) Andrew Bartlett 2001 - 2002 diff --git a/source4/auth/sam.c b/source4/auth/sam.c index 3b34525b7e1..5409007722f 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -88,7 +88,7 @@ const char *user_attrs[] = { * This ordering (having msDS-ResultantPSO first) is * important. By processing this attribute first it is * available in the operational module for the other PSO - * attribute calcuations to use. + * attribute calculations to use. */ "msDS-ResultantPSO", @@ -1387,7 +1387,7 @@ error: * level is raised to DS_BEHAVIOR_WIN2003 or higher, is calculated as * 14 days minus a random percentage of 5 days", but we aren't doing * that. The blogosphere seems to think that this randomised update - * happens everytime, but [MS-ADA1] doesn't agree. + * happens every time, but [MS-ADA1] doesn't agree. * * Dochelp referred us to the following blog post: * http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx diff --git a/source4/auth/samba_server_gensec.c b/source4/auth/samba_server_gensec.c index f2b0551afe8..b5d436d571c 100644 --- a/source4/auth/samba_server_gensec.c +++ b/source4/auth/samba_server_gensec.c @@ -20,7 +20,7 @@ */ /* This code sets up GENSEC in the way that all Samba servers want - * (becaue they have presumed access to the sam.ldb etc */ + * (because they have presumed access to the sam.ldb etc */ #include "includes.h" #include "auth/auth.h" diff --git a/source4/auth/session.c b/source4/auth/session.c index 70dc4b19f9d..a240cdb2e22 100644 --- a/source4/auth/session.c +++ b/source4/auth/session.c @@ -270,7 +270,7 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, /* Fill out the auth_session_info with a cli_credentials based on the * auth_session_info we were forwarded over named pipe forwarding. * - * NOTE: The stucture members of session_info_transport are stolen + * NOTE: The structure members of session_info_transport are stolen * with talloc_move() into auth_session_info for long term use */ struct auth_session_info *auth_session_info_from_transport(TALLOC_CTX *mem_ctx, @@ -409,7 +409,7 @@ NTSTATUS auth_session_info_transport_from_session(TALLOC_CTX *mem_ctx, } -/* Produce a session_info for an arbitary DN or principal in the local +/* Produce a session_info for an arbitrary DN or principal in the local * DB, assuming the local DB holds all the groups * * Supply either a principal or a DN diff --git a/source4/auth/session.h b/source4/auth/session.h index 900b6ab3365..011d6bcd35e 100644 --- a/source4/auth/session.h +++ b/source4/auth/session.h @@ -61,7 +61,7 @@ NTSTATUS auth_session_info_transport_from_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, struct auth_session_info_transport **transport_out); -/* Produce a session_info for an arbitary DN or principal in the local +/* Produce a session_info for an arbitrary DN or principal in the local * DB, assuming the local DB holds all the groups * * Supply either a principal or a DN