From: Andrew Bartlett Date: Tue, 27 Feb 2024 01:55:27 +0000 (+1300) Subject: third_party/heimdal: import lorikeet-heimdal-202402270140 (commit e78a9d974c680d77565... X-Git-Tag: tdb-1.4.11~1674 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ea41dccb99b6448c93c43b8de8d2bcca698f1a7c;p=thirdparty%2Fsamba.git third_party/heimdal: import lorikeet-heimdal-202402270140 (commit e78a9d974c680d775650fb51f617ca7bf9d6727d) Signed-off-by: Andrew Bartlett Reviewed-by: Jo Sutton --- diff --git a/third_party/heimdal/kdc/kdc-accessors.h b/third_party/heimdal/kdc/kdc-accessors.h index c00fd49d60b..8d1305a139e 100644 --- a/third_party/heimdal/kdc/kdc-accessors.h +++ b/third_party/heimdal/kdc/kdc-accessors.h @@ -339,6 +339,13 @@ ASTGS_REQUEST_SET_ACCESSOR_PTR(struct krb5_pac_data *, pac, pac) ASTGS_REQUEST_GET_ACCESSOR(uint64_t, pac_attributes) +/* + * unsigned int + * kdc_request_get_pkinit_freshness_used(astgs_request_t); + */ + +ASTGS_REQUEST_GET_ACCESSOR(unsigned int, pkinit_freshness_used) + /* * void * kdc_request_set_pac_attributes(astgs_request_t, uint64_t); diff --git a/third_party/heimdal/kdc/kdc_locl.h b/third_party/heimdal/kdc/kdc_locl.h index f2160b72419..d56d6b557b9 100644 --- a/third_party/heimdal/kdc/kdc_locl.h +++ b/third_party/heimdal/kdc/kdc_locl.h @@ -155,6 +155,7 @@ struct astgs_request_desc { /* Only AS */ const struct kdc_patypes *pa_used; + unsigned int pkinit_freshness_used : 1; /* PA methods can affect both the reply key and the session key (pkinit) */ krb5_enctype sessionetype; diff --git a/third_party/heimdal/kdc/libkdc-exports.def b/third_party/heimdal/kdc/libkdc-exports.def index 1d42b8c570c..1c6997a23c2 100644 --- a/third_party/heimdal/kdc/libkdc-exports.def +++ b/third_party/heimdal/kdc/libkdc-exports.def @@ -49,6 +49,7 @@ EXPORTS kdc_request_get_krbtgt_princ kdc_request_get_pac kdc_request_get_pac_attributes + kdc_request_get_pkinit_freshness_used kdc_request_get_rep kdc_request_get_reply_key kdc_request_get_req diff --git a/third_party/heimdal/kdc/pkinit.c b/third_party/heimdal/kdc/pkinit.c index c853359bbc2..9f1f4b106f0 100644 --- a/third_party/heimdal/kdc/pkinit.c +++ b/third_party/heimdal/kdc/pkinit.c @@ -1996,6 +1996,8 @@ _kdc_pk_validate_freshness_token(astgs_request_t r, return KRB5_KDC_ERR_PREAUTH_EXPIRED; } + r->pkinit_freshness_used = TRUE; + free_PA_ENC_TS_ENC(&ts_enc); return 0; } diff --git a/third_party/heimdal/kdc/version-script.map b/third_party/heimdal/kdc/version-script.map index c644b30c8e4..508357d0a7d 100644 --- a/third_party/heimdal/kdc/version-script.map +++ b/third_party/heimdal/kdc/version-script.map @@ -52,6 +52,7 @@ HEIMDAL_KDC_1.0 { kdc_request_get_krbtgt_princ; kdc_request_get_pac; kdc_request_get_pac_attributes; + kdc_request_get_pkinit_freshness_used; kdc_request_get_rep; kdc_request_get_reply_key; kdc_request_get_req; diff --git a/third_party/heimdal/lib/asn1/asn1_err.et b/third_party/heimdal/lib/asn1/asn1_err.et index ac7a9ebaa52..dc08a86cf30 100644 --- a/third_party/heimdal/lib/asn1/asn1_err.et +++ b/third_party/heimdal/lib/asn1/asn1_err.et @@ -23,7 +23,7 @@ error_code MIN_CONSTRAINT, "ASN.1 too few elements" error_code MAX_CONSTRAINT, "ASN.1 too many elements" error_code EXACT_CONSTRAINT, "ASN.1 wrong number of elements" error_code INDEF_OVERRUN, "ASN.1 BER indefinte encoding overrun" -error_code INDEF_UNDERRUN, "ASN.1 BER indefinte encoding underun" +error_code INDEF_UNDERRUN, "ASN.1 BER indefinte encoding underrun" error_code GOT_BER, "ASN.1 got BER encoded when expected DER" error_code INDEF_EXTRA_DATA, "ASN.1 EoC tag contained data" end diff --git a/third_party/heimdal/lib/asn1/asn1_print.c b/third_party/heimdal/lib/asn1/asn1_print.c index 9ef6ffd23a2..9b598b78cdf 100644 --- a/third_party/heimdal/lib/asn1/asn1_print.c +++ b/third_party/heimdal/lib/asn1/asn1_print.c @@ -566,7 +566,7 @@ dotype(unsigned char *buf, size_t len, char **argv, size_t *size) "BER indefinte encoding overun", typename); case ASN1_INDEF_UNDERRUN: errx(1, "Could not decode and print data as type %s: " - "BER indefinte encoding underun", typename); + "BER indefinte encoding underrun", typename); case ASN1_GOT_BER: errx(1, "Could not decode and print data as type %s: " "BER encoding when DER expected", typename); diff --git a/third_party/heimdal/lib/base/heimbase.c b/third_party/heimdal/lib/base/heimbase.c index 4e9ea1b4b5f..05add641e01 100644 --- a/third_party/heimdal/lib/base/heimbase.c +++ b/third_party/heimdal/lib/base/heimbase.c @@ -701,7 +701,7 @@ heim_auto_release(heim_object_t ptr) } if (tls == NULL || (ar = tls->current) == NULL) - heim_abort("no auto relase pool in place, would leak"); + heim_abort("no auto release pool in place, would leak"); HEIMDAL_MUTEX_lock(&ar->pool_mutex); HEIM_TAILQ_INSERT_HEAD(&ar->pool, p, autorel); diff --git a/third_party/heimdal/lib/gssapi/spnego/accept_sec_context.c b/third_party/heimdal/lib/gssapi/spnego/accept_sec_context.c index c4ac7455cf6..7a211900fd3 100644 --- a/third_party/heimdal/lib/gssapi/spnego/accept_sec_context.c +++ b/third_party/heimdal/lib/gssapi/spnego/accept_sec_context.c @@ -747,7 +747,7 @@ acceptor_start HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); return gss_mg_set_error_string(GSS_C_NO_OID, GSS_S_NO_CONTEXT, *minor_status, - "SPNEGO acceptor didn't find a prefered mechanism"); + "SPNEGO acceptor didn't find a preferred mechanism"); } /* diff --git a/third_party/heimdal/lib/hx509/cert.c b/third_party/heimdal/lib/hx509/cert.c index 4fcb4ba8da9..9c7997dc46e 100644 --- a/third_party/heimdal/lib/hx509/cert.c +++ b/third_party/heimdal/lib/hx509/cert.c @@ -1506,7 +1506,7 @@ _hx509_calculate_path(hx509_context context, if (path->len > max_depth) { hx509_cert_free(current); hx509_set_error_string(context, 0, HX509_PATH_TOO_LONG, - "Path too long while bulding " + "Path too long while building " "certificate chain"); return HX509_PATH_TOO_LONG; } diff --git a/third_party/heimdal/lib/hx509/hx509_err.et b/third_party/heimdal/lib/hx509/hx509_err.et index 9b816754022..70c747a9cfe 100644 --- a/third_party/heimdal/lib/hx509/hx509_err.et +++ b/third_party/heimdal/lib/hx509/hx509_err.et @@ -62,8 +62,8 @@ error_code SIG_INVALID_FORMAT, "Invalid format on signature" error_code OID_MISMATCH, "Mismatch between oids" error_code NO_PROMPTER, "No prompter function defined" error_code SIGNATURE_WITHOUT_SIGNER, "Signature requires signer, but none available" -error_code RSA_PUBLIC_ENCRYPT, "RSA public encyption failed" -error_code RSA_PRIVATE_ENCRYPT, "RSA private encyption failed" +error_code RSA_PUBLIC_ENCRYPT, "RSA public encryption failed" +error_code RSA_PRIVATE_ENCRYPT, "RSA private encryption failed" error_code RSA_PUBLIC_DECRYPT, "RSA public decryption failed" error_code RSA_PRIVATE_DECRYPT, "RSA private decryption failed" error_code ALGORITHM_BEST_BEFORE, "Algorithm has passed its best before date" diff --git a/third_party/heimdal/lib/krb5/crypto.c b/third_party/heimdal/lib/krb5/crypto.c index b52f084669a..af86f7c4575 100644 --- a/third_party/heimdal/lib/krb5/crypto.c +++ b/third_party/heimdal/lib/krb5/crypto.c @@ -1226,7 +1226,7 @@ decrypt_internal_derived(krb5_context context, if (len < checksum_sz + et->confoundersize) { krb5_set_error_message(context, KRB5_BAD_MSIZE, N_("Encrypted data shorter then " - "checksum + confunder", "")); + "checksum + confounder", "")); return KRB5_BAD_MSIZE; } @@ -1301,7 +1301,7 @@ decrypt_internal_enc_then_cksum(krb5_context context, if (len < checksum_sz + et->confoundersize) { krb5_set_error_message(context, KRB5_BAD_MSIZE, N_("Encrypted data shorter then " - "checksum + confunder", "")); + "checksum + confounder", "")); return KRB5_BAD_MSIZE; } @@ -1383,7 +1383,7 @@ decrypt_internal(krb5_context context, if (len < checksum_sz + et->confoundersize) { krb5_set_error_message(context, KRB5_BAD_MSIZE, N_("Encrypted data shorter then " - "checksum + confunder", "")); + "checksum + confounder", "")); return KRB5_BAD_MSIZE; } @@ -1445,7 +1445,7 @@ decrypt_internal_special(krb5_context context, if (len < cksum_sz + et->confoundersize) { krb5_set_error_message(context, KRB5_BAD_MSIZE, N_("Encrypted data shorter then " - "checksum + confunder", "")); + "checksum + confounder", "")); return KRB5_BAD_MSIZE; } diff --git a/third_party/heimdal/lib/sqlite/sqlite3.c b/third_party/heimdal/lib/sqlite/sqlite3.c index de55858cb0f..7aaed45e977 100644 --- a/third_party/heimdal/lib/sqlite/sqlite3.c +++ b/third_party/heimdal/lib/sqlite/sqlite3.c @@ -95906,7 +95906,7 @@ static int vdbeSorterFlushPMA(VdbeSorter *pSorter){ ** the background thread from a sub-tasks previous turn is still running, ** skip it. If the first (pSorter->nTask-1) sub-tasks are all still busy, ** fall back to using the final sub-task. The first (pSorter->nTask-1) - ** sub-tasks are prefered as they use background threads - the final + ** sub-tasks are preferred as they use background threads - the final ** sub-task uses the main thread. */ for(i=0; iiPrev + i + 1) % nWorker; diff --git a/third_party/heimdal/po/heim_com_err569856/de.po b/third_party/heimdal/po/heim_com_err569856/de.po index 5e6ace5d766..ba2dbf6e93d 100644 --- a/third_party/heimdal/po/heim_com_err569856/de.po +++ b/third_party/heimdal/po/heim_com_err569856/de.po @@ -273,7 +273,7 @@ msgstr "Signatur erfordert Unterzeichner, aber keiner verfügbar" #. 073 #. 074 #: ../lib/hx509/hx509_err.c:84 ../lib/hx509/hx509_err.c:85 -msgid "RSA public encyption failed" +msgid "RSA public encryption failed" msgstr "RSA-Verschlüsselung mit öffentlichem Schlüssel fehlgeschlagen" #. 075 diff --git a/third_party/heimdal/po/heim_com_err569856/heim_com_err569856.pot b/third_party/heimdal/po/heim_com_err569856/heim_com_err569856.pot index 2913f6bcb9c..2305f21a962 100644 --- a/third_party/heimdal/po/heim_com_err569856/heim_com_err569856.pot +++ b/third_party/heimdal/po/heim_com_err569856/heim_com_err569856.pot @@ -267,7 +267,7 @@ msgstr "" #. 073 #. 074 #: ../lib/hx509/hx509_err.c:84 ../lib/hx509/hx509_err.c:85 -msgid "RSA public encyption failed" +msgid "RSA public encryption failed" msgstr "" #. 075 diff --git a/third_party/heimdal/po/heimdal_krb5/de.po b/third_party/heimdal/po/heimdal_krb5/de.po index 037cc46c1e5..26efb2934fd 100644 --- a/third_party/heimdal/po/heimdal_krb5/de.po +++ b/third_party/heimdal/po/heimdal_krb5/de.po @@ -325,9 +325,8 @@ msgstr "Verschlüsselungstyp %s ist deaktiviert." msgid "checksum type %s is disabled" msgstr "Prüfsummentyp %s ist deaktiviert." -# FIXME: s/confunder/confounder/ #: lib/krb5/crypto.c:2958 -msgid "Encrypted data shorter then checksum + confunder" +msgid "Encrypted data shorter then checksum + confounder" msgstr "verschlüsselte Daten kürzer als Prüfsumme + Störfaktor" #: lib/krb5/crypto.c:3585 diff --git a/third_party/heimdal/po/heimdal_krb5/heimdal_krb5.pot b/third_party/heimdal/po/heimdal_krb5/heimdal_krb5.pot index 9dbaaaf7282..ac3effae614 100644 --- a/third_party/heimdal/po/heimdal_krb5/heimdal_krb5.pot +++ b/third_party/heimdal/po/heimdal_krb5/heimdal_krb5.pot @@ -549,7 +549,7 @@ msgid "checksum type %s is disabled" msgstr "" #: lib/krb5/crypto.c:2958 -msgid "Encrypted data shorter then checksum + confunder" +msgid "Encrypted data shorter then checksum + confounder" msgstr "" #: lib/krb5/crypto.c:3585 diff --git a/third_party/heimdal/po/heimdal_krb5/sv_SE.po b/third_party/heimdal/po/heimdal_krb5/sv_SE.po index ffd1ca7c8d6..8d5caa1a634 100644 --- a/third_party/heimdal/po/heimdal_krb5/sv_SE.po +++ b/third_party/heimdal/po/heimdal_krb5/sv_SE.po @@ -540,7 +540,7 @@ msgid "checksum type %s is disabled" msgstr "" #: lib/krb5/crypto.c:2979 -msgid "Encrypted data shorter then checksum + confunder" +msgid "Encrypted data shorter then checksum + confounder" msgstr "" #: lib/krb5/crypto.c:3589