From fcc30449033568fbe8488ee37faf76c15ae3bdd4 Mon Sep 17 00:00:00 2001 From: Nabil Date: Sat, 15 Mar 2025 02:45:13 +0100 Subject: [PATCH] Fix: typos --- bin/admin/rename-account.sh | 2 +- bin/helper/osh-accountCreate | 2 +- bin/helper/osh-groupCreate | 2 +- bin/plugin/open/selfDelIngressKey | 2 +- bin/plugin/open/selfMFASetupTOTP | 2 +- bin/plugin/restricted/accountCreate | 2 +- bin/shell/autologin | 4 ++-- bin/shell/osh.pl | 2 +- contrib/nrpe/probes/bastion-healthcheck | 2 +- contrib/nrpe/probes/bastion-http-proxy | 2 +- doc/sphinx/administration/configuration/bastion_conf.rst | 2 +- doc/sphinx/administration/logs.rst | 2 +- doc/sphinx/administration/mfa.rst | 6 +++--- doc/sphinx/installation/advanced.rst | 2 +- doc/sphinx/installation/upgrading.rst | 2 +- doc/sphinx/using/sftp_scp_rsync.rst | 2 +- etc/bastion/bastion.conf.dist | 2 +- lib/perl/OVH/Bastion.pm | 4 ++-- lib/perl/OVH/Bastion/ProxyHTTP.pm | 2 +- lib/perl/OVH/Bastion/allowkeeper.inc | 2 +- tests/functional/docker/target_role.sh | 2 +- tests/functional/tests.d/341-selfaccesses-force-password.sh | 2 +- 22 files changed, 26 insertions(+), 26 deletions(-) diff --git a/bin/admin/rename-account.sh b/bin/admin/rename-account.sh index 097e2dc..0e6ce2c 100644 --- a/bin/admin/rename-account.sh +++ b/bin/admin/rename-account.sh @@ -60,7 +60,7 @@ else _run usermod -m -d /home/"$to" -l "$to" "$from" fi -# then, rename all other groups linked to the account (appart from the main one already done) +# then, rename all other groups linked to the account (apart from the main one already done) # shellcheck disable=SC2043 for suffix in tty; do if getent group "$from-$suffix" >/dev/null ; then diff --git a/bin/helper/osh-accountCreate b/bin/helper/osh-accountCreate index 48a9194..1605d36 100755 --- a/bin/helper/osh-accountCreate +++ b/bin/helper/osh-accountCreate @@ -68,7 +68,7 @@ if (not grep { $type eq $_ } qw{ normal realm }) { # take a lock here, do it before checking for account existence, # because another parallel creation of the same account might be -# occuring, in which case we'd still hit a race condition +# occurring, in which case we'd still hit a race condition # additionally, the lock type "passwd" is used by all helpers # that may modify /etc/passwd or /etc/group. $fnret = OVH::Bastion::Helper::get_lock_fh(category => "passwd"); diff --git a/bin/helper/osh-groupCreate b/bin/helper/osh-groupCreate index 38cf9ef..d4c8ff9 100755 --- a/bin/helper/osh-groupCreate +++ b/bin/helper/osh-groupCreate @@ -96,7 +96,7 @@ my $shortGroup = $fnret->value->{'shortGroup'}; # take a lock here, do it before checking for group existence, # because another parallel creation of the same group might be -# occuring, in which case we'd still hit a race condition. +# occurring, in which case we'd still hit a race condition. # additionally, the lock type "passwd" is used by all helpers # that may modify /etc/passwd or /etc/group. $fnret = OVH::Bastion::Helper::get_lock_fh(category => "passwd"); diff --git a/bin/plugin/open/selfDelIngressKey b/bin/plugin/open/selfDelIngressKey index 6e3e1ff..19b180b 100755 --- a/bin/plugin/open/selfDelIngressKey +++ b/bin/plugin/open/selfDelIngressKey @@ -59,7 +59,7 @@ foreach my $key (@{$fnret->value || []}) { # Do we have anything to delete ? if (!%validKeys) { - warn_syslog("User $self has no valid keys, but somehow connected succcessfully, this shouldn't happen"); + warn_syslog("User $self has no valid keys, but somehow connected successfully, this shouldn't happen"); osh_exit 'ERR_NO_KEY', "You have no key to delete (wait, how did you connect in the first place?!)"; } elsif (keys %validKeys == 1) { diff --git a/bin/plugin/open/selfMFASetupTOTP b/bin/plugin/open/selfMFASetupTOTP index b7ec537..b7d179d 100755 --- a/bin/plugin/open/selfMFASetupTOTP +++ b/bin/plugin/open/selfMFASetupTOTP @@ -94,7 +94,7 @@ elsif ($TOTPProvider eq 'google-authenticator') { } elsif ($TOTPProvider eq 'duo') { - # nothing to do locally, appart from marking the user as TOTP-active, which is done after this block. + # nothing to do locally, apart from marking the user as TOTP-active, which is done after this block. } else { # unknown provider, this shouldn't happen diff --git a/bin/plugin/restricted/accountCreate b/bin/plugin/restricted/accountCreate index e1b7419..3c5aa03 100755 --- a/bin/plugin/restricted/accountCreate +++ b/bin/plugin/restricted/accountCreate @@ -72,7 +72,7 @@ if (!defined $uid && !$uidAuto) { osh_exit 'ERR_MISSING_PARAMETER', "Missing mandatory parameter --uid or --uid-auto"; } -# quicky ensure these params are not pure bullshit (real check is done by helper script) +# quickly ensure these params are not pure bullshit (real check is done by helper script) if ($account !~ /^[a-z0-9._-]+$/i) { osh_exit 'ERR_INVALID_PARAMETER', "Parameter 'account' seems invalid"; } diff --git a/bin/shell/autologin b/bin/shell/autologin index ac49e50..7aa4cbe 100755 --- a/bin/shell/autologin +++ b/bin/shell/autologin @@ -92,7 +92,7 @@ proc attempt_to_login args { } if { $stty_options != "" } { - # in that case, silence the "Password:" prompt, as our caller propably doesn't expect (sic) to see it + # in that case, silence the "Password:" prompt, as our caller probably doesn't expect (sic) to see it log_user 0 } @@ -131,7 +131,7 @@ proc attempt_to_login args { exit 5 } -# if no specific pasword was requested, try to login with the main password file, then try the fallbacks +# if no specific password was requested, try to login with the main password file, then try the fallbacks set tryid 0 if { $arg_password_id == -1 } { set last_attempt [attempt_to_login $tryid $arg_prog $arg_login $arg_file $arg_fallback_delay $spawn_args $arg_stty_options] diff --git a/bin/shell/osh.pl b/bin/shell/osh.pl index db50a8c..417bbac 100755 --- a/bin/shell/osh.pl +++ b/bin/shell/osh.pl @@ -193,7 +193,7 @@ if (-e '/home/allowkeeper/maintenance') { $fnret = OVH::Bastion::is_account_ttl_nonexpired(account => $self, sysaccount => $sysself); if (!$fnret) { - main_exit(OVH::Bastion::EXIT_TTL_EXPIRED, "ttl_expired", "Sorry $self, acccess denied (" . $fnret->msg . ")"); + main_exit(OVH::Bastion::EXIT_TTL_EXPIRED, "ttl_expired", "Sorry $self, access denied (" . $fnret->msg . ")"); } # diff --git a/contrib/nrpe/probes/bastion-healthcheck b/contrib/nrpe/probes/bastion-healthcheck index 884337e..8511508 100755 --- a/contrib/nrpe/probes/bastion-healthcheck +++ b/contrib/nrpe/probes/bastion-healthcheck @@ -58,7 +58,7 @@ $PROBE_NAME [options] --host HOST Host to connect to. Default: $host --port PORT Port to connect to. Default: $port --account ACCOUNT Account name to use to authenticate. Default: $account - --keyfile PATH Path to the private SSH key file to authenticate. Defaut: $keyfile + --keyfile PATH Path to the private SSH key file to authenticate. Default: $keyfile --kbd-interactive Allow keyboard-interactive authentication. Default: $kbdinteractive Note: don't specify an other option than --help to get the proper default values. diff --git a/contrib/nrpe/probes/bastion-http-proxy b/contrib/nrpe/probes/bastion-http-proxy index de690f7..964faf4 100755 --- a/contrib/nrpe/probes/bastion-http-proxy +++ b/contrib/nrpe/probes/bastion-http-proxy @@ -100,7 +100,7 @@ $PROBE_NAME [options] --debug Increase verbosity of logs --host HOST Host to connect to. Default: $host --port PORT Port to connect to. Default: $port (tentatively - autodected from the HTTPS Bastion proxy configuration) + autodetected from the HTTPS Bastion proxy configuration) --disabled-ok Return success even if Proxy is disabled (from config) EOF diff --git a/doc/sphinx/administration/configuration/bastion_conf.rst b/doc/sphinx/administration/configuration/bastion_conf.rst index 1913e56..1f44cee 100644 --- a/doc/sphinx/administration/configuration/bastion_conf.rst +++ b/doc/sphinx/administration/configuration/bastion_conf.rst @@ -5,7 +5,7 @@ bastion.conf .. note:: The Bastion has a lot of configuration options so that you can tailor it - to your needs. However, if you're just beggining and would like to get + to your needs. However, if you're just beginning and would like to get started quickly, just configure the ``Main Options``. All the other options have sane defaults that can still be customized at a later time. diff --git a/doc/sphinx/administration/logs.rst b/doc/sphinx/administration/logs.rst index 53fe5d2..806c6dd 100644 --- a/doc/sphinx/administration/logs.rst +++ b/doc/sphinx/administration/logs.rst @@ -229,7 +229,7 @@ warn-info, die-info These logs are produced when some known portion of code (including libraries) called ``warn()`` or ``die()`` but in a known case that can happen during nominal use. Don't use these logs to directly trigger an alert, but you can keep an eye on those, as e.g. an unusually -high number of occurences in a short time may be a weak signal that somebody or something is misbehaving. +high number of occurrences in a short time may be a weak signal that somebody or something is misbehaving. The fields are the same than the ones specified above for **warn** and **die**. diff --git a/doc/sphinx/administration/mfa.rst b/doc/sphinx/administration/mfa.rst index 951e30a..8bf1136 100644 --- a/doc/sphinx/administration/mfa.rst +++ b/doc/sphinx/administration/mfa.rst @@ -40,7 +40,7 @@ Immediate MFA This method implements MFA directly using PAM during the initial SSH authentication phase, on the ingress side, e.g. when accounts are connecting to the bastion. This entirely resides on SSH/PAM and doesn't even depend -on The Bastion code (appart from the setup side of the additional factor for each account). +on The Bastion code (apart from the setup side of the additional factor for each account). .. note:: @@ -81,7 +81,7 @@ MFA logic is implemented. We've left the comments that can be found in the templ # AuthenticationMethods publickey,keyboard-interactive:pam As explained in the comments within the file, this section (commented by default) refers to the MFA that can be -configured on the ``root`` account to protect The Bastion's own system. This is out of the scope of this documenation +configured on the ``root`` account to protect The Bastion's own system. This is out of the scope of this documentation section, as we're focusing on the users MFA here, so refer to the :ref:`installation/advanced:2fa root authentication` section if that's what you want to achieve. @@ -409,7 +409,7 @@ Here is how it looks like: As you seen, once ``mfa`` has been entered and the MFA validated, the prompt changes to ``[MFA-OK]`` implying that any command usually requiring MFA will not ask for it again (such as ``groupAddServer`` in the above example, as -we've configured it to). We then explicitely exit the MFA elevated session by entering ``nomfa``. +we've configured it to). We then explicitly exit the MFA elevated session by entering ``nomfa``. MFA and --osh batch ******************* diff --git a/doc/sphinx/installation/advanced.rst b/doc/sphinx/installation/advanced.rst index 796bb2d..9e488a4 100644 --- a/doc/sphinx/installation/advanced.rst +++ b/doc/sphinx/installation/advanced.rst @@ -12,7 +12,7 @@ Encryption & signature GPG keys .. note:: - This section is a prequisite to both the :ref:`installadv_encryptrsync` and the + This section is a prerequisite to both the :ref:`installadv_encryptrsync` and the :ref:`installadv_backup` steps further down this documentation There are 2 pairs of GPG keys being used by the bastion: diff --git a/doc/sphinx/installation/upgrading.rst b/doc/sphinx/installation/upgrading.rst index 402cdf3..eef8775 100644 --- a/doc/sphinx/installation/upgrading.rst +++ b/doc/sphinx/installation/upgrading.rst @@ -505,7 +505,7 @@ We now add all the details of the connection to the *close* logs, those that wer in the corresponding *open* log. This way, it is no longer required to correlate both logs with their uniqid to have all the data: the *close* log should suffice. The *open* log is still there if for some reason the *close* log can't be emitted (kill -9, system crash, etc.), -or if the *open* and the *close* log are several hours, days or months appart. +or if the *open* and the *close* log are several hours, days or months apart. An additional field **duration** has been added to the *close* logs, this represents the number of seconds (with millisecond precision) the connection lasted. diff --git a/doc/sphinx/using/sftp_scp_rsync.rst b/doc/sphinx/using/sftp_scp_rsync.rst index d607b44..5b45dae 100644 --- a/doc/sphinx/using/sftp_scp_rsync.rst +++ b/doc/sphinx/using/sftp_scp_rsync.rst @@ -90,7 +90,7 @@ to allow in the case of SCP. For SCP, you can allow both directions by using the command first with ``--protocol scpdownload``, then with ``--protocol scpupload``. -Note that for SFTP and RYSNC, you can't specify a direction, due to how these protocols work: you either have +Note that for SFTP and RSYNC, you can't specify a direction, due to how these protocols work: you either have SFTP/RSYNC access (hence being able to upload and download files), or you don't. For example, this is a valid command to add SFTP access to a machine which is part of a group: diff --git a/etc/bastion/bastion.conf.dist b/etc/bastion/bastion.conf.dist index 0ff53db..42dc665 100644 --- a/etc/bastion/bastion.conf.dist +++ b/etc/bastion/bastion.conf.dist @@ -9,7 +9,7 @@ #@ .. note:: #@ #@ The Bastion has a lot of configuration options so that you can tailor it -#@ to your needs. However, if you're just beggining and would like to get +#@ to your needs. However, if you're just beginning and would like to get #@ started quickly, just configure the ``Main Options``. #@ All the other options have sane defaults that can still be customized #@ at a later time. diff --git a/lib/perl/OVH/Bastion.pm b/lib/perl/OVH/Bastion.pm index f0d3ec2..9bd5578 100644 --- a/lib/perl/OVH/Bastion.pm +++ b/lib/perl/OVH/Bastion.pm @@ -654,7 +654,7 @@ sub is_valid_ip { if ($fast and index($ip, ':') == -1) { # We're being asked to be fast, and it's not an IPv6, just use a regex - # and don't instanciate a Net::IP. Also don't use named captures, as they're slower + # and don't instantiate a Net::IP. Also don't use named captures, as they're slower if ( $ip =~ m{^ (?: @@ -1162,7 +1162,7 @@ sub build_ttyrec_cmdline_part1of2 { # ensure there are no '/' $ttyrecFilenameFormat =~ tr{/}{_}; - # preprend (and create) directory + # prepend (and create) directory my $saveDir = $params{'home'} . "/ttyrec"; mkdir($saveDir); if ($params{'realm'} && $params{'remoteaccount'}) { diff --git a/lib/perl/OVH/Bastion/ProxyHTTP.pm b/lib/perl/OVH/Bastion/ProxyHTTP.pm index 7bbe6a3..4a4cc34 100644 --- a/lib/perl/OVH/Bastion/ProxyHTTP.pm +++ b/lib/perl/OVH/Bastion/ProxyHTTP.pm @@ -501,7 +501,7 @@ sub process_http_request { # if there's an egress-protocol header, get it my $egress_protocol = $req_headers->{'x-bastion-egress-protocol'} || 'https'; - # protocol must be explicitely allowed per Bastion policy, by default only https is allowed + # protocol must be explicitly allowed per Bastion policy, by default only https is allowed if (!grep { $egress_protocol eq $_ } @{$self->{'proxy_config'}{'allowed_egress_protocols'} || []}) { return $self->log_and_exit( 400, diff --git a/lib/perl/OVH/Bastion/allowkeeper.inc b/lib/perl/OVH/Bastion/allowkeeper.inc index 3a9446e..2fb0a0c 100644 --- a/lib/perl/OVH/Bastion/allowkeeper.inc +++ b/lib/perl/OVH/Bastion/allowkeeper.inc @@ -718,7 +718,7 @@ sub is_valid_group { # gatekeeper: keymygroup-gatekeeper # aclkeeper: keymygroup-aclkeeper # owner: keymygroup-owner - # regular: no check appart from the length and forbidden prefixes/suffixes + # regular: no check apart from the length and forbidden prefixes/suffixes if (!$group) { return R('ERR_MISSING_PARAMETER', msg => "Missing parameter 'group'"); diff --git a/tests/functional/docker/target_role.sh b/tests/functional/docker/target_role.sh index 944b2f2..a0467c0 100755 --- a/tests/functional/docker/target_role.sh +++ b/tests/functional/docker/target_role.sh @@ -125,7 +125,7 @@ if [ "$OS_FAMILY" = Linux ] ; then elif [ "$OS_FAMILY" = OpenBSD ] || [ "$OS_FAMILY" = FreeBSD ] || [ "$OS_FAMILY" = NetBSD ] ; then # setup some 127.0.0.x IPs (needed for our tests) - # this is not required under Linux where all IPs of 127.0.0.0/8 implicitely work + # this is not required under Linux where all IPs of 127.0.0.0/8 implicitly work nic=$(ifconfig | perl -ne 'm{^([a-z._0-9]+): flags}i and $nic=$1; m{inet 127\.0\.0\.1} and print $nic and exit') : "${nic:=lo0}" i=2 diff --git a/tests/functional/tests.d/341-selfaccesses-force-password.sh b/tests/functional/tests.d/341-selfaccesses-force-password.sh index 65f0e57..dbf52e5 100644 --- a/tests/functional/tests.d/341-selfaccesses-force-password.sh +++ b/tests/functional/tests.d/341-selfaccesses-force-password.sh @@ -148,7 +148,7 @@ testsuite_selfaccesses_force_password() success ${mode}_del_a4_nofp $a0 --osh $del_access_plugin $target --host $remote_ip --user $account4 --port $remote_port json .error_code OK .command $del_access_plugin - # account1 => account4 with force-password but with a non existant hash: fail because --force-password aborts when the forced password cannot be found + # account1 => account4 with force-password but with a non existent hash: fail because --force-password aborts when the forced password cannot be found success ${mode}_add_a4_fp_hashnotfound $a0 --osh $add_access_plugin $target --host $remote_ip --user $account4 --port $remote_port --force-password "'${fake_hash}'" json .error_code OK .command $add_access_plugin