*
* IF adding a new field please update the minor version number AUTH_MINOR
*
- * To process the resulting log lines from the commend line use jq to
+ * To process the resulting log lines from the command line use jq to
* parse the json.
*
* grep "^ {" log file |
*
* IF adding a new field please update the minor version number AUTHZ_MINOR
*
- * To process the resulting log lines from the commend line use jq to
+ * To process the resulting log lines from the command line use jq to
* parse the json.
*
* grep "^ {" log_file |\
#define AUTH_SESSION_INFO_DEFAULT_GROUPS 0x01 /* Add the user to the default world and network groups */
#define AUTH_SESSION_INFO_AUTHENTICATED 0x02 /* Add the user to the 'authenticated users' group */
-#define AUTH_SESSION_INFO_SIMPLE_PRIVILEGES 0x04 /* Use a trivial map between users and privilages, rather than a DB */
+#define AUTH_SESSION_INFO_SIMPLE_PRIVILEGES 0x04 /* Use a trivial map between users and privileges, rather than a DB */
#define AUTH_SESSION_INFO_UNIX_TOKEN 0x08 /* The returned token must have the unix_token and unix_info elements provided */
#define AUTH_SESSION_INFO_NTLM 0x10 /* The returned token must have authenticated-with-NTLM flag set */
*
* @param[in] obtained A pointer to store the obtained information.
*
- * return The user name or NULL if an error occured.
+ * return The user name or NULL if an error occurred.
*/
_PUBLIC_ const char *
cli_credentials_get_username_and_obtained(struct cli_credentials *cred,
* Obtain the BIND DN for this credentials context.
* @param cred credentials context
* @retval The username set on this context.
- * @note Return value will be NULL if not specified explictly
+ * @note Return value will be NULL if not specified explicitly
*/
_PUBLIC_ const char *cli_credentials_get_bind_dn(struct cli_credentials *cred)
{
*
* @param[in] obtained A pointer to store the obtained information.
*
- * return The user name or NULL if an error occured.
+ * return The user name or NULL if an error occurred.
*/
_PUBLIC_ const char *
cli_credentials_get_password_and_obtained(struct cli_credentials *cred,
}
/**
- * Return NETLOGON secure chanel type
+ * Return NETLOGON secure channel type
*/
_PUBLIC_ time_t cli_credentials_get_password_last_changed_time(struct cli_credentials *cred)
}
/**
- * Return NETLOGON secure chanel type
+ * Return NETLOGON secure channel type
*/
_PUBLIC_ enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred)
/* Should we get a forwardable ticket? */
enum credentials_krb_forwardable krb_forwardable;
- /* Forced SASL mechansim */
+ /* Forced SASL mechanism */
char *forced_sasl_mech;
/* gensec features which should be used for connections */
ccache out of it. This routine can be generalised in future for
the case where we deal with GSSAPI mechs other than krb5.
- On sucess, the caller must not free gssapi_cred, as it now belongs
+ On success, the caller must not free gssapi_cred, as it now belongs
to the credentials system.
*/
}
/**
- * Start a GENSEC sub-mechanism with a specified mechansim structure, used in SPNEGO
+ * Start a GENSEC sub-mechanism with a specified mechanism structure, used in SPNEGO
*
*/
}
/**
- * Check if the packet is one for the KRB5 mechansim
+ * Check if the packet is one for the KRB5 mechanism
*
* NOTE: This is a helper that can be employed by multiple mechanisms, do
* not make assumptions about the private_data
}
/*
- * Reduce the attack surface by ensuring schannel is not availble when
+ * Reduce the attack surface by ensuring schannel is not available when
* we are not a DC
*/
static NTSTATUS schannel_server_start(struct gensec_security *gensec_security)
struct spnego_neg_ops {
const char *name;
/*
- * The start hook does the initial processing on the incoming paket and
+ * The start hook does the initial processing on the incoming packet and
* may starts the first possible subcontext. It indicates that
* gensec_update() is required on the subcontext by returning
* NT_STATUS_MORE_PROCESSING_REQUIRED and return something useful in
OM_uint32 gss_maj, gss_min;
#ifdef HAVE_GSS_GET_NAME_ATTRIBUTE
/*
- * gss_get_name_attribute() in MIT krb5 1.10.0 can return unintialized pac_display_buffer
+ * gss_get_name_attribute() in MIT krb5 1.10.0 can return uninitialized pac_display_buffer
* and later gss_release_buffer() will crash on attempting to release it.
*
* So always initialize the buffer descriptors.
memset(srv_sig_wipe->signature.data,
'\0', srv_sig_wipe->signature.length);
- /* and reencode, back into the same place it came from */
+ /* and re-encode, back into the same place it came from */
ndr_err = ndr_push_struct_blob(
kdc_sig_blob, pac_data_raw, kdc_sig_wipe,
(ndr_push_flags_fn_t)ndr_push_PAC_SIGNATURE_DATA);
bool use_ntlmv2;
bool use_ccache;
bool resume_ccache;
- bool use_nt_response; /* Set to 'False' to debug what happens when the NT response is omited */
+ bool use_nt_response; /* Set to 'False' to debug what happens when the NT response is omitted */
bool allow_lm_response;/* The LM_RESPONSE code is not very secure... */
bool allow_lm_key; /* The LM_KEY code is not very secure... */
if (!(flags & CLI_CRED_LANMAN_AUTH)) {
/* LM Key is still possible, just silly, so we do not
- * allow it. Fortunetly all LM crypto is off by
+ * allow it. Fortunately all LM crypto is off by
* default and we require command line options to end
* up here */
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
}
/* The flags we send back are not just the negotiated flags,
- * they are also 'what is in this packet'. Therfore, we
+ * they are also 'what is in this packet'. Therefore, we
* operate on 'chal_flags' from here on
*/
/*
* Key weakening not performed on the master key for NTLM2
- * and does not occour for NTLM1. Therefore we only need
+ * and does not occur for NTLM1. Therefore we only need
* to do this for the LM_KEY.
*/
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) {