From 6445dad7d66fa6a1867090fcd9602c98863649f6 Mon Sep 17 00:00:00 2001 From: ebiggers Date: Sun, 8 Sep 2019 19:46:59 -0700 Subject: Fix various typos and grammatical errors (#141) These were found by a combination of manual review and a custom script that checks for common errors. Also removed an outdated sentence from the comment for setupBefore(). --- CONTRIBUTING.md | 2 +- README.md | 2 +- actions/config.go | 2 +- actions/context.go | 10 +++++----- actions/context_test.go | 2 +- actions/policy.go | 4 ++-- cmd/fscrypt/commands.go | 14 +++++++------- cmd/fscrypt/errors.go | 8 ++++---- cmd/fscrypt/format.go | 6 +++--- cmd/fscrypt/fscrypt.go | 6 ++---- cmd/fscrypt/prompt.go | 2 +- cmd/fscrypt/protector.go | 2 +- cmd/fscrypt/setup.go | 2 +- cmd/fscrypt/status.go | 2 +- cmd/fscrypt/strings.go | 2 +- crypto/crypto.go | 13 +++++++------ crypto/crypto_test.go | 26 +++++++++++++------------- crypto/key.go | 6 +++--- crypto/rand.go | 2 +- filesystem/filesystem.go | 12 ++++++------ filesystem/mountpoint.go | 18 +++++++++--------- filesystem/path.go | 8 ++++---- pam/constants.go | 2 +- pam/login.go | 6 +++--- pam/pam.c | 2 +- pam/pam.h | 2 +- pam_fscrypt/pam_fscrypt.go | 4 ++-- pam_fscrypt/run_fscrypt.go | 2 +- pam_fscrypt/run_test.go | 2 +- security/cache.go | 4 ++-- security/keyring.go | 2 +- security/privileges.go | 8 ++++---- util/errors.go | 4 ++-- util/util.go | 6 +++--- 34 files changed, 97 insertions(+), 98 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 69a5ce6..4c8c7f1 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -146,7 +146,7 @@ your code. - [`goimports`](https://godoc.org/golang.org/x/tools/cmd/goimports) (built from source in `vendor/`) on the `.go` files. - [`clang-format`](https://clang.llvm.org/docs/ClangFormat.html) - on the `.c` an `.h` files. + on the `.c` and `.h` files. `make lint` runs: - [`go vet`](https://golang.org/cmd/vet/) diff --git a/README.md b/README.md index 1f4440c..0ec8127 100644 --- a/README.md +++ b/README.md @@ -487,7 +487,7 @@ Enter key file for protector "Skeleton": secret.key ### Using multiple protectors for a policy -fscrypt supports the idea of of protecting a single directory with multiple +fscrypt supports the idea of protecting a single directory with multiple protectors. This means having access to any of the protectors is sufficient to decrypt the directory. This is useful for sharing data or setting up access control systems. diff --git a/actions/config.go b/actions/config.go index 6bc5239..386edc4 100644 --- a/actions/config.go +++ b/actions/config.go @@ -173,7 +173,7 @@ func getHashingCosts(target time.Duration) (*metadata.HashingCosts, error) { costsPrev := *costs tPrev := t - // Double the memory up to the max, then the double the time. + // Double the memory up to the max, then double the time. if costs.Memory < memoryKiBLimit { costs.Memory = util.MinInt64(2*costs.Memory, memoryKiBLimit) } else { diff --git a/actions/context.go b/actions/context.go index 8ad1357..4a8542b 100644 --- a/actions/context.go +++ b/actions/context.go @@ -56,7 +56,7 @@ type Context struct { // Config is the struct loaded from the global config file. It can be // modified after being loaded to customise parameters. Config *metadata.Config - // Mount is the filesystem relitive to which all Protectors and Policies + // Mount is the filesystem relative to which all Protectors and Policies // are added, edited, removed, and applied. Mount *filesystem.Mount // TargetUser is the user for which protectors are created and to whose @@ -67,7 +67,7 @@ type Context struct { // NewContextFromPath makes a context for the filesystem containing the // specified path and whose Config is loaded from the global config file. On // success, the Context contains a valid Config and Mount. The target defaults -// the the current effective user if none is specified. +// to the current effective user if none is specified. func NewContextFromPath(path string, target *user.User) (*Context, error) { ctx, err := newContextFromUser(target) if err != nil { @@ -85,7 +85,7 @@ func NewContextFromPath(path string, target *user.User) (*Context, error) { // NewContextFromMountpoint makes a context for the filesystem at the specified // mountpoint and whose Config is loaded from the global config file. On // success, the Context contains a valid Config and Mount. The target defaults -// the the current effective user if none is specified. +// to the current effective user if none is specified. func NewContextFromMountpoint(mountpoint string, target *user.User) (*Context, error) { ctx, err := newContextFromUser(target) if err != nil { @@ -102,7 +102,7 @@ func NewContextFromMountpoint(mountpoint string, target *user.User) (*Context, e // newContextFromUser makes a context with the corresponding target user, and // whose Config is loaded from the global config file. If the target is nil, the -// effecitive user is used. +// effective user is used. func newContextFromUser(target *user.User) (*Context, error) { var err error if target == nil { @@ -120,7 +120,7 @@ func newContextFromUser(target *user.User) (*Context, error) { return ctx, nil } -// checkContext verifies that the context contains an valid config and a mount +// checkContext verifies that the context contains a valid config and a mount // which is being used with fscrypt. func (ctx *Context) checkContext() error { if err := ctx.Config.CheckValidity(); err != nil { diff --git a/actions/context_test.go b/actions/context_test.go index 593518f..e8aefd7 100644 --- a/actions/context_test.go +++ b/actions/context_test.go @@ -1,5 +1,5 @@ /* - * config_test.go - tests for creating new contexts + * context_test.go - tests for creating new contexts * * Copyright 2017 Google Inc. * Author: Joe Richey (joerichey@google.com) diff --git a/actions/policy.go b/actions/policy.go index 39c235d..ef5f0a3 100644 --- a/actions/policy.go +++ b/actions/policy.go @@ -1,5 +1,5 @@ /* - * protector.go - functions for dealing with policies + * policy.go - functions for dealing with policies * * Copyright 2017 Google Inc. * Author: Joe Richey (joerichey@google.com) @@ -413,7 +413,7 @@ func (policy *Policy) addKey(toAdd *metadata.WrappedPolicyKey) { policy.data.WrappedPolicyKeys = append(policy.data.WrappedPolicyKeys, toAdd) } -// remove removes the wrapped policy key at the specified index. This +// removeKey removes the wrapped policy key at the specified index. This // does not preserve the order of the wrapped policy key array. If no index is // specified the last key is removed. func (policy *Policy) removeKey(index int) *metadata.WrappedPolicyKey { diff --git a/cmd/fscrypt/commands.go b/cmd/fscrypt/commands.go index 54e67ac..f70ba46 100644 --- a/cmd/fscrypt/commands.go +++ b/cmd/fscrypt/commands.go @@ -35,7 +35,7 @@ import ( "github.com/google/fscrypt/util" ) -// Setup is a command which can to global or per-filesystem initialization. +// Setup is a command which can do global or per-filesystem initialization. var Setup = cli.Command{ Name: "setup", ArgsUsage: fmt.Sprintf("[%s]", mountpointArg), @@ -225,7 +225,7 @@ func checkEncryptable(ctx *actions.Context, path string) error { } // selectOrCreateProtector uses user input (or flags) to either create a new -// protector or select and existing one. The boolean return value is true if we +// protector or select an existing one. The boolean return value is true if we // created a new protector. func selectOrCreateProtector(ctx *actions.Context) (*actions.Protector, bool, error) { if protectorFlag.Value != "" { @@ -393,7 +393,7 @@ func purgeAction(c *cli.Context) error { if err = security.DropFilesystemCache(); err != nil { return newExitError(c, err) } - fmt.Fprintf(c.App.Writer, "Encrypted data removed filesystem cache.\n") + fmt.Fprintf(c.App.Writer, "Encrypted data removed from filesystem cache.\n") } else { fmt.Fprintf(c.App.Writer, "Filesystem %q should now be unmounted.\n", ctx.Mount.Path) } @@ -481,7 +481,7 @@ var Metadata = cli.Command{ (4) Changing the protector protecting a policy using the "add-protector-to-policy" and "remove-protector-from-policy" subcommands.`, - Subcommands: []cli.Command{createMetadata, destoryMetadata, changePassphrase, + Subcommands: []cli.Command{createMetadata, destroyMetadata, changePassphrase, addProtectorToPolicy, removeProtectorFromPolicy, dumpMetadata}, } @@ -596,7 +596,7 @@ func createPolicyAction(c *cli.Context) error { return nil } -var destoryMetadata = cli.Command{ +var destroyMetadata = cli.Command{ Name: "destroy", ArgsUsage: fmt.Sprintf("[%s | %s | %s]", shortDisplay(protectorFlag), shortDisplay(policyFlag), mountpointArg), @@ -623,10 +623,10 @@ var destoryMetadata = cli.Command{ shortDisplay(protectorFlag), shortDisplay(policyFlag), mountpointArg), Flags: []cli.Flag{protectorFlag, policyFlag, forceFlag}, - Action: destoryMetadataAction, + Action: destroyMetadataAction, } -func destoryMetadataAction(c *cli.Context) error { +func destroyMetadataAction(c *cli.Context) error { switch c.NArg() { case 0: switch { diff --git a/cmd/fscrypt/errors.go b/cmd/fscrypt/errors.go index 81a6798..288e697 100644 --- a/cmd/fscrypt/errors.go +++ b/cmd/fscrypt/errors.go @@ -45,7 +45,7 @@ const failureExitCode = 1 // Various errors used for the top level user interface var ( ErrCanceled = errors.New("operation canceled") - ErrNoDesctructiveOps = errors.New("operation would be destructive") + ErrNoDestructiveOps = errors.New("operation would be destructive") ErrMaxPassphrase = util.SystemError("max passphrase length exceeded") ErrInvalidSource = errors.New("invalid source type") ErrPassphraseMismatch = errors.New("entered passphrases do not match") @@ -116,7 +116,7 @@ func getErrorSuggestions(err error) string { metadata is corrupted.` case actions.ErrMissingProtectorName: return fmt.Sprintf("Use %s to specify a protector name.", shortDisplay(nameFlag)) - case ErrNoDesctructiveOps: + case ErrNoDestructiveOps: return fmt.Sprintf("Use %s to automatically run destructive operations.", shortDisplay(forceFlag)) case ErrSpecifyProtector: return fmt.Sprintf("Use %s to specify a protector.", shortDisplay(protectorFlag)) @@ -165,8 +165,8 @@ func newExitError(c *cli.Context, err error) error { return cli.NewExitError(message, failureExitCode) } -// usageError implements cli.ExitCoder to will print the usage and the return a -// non-zero value. This error should be used when a command is used incorrectly. +// usageError implements cli.ExitCoder to print the usage and return a non-zero +// value. This error should be used when a command is used incorrectly. type usageError struct { c *cli.Context message string diff --git a/cmd/fscrypt/format.go b/cmd/fscrypt/format.go index ef009d3..c2a4fce 100644 --- a/cmd/fscrypt/format.go +++ b/cmd/fscrypt/format.go @@ -74,7 +74,7 @@ func init() { } -// Flags that conform to this interface can be used with an urfave/cli +// Flags that conform to this interface can be used with a urfave/cli // application and can be printed in the correct format. type prettyFlag interface { cli.Flag @@ -111,8 +111,8 @@ func longDisplay(f prettyFlag, defaultString ...string) string { usage += fmt.Sprintf(" (default: %v)", defaultString[0]) } - // We pad the the shortDisplay on the right with enough spaces to equal - // the longest flag's display + // We pad the shortDisplay on the right with enough spaces to equal the + // longest flag's display shortDisp := shortDisplay(f) length := utf8.RuneCountInString(shortDisp) shortDisp += strings.Repeat(" ", maxShortDisplay-length) diff --git a/cmd/fscrypt/fscrypt.go b/cmd/fscrypt/fscrypt.go index f35d6f6..9ac8e2f 100644 --- a/cmd/fscrypt/fscrypt.go +++ b/cmd/fscrypt/fscrypt.go @@ -85,7 +85,7 @@ func main() { } // setupCommand performs some common setup for each command. This includes -// hiding the help, formating the description, adding in the necessary +// hiding the help, formatting the description, adding in the necessary // flags, setting up error handlers, etc... Note that the command is modified // in place and its subcommands are also setup. func setupCommand(command *cli.Command) { @@ -102,7 +102,7 @@ func setupCommand(command *cli.Command) { if len(command.Subcommands) == 0 { command.Before = setupBefore } else { - // Cleanup subcommands (if applicable) + // Setup subcommands (if applicable) for i := range command.Subcommands { setupCommand(&command.Subcommands[i]) } @@ -112,8 +112,6 @@ func setupCommand(command *cli.Command) { // setupBefore makes sure our logs, errors, and output are going to the correct // io.Writers and that we haven't over-specified our flags. We only print the // logs when using verbose, and only print normal stuff when not using quiet. -// When running with sudo, this function also verifies that we have the proper -// keyring linkage enabled. func setupBefore(c *cli.Context) error { log.SetOutput(ioutil.Discard) c.App.Writer = ioutil.Discard diff --git a/cmd/fscrypt/prompt.go b/cmd/fscrypt/prompt.go index 0031e8f..5fce0c7 100644 --- a/cmd/fscrypt/prompt.go +++ b/cmd/fscrypt/prompt.go @@ -90,7 +90,7 @@ func askConfirmation(question string, defaultChoice bool, warning string) error // Defaults of "no" require forcing. if !defaultChoice { if quietFlag.Value { - return ErrNoDesctructiveOps + return ErrNoDestructiveOps } } diff --git a/cmd/fscrypt/protector.go b/cmd/fscrypt/protector.go index 32ba4ab..8cbcf03 100644 --- a/cmd/fscrypt/protector.go +++ b/cmd/fscrypt/protector.go @@ -56,7 +56,7 @@ func createProtectorFromContext(ctx *actions.Context) (*actions.Protector, error } // selectExistingProtector returns a locked Protector which corresponds to an -// options in the non-empty slice of options. Prompts for user input are used to +// option in the non-empty slice of options. Prompts for user input are used to // get the keys and select the option. func selectExistingProtector(ctx *actions.Context, options []*actions.ProtectorOption) (*actions.Protector, error) { idx, err := promptForProtector(options) diff --git a/cmd/fscrypt/setup.go b/cmd/fscrypt/setup.go index 72dfbdb..f2fff96 100644 --- a/cmd/fscrypt/setup.go +++ b/cmd/fscrypt/setup.go @@ -1,5 +1,5 @@ /* - * strings.go - File containing the functionality initializing directories and + * setup.go - File containing the functionality for initializing directories and * the global config file. * * Copyright 2017 Google Inc. diff --git a/cmd/fscrypt/status.go b/cmd/fscrypt/status.go index 1465a4e..f911193 100644 --- a/cmd/fscrypt/status.go +++ b/cmd/fscrypt/status.go @@ -65,7 +65,7 @@ func yesNoString(b bool) string { return "No" } -// writeGlobalStatus prints all the filesystem that use (or could use) fscrypt. +// writeGlobalStatus prints all the filesystems that use (or could use) fscrypt. func writeGlobalStatus(w io.Writer) error { mounts, err := filesystem.AllFilesystems() if err != nil { diff --git a/cmd/fscrypt/strings.go b/cmd/fscrypt/strings.go index c680d03..adef81d 100644 --- a/cmd/fscrypt/strings.go +++ b/cmd/fscrypt/strings.go @@ -130,7 +130,7 @@ var plurals = map[string]string{ "policy": "policies", } -// pluralize prints our the correct pluralization of a work along with the +// pluralize prints out the correct pluralization of a word along with the // specified count. This means pluralize(1, "policy") = "1 policy" but // pluralize(2, "policy") = "2 policies" func pluralize(count int, word string) string { diff --git a/crypto/crypto.go b/crypto/crypto.go index 7327bd5..8de8134 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -50,7 +50,7 @@ import ( // Crypto error values var ( ErrBadAuth = errors.New("key authentication check failed") - ErrNegitiveLength = errors.New("keys cannot have negative lengths") + ErrNegativeLength = errors.New("keys cannot have negative lengths") ErrRecoveryCode = errors.New("invalid recovery code") ErrGetrandomFail = util.SystemError("getrandom() failed") ErrKeyAlloc = util.SystemError("could not allocate memory for key") @@ -71,8 +71,8 @@ func checkWrappingKey(wrappingKey *Key) error { return errors.Wrap(err, "wrapping key") } -// stretchKey stretches a key of length KeyLen using unsalted HKDF to make two -// keys of length KeyLen. +// stretchKey stretches a key of length InternalKeyLen using unsalted HKDF to +// make two keys of length InternalKeyLen. func stretchKey(key *Key) (encKey, authKey *Key) { panicInputLength("hkdf key", metadata.InternalKeyLen, key.Len()) @@ -148,9 +148,10 @@ func Wrap(wrappingKey, secretKey *Key) (*metadata.WrappedKeyData, error) { return data, nil } -// Unwrap takes a wrapping Key of length KeyLen, and uses it to unwrap the -// WrappedKeyData to get the unwrapped secret Key. The Wrapped Key data includes -// an authentication check, so an error will be returned if that check fails. +// Unwrap takes a wrapping Key of length InternalKeyLen, and uses it to unwrap +// the WrappedKeyData to get the unwrapped secret Key. The Wrapped Key data +// includes an authentication check, so an error will be returned if that check +// fails. func Unwrap(wrappingKey *Key, data *metadata.WrappedKeyData) (*Key, error) { if err := checkWrappingKey(wrappingKey); err != nil { return nil, err diff --git a/crypto/crypto_test.go b/crypto/crypto_test.go index 2946a59..a8d9830 100644 --- a/crypto/crypto_test.go +++ b/crypto/crypto_test.go @@ -65,7 +65,7 @@ var ( testUser, _ = util.EffectiveUser() ) -// As the passpharase hashing function clears the passphrase, we need to make +// As the passphrase hashing function clears the passphrase, we need to make // a new passphrase key for each test func fakePassphraseKey() (*Key, error) { return NewFixedLengthKeyFromReader(bytes.NewReader(fakePassword), len(fakePassword)) @@ -158,7 +158,7 @@ func TestZeroLength(t *testing.T) { } defer key1.Wipe() if key1.data != nil { - t.Error("FIxed length key from reader contained data") + t.Error("Fixed length key from reader contained data") } key2, err := NewKeyFromReader(bytes.NewReader(nil)) @@ -171,7 +171,7 @@ func TestZeroLength(t *testing.T) { } } -// Test that enabling the disabling memory locking succeeds even if a key is +// Test that enabling then disabling memory locking succeeds even if a key is // active when the variable changes. func TestEnableDisableMemoryLocking(t *testing.T) { // Mlock on for creation, off for wiping @@ -282,7 +282,7 @@ func TestBadAddKeys(t *testing.T) { // Check that we can create random keys. All this test does to test the // "randomness" is generate a page of random bytes and attempts compression. // If the data can be compressed it is probably not very random. This isn't -// indented to be a sufficient test for randomness (which is impossible), but a +// intended to be a sufficient test for randomness (which is impossible), but a // way to catch simple regressions (key is all zeros or contains a repeating // pattern). func TestRandomKeyGen(t *testing.T) { @@ -456,7 +456,7 @@ func TestWrongUnwrappingKeyLength(t *testing.T) { } } -// Wraping twice with the same keys should give different components +// Wrapping twice with the same keys should give different components func TestWrapTwiceDistinct(t *testing.T) { data1, err := Wrap(fakeWrappingKey, fakeValidPolicyKey) if err != nil { @@ -472,14 +472,14 @@ func TestWrapTwiceDistinct(t *testing.T) { } } -// Attempts to Unwrap data with key after altering tweek, should fail -func testFailWithTweek(key *Key, data *metadata.WrappedKeyData, tweek []byte) error { - tweek[0]++ +// Attempts to Unwrap data with key after altering tweak, should fail +func testFailWithTweak(key *Key, data *metadata.WrappedKeyData, tweak []byte) error { + tweak[0]++ key, err := Unwrap(key, data) if err == nil { key.Wipe() } - tweek[0]-- + tweak[0]-- return err } @@ -489,7 +489,7 @@ func TestUnwrapWrongKey(t *testing.T) { if err != nil { t.Fatal(err) } - if testFailWithTweek(fakeWrappingKey, data, fakeWrappingKey.data) == nil { + if testFailWithTweak(fakeWrappingKey, data, fakeWrappingKey.data) == nil { t.Error("using a different wrapping key should make unwrap fail") } } @@ -499,13 +499,13 @@ func TestUnwrapWrongData(t *testing.T) { if err != nil { t.Fatal(err) } - if testFailWithTweek(fakeWrappingKey, data, data.EncryptedKey) == nil { + if testFailWithTweak(fakeWrappingKey, data, data.EncryptedKey) == nil { t.Error("changing encryption key should make unwrap fail") } - if testFailWithTweek(fakeWrappingKey, data, data.IV) == nil { + if testFailWithTweak(fakeWrappingKey, data, data.IV) == nil { t.Error("changing IV should make unwrap fail") } - if testFailWithTweek(fakeWrappingKey, data, data.Hmac) == nil { + if testFailWithTweak(fakeWrappingKey, data, data.Hmac) == nil { t.Error("changing HMAC should make unwrap fail") } } diff --git a/crypto/key.go b/crypto/key.go index 027d46d..7059073 100644 --- a/crypto/key.go +++ b/crypto/key.go @@ -100,7 +100,7 @@ func newBlankKey(length int) (*Key, error) { if length == 0 { return &Key{data: nil}, nil } else if length < 0 { - return nil, errors.Wrapf(ErrNegitiveLength, "length of %d requested", length) + return nil, errors.Wrapf(ErrNegativeLength, "length of %d requested", length) } flags := keyMmapFlags @@ -198,7 +198,7 @@ func NewKeyFromCString(str unsafe.Pointer) (*Key, error) { return key, nil } -// NewKeyFromReader constructs a key of abritary length by reading from reader +// NewKeyFromReader constructs a key of arbitrary length by reading from reader // until hitting EOF. func NewKeyFromReader(reader io.Reader) (*Key, error) { // Use an initial key size of a page. As Mmap allocates a page anyway, @@ -312,7 +312,7 @@ func WriteRecoveryCode(key *Key, writer io.Writer) error { return w.Err() } -// ReadRecoveryCode gets the recovery code from the provided writer and returns +// ReadRecoveryCode gets the recovery code from the provided reader and returns // the corresponding cryptographic key. // WARNING: This recovery key is enough to derive the original key, so it must // be given the same level of protection as a raw cryptographic key. diff --git a/crypto/rand.go b/crypto/rand.go index 0778ebd..736d969 100644 --- a/crypto/rand.go +++ b/crypto/rand.go @@ -44,7 +44,7 @@ func NewRandomBuffer(length int) ([]byte, error) { } // NewRandomKey creates a random key of the specified length. This function uses -// the same random number generation process a NewRandomBuffer. +// the same random number generation process as NewRandomBuffer. func NewRandomKey(length int) (*Key, error) { return NewFixedLengthKeyFromReader(randReader{}, length) } diff --git a/filesystem/filesystem.go b/filesystem/filesystem.go index 86c168a..f4f9201 100644 --- a/filesystem/filesystem.go +++ b/filesystem/filesystem.go @@ -1,5 +1,5 @@ /* - * filesystem.go - Contains the a functionality for a specific filesystem. This + * filesystem.go - Contains the functionality for a specific filesystem. This * includes the commands to setup the filesystem, apply policies, and locate * metadata. * @@ -207,9 +207,9 @@ func (m *Mount) makeDirectories() error { return os.Mkdir(m.ProtectorDir(), dirPermissions) } -// Setup sets up the filesystem for use with fscrypt, note that this merely +// Setup sets up the filesystem for use with fscrypt. Note that this merely // creates the appropriate files on the filesystem. It does not actually modify -// the filesystem's feature flags. This operation is atomic, it either succeeds +// the filesystem's feature flags. This operation is atomic; it either succeeds // or no files in the baseDir are created. func (m *Mount) Setup() error { if m.CheckSetup() == nil { @@ -231,7 +231,7 @@ func (m *Mount) Setup() error { } // RemoveAllMetadata removes all the policy and protector metadata from the -// filesystem. This operation is atomic, it either succeeds or no files in the +// filesystem. This operation is atomic; it either succeeds or no files in the // baseDir are removed. // WARNING: Will cause data loss if the metadata is used to encrypt // directories (this could include directories on other filesystems). @@ -274,7 +274,7 @@ func (m *Mount) writeDataAtomic(path string, data []byte) error { } // addMetadata writes the metadata structure to the file with the specified -// path this will overwrite any existing data. The operation is atomic. +// path. This will overwrite any existing data. The operation is atomic. func (m *Mount) addMetadata(path string, md metadata.Metadata) error { if err := md.CheckValidity(); err != nil { return errors.Wrap(ErrInvalidMetadata, err.Error()) @@ -411,7 +411,7 @@ func (m *Mount) GetProtector(descriptor string) (*Mount, *metadata.ProtectorData return nil, nil, m.err(errors.Wrapf(ErrLinkExpired, "protector %s", descriptor)) } -// RemoveProtector deletes the protector metadata (or an link to another +// RemoveProtector deletes the protector metadata (or a link to another // filesystem's metadata) from the filesystem storage. func (m *Mount) RemoveProtector(descriptor string) error { if err := m.CheckSetup(); err != nil { diff --git a/filesystem/mountpoint.go b/filesystem/mountpoint.go index 7ef91ce..abd8232 100644 --- a/filesystem/mountpoint.go +++ b/filesystem/mountpoint.go @@ -94,7 +94,7 @@ func getMountInfo() error { // Skip invalid mountpoints var err error - if mnt.Path, err = cannonicalizePath(mnt.Path); err != nil { + if mnt.Path, err = canonicalizePath(mnt.Path); err != nil { log.Printf("getting mnt_dir: %v", err) continue } @@ -109,7 +109,7 @@ func getMountInfo() error { // filesystems are listed in mount order. mountsByPath[mnt.Path] = &mnt - deviceName, err := cannonicalizePath(C.GoString(entry.mnt_fsname)) + deviceName, err := canonicalizePath(C.GoString(entry.mnt_fsname)) // Only use real valid devices (unlike cgroups, tmpfs, ...) if err == nil && isDevice(deviceName) { mnt.Device = deviceName @@ -152,7 +152,7 @@ func UpdateMountInfo() error { // been updated since the last call to one of the mount functions, run // UpdateMountInfo to see changes. func FindMount(path string) (*Mount, error) { - path, err := cannonicalizePath(path) + path, err := canonicalizePath(path) if err != nil { return nil, err } @@ -183,7 +183,7 @@ func FindMount(path string) (*Mount, error) { // a filesystem has been updated since the last call to one of the mount // functions, run UpdateMountInfo to see changes. func GetMount(mountpoint string) (*Mount, error) { - mountpoint, err := cannonicalizePath(mountpoint) + mountpoint, err := canonicalizePath(mountpoint) if err != nil { return nil, err } @@ -202,8 +202,8 @@ func GetMount(mountpoint string) (*Mount, error) { } // getMountsFromLink returns the Mount objects which match the provided link. -// This link if formatted as a tag (e.g. =) similar to how they -// apprear in "/etc/fstab". Currently, only "UUID" tokens are supported. Note +// This link is formatted as a tag (e.g. =) similar to how they +// appear in "/etc/fstab". Currently, only "UUID" tokens are supported. Note // that this can match multiple Mounts (due to the existence of bind mounts). An // error is returned if the link is invalid or we cannot load the required mount // data. If a filesystem has been updated since the last call to one of the @@ -212,7 +212,7 @@ func getMountsFromLink(link string) ([]*Mount, error) { // Parse the link linkComponents := strings.Split(link, "=") if len(linkComponents) != 2 { - return nil, errors.Wrapf(ErrFollowLink, "link %q format in invalid", link) + return nil, errors.Wrapf(ErrFollowLink, "link %q format is invalid", link) } token := linkComponents[0] value := linkComponents[1] @@ -225,7 +225,7 @@ func getMountsFromLink(link string) ([]*Mount, error) { if filepath.Base(searchPath) != value { return nil, errors.Wrapf(ErrFollowLink, "value %q is not a UUID", value) } - devicePath, err := cannonicalizePath(searchPath) + devicePath, err := canonicalizePath(searchPath) if err != nil { return nil, errors.Wrapf(ErrFollowLink, "no device with UUID %q", value) } @@ -263,7 +263,7 @@ func makeLink(mnt *Mount, token string) (string, error) { continue // Only interested in UUID symlinks } uuid := fileInfo.Name() - devicePath, err := cannonicalizePath(filepath.Join(uuidDirectory, uuid)) + devicePath, err := canonicalizePath(filepath.Join(uuidDirectory, uuid)) if err != nil { log.Print(err) continue diff --git a/filesystem/path.go b/filesystem/path.go index d788a6b..5fd3fdf 100644 --- a/filesystem/path.go +++ b/filesystem/path.go @@ -30,8 +30,8 @@ import ( // We only check the unix permissions and the sticky bit const permMask = os.ModeSticky | os.ModePerm -// cannonicalizePath turns path into an absolute path without symlinks. -func cannonicalizePath(path string) (string, error) { +// canonicalizePath turns path into an absolute path without symlinks. +func canonicalizePath(path string) (string, error) { path, err := filepath.Abs(path) if err != nil { return "", err @@ -62,14 +62,14 @@ func isDir(path string) bool { return err == nil && info.IsDir() } -// isDevice returns true if the path exists and is that of a directory. +// isDevice returns true if the path exists and is that of a device. func isDevice(path string) bool { info, err := loggedStat(path) return err == nil && info.Mode()&os.ModeDevice != 0 } // isDirCheckPerm returns true if the path exists and is a directory. If the -// specified permissions and sticky bit of mode do not match the path, and error +// specified permissions and sticky bit of mode do not match the path, an error // is logged. func isDirCheckPerm(path string, mode os.FileMode) bool { info, err := loggedStat(path) diff --git a/pam/constants.go b/pam/constants.go index 5c57e06..d2d0cf3 100644 --- a/pam/constants.go +++ b/pam/constants.go @@ -52,7 +52,7 @@ package pam */ import "C" -// Item is a an PAM information type. +// Item is a PAM information type. type Item int // PAM Item types. diff --git a/pam/login.go b/pam/login.go index 346edd4..527b10d 100644 --- a/pam/login.go +++ b/pam/login.go @@ -48,9 +48,9 @@ var ( tokenToCheck *crypto.Key ) -// userInput is run when the the callback needs some input from the user. We -// prompt the user for information and return their answer. A return value of -// nil indicates an error occurred. +// userInput is run when the callback needs some input from the user. We prompt +// the user for information and return their answer. A return value of nil +// indicates an error occurred. //export userInput func userInput(prompt *C.char) *C.char { fmt.Print(C.GoString(prompt)) diff --git a/pam/pam.c b/pam/pam.c index bb16427..1859a2f 100644 --- a/pam/pam.c +++ b/pam/pam.c @@ -101,7 +101,7 @@ void* copyIntoSecret(void* data) { void freeSecret(pam_handle_t* pamh, char* data, int error_status) { size_t size = strlen(data) + 1; // Include null terminator - // Use volitile function pointer to actually clear the memory. + // Use volatile function pointer to actually clear the memory. static void* (*const volatile memset_sec)(void*, int, size_t) = &memset; memset_sec(data, 0, size); munlock(data, size); diff --git a/pam/pam.h b/pam/pam.h index 09afb2e..7571da8 100644 --- a/pam/pam.h +++ b/pam/pam.h @@ -35,7 +35,7 @@ void freeData(pam_handle_t *pamh, void *data, int error_status); // then frees the array itself. void freeArray(pam_handle_t *pamh, void **array, int error_status); -// Creates a copy of a C string, which resides in an locked buffer. +// Creates a copy of a C string, which resides in a locked buffer. void *copyIntoSecret(void *data); // CleaupFunc that Zeros wipes a C string and unlocks and frees its memory. diff --git a/pam_fscrypt/pam_fscrypt.go b/pam_fscrypt/pam_fscrypt.go index 85bd934..c7f9931 100644 --- a/pam_fscrypt/pam_fscrypt.go +++ b/pam_fscrypt/pam_fscrypt.go @@ -83,7 +83,7 @@ func Authenticate(handle *pam.Handle, _ map[string]bool) error { // OpenSession provisions any policies protected with the login protector. func OpenSession(handle *pam.Handle, _ map[string]bool) error { - // We will always clear the the AUTHTOK data + // We will always clear the AUTHTOK data defer handle.ClearData(authtokLabel) // Increment the count as we add a session if _, err := AdjustCount(handle, +1); err != nil { @@ -264,7 +264,7 @@ func pam_sm_authenticate(pamh unsafe.Pointer, flags, argc C.int, argv **C.char) return authenticateFunc.Run(pamh, argc, argv) } -// pam_sm_stecred needed because we use pam_sm_authenticate. +// pam_sm_setcred needed because we use pam_sm_authenticate. //export pam_sm_setcred func pam_sm_setcred(pamh unsafe.Pointer, flags, argc C.int, argv **C.char) C.int { return C.PAM_SUCCESS diff --git a/pam_fscrypt/run_fscrypt.go b/pam_fscrypt/run_fscrypt.go index 8622a64..3d0acb1 100644 --- a/pam_fscrypt/run_fscrypt.go +++ b/pam_fscrypt/run_fscrypt.go @@ -192,7 +192,7 @@ func policiesUsingProtector(protector *actions.Protector) []*actions.Policy { // AdjustCount changes the session count for the pam user by the specified // amount. If the count file does not exist, create it as if it had a count of -// zero. If the adjustment would be the count below zero, the count is set to +// zero. If the adjustment would bring the count below zero, the count is set to // zero. The value of the new count is returned. Requires root privileges. func AdjustCount(handle *pam.Handle, delta int) (int, error) { // Make sure the directory exists diff --git a/pam_fscrypt/run_test.go b/pam_fscrypt/run_test.go index 1e74528..40ace4c 100644 --- a/pam_fscrypt/run_test.go +++ b/pam_fscrypt/run_test.go @@ -1,5 +1,5 @@ /* - * run_test.go - tests that the PAM helper functionsd work properly + * run_test.go - tests that the PAM helper functions work properly * * Copyright 2017 Google Inc. * Author: Joe Richey (joerichey@google.com) diff --git a/security/cache.go b/security/cache.go index fd22e15..f11248d 100644 --- a/security/cache.go +++ b/security/cache.go @@ -30,7 +30,7 @@ import ( // dentries. This has the effect of making encrypted directories whose keys are // not present no longer accessible. Requires root privileges. func DropFilesystemCache() error { - // Dirty reclaimible inodes must be synced so that they will be freed. + // Dirty reclaimable inodes must be synced so that they will be freed. log.Print("syncing changes to filesystem") unix.Sync() @@ -41,7 +41,7 @@ func DropFilesystemCache() error { return err } defer file.Close() - // "2" just frees the reclaimable inodes and dentries, the associated + // "2" just frees the reclaimable inodes and dentries. The associated // pages to these inodes will be freed. We do not need to free the // entire pagecache (as this will severely impact performance). _, err = file.WriteString("2") diff --git a/security/keyring.go b/security/keyring.go index 69ed38b..7c78c90 100644 --- a/security/keyring.go +++ b/security/keyring.go @@ -1,5 +1,5 @@ /* - * privileges.go - Handles inserting/removing into user keyrings. + * keyring.go - Handles inserting/removing into user keyrings. * * Copyright 2017 Google Inc. * Author: Joe Richey (joerichey@google.com) diff --git a/security/privileges.go b/security/privileges.go index 649bc30..3a1ca81 100644 --- a/security/privileges.go +++ b/security/privileges.go @@ -60,7 +60,7 @@ import ( "github.com/google/fscrypt/util" ) -// Privileges encapulate the effective uid/gid and groups of a process. +// Privileges encapsulate the effective uid/gid and groups of a process. type Privileges struct { euid C.uid_t egid C.gid_t @@ -144,9 +144,9 @@ func SetProcessPrivileges(privs *Privileges) error { func setUids(ruid, euid, suid int) error { log.Printf("Setting ruid=%d euid=%d suid=%d", ruid, euid, suid) - // We elevate the all the privs before setting them. This prevents - // issues with (ruid=1000,euid=1000,suid=0), where just a single call - // to setresuid might fail with permission denied. + // We elevate all the privs before setting them. This prevents issues + // with (ruid=1000,euid=1000,suid=0), where just a single call to + // setresuid might fail with permission denied. if res, err := C.setresuid(0, 0, 0); res < 0 { return errors.Wrapf(err.(syscall.Errno), "setting uids") } diff --git a/util/errors.go b/util/errors.go index f10569e..3c87a2c 100644 --- a/util/errors.go +++ b/util/errors.go @@ -72,7 +72,7 @@ type ErrWriter struct { err error } -// NewErrWriter creates an ErrWriter which wraps the provided reader. +// NewErrWriter creates an ErrWriter which wraps the provided writer. func NewErrWriter(writer io.Writer) *ErrWriter { return &ErrWriter{w: writer, err: nil} } @@ -116,7 +116,7 @@ func NeverError(err error) { } var ( - // testEnvVarName is the name on an environment variable that should be + // testEnvVarName is the name of an environment variable that should be // set to an empty mountpoint. This is only used for integration tests. // If not set, integration tests are skipped. testEnvVarName = "TEST_FILESYSTEM_ROOT" diff --git a/util/util.go b/util/util.go index 50663d5..97ee33c 100644 --- a/util/util.go +++ b/util/util.go @@ -31,7 +31,7 @@ import ( "unsafe" ) -// Ptr converts an Go byte array to a pointer to the start of the array. +// Ptr converts a Go byte array to a pointer to the start of the array. func Ptr(slice []byte) unsafe.Pointer { if len(slice) == 0 { return nil @@ -42,14 +42,14 @@ func Ptr(slice []byte) unsafe.Pointer { // ByteSlice takes a pointer to some data and views it as a slice of bytes. // Note, indexing into this slice is unsafe. func ByteSlice(ptr unsafe.Pointer) []byte { - // Silce must fit in the smallest address space go suppports. + // Slice must fit in the smallest address space go supports. return (*[1 << 30]byte)(ptr)[:] } // PointerSlice takes a pointer to an array of pointers and views it as a slice // of pointers. Note, indexing into this slice is unsafe. func PointerSlice(ptr unsafe.Pointer) []unsafe.Pointer { - // Silce must fit in the smallest address space go suppports. + // Slice must fit in the smallest address space go supports. return (*[1 << 28]unsafe.Pointer)(ptr)[:] } -- cgit v1.2.3