2025-01-21 18:04:06 +03:00 · 2024-02-27 14:55:27 +13:00 · 2024-02-27 14:55:27 +13:00 · ea41dccb99
commit ea41dccb99
parent f1a83798f0
18 changed files with 29 additions and 18 deletions
--- a/third_party/heimdal/kdc/kdc-accessors.h
+++ b/third_party/heimdal/kdc/kdc-accessors.h
@ -339,6 +339,13 @@ ASTGS_REQUEST_SET_ACCESSOR_PTR(struct krb5_pac_data *, pac, pac)

 ASTGS_REQUEST_GET_ACCESSOR(uint64_t, pac_attributes)

+/*
+ * unsigned int
+ * kdc_request_get_pkinit_freshness_used(astgs_request_t);
+ */
+
+ASTGS_REQUEST_GET_ACCESSOR(unsigned int, pkinit_freshness_used)
+
 /*
 * void
 * kdc_request_set_pac_attributes(astgs_request_t, uint64_t);
--- a/third_party/heimdal/kdc/kdc_locl.h
+++ b/third_party/heimdal/kdc/kdc_locl.h
@ -155,6 +155,7 @@ struct astgs_request_desc {

    /* Only AS */
    const struct kdc_patypes *pa_used;
+    unsigned int pkinit_freshness_used : 1;

    /* PA methods can affect both the reply key and the session key (pkinit) */
    krb5_enctype sessionetype;
--- a/third_party/heimdal/kdc/libkdc-exports.def
+++ b/third_party/heimdal/kdc/libkdc-exports.def
@ -49,6 +49,7 @@ EXPORTS
 	kdc_request_get_krbtgt_princ
 	kdc_request_get_pac
 	kdc_request_get_pac_attributes
+	kdc_request_get_pkinit_freshness_used
 	kdc_request_get_rep
 	kdc_request_get_reply_key
 	kdc_request_get_req
--- a/third_party/heimdal/kdc/pkinit.c
+++ b/third_party/heimdal/kdc/pkinit.c
@ -1996,6 +1996,8 @@ _kdc_pk_validate_freshness_token(astgs_request_t r,
 	return KRB5_KDC_ERR_PREAUTH_EXPIRED;
    }

+    r->pkinit_freshness_used = TRUE;
+
    free_PA_ENC_TS_ENC(&ts_enc);
    return 0;
 }
--- a/third_party/heimdal/kdc/version-script.map
+++ b/third_party/heimdal/kdc/version-script.map
@ -52,6 +52,7 @@ HEIMDAL_KDC_1.0 {
 		kdc_request_get_krbtgt_princ;
 		kdc_request_get_pac;
 		kdc_request_get_pac_attributes;
+		kdc_request_get_pkinit_freshness_used;
 		kdc_request_get_rep;
 		kdc_request_get_reply_key;
 		kdc_request_get_req;
--- a/third_party/heimdal/lib/asn1/asn1_err.et
+++ b/third_party/heimdal/lib/asn1/asn1_err.et
@ -23,7 +23,7 @@ error_code MIN_CONSTRAINT,	"ASN.1 too few elements"
 error_code MAX_CONSTRAINT,	"ASN.1 too many elements"
 error_code EXACT_CONSTRAINT,	"ASN.1 wrong number of elements"
 error_code INDEF_OVERRUN,   	"ASN.1 BER indefinte encoding overrun"
-error_code INDEF_UNDERRUN,   	"ASN.1 BER indefinte encoding underun"
+error_code INDEF_UNDERRUN,   	"ASN.1 BER indefinte encoding underrun"
 error_code GOT_BER,		"ASN.1 got BER encoded when expected DER"
 error_code INDEF_EXTRA_DATA,	"ASN.1 EoC tag contained data"
 end
--- a/third_party/heimdal/lib/asn1/asn1_print.c
+++ b/third_party/heimdal/lib/asn1/asn1_print.c
@ -566,7 +566,7 @@ dotype(unsigned char *buf, size_t len, char **argv, size_t *size)
                 "BER indefinte encoding overun", typename);
        case ASN1_INDEF_UNDERRUN:
            errx(1, "Could not decode and print data as type %s: "
-                 "BER indefinte encoding underun", typename);
+                 "BER indefinte encoding underrun", typename);
        case ASN1_GOT_BER:
            errx(1, "Could not decode and print data as type %s: "
                 "BER encoding when DER expected", typename);
--- a/third_party/heimdal/lib/base/heimbase.c
+++ b/third_party/heimdal/lib/base/heimbase.c
@ -701,7 +701,7 @@ heim_auto_release(heim_object_t ptr)
    }

    if (tls == NULL || (ar = tls->current) == NULL)
-	heim_abort("no auto relase pool in place, would leak");
+	heim_abort("no auto release pool in place, would leak");

    HEIMDAL_MUTEX_lock(&ar->pool_mutex);
    HEIM_TAILQ_INSERT_HEAD(&ar->pool, p, autorel);
--- a/third_party/heimdal/lib/gssapi/spnego/accept_sec_context.c
+++ b/third_party/heimdal/lib/gssapi/spnego/accept_sec_context.c
@ -747,7 +747,7 @@ acceptor_start
 	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
 	return gss_mg_set_error_string(GSS_C_NO_OID, GSS_S_NO_CONTEXT,
 				       *minor_status,
-				       "SPNEGO acceptor didn't find a prefered mechanism");
+				       "SPNEGO acceptor didn't find a preferred mechanism");
    }

    /*
--- a/third_party/heimdal/lib/hx509/cert.c
+++ b/third_party/heimdal/lib/hx509/cert.c
@ -1506,7 +1506,7 @@ _hx509_calculate_path(hx509_context context,
 	if (path->len > max_depth) {
 	    hx509_cert_free(current);
 	    hx509_set_error_string(context, 0, HX509_PATH_TOO_LONG,
-				   "Path too long while bulding "
+				   "Path too long while building "
 				   "certificate chain");
 	    return HX509_PATH_TOO_LONG;
 	}
--- a/third_party/heimdal/lib/hx509/hx509_err.et
+++ b/third_party/heimdal/lib/hx509/hx509_err.et
@ -62,8 +62,8 @@ error_code SIG_INVALID_FORMAT, "Invalid format on signature"
 error_code OID_MISMATCH, "Mismatch between oids"
 error_code NO_PROMPTER, "No prompter function defined"
 error_code SIGNATURE_WITHOUT_SIGNER, "Signature requires signer, but none available"
-error_code RSA_PUBLIC_ENCRYPT, "RSA public encyption failed"
-error_code RSA_PRIVATE_ENCRYPT, "RSA private encyption failed"
+error_code RSA_PUBLIC_ENCRYPT, "RSA public encryption failed"
+error_code RSA_PRIVATE_ENCRYPT, "RSA private encryption failed"
 error_code RSA_PUBLIC_DECRYPT, "RSA public decryption failed"
 error_code RSA_PRIVATE_DECRYPT, "RSA private decryption failed"
 error_code ALGORITHM_BEST_BEFORE, "Algorithm has passed its best before date"
--- a/third_party/heimdal/lib/krb5/crypto.c
+++ b/third_party/heimdal/lib/krb5/crypto.c
@ -1226,7 +1226,7 @@ decrypt_internal_derived(krb5_context context,
    if (len < checksum_sz + et->confoundersize) {
 	krb5_set_error_message(context, KRB5_BAD_MSIZE,
 			       N_("Encrypted data shorter then "
-				  "checksum + confunder", ""));
+				  "checksum + confounder", ""));
 	return KRB5_BAD_MSIZE;
    }

@ -1301,7 +1301,7 @@ decrypt_internal_enc_then_cksum(krb5_context context,
    if (len < checksum_sz + et->confoundersize) {
 	krb5_set_error_message(context, KRB5_BAD_MSIZE,
 			       N_("Encrypted data shorter then "
-				  "checksum + confunder", ""));
+				  "checksum + confounder", ""));
 	return KRB5_BAD_MSIZE;
    }

@ -1383,7 +1383,7 @@ decrypt_internal(krb5_context context,
    if (len < checksum_sz + et->confoundersize) {
 	krb5_set_error_message(context, KRB5_BAD_MSIZE,
 			       N_("Encrypted data shorter then "
-				  "checksum + confunder", ""));
+				  "checksum + confounder", ""));
 	return KRB5_BAD_MSIZE;
    }

@ -1445,7 +1445,7 @@ decrypt_internal_special(krb5_context context,
    if (len < cksum_sz + et->confoundersize) {
 	krb5_set_error_message(context, KRB5_BAD_MSIZE,
 			       N_("Encrypted data shorter then "
-				  "checksum + confunder", ""));
+				  "checksum + confounder", ""));
 	return KRB5_BAD_MSIZE;
    }

--- a/third_party/heimdal/lib/sqlite/sqlite3.c
+++ b/third_party/heimdal/lib/sqlite/sqlite3.c
@ -95906,7 +95906,7 @@ static int vdbeSorterFlushPMA(VdbeSorter *pSorter){
  ** the background thread from a sub-tasks previous turn is still running,
  ** skip it. If the first (pSorter->nTask-1) sub-tasks are all still busy,
  ** fall back to using the final sub-task. The first (pSorter->nTask-1)
-  ** sub-tasks are prefered as they use background threads - the final
+  ** sub-tasks are preferred as they use background threads - the final
  ** sub-task uses the main thread. */
  for(i=0; i<nWorker; i++){
    int iTest = (pSorter->iPrev + i + 1) % nWorker;
--- a/third_party/heimdal/po/heim_com_err569856/de.po
+++ b/third_party/heimdal/po/heim_com_err569856/de.po
@ -273,7 +273,7 @@ msgstr "Signatur erfordert Unterzeichner, aber keiner verfügbar"
 #. 073
 #. 074
 #: ../lib/hx509/hx509_err.c:84 ../lib/hx509/hx509_err.c:85
-msgid "RSA public encyption failed"
+msgid "RSA public encryption failed"
 msgstr "RSA-Verschlüsselung mit öffentlichem Schlüssel fehlgeschlagen"

 #. 075
--- a/third_party/heimdal/po/heim_com_err569856/heim_com_err569856.pot
+++ b/third_party/heimdal/po/heim_com_err569856/heim_com_err569856.pot
@ -267,7 +267,7 @@ msgstr ""
 #. 073
 #. 074
 #: ../lib/hx509/hx509_err.c:84 ../lib/hx509/hx509_err.c:85
-msgid "RSA public encyption failed"
+msgid "RSA public encryption failed"
 msgstr ""

 #. 075
--- a/third_party/heimdal/po/heimdal_krb5/de.po
+++ b/third_party/heimdal/po/heimdal_krb5/de.po
@ -325,9 +325,8 @@ msgstr "Verschlüsselungstyp %s ist deaktiviert."
 msgid "checksum type %s is disabled"
 msgstr "Prüfsummentyp %s ist deaktiviert."

-# FIXME: s/confunder/confounder/
 #: lib/krb5/crypto.c:2958
-msgid "Encrypted data shorter then checksum + confunder"
+msgid "Encrypted data shorter then checksum + confounder"
 msgstr "verschlüsselte Daten kürzer als Prüfsumme + Störfaktor"

 #: lib/krb5/crypto.c:3585
--- a/third_party/heimdal/po/heimdal_krb5/heimdal_krb5.pot
+++ b/third_party/heimdal/po/heimdal_krb5/heimdal_krb5.pot
@ -549,7 +549,7 @@ msgid "checksum type %s is disabled"
 msgstr ""

 #: lib/krb5/crypto.c:2958
-msgid "Encrypted data shorter then checksum + confunder"
+msgid "Encrypted data shorter then checksum + confounder"
 msgstr ""

 #: lib/krb5/crypto.c:3585
--- a/third_party/heimdal/po/heimdal_krb5/sv_SE.po
+++ b/third_party/heimdal/po/heimdal_krb5/sv_SE.po
@ -540,7 +540,7 @@ msgid "checksum type %s is disabled"
 msgstr ""

 #: lib/krb5/crypto.c:2979
-msgid "Encrypted data shorter then checksum + confunder"
+msgid "Encrypted data shorter then checksum + confounder"
 msgstr ""

 #: lib/krb5/crypto.c:3589