Merge pull request #409 from jsoref/spelling

Spelling

CHANGELOG.md

@@ -36,7 +36,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - Fix issue where wforce was complaining about not being able to create tmp file on startup
 - Fix timing issue whereby the webserver was not started before syncDB leading to syncDone failures
 - Use debian bullseye-slim in wforce docker image
-- Fix issue in wforce docker image where the default config file was overriden with a volume mount but not used
+- Fix issue in wforce docker image where the default config file was overridden with a volume mount but not used
 
 ## [2.6.0]
 - Support HTTPS in webserver using libdrogon

README.md

@@ -115,7 +115,7 @@ the insanely great Lua scripting language.
 Note that although there is
 a single Lua configuration file, the canonicalize, reset, report and allow functions run in
 different lua states from the rest of the configuration. This mostly
-"just works", but may lead to unexpectd behaviour such as running Lua
+"just works", but may lead to unexpected behaviour such as running Lua
 commands at the server Lua prompt, and getting multiple answers
 (because Lua commands are passed to all Lua states).
 
@@ -504,10 +504,10 @@ To view sibling stats:
 
 ```lua
 > siblings()
-Address                             Sucesses  Failures     Note
-192.168.1.79:4001                   18        7
-192.168.1.30:4001                   25        0
-192.168.1.54:4001                   0         0            Self
+Address                             Send Successes  Send Failures  Rcv Successes   Rcv Failures     Note
+192.168.1.79:4001                   18              7              0               0
+192.168.1.30:4001                   25              0              0               0
+192.168.1.54:4001                   0               0              0               0                Self
 ```
 
 With this setup, several wforces are all kept in sync, and can be load
@@ -534,7 +534,7 @@ The Lua object is retrieved with the following call:
 local mygeodb = getGeoIP2DB("Name")
 ```
 
-You can then lookup infomation using the following calls:
+You can then lookup information using the following calls:
 
 * lookupCountry() - Returns the 2 letter country code associated with
   the IP address

builder-support/dockerfiles/Dockerfile.rpmbuild

@@ -68,7 +68,7 @@ RUN yum install -y /usr/bin/python3
 RUN builder/helpers/build-specs.sh builder-support/specs/wforce.spec
 @ENDIF
 
-# mv accross layers with overlay2 is buggy in some kernel versions (results in empty dirs)
+# mv across layers with overlay2 is buggy in some kernel versions (results in empty dirs)
 # See: https://github.com/moby/moby/issues/33733
 #RUN mv /root/rpmbuild/RPMS/* /dist/
 RUN cp -R /root/rpmbuild/RPMS/* /dist/

builder-support/dockerfiles/Dockerfile.target.centos-7

@@ -3,7 +3,7 @@
 # First do the source builds
 @INCLUDE Dockerfile.target.sdist
 
-# This defines the dstribution base layer
+# This defines the distribution base layer
 # Put only the bare minimum of common commands here, without dev tools
 FROM centos:7 as dist-base
 RUN yum install -y epel-release

builder-support/gen-version

@@ -5,7 +5,7 @@ DIRTY=""
 git status | grep -q clean || DIRTY='.dirty'
 
 # Special environment variable to signal that we are building a release, as this
-# has consequenses for the version number.
+# has consequences for the version number.
 if [ "${IS_RELEASE}" = "YES" ]; then
   TAG="$(git describe --tags --exact-match 2> /dev/null)"
   if [ -n "${TAG}" ]; then

builder-support/specs/wforce.spec

@@ -20,7 +20,7 @@
 %global wforce_restart_flag /var/run/wforce-restart-after-rpm-install
 %global trackalert_restart_flag /var/run/wforce-trackalert-restart-after-rpm-install
 
-Summary: Weakforce daemon for detecting brute force attacts
+Summary: Weakforce daemon for detecting brute force attacks
 Name: wforce
 Version: %{getenv:BUILDER_RPM_VERSION}
 Release: %{getenv:BUILDER_RPM_RELEASE}%{?dist}

common/device_parser.cc

@@ -25,7 +25,7 @@
 #include <string>
 #include <iostream>
 
-// Example IMAP Client ID string (Apple Mail on MacOS):
+// Example IMAP Client ID string (Apple Mail on macOS):
 // "name" "Mac OS X Mail" "version" "10.0 (3226)" "os" "Mac OS X" "os-version" "10.12 (16A323)" "vendor" "Apple Inc."
 //
 // This class maps IMAP Client ID fields as follows:

common/iputils.hh

@@ -735,7 +735,7 @@ public:
 
   void cleanup_tree(TreeNode* node)
   {
-    // only cleaup this node if it has no children and node4 and node6 are both empty
+    // only cleanup this node if it has no children and node4 and node6 are both empty
     if (!(node->left || node->right || node->node6 || node->node4)) {
       // get parent node ptr
       TreeNode* parent = node->parent;
@@ -841,7 +841,7 @@ private:
   bool d_cleanup_tree; //<! Whether or not to cleanup the tree on erase
 };
 
-/** This class represents a group of supplemental Netmask classes. An IP address matchs
+/** This class represents a group of supplemental Netmask classes. An IP address matches
     if it is matched by zero or more of the Netmask classes within.
 */
 class NetmaskGroup

common/misc.cc

@@ -846,7 +846,7 @@ bool setCloseOnExec(int sock)
 
 unsigned int pdns_stou(const std::string& str, size_t * idx, int base)
 {
-  if (str.empty()) return 0; // compability
+  if (str.empty()) return 0; // compatibility
   unsigned long result = std::stoul(str, idx, base);
   if (result > std::numeric_limits<unsigned int>::max()) {
     throw std::out_of_range("stou");

common/misc.hh

@@ -145,9 +145,6 @@ string itoa(int i);
 string uitoa(unsigned int i);
 string bitFlip(const string &str);
 
-void dropPrivs(int uid, int gid);
-int makeGidNumeric(const string &group);
-int makeUidNumeric(const string &user);
 void cleanSlashes(string &str);
 
 /** The DTime class can be used for timing statistics with microsecond resolution. 
@@ -513,7 +510,7 @@ void addCMsgSrcAddr(struct msghdr* msgh, void* cmsgbuf, const ComboAddress* sour
 unsigned int getFilenumLimit(bool hardOrSoft=0);
 void setFilenumLimit(unsigned int lim);
 bool readFileIfThere(const char* fname, std::string* line);
-uint32_t burtle(const unsigned char* k, uint32_t lengh, uint32_t init);
+uint32_t burtle(const unsigned char* k, uint32_t length, uint32_t init);
 void setSocketTimestamps(int fd);
 
 //! Sets the socket into blocking mode.

common/sstuff.hh

@@ -115,7 +115,7 @@ public:
     return (getpeername(d_socket, (struct sockaddr *)&remote, &remotelen) >= 0);
   }
 
-  //! Check remote address aganst netmaskgroup ng
+  //! Check remote address against netmaskgroup ng
   bool acl(NetmaskGroup &ng)
   {
     ComboAddress remote;
@@ -188,7 +188,7 @@ public:
       throw NetworkError(strerror(errno));
   }
 
-  //! Connecto the socket to a specific endpoint with a configurable timeout in milliseconds
+  //! Connect to the socket to a specific endpoint with a configurable timeout in milliseconds
   void connectWithTimeout(const ComboAddress &ep, int timeout)
   {
     long arg;

docs/manpages/trackalert.conf.5.md

@@ -256,7 +256,7 @@ e.g. GeoIPCityv6.dat -> GeoLiteCityv6.dat. For example:
 
         setCurlCABundleFile("/etc/ca/local_cas.pem")
 
-* setCurlClientCertAndKey(\<Path to Cert File\>, \<Path to Key File\>) - Gives the location of the certifcate and key files to use for mutual TLS authentication (in PEM format).
+* setCurlClientCertAndKey(\<Path to Cert File\>, \<Path to Key File\>) - Gives the location of the certificate and key files to use for mutual TLS authentication (in PEM format).
 
         setCurlClientCertAndKey("/etc/certs/clientcert.pem", "/etc/certs/clientkey.pem")
 
@@ -333,7 +333,7 @@ configuration or within the allow/report/reset functions:
 		mystr = my_ca:tostring()
 
 * newNetmaskGroup() - Return a NetmaskGroup object, which is a way to
-  efficiently match IPs/subnets agagainst a range. For example:
+  efficiently match IPs/subnets against a range. For example:
 
 		mynm = newNetmaskGroup()
 
@@ -449,7 +449,7 @@ configuration or within the allow/report/reset functions:
 
 		if (lt.device_attrs["os.family"] == "Mac OS X")
 		then
-		    -- do something special for MacOS
+		    -- do something special for macOS
 		end
 
 * LoginTuple.protocol - A string representing the protocol that was

docs/manpages/wforce.1.md

@@ -98,7 +98,7 @@ started with the -c option.
   sinks. For example: 
 
 		> showNamedReportSinks()
-		Name            Address                             Sucesses  Failures
+		Name            Address                             Successes Failures
 		trackalert      192.168.1.79:4501                   18        0
 		trackalert      192.168.1.30:4501                   19        0
 		elasticsearch   10.22.2.15:4501                     18        0
@@ -108,7 +108,7 @@ started with the -c option.
   information about configured report sinks. For example:
 
 		> showReportSinks()
-		Address                             Sucesses  Failures
+		Address                             Successes Failures
 		192.168.1.79:4501                   18        7
 		192.168.1.30:4501                   25        0
 
@@ -227,7 +227,7 @@ initialized. For example:
 # BUGS
 The replication function of clustering means that as more servers are added to a 
 cluster, incremental performance gains may be less each time, eventually
-possibly leading to peformance degradation. This is because each
+possibly leading to performance degradation. This is because each
 server keeps a full copy of the stats DBs and the blacklists, and
 changes to those are replicated to all siblings. This can be mitigated by
 partitioning siblings into smaller clusters that do not share

docs/manpages/wforce.conf.5.md

@@ -140,7 +140,7 @@ cannot be called inside the allow/report/reset functions:
   the named list to which all received reports should be forwarded
   over UDP. Reports will be sent to the configured report sinks for a
   given name in a round-robin fashion if more than one is
-  specified. Eeports are sent separately to each named report sink. If
+  specified. Reports are sent separately to each named report sink. If
   port is not specified it defaults to 4501. Replaces the deprecated
   "addReportSink()". For example:
 
@@ -287,7 +287,7 @@ cannot be called inside the allow/report/reset functions:
   a lower number giving more accuracy at the expense of memory. The
   default is 0.05. The value of gamma is between 0 and 1, with a
   higher number giving higher accuracy. The default for gamma
-  is 0.2. If you require more acuracy, consider changing these values
+  is 0.2. If you require more accuracy, consider changing these values
   slightly, but check your memory usage carefully.
 
 * newStringStatsDB(\<stats db name\>, \<window size\>, \<num windows\>,
@@ -427,19 +427,19 @@ cannot be called inside the allow/report/reset functions:
   "{login}" will be substituted for the actual IP address and login name. 
   For example:
 
-        setBlackistIPRetMsg("Go away your IP {ip} is blacklisted")
+        setBlacklistIPRetMsg("Go away your IP {ip} is blacklisted")
 
 * setBlacklistLoginRetMsg(<msg>) - Set the message to be returned to
   clients whose login is blacklisted. The strings "{ip}" and
   "{login}" will be substituted for the actual IP address and login name. For example:
 
-        setBlackistLoginRetMsg("Go away your login {login} is blacklisted")
+        setBlacklistLoginRetMsg("Go away your login {login} is blacklisted")
 
 * setBlacklistIPLoginRetMsg(<msg>) - Set the message to be returned to
   clients whose IP address/login is blacklisted. The strings "{ip}" and
   "{login}" will be substituted for the actual IP address and login name. For example:
 
-        setBlackistIPLoginRetMsg("Go away your IP {ip}/Login {login} is blacklisted")
+        setBlacklistIPLoginRetMsg("Go away your IP {ip}/Login {login} is blacklisted")
 
 * setAllow(\<allow func\>) - Tell wforce to use the specified Lua
   function for handling all "allow" commands. For example:
@@ -574,7 +574,7 @@ cannot be called inside the allow/report/reset functions:
 
         setCurlCABundleFile("/etc/ca/local_cas.pem")
 
-* setCurlClientCertAndKey(\<Path to Cert File\>, \<Path to Key File\>) - Gives the location of the certifcate and key files to use for mutual TLS authentication (in PEM format).
+* setCurlClientCertAndKey(\<Path to Cert File\>, \<Path to Key File\>) - Gives the location of the certificate and key files to use for mutual TLS authentication (in PEM format).
 
         setCurlClientCertAndKey("/etc/certs/clientcert.pem", "/etc/certs/clientkey.pem")
 
@@ -682,7 +682,7 @@ a Netmask. For example:
 		my_nm = newNetmask("8.0.0.0/8")
 
 * newNetmaskGroup() - Return a NetmaskGroup object, which is a way to
-  efficiently match IPs/subnets agagainst a range. For example:
+  efficiently match IPs/subnets against a range. For example:
 
 		mynm = newNetmaskGroup()
 
@@ -831,7 +831,7 @@ a Netmask. For example:
 
 		statsdb:twResetField(lt.login, "countLogins")
 
-* StringStatsDB:twSetExpireSleep(\<miliseconds\>) - Set the sleep
+* StringStatsDB:twSetExpireSleep(\<milliseconds\>) - Set the sleep
   interval between checks to expire/expunge entries. Defaults to
   250ms. For example:
 
@@ -872,17 +872,17 @@ a Netmask. For example:
 * getBlacklistIPRetMsg() - Get the message to be returned to
   clients whose IP address is blacklisted. For example:
 
-        local retmsg = getBlackistIPRetMsg()
+        local retmsg = getBlacklistIPRetMsg()
 
 * getBlacklistLoginRetMsg() - Get the message to be returned to
   clients whose login is blacklisted. For example:
 
-        local retmsg = getBlackistLoginRetMsg()
+        local retmsg = getBlacklistLoginRetMsg()
 
 * getBlacklistIPLoginRetMsg() - Get the message to be returned to
   clients whose IP address/login is blacklisted. For example:
 
-        local retmsg = getBlackistIPLoginRetMsg()
+        local retmsg = getBlacklistIPLoginRetMsg()
 
 * blacklistNetmask(\<Netmask\>, \<expiry\>, \<reason string\>) - Blacklist the
   specified netmask for expiry seconds, with the specified reason. Netmask
@@ -1066,7 +1066,7 @@ a Netmask. For example:
 
 		if (lt.device_attrs["os.family"] == "Mac OS X")
 		then
-		    -- do something special for MacOS
+		    -- do something special for macOS
 		end
 
 * LoginTuple.protocol - A string representing the protocol that was

docs/release_notes/ReleaseNotes-1.4.0.md

@@ -64,7 +64,7 @@ a Netmask. For example:
 		blacklistIP(newNetmask("12.32.0.0/16"), 300, "Attempted password brute forcing")
 
 There is also a new "netmask" parameter to the HTTP REST API
-addBLentry and delBLEntry commands. The netmask parameter is mutually
+addBLEntry and delBLEntry commands. The netmask parameter is mutually
 exclusive with the existing ip parameter. For example:
 
 	curl -H "Content-Type: application/json" -X POST --data '{
@@ -125,7 +125,7 @@ Support for Parsing device_id
 The device_id parameter to the allow and report commands existed
 in 1.2.x, however it was not parsed by wforce. Now the parameter is
 parsed if the protocol parameter is one of "http", "imap" or
-"mobileapi". Note that if the protocol parameter is non-existent or
+"mobileapi". Note that if the protocol parameter is nonexistent or
 does not match the above list, then device_id will not be parsed. The
 device_id is parsed into key value pairs of the "device_attrs" object,
 as follows: 
@@ -144,7 +144,7 @@ as follows:
 
 		if (lt.device_attrs["os.family"] == "Mac OS X")
 		then
-		    -- do something special for MacOS
+		    -- do something special for macOS
 		end
 
 * LoginTuple.protocol - A string representing the protocol that was

docs/release_notes/ReleaseNotes-2.0.0.md

@@ -45,7 +45,7 @@ fields:
 * expiration - A string showing the date/time when the blacklist will
 expire
 * reason - A string stating why the blacklist was created
-* key - What was blacllisted, i.e. either ip, login or iplogin
+* key - What was blacklisted, i.e. either ip, login or iplogin
 * blacklisted - This will be set to 1
 
 The getDBStats command will return additional information about
@@ -207,7 +207,7 @@ the function "twResetField()" can be used to achieve this, e.g.:
 Configurable accuracy for HLL and CountMin types
 -----------
 
-The HLL and CountMin types of StatsDB entries are probablistic data
+The HLL and CountMin types of StatsDB entries are probabilistic data
 structures, which trade accuracy for memory usage. Previously the
 accuracy (and thus memory usage) was hardcoded, however now their
 accuracy can be tuned. Increasing accuracy however means a

docs/release_notes/ReleaseNotes-2.2.0.md

@@ -208,7 +208,7 @@ Built-In Blacklist return messages are configurable
 The following new functions enable the return messages for built-in blacklists to be configured:
 * setBlacklistIPRetMsg
 * setBlacklistLoginRetMsg
-* setBlackistIPLoginRetMsg
+* setBlacklistIPLoginRetMsg
 
 See the wforce.conf man page for more details.
 

docs/release_notes/ReleaseNotes-2.4.1.md

@@ -43,5 +43,5 @@ is strongly recommended when specifying per-sibling encryption keys.
 # Optional Per-Sibling Encryption Keys
 
 All the methods of managing siblings (Lua or REST API) enable per-sibling encryption keys to be set.
-Encryption keys are are 32-byte strings that are Base-64 encoded before passing to the sibling
+Encryption keys are 32-byte strings that are Base-64 encoded before passing to the sibling
 management functions or REST API.

docs/release_notes/ReleaseNotes-2.6.0.md

@@ -16,7 +16,7 @@
 
 The `webserver()` configuration command is now deprecated, and is replaced with `addListener()`,
 which enables both TLS and non-TLS listeners to be created, as well as enabling multiple listeners
-to be created oncurrently. The new command `setWebserverPassword()` is used to set the password
+to be created concurrently. The new command `setWebserverPassword()` is used to set the password
 for the REST API (previously this was set as part of the `webserver()` command).
 
 An example listener without TLS:
@@ -32,7 +32,7 @@ For more details, see the man page for wforce.conf.
 
 Various options for the configuration of outbound HTTPS connections are now supported, specifically:
 
-* Mutual TLS Authentication - `setCurlClientCertAndKey()` is used to specify the location of a client certifcate 
+* Mutual TLS Authentication - `setCurlClientCertAndKey()` is used to specify the location of a client certificate 
   and key for mTLS.
 * Using a different CA for checking server certificates - `setCurlCABundleFile()` is used to specify the location
   of a file containing certs to use for this purposes.

docs/release_notes/ReleaseNotes-2.6.1.md

@@ -5,7 +5,7 @@
 * Fix issue where wforce was complaining about not being able to create tmp file on startup
 * Fix timing issue whereby the webserver was not started before syncDB leading to syncDone failures
 * Use debian bullseye-slim in wforce docker image to save over 100MB in image size
-* Fix issue in wforce docker image where the default config file was overriden with a volume mount but not used
+* Fix issue in wforce docker image where the default config file was overridden with a volume mount but not used
 
 ## Fix Wforce complaint about not being able to create temporary files on startup
 
@@ -21,7 +21,7 @@ and complete, before the webserver had finished initializing. This would cause t
 the other wforce instance to fail. This fix forces wforce to wait until the webserver is ready before
 starting the syncDB checks.
 
-## Fix issue in wforce docker image where the default config file was overriden by a volume mount by not used
+## Fix issue in wforce docker image where the default config file was overridden by a volume mount by not used
 
 The wforce docker image documentation states that a volume mount can be used to specify a custom config file
 in /etc/wforce/wforce.conf, however this was not actually the case. The file was only used if the environment