From 5fed824f372c97454833e489a2714058aac47df6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Wed, 14 Nov 2007 20:04:50 +0000 Subject: [PATCH] its vs it\'s etc. From Bjorn Sandell git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22071 ec53bebd-3082-4978-b11e-865c3cabbd6b --- appl/dceutils/k5dcecon.c | 4 ++-- appl/telnet/libtelnet/kerberos.c | 2 +- appl/telnet/libtelnet/kerberos5.c | 2 +- appl/telnet/libtelnet/krb4encpwd.c | 2 +- appl/telnet/libtelnet/rsaencpwd.c | 2 +- appl/telnet/libtelnet/spx.c | 2 +- doc/apps.texi | 2 +- doc/hx509.texi | 12 ++++++------ doc/programming.texi | 4 ++-- doc/setup.texi | 12 ++++++------ kdc/kerberos5.c | 4 ++-- kdc/krb5tgs.c | 6 +++--- kuser/kdestroy.1 | 2 +- kuser/kinit.c | 2 +- lib/asn1/canthandle.asn1 | 2 +- lib/gssapi/gssapi.3 | 2 +- lib/gssapi/krb5/init_sec_context.c | 2 +- lib/gssapi/mech/gss_accept_sec_context.c | 4 ++-- lib/hcrypto/DESperate.txt | 4 ++-- lib/hdb/hdb-ldap.c | 4 ++-- lib/hdb/keys.c | 2 +- lib/hx509/TODO | 2 +- lib/hx509/cert.c | 4 ++-- lib/hx509/cms.c | 2 +- lib/hx509/data/static-file | 2 +- lib/hx509/ks_p11.c | 2 +- lib/hx509/revoke.c | 8 ++++---- lib/kadm5/log.c | 2 +- lib/krb5/cache.c | 2 +- lib/krb5/context.c | 2 +- lib/krb5/crypto.c | 2 +- lib/krb5/krb5_aname_to_localname.3 | 2 +- lib/krb5/krb5_ccache.3 | 4 ++-- lib/krb5/krb5_encrypt.3 | 2 +- lib/krb5/krb5_get_credentials.3 | 2 +- lib/krb5/krb5_get_creds.3 | 2 +- lib/krb5/krb5_getportbyname.3 | 2 +- lib/krb5/krb5_keytab.3 | 2 +- lib/krb5/krb5_verify_init_creds.3 | 2 +- lib/krb5/krb5_verify_user.3 | 2 +- lib/krb5/rd_req.c | 2 +- lib/krb5/store.c | 8 ++++---- lib/krb5/test_cc.c | 4 ++-- lib/krb5/test_princ.c | 4 ++-- lib/krb5/v4_glue.c | 2 +- lib/roken/getcap.c | 2 +- 46 files changed, 74 insertions(+), 74 deletions(-) diff --git a/appl/dceutils/k5dcecon.c b/appl/dceutils/k5dcecon.c index cb82043f4..0ef34e89a 100644 --- a/appl/dceutils/k5dcecon.c +++ b/appl/dceutils/k5dcecon.c @@ -25,7 +25,7 @@ * this program may not be set. * * The calling program can then use the name of the cache - * to set the KRB5CCNAME and PAG for its self and its children. + * to set the KRB5CCNAME and PAG for itself and its children. * * If no ticket was passed, an attemplt to join an existing * PAG will be made. @@ -171,7 +171,7 @@ int k5dcesession(luid, pname, tgt, ppag, tflags) strcpy(ccname+38,direntp->d_name); if (!k5dcematch(luid, pname, ccname, &size, &xtgt)) { - /* its one of our caches, see if it is better + /* it's one of our caches, see if it is better * i.e. the endtime is farther, and if the endtimes * are the same, take the larger, as he who has the * most tickets wins. diff --git a/appl/telnet/libtelnet/kerberos.c b/appl/telnet/libtelnet/kerberos.c index d0d453177..9209cb330 100644 --- a/appl/telnet/libtelnet/kerberos.c +++ b/appl/telnet/libtelnet/kerberos.c @@ -541,7 +541,7 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { int i; - buf[buflen-1] = '\0'; /* make sure its NULL terminated */ + buf[buflen-1] = '\0'; /* make sure it's NULL terminated */ buflen -= 1; switch(data[3]) { diff --git a/appl/telnet/libtelnet/kerberos5.c b/appl/telnet/libtelnet/kerberos5.c index 3c9d4d5f9..803e6e79b 100644 --- a/appl/telnet/libtelnet/kerberos5.c +++ b/appl/telnet/libtelnet/kerberos5.c @@ -726,7 +726,7 @@ kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { int i; - buf[buflen-1] = '\0'; /* make sure its NULL terminated */ + buf[buflen-1] = '\0'; /* make sure it's NULL terminated */ buflen -= 1; switch(data[3]) { diff --git a/appl/telnet/libtelnet/krb4encpwd.c b/appl/telnet/libtelnet/krb4encpwd.c index 969c47bb2..e5b33fd36 100644 --- a/appl/telnet/libtelnet/krb4encpwd.c +++ b/appl/telnet/libtelnet/krb4encpwd.c @@ -354,7 +354,7 @@ krb4encpwd_printsub(data, cnt, buf, buflen) { int i; - buf[buflen-1] = '\0'; /* make sure its NULL terminated */ + buf[buflen-1] = '\0'; /* make sure it's NULL terminated */ buflen -= 1; switch(data[3]) { diff --git a/appl/telnet/libtelnet/rsaencpwd.c b/appl/telnet/libtelnet/rsaencpwd.c index 51e7ee553..445cbac93 100644 --- a/appl/telnet/libtelnet/rsaencpwd.c +++ b/appl/telnet/libtelnet/rsaencpwd.c @@ -409,7 +409,7 @@ rsaencpwd_printsub(data, cnt, buf, buflen) { int i; - buf[buflen-1] = '\0'; /* make sure its NULL terminated */ + buf[buflen-1] = '\0'; /* make sure it's NULL terminated */ buflen -= 1; switch(data[3]) { diff --git a/appl/telnet/libtelnet/spx.c b/appl/telnet/libtelnet/spx.c index 195d8f245..ceb6927ac 100644 --- a/appl/telnet/libtelnet/spx.c +++ b/appl/telnet/libtelnet/spx.c @@ -532,7 +532,7 @@ spx_printsub(data, cnt, buf, buflen) { int i; - buf[buflen-1] = '\0'; /* make sure its NULL terminated */ + buf[buflen-1] = '\0'; /* make sure it's NULL terminated */ buflen -= 1; switch(data[3]) { diff --git a/doc/apps.texi b/doc/apps.texi index 880f8fc29..0aa987ab8 100644 --- a/doc/apps.texi +++ b/doc/apps.texi @@ -202,7 +202,7 @@ KeyFile. @subsection What is 2b ? 2b is the name of the proposal that was implemented to give basic -Kerberos 5 support to AFS in rxkad. Its not real Kerberos 5 support +Kerberos 5 support to AFS in rxkad. It's not real Kerberos 5 support since it still uses fcrypt for data encryption and not Kerberos encryption types. diff --git a/doc/hx509.texi b/doc/hx509.texi index ef9420235..a661297c1 100644 --- a/doc/hx509.texi +++ b/doc/hx509.texi @@ -285,7 +285,7 @@ depth. @item Proxy certificates -Remember that End Entity can't issue certificates by them own, its not +Remember that End Entity can't issue certificates by them own, it's not really true. There there is an extension called proxy certificates, defined in RFC3820, that allows certificates to be issued by end entity certificates. The service that receives the proxy certificates must have @@ -323,19 +323,19 @@ evaluates the policy. @node Setting up a CA, Creating a CA certificate, What is X.509 ?, Top @chapter Setting up a CA -Do not let this chapter scare you off, its just to give you an idea how +Do not let this chapter scare you off, it's just to give you an idea how to complicated setting up a CA can be. If you are just playing around, skip all this and go to the next chapter, @pxref{Creating a CA certificate}. Creating a CA certificate should be more the just creating a -certificate, there is the policy of the CA. If its just you and your +certificate, there is the policy of the CA. If it's just you and your friend that is playing around then it probably doesn't matter what the policy is. But then it comes to trust in an organisation, it will probably matter more whom your users and sysadmins will find it acceptable to trust. -At the same time, try to keep thing simple, its not very hard to run a +At the same time, try to keep thing simple, it's not very hard to run a Certificate authority and the process to get new certificates should simple. @@ -599,7 +599,7 @@ The certificate may also contain a jabber identifier (JID) that, if the receiver allows it, authorises the server or client to use that JID. When storing a JID inside the certificate, both for server and client, -its stored inside a UTF8String within an otherName entity inside the +it's stored inside a UTF8String within an otherName entity inside the subjectAltName, using the OID id-on-xmppAddr (1.3.6.1.5.5.7.8.5). To read more about the requirements, see RFC3920, Extensible Messaging @@ -620,7 +620,7 @@ hxtool issue-certificate \ @chapter CMS signing and encryption CMS is the Cryptographic Message System that among other, is used by -S/MIME (secure email) and Kerberos PK-INIT. Its an extended version of +S/MIME (secure email) and Kerberos PK-INIT. It's an extended version of the RSA, Inc standard PKCS7. @node CMS background, , CMS signing and encryption, Top diff --git a/doc/programming.texi b/doc/programming.texi index 8d2570df2..c975a99a1 100644 --- a/doc/programming.texi +++ b/doc/programming.texi @@ -97,7 +97,7 @@ found'', the user might back ``failed to find host/host.example.com@@EXAMLE.COM(kvno 3) in keytab /etc/krb5.keytab (des-cbc-crc)''. This improves the chance that the user find the cause of the error so you should use the customised error message -whenever its available. +whenever it's available. See also manual page for @manpage{krb5_get_error_string,3} and @manpage{krb5_get_err_text,3}. @@ -141,7 +141,7 @@ reason @code{err()} is used when @code{krb5_init_context()} fails. First the client needs to call @code{krb5_init_context} to initialise the Kerberos 5 library. This is only needed once per thread in the program. If the function returns a non-zero value it indicates -that either the Kerberos implementation is failing or its disabled on +that either the Kerberos implementation is failing or it's disabled on this host. @example diff --git a/doc/setup.texi b/doc/setup.texi index 975058af9..41219882c 100644 --- a/doc/setup.texi +++ b/doc/setup.texi @@ -668,7 +668,7 @@ default encryption will be used. @item @code{afs3-salt} -@code{afs3-salt} is the salt that is used with Transarc kaserver. Its +@code{afs3-salt} is the salt that is used with Transarc kaserver. It's the cell name appended to the password. @end itemize @@ -885,7 +885,7 @@ local transport. (A patch to support SASL EXTERNAL authentication is necessary in order to use OpenLDAP 2.1.x.) @item -Add the hdb schema to the LDAP server, its included in the source-tree +Add the hdb schema to the LDAP server, it's included in the source-tree in @file{lib/hdb/hdb.schema}. Example from slapd.conf: @example @@ -915,7 +915,7 @@ Another option is to create an admins group and add the dn to that group. Since Heimdal talks to the LDAP server over a UNIX domain socket, and -uses external sasl authentication, its not possible to require +uses external sasl authentication, it's not possible to require security layer quality (ssf in cyrus-sasl lingo). So that requirement has to be turned off in OpenLDAP @command{slapd} configuration file @file{slapd.conf}. @@ -1080,8 +1080,8 @@ PK-INIT is levering the existing PKI infrastructure to use certificates to get the initial ticket, that is usually the krbtgt. To use PK-INIT you must first have a PKI, so if you don't have one, -now its time to create it. Note that you should read the whole chapter -of the document to see the requirements on the CA sortware. +it is time to create it. Note that you should read the whole chapter +of the document to see the requirements on the CA software. There needs to exist a mapping between the certificate and what principals that certificate is allowed to use. There are several ways @@ -1107,7 +1107,7 @@ name of the TGS of the target realm. Both of these two requirements are not required by the standard to be checked by the client if it have external information what the -certificate the KDC is supposed to be used. So its in the interst of +certificate the KDC is supposed to be used. So it's in the interest of minimum amount of configuration on the clients they should be included. Remember that if the client would accept any certificate as the KDC's diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c index 15889f655..5c1d823d1 100644 --- a/kdc/kerberos5.c +++ b/kdc/kerberos5.c @@ -418,8 +418,8 @@ make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key) *ent->salttype = key->salt->type; #else /* - * We shouldn't sent salttype since its incompatible with the - * specification and its break windows clients. The afs + * We shouldn't sent salttype since it is incompatible with the + * specification and it breaks windows clients. The afs * salting problem is solved by using KRB5-PADATA-AFS3-SALT * implemented in Heimdal 0.7 and later. */ diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c index bdf89ad1d..d2ea75387 100644 --- a/kdc/krb5tgs.c +++ b/kdc/krb5tgs.c @@ -822,7 +822,7 @@ tgs_make_reply(krb5_context context, if(rspac->length) { /* * No not need to filter out the any PAC from the - * auth_data since its signed by the KDC. + * auth_data since it's signed by the KDC. */ ret = _kdc_tkt_add_if_relevant_ad(context, &et, KRB5_AUTHDATA_WIN2K_PAC, @@ -1439,8 +1439,8 @@ server_lookup: } /* - * Check that service is in the same realm as the krbtgt. If its - * not the same, its someone that is using a uni-directional trust + * Check that service is in the same realm as the krbtgt. If it's + * not the same, it's someone that is using a uni-directional trust * backward. */ diff --git a/kuser/kdestroy.1 b/kuser/kdestroy.1 index 70b247b7b..31854d980 100644 --- a/kuser/kdestroy.1 +++ b/kuser/kdestroy.1 @@ -57,7 +57,7 @@ Supported options: .It Fl credential= Ns Ar principal remove .Fa principal -from the credential cache if its exists. +from the credential cache if it exists. .It Fl c Ar cachefile .It Fl cache= Ns Ar cachefile The cache file to remove. diff --git a/kuser/kinit.c b/kuser/kinit.c index 3f8d49d9e..4c54bc4bb 100644 --- a/kuser/kinit.c +++ b/kuser/kinit.c @@ -260,7 +260,7 @@ renew_validate(krb5_context context, if (renew) { /* - * no need to check the error here, its only to be + * no need to check the error here, it's only to be * friendly to the user */ krb5_get_credentials(context, KRB5_GC_CACHED, cache, &in, &out); diff --git a/lib/asn1/canthandle.asn1 b/lib/asn1/canthandle.asn1 index b674476f1..5c2690f9b 100644 --- a/lib/asn1/canthandle.asn1 +++ b/lib/asn1/canthandle.asn1 @@ -19,7 +19,7 @@ Foo ::= SEQUENCE { kaka3 [2] IMPLICIT Kaka3 OPTIONAL } --- Don't code kaka if its 1 +-- Don't code kaka if it's 1 -- Workaround is to use OPTIONAL and check for in the encoder stubs Bar ::= SEQUENCE { diff --git a/lib/gssapi/gssapi.3 b/lib/gssapi/gssapi.3 index c7c629f86..c54ecb4e7 100644 --- a/lib/gssapi/gssapi.3 +++ b/lib/gssapi/gssapi.3 @@ -154,7 +154,7 @@ There is a work around for this problem, but not all implementation support it. .Pp Heimdal defaults to correct SPNEGO when the the kerberos -implementation uses CFX, or when its configured by the user. +implementation uses CFX, or when it is configured by the user. To turn on compatibility with peers, use option .Nm [gssapi] .Ar require_mechlist_mic . diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c index 4aec29429..58e262206 100644 --- a/lib/gssapi/krb5/init_sec_context.c +++ b/lib/gssapi/krb5/init_sec_context.c @@ -449,7 +449,7 @@ init_auth * If the credential doesn't have ok-as-delegate, check what local * policy say about ok-as-delegate, default is FALSE that makes * code ignore the KDC setting and follow what the application - * requested. If its TRUE, strip of the GSS_C_DELEG_FLAG if the + * requested. If it is TRUE, strip of the GSS_C_DELEG_FLAG if the * KDC doesn't set ok-as-delegate. */ if (!cred->flags.b.ok_as_delegate) { diff --git a/lib/gssapi/mech/gss_accept_sec_context.c b/lib/gssapi/mech/gss_accept_sec_context.c index 1088c9db3..1125c18a2 100644 --- a/lib/gssapi/mech/gss_accept_sec_context.c +++ b/lib/gssapi/mech/gss_accept_sec_context.c @@ -38,7 +38,7 @@ parse_header(const gss_buffer_t input_token, gss_OID mech_oid) /* * Token must start with [APPLICATION 0] SEQUENCE. - * But if it doesn't assume its DCE-STYLE Kerberos! + * But if it doesn't assume it is DCE-STYLE Kerberos! */ if (len == 0) return (GSS_S_DEFECTIVE_TOKEN); @@ -102,7 +102,7 @@ choose_mech(const gss_buffer_t input, gss_OID mech_oid) OM_uint32 status; /* - * First try to parse the gssapi token header and see if its a + * First try to parse the gssapi token header and see if it's a * correct header, use that in the first hand. */ diff --git a/lib/hcrypto/DESperate.txt b/lib/hcrypto/DESperate.txt index 1fae0a123..3d793e9d8 100644 --- a/lib/hcrypto/DESperate.txt +++ b/lib/hcrypto/DESperate.txt @@ -30,7 +30,7 @@ second. 01110000 01110000 01110000 01110000 01111000 01111000 01111000 01111000 00001111 00001111 00001111 00001111 00000111 00000111 00000111 00000111 -The pattern is getting more obvious if its printed out where the bits +The pattern is getting more obvious if it's printed out where the bits are coming from. 8 16 24 - - - - - @@ -64,7 +64,7 @@ gen_pattern("pc1_d_4", 15, [ 57, 53, 45, 37 ], 32, 0x1000000); PC2 transformations =================== -PC2 is also a table lookup, since its a 24 bit field, I use 4 6-bit +PC2 is also a table lookup, since it's a 24 bit field, I use 4 6-bit lookup tables. Printing the reverse of the PC2 table reveal that some of the bits are not used, namely (9, 18, 22, 25) from c and (7, 10, 15, 26) from d. diff --git a/lib/hdb/hdb-ldap.c b/lib/hdb/hdb-ldap.c index ff38bdba6..631e4ffc6 100644 --- a/lib/hdb/hdb-ldap.c +++ b/lib/hdb/hdb-ldap.c @@ -417,7 +417,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, /* * If this is just a "account" entry and no other objectclass - * is hanging on this entry, its really a new entry. + * is hanging on this entry, it's really a new entry. */ if (is_samba_account == FALSE && is_heimdal_principal == FALSE && is_heimdal_entry == FALSE) { @@ -671,7 +671,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, int add_krb5EncryptionType = 0; /* - * Only add/modify krb5EncryptionType if its a new heimdal + * Only add/modify krb5EncryptionType if it's a new heimdal * entry or krb5EncryptionType already exists on the entry. */ diff --git a/lib/hdb/keys.c b/lib/hdb/keys.c index 33193134b..f699c455f 100644 --- a/lib/hdb/keys.c +++ b/lib/hdb/keys.c @@ -244,7 +244,7 @@ add_enctype_to_key_set(Key **key_set, size_t *nkeyset, /* * Generate the `key_set' from the [kadmin]default_keys statement. If * `no_salt' is set, salt is not important (and will not be set) since - * its random keys that is going to be created. + * it's random keys that is going to be created. */ krb5_error_code diff --git a/lib/hx509/TODO b/lib/hx509/TODO index 38fc3a43c..d3fdecc23 100644 --- a/lib/hx509/TODO +++ b/lib/hx509/TODO @@ -55,7 +55,7 @@ certificate request x509 issues: - OtherName is left unspecified, but its used by other + OtherName is left unspecified, but it's used by other specs. creating this hole where a application/CA can't specify policy for SubjectAltName what covers whole space. For example, a CA is trusted to provide authentication but not authorization. diff --git a/lib/hx509/cert.c b/lib/hx509/cert.c index f4d7e6c9b..3c53e8c4e 100644 --- a/lib/hx509/cert.c +++ b/lib/hx509/cert.c @@ -695,7 +695,7 @@ _hx509_cert_is_parent_cmp(const Certificate *subject, memset(&si, 0, sizeof(si)); /* - * Try to find AuthorityKeyIdentifier, if its not present in the + * Try to find AuthorityKeyIdentifier, if it's not present in the * subject certificate nor the parent. */ @@ -789,7 +789,7 @@ certificate_is_self_signed(const Certificate *cert) } /* - * The subjectName is "null" when its empty set of relative DBs. + * The subjectName is "null" when it's empty set of relative DBs. */ static int diff --git a/lib/hx509/cms.c b/lib/hx509/cms.c index d0d1b63af..fb2a0407d 100644 --- a/lib/hx509/cms.c +++ b/lib/hx509/cms.c @@ -1045,7 +1045,7 @@ hx509_cms_create_signed_1(hx509_context context, } /* - * If its not pkcs7-data send signedAttributes + * If it isn't pkcs7-data send signedAttributes */ if (der_heim_oid_cmp(eContentType, oid_id_pkcs7_data()) != 0) { diff --git a/lib/hx509/data/static-file b/lib/hx509/data/static-file index a9f54790d..2216857cc 100644 --- a/lib/hx509/data/static-file +++ b/lib/hx509/data/static-file @@ -1,4 +1,4 @@ -This is a static file don't change the content, its used in the test +This is a static file don't change the content, it is used in the test #!/bin/sh # diff --git a/lib/hx509/ks_p11.c b/lib/hx509/ks_p11.c index d678c2fd6..0532a94e7 100644 --- a/lib/hx509/ks_p11.c +++ b/lib/hx509/ks_p11.c @@ -403,7 +403,7 @@ p11_get_session(hx509_context context, * prompter or known to work pin code. * * This code is very conversative and only uses the prompter in - * the hx509_lock, the reason is that its bad to try many + * the hx509_lock, the reason is that it's bad to try many * passwords on a pkcs11 token, it might lock up and have to be * unlocked by a administrator. * diff --git a/lib/hx509/revoke.c b/lib/hx509/revoke.c index e8a8c7aab..c209b97c2 100644 --- a/lib/hx509/revoke.c +++ b/lib/hx509/revoke.c @@ -151,7 +151,7 @@ verify_ocsp(hx509_context context, /* * If signer certificate isn't the CA certificate, lets check the - * its the CA that signed the signer certificate and the OCSP EKU + * it is the CA that signed the signer certificate and the OCSP EKU * is set. */ if (hx509_cert_cmp(signer, parent) != 0) { @@ -415,7 +415,7 @@ verify_crl(hx509_context context, _hx509_query_clear(&q); /* - * If its the signer have CRLSIGN bit set, use that as the signer + * If it's the signer have CRLSIGN bit set, use that as the signer * cert for the certificate, otherwise, search for a certificate. */ if (_hx509_check_key_usage(context, parent, 1 << 6, FALSE) == 0) { @@ -1016,8 +1016,8 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out) } /* - * Verify that the `cert' is part of the OCSP reply and its not - * expired. Doesn't verify signature the OCSP reply or its done by a + * Verify that the `cert' is part of the OCSP reply and it's not + * expired. Doesn't verify signature the OCSP reply or it's done by a * authorized sender, that is assumed to be already done. */ diff --git a/lib/kadm5/log.c b/lib/kadm5/log.c index 1007389ce..99362c6dd 100644 --- a/lib/kadm5/log.c +++ b/lib/kadm5/log.c @@ -836,7 +836,7 @@ kadm5_log_goto_end (int fd) * * The pointer in `spī is assumed to be at the top of the entry before * previous entry. On success, the `spī pointer is set to data portion - * of previous entry. In case of error, its not changed at all. + * of previous entry. In case of error, it's not changed at all. */ kadm5_ret_t diff --git a/lib/krb5/cache.c b/lib/krb5/cache.c index 768b2434e..b9a89f22b 100644 --- a/lib/krb5/cache.c +++ b/lib/krb5/cache.c @@ -198,7 +198,7 @@ krb5_cc_gen_new(krb5_context context, * the library chooses the default credential cache type. The supplied * `hint' (that can be NULL) is a string that the credential cache * type can use to base the name of the credential on, this is to make - * its easier for the user to differentiate the credentials. + * it easier for the user to differentiate the credentials. * * @return Returns 0 or an error code. * diff --git a/lib/krb5/context.c b/lib/krb5/context.c index 3e242f658..5728d7a6f 100644 --- a/lib/krb5/context.c +++ b/lib/krb5/context.c @@ -361,7 +361,7 @@ add_file(char ***pfilenames, int *len, char *file) } /* - * `pq' isn't free, its up the the caller + * `pq' isn't free, it's up the the caller */ krb5_error_code KRB5_LIB_FUNCTION diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c index 9d84b537d..2beff027d 100644 --- a/lib/krb5/crypto.c +++ b/lib/krb5/crypto.c @@ -184,7 +184,7 @@ krb5_DES_schedule(krb5_context context, #ifdef ENABLE_AFS_STRING_TO_KEY /* This defines the Andrew string_to_key function. It accepts a password - * string as input and converts its via a one-way encryption algorithm to a DES + * string as input and converts it via a one-way encryption algorithm to a DES * encryption key. It is compatible with the original Andrew authentication * service password database. */ diff --git a/lib/krb5/krb5_aname_to_localname.3 b/lib/krb5/krb5_aname_to_localname.3 index 1d6b5226b..e18caf8cc 100644 --- a/lib/krb5/krb5_aname_to_localname.3 +++ b/lib/krb5/krb5_aname_to_localname.3 @@ -51,7 +51,7 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Sh DESCRIPTION This function takes a principal .Fa name , -verifies its in the local realm (using +verifies that it is in the local realm (using .Fn krb5_get_default_realms ) and then returns the local name of the principal. .Pp diff --git a/lib/krb5/krb5_ccache.3 b/lib/krb5/krb5_ccache.3 index 20fbf4c88..76f06815c 100644 --- a/lib/krb5/krb5_ccache.3 +++ b/lib/krb5/krb5_ccache.3 @@ -302,7 +302,7 @@ The supplied (that can be .Dv NULL ) is a string that the credential cache type can use to base the name of -the credential on, this is to make its easier for the user to +the credential on, this is to make it easier for the user to differentiate the credentials. The returned credential cache .Fa id @@ -421,7 +421,7 @@ to .Fn krb5_cc_clear_mcred clears the .Fa mcreds -argument so its reset and can be used with +argument so it is reset and can be used with .Fa krb5_cc_retrieve_cred . .Pp .Fn krb5_cc_retrieve_cred , diff --git a/lib/krb5/krb5_encrypt.3 b/lib/krb5/krb5_encrypt.3 index 83595a3a8..767c305f7 100644 --- a/lib/krb5/krb5_encrypt.3 +++ b/lib/krb5/krb5_encrypt.3 @@ -197,7 +197,7 @@ If the encryption type supports using derived keys, .Fa usage should be the appropriate key-usage. .Fa ivec -is a pointer to a initial IV, its modified to the end IV at the end of +is a pointer to a initial IV, it is modified to the end IV at the end of the round. Ivec should be the size of If diff --git a/lib/krb5/krb5_get_credentials.3 b/lib/krb5/krb5_get_credentials.3 index 67a89dd2c..9d8454d52 100644 --- a/lib/krb5/krb5_get_credentials.3 +++ b/lib/krb5/krb5_get_credentials.3 @@ -132,7 +132,7 @@ This option doesn't store the resulting user to user credential in the .Fa ccache . .It KRB5_GC_EXPIRED_OK -returns the credential even if its expired, default behavior is trying +returns the credential even if it is expired, default behavior is trying to refetch the credential from the KDC. .El .Pp diff --git a/lib/krb5/krb5_get_creds.3 b/lib/krb5/krb5_get_creds.3 index a1230c004..6e1c8a096 100644 --- a/lib/krb5/krb5_get_creds.3 +++ b/lib/krb5/krb5_get_creds.3 @@ -147,7 +147,7 @@ This options doesn't store the resulting user to user credential in the .Fa ccache . .It KRB5_GC_EXPIRED_OK -returns the credential even if its expired, default behavior is trying +returns the credential even if it is expired, default behavior is trying to refetch the credential from the KDC. .It KRB5_GC_NO_STORE Do not store the resulting credentials in the diff --git a/lib/krb5/krb5_getportbyname.3 b/lib/krb5/krb5_getportbyname.3 index c622e4bdd..0ce0377b5 100644 --- a/lib/krb5/krb5_getportbyname.3 +++ b/lib/krb5/krb5_getportbyname.3 @@ -54,7 +54,7 @@ gets the port number for .Fa service / .Fa proto pair from the global service table for and returns it in network order. -If its not found in the global table, the +If it isn't found in the global table, the .Fa default_port (given in host order) is returned. diff --git a/lib/krb5/krb5_keytab.3 b/lib/krb5/krb5_keytab.3 index 6ef847744..37dae34ae 100644 --- a/lib/krb5/krb5_keytab.3 +++ b/lib/krb5/krb5_keytab.3 @@ -475,7 +475,7 @@ Heimdal 0.7. The behavior is possible to change in with the option .Li [libdefaults]fcc-mit-ticketflags . Heimdal 0.7 also code to detech that ticket flags was in the wrong order and correct them. This matters when doing delegation in GSS-API -because the client code looks at the flag to determin if its possible +because the client code looks at the flag to determin if it is possible to do delegation if the user requested it. .Sh SEE ALSO .Xr krb5.conf 5 , diff --git a/lib/krb5/krb5_verify_init_creds.3 b/lib/krb5/krb5_verify_init_creds.3 index 2bb4ae349..3ffc626b1 100644 --- a/lib/krb5/krb5_verify_init_creds.3 +++ b/lib/krb5/krb5_verify_init_creds.3 @@ -93,7 +93,7 @@ cleans the the structure, must be used before trying to pass it in to .Fn krb5_verify_init_creds_opt_set_ap_req_nofail controls controls the behavior if .Fa ap_req_server -doesn't exists in the local keytab or in the KDC's database, if its +doesn't exists in the local keytab or in the KDC's database, if it's true, the error will be ignored. Note that this use is possible insecure. .Sh SEE ALSO diff --git a/lib/krb5/krb5_verify_user.3 b/lib/krb5/krb5_verify_user.3 index 7bde935b8..35fb07619 100644 --- a/lib/krb5/krb5_verify_user.3 +++ b/lib/krb5/krb5_verify_user.3 @@ -139,7 +139,7 @@ structure wont be exported. resets all opt to default values. .Pp None of the krb5_verify_opt_set function makes a copy of the data -structure that they are called with. Its up the caller to free them +structure that they are called with. It's up the caller to free them after the .Fn krb5_verify_user_opt is called. diff --git a/lib/krb5/rd_req.c b/lib/krb5/rd_req.c index b7f3727cb..390bd3fc0 100644 --- a/lib/krb5/rd_req.c +++ b/lib/krb5/rd_req.c @@ -137,7 +137,7 @@ check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc) krb5_error_code ret; /* - * Windows 2000 and 2003 uses this inside their TGT so its normaly + * Windows 2000 and 2003 uses this inside their TGT so it's normaly * not seen by others, however, samba4 joined with a Windows AD as * a Domain Controller gets exposed to this. */ diff --git a/lib/krb5/store.c b/lib/krb5/store.c index d9295e5fc..321ca633a 100644 --- a/lib/krb5/store.c +++ b/lib/krb5/store.c @@ -838,8 +838,8 @@ krb5_ret_creds(krb5_storage *sp, krb5_creds *creds) if(ret) goto cleanup; /* * Runtime detect the what is the higher bits of the bitfield. If - * any of the higher bits are set in the input data, its either a - * new ticket flag (and this code need to be removed), or its a + * any of the higher bits are set in the input data, it's either a + * new ticket flag (and this code need to be removed), or it's a * MIT cache (or new Heimdal cache), lets change it to our current * format. */ @@ -993,8 +993,8 @@ krb5_ret_creds_tag(krb5_storage *sp, if(ret) goto cleanup; /* * Runtime detect the what is the higher bits of the bitfield. If - * any of the higher bits are set in the input data, its either a - * new ticket flag (and this code need to be removed), or its a + * any of the higher bits are set in the input data, it's either a + * new ticket flag (and this code need to be removed), or it's a * MIT cache (or new Heimdal cache), lets change it to our current * format. */ diff --git a/lib/krb5/test_cc.c b/lib/krb5/test_cc.c index d6868466f..86915212e 100644 --- a/lib/krb5/test_cc.c +++ b/lib/krb5/test_cc.c @@ -82,8 +82,8 @@ test_default_name(krb5_context context) } /* - * Check that a closed cc still keeps it data and that its no longer - * there when its destroyed. + * Check that a closed cc still keeps it data and that it's no longer + * there when it's destroyed. */ static void diff --git a/lib/krb5/test_princ.c b/lib/krb5/test_princ.c index 606d2398c..b51afce5a 100644 --- a/lib/krb5/test_princ.c +++ b/lib/krb5/test_princ.c @@ -36,8 +36,8 @@ RCSID("$Id$"); /* - * Check that a closed cc still keeps it data and that its no longer - * there when its destroyed. + * Check that a closed cc still keeps it data and that it's no longer + * there when it's destroyed. */ static void diff --git a/lib/krb5/v4_glue.c b/lib/krb5/v4_glue.c index c0574f9ac..452fbd592 100644 --- a/lib/krb5/v4_glue.c +++ b/lib/krb5/v4_glue.c @@ -599,7 +599,7 @@ _krb5_krb_cr_err_reply(krb5_context context, RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_ERR_REPLY), error); RCHECK(ret, put_nir(sp, name, inst, realm), error); RCHECK(ret, krb5_store_int32(sp, time_ws), error); - /* If its a Kerberos 4 error-code, remove the et BASE */ + /* If it is a Kerberos 4 error-code, remove the et BASE */ if (e >= ERROR_TABLE_BASE_krb && e <= ERROR_TABLE_BASE_krb + 255) e -= ERROR_TABLE_BASE_krb; RCHECK(ret, krb5_store_int32(sp, e), error); diff --git a/lib/roken/getcap.c b/lib/roken/getcap.c index 890e3a818..2ae39a46b 100644 --- a/lib/roken/getcap.c +++ b/lib/roken/getcap.c @@ -70,7 +70,7 @@ static char *toprec; /* Additional record specified by cgetset() */ static int gottoprec; /* Flag indicating retrieval of toprecord */ #if 0 /* - * Don't use db support unless its build into libc but we dont + * Don't use db support unless it's build into libc but we don't * check for that now, so just disable the code. */ #if defined(HAVE_DBOPEN) && defined(HAVE_DB_H)