#. **none** disables the replay cache. The residual value is ignored.
#. **file2** (new in release 1.18) uses a hash-based format to store
- replay records. The file may grow to accomodate hash collisions.
+ replay records. The file may grow to accommodate hash collisions.
The residual value is the filename.
#. **dfl** is the default type if no environment variable or
dnl This test exists so that every application developer does not test this in
dnl a different, and subtly broken fashion.
dnl
-dnl It has been argued that this test should be broken up into two seperate
+dnl It has been argued that this test should be broken up into two separate
dnl tests, one for the resolver libraries, and one for the libraries necessary
dnl for using Sockets API. Unfortunately, the two are carefully intertwined and
dnl allowing the autoconf user to use them independantly potentially results in
-dnl unfortunate ordering dependancies -- as such, such component macros would
+dnl unfortunate ordering dependencies -- as such, such component macros would
dnl have to carefully use indirection and be aware if the other components were
dnl executed. Since other autoconf macros do not go to this trouble, and almost
dnl no applications use sockets without the resolver, this complexity has not
<p>The server and each client create an RPC endpoint. The server's endpoint is CCS_<LSID> and the client's endpoint is CCAPI_<UUID>, where each client geta a UUID. </p>
<p>On Windows, the server's ccs_pipe_t type is a char* and is set to the client UUID.</p>
<h3>How is the request handled in the server and the reply sent to the client? </h3>
-<p>One straightforward way is for the reply to be the returned data in the request RPC call (an [out] parameter). That is, data passed from the RPC server to the RPC client. The request handler calls <span class="style3">ccs_server_handle_request</span>. Eventually, the server code calls <span class="style3">ccs_os_server_send_reply, </span>which saves the reply somewhere. When the server eventually returns to the request handler, the handler returns the saved reply to the client.</p>
-<p>But this doesn't work. If two clients A and B ask for the same lock, A will acquire the lock and B will have to wait. But if the single threaded server waits for B's lock, it will never handle A's unlock message. Therefore the server must return to B's request handler and <em>not </em>send a reply to B. So this method will not work. </p>
+<p>One straightforward way is for the reply to be the returned data in the request RPC call (an [out] parameter). That is, data passed from the RPC server to the RPC client. The request handler calls <span class="style3">ccs_server_handle_request</span>. Eventually, the server code calls <span class="style3">ccs_os_server_send_reply,</span> which saves the reply somewhere. When the server eventually returns to the request handler, the handler returns the saved reply to the client.</p>
+<p>But this doesn't work. If two clients A and B ask for the same lock, A will acquire the lock and B will have to wait. But if the single threaded server waits for B's lock, it will never handle A's unlock message. Therefore the server must return to B's request handler and <em>not</em> send a reply to B. So this method will not work. </p>
<p>Instead, there are listener and worker threads in Windows-specific code. </p>
-<p>The client's <span class="style3">cci_os_ipc </span>function waits for <span class="style3">ccs_reply</span>. The client sends the request, including <em>it's UUID, </em>from which the server can construct the endpoint on which to call <span class="style3">ccs_reply</span>. </p>
+<p>The client's <span class="style3">cci_os_ipc </span>function waits for <span class="style3">ccs_reply</span>. The client sends the request, including <em>its UUID,</em> from which the server can construct the endpoint on which to call <span class="style3">ccs_reply</span>. </p>
<p>The server's listener thread listens for RPC requests. The request handler puts each request/<em>reply</em> endpoint in a queue and returns to the client.</p>
-<p>The server's worker thread removes items from the queue, calls <span class="style3">ccs_server_handle_request</span>. <span class="style3">ccs_server_handle_request</span> takes both the request data and the client UUID . Eventually <span class="style3">ccs_os_server_send_reply</span> is called, with the reply data and client UUID in the reply_pipe. <span class="style3">ccs_os_server_send_reply</span> calls <span class="style3">ccs_reply </span>on the client's endpoint, which sends the reply to the client. </p>
+<p>The server's worker thread removes items from the queue, calls <span class="style3">ccs_server_handle_request</span>. <span class="style3">ccs_server_handle_request</span> takes both the request data and the client UUID . Eventually <span class="style3">ccs_os_server_send_reply</span> is called, with the reply data and client UUID in the reply_pipe. <span class="style3">ccs_os_server_send_reply</span> calls <span class="style3">ccs_reply</span> on the client's endpoint, which sends the reply to the client. </p>
<p>Is there any security issue with the client listening for RPC calls from the server?</p>
<h3>Connections</h3>
<p>If the client wants state to be maintained on the server, the client creates a connection. When the connection is closed, the server cleans up any state associated with the connection. </p>
<h3>Detecting client exit</h3>
<p>The server must be able to detect when clients disappear, so the server can free any resources that had been held for the client. </p>
<p>The Windows RPC API does not appear to provide a notification for an endpoint disappearing. It does provide a way to ask if an endpoint is listening. This is useful for polling, but we want a better performing solution than that. </p>
-<p>The client has an <em>isAlive </em>function on its endpoint. </p>
-<p>To detect the client disappearing without using polling, the server makes an asynchronous call to the <em>isAlive </em>function on the client's endpoint. The <em>isAlive </em>function never returns. When the client exits for any reason, it's <em></em>endpoint will be closed and the server's function call will return an error. The asynchronous call on the server means no additional threads are used. </p>
+<p>The client has an <em>isAlive</em> function on its endpoint. </p>
+<p>To detect the client disappearing without using polling, the server makes an asynchronous call to the <em>isAlive</em> function on the client's endpoint. The <em>isAlive</em> function never returns. When the client exits for any reason, its <em>endpoint</em> will be closed and the server's function call will return an error. The asynchronous call on the server means no additional threads are used. </p>
<p>Windows provides a number of notification methods to signal I/O completion. Among them are I/O completion ports and callback functions. I chose callback functions because they appear to consume fewer resources. </p>
<h3>RPC Endpoint / Function summary</h3>
<ul>
if (err) {
Init::Cleanup();
- fprintf( stderr, "An error occured while %s the server (%u)\n",
+ fprintf( stderr, "An error occurred while %s the server (%u)\n",
opts.bShutdown ? "shutting down" : "starting/running",
err);
exit(cci_check_error (err));
CCMSG_CONNECT_REPLY, /* Message type */
(unsigned char*)&h, /* client's tspdata* */
(unsigned char*)uuid,
- getMySST(), /* Server's session number = it's start time */
+ getMySST(), /* Server's session number = its start time */
&status ); /* Return code */
}
RpcExcept(1) {
* callrpc & clnt_create errors
*/
RPC_UNKNOWNHOST=13, /* unknown host name */
- RPC_UNKNOWNPROTO=17, /* unkown protocol */
+ RPC_UNKNOWNPROTO=17, /* unknown protocol */
/*
* _ create errors
state->reply_encpart.flags = state->enc_tkt_reply.flags;
state->reply_encpart.server = state->ticket_reply.server;
- /* copy the time fields EXCEPT for authtime; it's location
+ /* copy the time fields EXCEPT for authtime; its location
* is used for ktime
*/
state->reply_encpart.times = state->enc_tkt_reply.times;
}
break;
case 'd': /* pathname for db */
- /* now db_name is not a seperate argument.
+ /* now db_name is not a separate argument.
* It has to be passed as part of the db_args
*/
if( db_name == NULL ) {
* or implied warranty.
*/
-/* Test checksum and checksum compatability for rsa-md[4,5]-des. */
+/* Test checksum and checksum compatibility for rsa-md[4,5]-des. */
#ifndef MD
#define MD 5
*
* @return Return GSS_S_COMPLETE if @a name is authorized to act as @a user,
* GSS_S_UNAUTHORIZED if not, or an appropriate GSS error code if an error
- * occured.
+ * occurred.
*
* @sa gss_userok
*/
/*
* We use the official OID definitions instead of the unofficial OID
- * defintions. But we continue to support the unofficial OID
+ * definitions. But we continue to support the unofficial OID
* gss_nt_service_name just in case if some gss applications use
* the old OID.
*/
if ((code = krb5_rd_rep(context, ctx->auth_context, &ap_rep,
&ap_rep_data))) {
/*
- * XXX A hack for backwards compatiblity.
+ * XXX A hack for backwards compatibility.
* To be removed in 1999 -- proven
*/
krb5_auth_con_setuseruserkey(context, ctx->auth_context,
if (mask & KADM5_TL_DATA) {
krb5_tl_data *tl;
- /* may have to change the version number of the API. Updates the list with the given tl_data rather than over-writting */
+ /* may have to change the version number of the API. Updates the list with the given tl_data rather than over-writing */
for (tl = entry->tl_data; tl;
tl = tl->tl_data_next)
}
//
- // Intialize the request of the request.
+ // Initialize the request of the request.
//
pTicketRequest->MessageType = KerbRetrieveEncodedTicketMessage;
{
int err;
- /* make sure the API has been intialized */
+ /* make sure the API has been initialized */
if (gCntrlBlock == NULL) {
#ifdef CC_API_VER2
err = cc_initialize(&gCntrlBlock, CC_API_VER_2, NULL, NULL);
CHECK(kret, "resolve unknown type");
}
- /* Test for not specifiying a cache type with no defaults */
+ /* Test for not specifying a cache type with no defaults */
ops_save = krb5_cc_dfl_ops;
krb5_cc_dfl_ops = 0;
* address - The address string that should be parsed.
* default_port - The default port to use if no port is found.
* host_out - An output pointer for the parsed host, or NULL if no host was
- * specified or an error occured. Must be freed.
+ * specified or an error occurred. Must be freed.
* port_out - An output pointer for the parsed port. Will be 0 on error.
*
* Returns 0 on success, otherwise an error.
* There are 2^7 + 2^15 + 2^23 + 2^23 = 16810112 total ambiguous
* initial Heimdal counter values, but we receive them as one of 2^23
* possible values. There is a ~1/256 chance of a Heimdal
- * implementation sending an intial sequence number in the ambiguous
+ * implementation sending an initial sequence number in the ambiguous
* range.
*
* We have to do special treatment when receiving sequence numbers
}
/*
- * Magic wraparound for the case where the intial sequence number
+ * Magic wraparound for the case where the initial sequence number
* is in the ambiguous range. This means that the sender's
* counter is at a different count than ours, so we correct ours,
* and mark the sender as being a broken Heimdal implementation.
/*
* Zero out problem variable. If problem is set at the end of
- * the intial version negotiation section, it means that we
+ * the initial version negotiation section, it means that we
* need to send an error code back to the client application
* and exit.
*/
* Allocate space for the ascii string; if space has been
* provided, use it, realloc'ing it if necessary.
*
- * We need only n-1 seperators for n components, but we need
+ * We need only n-1 separators for n components, but we need
* an extra byte for the NUL at the end.
*/
if (size) {
* [HKEY_CURRENT_USER\Software\Gradient\DCE\Default\KRB5CCNAME]
* to point at the cache file name (including the FILE: prefix).
* By indirecting with the RegKRB5CCNAME entry in kerberos.ini,
- * we can accomodate other versions that might set a registry
+ * we can accommodate other versions that might set a registry
* variable.
*/
char newkey[256];
buf->states.states_used = 0;
/*
- * Construct the NFA. If this stage returns a 0, then an error occured or
+ * Construct the NFA. If this stage returns a 0, then an error occurred or
* an empty expression was passed.
*/
if ((state = _ure_re2nfa(re, relen, buf)) == _URE_NOOP)
/*
* auth_unix.c, Implements UNIX style authentication parameters.
*
- * The system is very weak. The client uses no encryption for it's
+ * The system is very weak. The client uses no encryption for its
* credentials and only sends null verifiers. The server sends backs
* null verifiers or optionally a verifier that suggests a new short hand
* for the credentials.
krb5_kdb_encode_int32(entry->fail_auth_count, nextloc);
nextloc += 4;
- /* # tl_data strutures */
+ /* # tl_data structures */
krb5_kdb_encode_int16(entry->n_tl_data, nextloc);
nextloc += 2;
- /* # key_data strutures */
+ /* # key_data structures */
krb5_kdb_encode_int16(entry->n_key_data, nextloc);
nextloc += 2;
krb5_kdb_decode_int32(nextloc, entry->fail_auth_count);
nextloc += 4;
- /* # tl_data strutures */
+ /* # tl_data structures */
krb5_kdb_decode_int16(nextloc, entry->n_tl_data);
nextloc += 2;
goto error_out;
}
- /* # key_data strutures */
+ /* # key_data structures */
krb5_kdb_decode_int16(nextloc, entry->n_key_data);
nextloc += 2;
It is believed that this "db" code originated from Berkeley DB 1.85
and was further modified by Cygnus and the MIT Kerberos team. Some
-significant changes to the hash code occured at some point.
+significant changes to the hash code occurred at some point.
The file README.db2 contains the README file provided with the
2.0-alpha release of Berkeley/Sleepycat DB, which may contain
/* If the two size fields of datum and DBMT are not equal, then
* casting between structures will result in stack garbage being
- * transfered. Has been observed for DEC Alpha OSF, but will handle
+ * transferred. Has been observed for DEC Alpha OSF, but will handle
* the general case.
*/
u_int8_t *bigkey_buf; /* Temporary Buffer for BIG keys */
u_int16_t *split_buf; /* Temporary buffer for splits */
CURSOR *seq_cursor; /* Cursor used for hash_seq */
- int32_t local_errno; /* Error Number -- for DBM compatability */
+ int32_t local_errno; /* Error Number -- for DBM compatibility */
int32_t new_file; /* Indicates if fd is backing store or no */
int32_t save_file; /* Indicates whether we need to flush file at
* exit */
k5_buf_init_dynamic(&buf);
- /* Make a space seperated list of indicators. */
+ /* Make a space-separated list of indicators. */
for (i = 0; auth_inds[i] != NULL; i++) {
k5_buf_add(&buf, auth_inds[i]);
if (auth_inds[i + 1] != NULL)
subjectPublicKey_len, &dh_pubkey, &dh_pubkey_len,
&server_key, &server_key_len);
if (retval) {
- pkiDebug("failed to process/create dh paramters\n");
+ pkiDebug("failed to process/create dh parameters\n");
goto cleanup;
}
}
# get_hostname
-# This procedure sets the global variale hostname to the local
+# This procedure sets the global variable hostname to the local
# hostname as seen by krb5_sname_to_principal. Returns 1 on success,
# 0 on failure.
Values are currently computed as 32-bit values, sign-extended to
"long", and output with "L" suffixes. Type errcode_t is "long".
-Kerberos uses a seperately chosen signed type of at least 32 bits for
+Kerberos uses a separately chosen signed type of at least 32 bits for
error codes. The com_err library only look at the low 32 bits, so
this is mostly just an issue for application code -- if anything
truncates to 32 bits, and then widens without sign-extending, the
s/, */, /g
/^$/d
#
-# Now we take care of some syntatic sugar.....
+# Now we take care of some syntactic sugar.....
#
/^unimplemented/ {
s/^unimplemented [A-Za-z_0-9]*/request ss_unimplemented/
BASH from https://gitforwindows.org and configure it to add the Unix
utilities to the command-line path. In some versions of Windows (not
the most current versions), the Unix utilities can alternatively be
-obtained via the Utilities and SDK for UNIX-based Aplications, which
+obtained via the Utilities and SDK for UNIX-based Applications, which
may be enabled as a Windows feature and then the components installed.
Note that the Windows nmake will not find the SUA awk utility in the
path unless it is named awk.exe; the permissions on the utility may
<Error Id="1932">The Windows Installer service cannot update the protected Windows file [2]. {{Package version: [3], OS Protected version: [4], SFP Error: [5]}}</Error>
<Error Id="1933">The Windows Installer service cannot update one or more protected Windows files. {{SFP Error: [2]. List of protected files:\r\n[3]}}</Error>
<Error Id="1934">User installations are disabled via policy on the machine.</Error>
- <Error Id="1935">An error occured during the installation of assembly component [2]. HRESULT: [3]. {{assembly interface: [4], function: [5], assembly name: [6]}}</Error>
+ <Error Id="1935">An error occurred during the installation of assembly component [2]. HRESULT: [3]. {{assembly interface: [4], function: [5], assembly name: [6]}}</Error>
<Error Id="4001">Custom action data not found. STATUS [2]</Error>
<Error Id="4003">NSIS Uninstallation failed. Status [2]</Error>
ID_LARGE_ICONS "Show large or small tree icons"
ID_UPPERCASE_REALM "Allow realm names that include lower case letters.\n Allow Mixed Case Realm Name"
ID_OPTIONS_RESETWINDOWSIZE
- "Puts Leash's main window back to it's default size "
- ID_RESET_WINDOW_SIZE "Refresh Leash window to it's default size/position"
+ "Puts Leash's main window back to its default size "
+ ID_RESET_WINDOW_SIZE "Refresh Leash window to its default size/position"
ID_SYSTEM_CONTROL_PANEL "Open your System Properties window"
ID_OPTIONS_LOWTICKETALARMSOUND
"Turn alarm off or on, when ticket time is low"
use the form 'ticket_lifetime = 600' where
the unit is assumed to be minutes. While
these are technically wrong (a unit needs
- to be specified), we try to accomodate for
+ to be specified), we try to accommodate for
this using the safe assumption that the
unit is seconds and tack an 's' to the end
and see if that works. */
use the form 'ticket_lifetime = 600' where
the unit is assumed to be minutes. While
these are technically wrong (a unit needs
- to be specified), we try to accomodate for
+ to be specified), we try to accommodate for
this using the safe assumption that the
unit is seconds and tack an 's' to the end
and see if that works. */
projects / thirdparty / krb5.git / commitdiff
