diff --git a/net-mgmt/adcli/Makefile b/net-mgmt/adcli/Makefile index 6a072c5974ba..1c7c2cad332b 100644 --- a/net-mgmt/adcli/Makefile +++ b/net-mgmt/adcli/Makefile @@ -1,59 +1,37 @@ PORTNAME= adcli PORTVERSION= 0.9.2 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= net-mgmt net security -MASTER_SITES= https://gitlab.freedesktop.org/realmd/adcli/-/archive/${PORTVERSION}/ MAINTAINER= ports@virtual-estates.net COMMENT= Tool for performing actions on an Active Directory domain WWW= https://www.freedesktop.org/software/realmd/adcli/adcli.html LICENSE= LGPL21 BUILD_DEPENDS= xsltproc:textproc/libxslt \ docbook-xml>0:textproc/docbook-xml \ docbook-xsl>0:textproc/docbook-xsl -GNU_CONFIGURE= yes -GNU_CONFIGURE_MANPREFIX=${PREFIX}/share -TEST_TARGET= check +USES= autoreconf gssapi:mit,flags iconv ldap libtool localbase tar:bz2 -OPTIONS_DEFINE= DOCS -OPTIONS_SINGLE= GSSAPI -OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT -OPTIONS_DEFAULT= GSSAPI_BASE +USE_GITLAB= yes +GL_SITE= https://gitlab.freedesktop.org +GL_ACCOUNT= realmd +GNU_CONFIGURE= yes +CONFIGURE_ARGS= ${GSSAPI_CONFIGURE_ARGS} # xsltproc and docbook are needed to create the man-page. xmlto is only # required for generating HTML-documents, which are optional. CONFIGURE_ENV+= ac_cv_path_KRB5_CONFIG=${KRB5CONFIG} \ ac_cv_path_XMLTO=${PORT_OPTIONS:MDOCS:S|DOCS|${LOCALBASE}/bin/xmlto|:S|^$|${TRUE}|} -CONFIGURE_ARGS= --sysconfdir=/etc +TEST_TARGET= check -CFLAGS+= -I${ICONV_INCLUDE_PATH} -LDFLAGS+= -L${ICONV_LIB_PATH} ${ICONV_LIB} -USES= autoreconf iconv ldap libtool localbase tar:bz2 +OPTIONS_DEFINE= DOCS DOCS_BUILD_DEPENDS= xmlto:textproc/xmlto -GSSAPI_BASE_USES= gssapi -GSSAPI_MIT_USES= gssapi:mit,flags -GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags - -GSSAPI_BASE_CONFIGURE_ARGS= --sysconfdir=/etc -GSSAPI_BASE_CONFIGURE_ENV= KRB5_CFLAGS="-I${GSSAPIINCDIR}" \ - KRB5_LIBS="${GSSAPILIBS}" -GSSAPI_HEIMDAL_CONFIGURE_ARGS= --sysconfdir=${LOCALBASE}/etc -GSSAPI_HEIMDAL_CONFIGURE_ENV= KRB5_CFLAGS="-I${GSSAPIINCDIR}/heimdal" \ - KRB5_LIBS="${GSSAPILDFLAGS} ${GSSAPILIBS}" -GSSAPI_MIT_CONFIGURE_ARGS= --sysconfdir=${LOCALBASE}/etc -GSSAPI_MIT_CONFIGURE_ENV= KRB5_CFLAGS="-I${GSSAPIINCDIR}/gssapi" \ - KRB5_LIBS="${GSSAPILDFLAGS} ${GSSAPILIBS} -lk5crypto" - -GSSAPI_BASE_CFLAGS+= -DHEIMDAL -GSSAPI_HEIMDAL_CFLAGS+= -DHEIMDAL -# Quiets down warnings inside MIT's headers: -GSSAPI_MIT_CFLAGS+= -DTARGET_OS_MAC=0 post-build: ${RM} ${WRKSRC}/doc/html/adcli-docs.proc # An empty file... .include diff --git a/net-mgmt/adcli/files/patch-configure b/net-mgmt/adcli/files/patch-configure.ac similarity index 60% rename from net-mgmt/adcli/files/patch-configure rename to net-mgmt/adcli/files/patch-configure.ac index 86fdeacb99bb..04214ee81647 100644 --- a/net-mgmt/adcli/files/patch-configure +++ b/net-mgmt/adcli/files/patch-configure.ac @@ -1,24 +1,28 @@ ---- configure.ac 2021-02-20 08:51:40.000000000 -0500 -+++ configure.ac 2021-10-12 16:57:31.442711000 -0400 -@@ -104,5 +104,8 @@ +--- configure.ac.orig 2022-09-28 17:04:28 UTC ++++ configure.ac +@@ -103,7 +103,10 @@ for lib in "" "-lresolv"; do + saved_LIBS="$LIBS" LIBS="$LIBS $lib" AC_LINK_IFELSE([ - AC_LANG_PROGRAM([#include ], + AC_LANG_PROGRAM([[#include ] + [#include ] + [#include ] + [#include ]], - [res_query (0, 0, 0, 0, 0)]) - ], -@@ -269,11 +272,4 @@ + [res_query (0, 0, 0, 0, 0); + ns_get32 (NULL); + ns_get16 (NULL);]) +@@ -285,13 +288,6 @@ else + AC_MSG_ERROR([cat is not available]) else AC_DEFINE_UNQUOTED(BIN_CAT, "$BIN_CAT", [path to cat, used in unit test]) -fi - -AC_PATH_PROG(BIN_TAC, tac, no) -if test "$BIN_TAC" = "no" ; then - AC_MSG_ERROR([tac is not available]) -else - AC_DEFINE_UNQUOTED(BIN_TAC, "$BIN_TAC", [path to tac, used in unit test]) fi + AC_PATH_PROG(BIN_REV, rev, no) diff --git a/net-mgmt/adcli/files/patch-heimdal b/net-mgmt/adcli/files/patch-heimdal deleted file mode 100644 index 01beb36be797..000000000000 --- a/net-mgmt/adcli/files/patch-heimdal +++ /dev/null @@ -1,630 +0,0 @@ -Submitted upstream: - - https://bugs.freedesktop.org/show_bug.cgi?id=96558 - ---- library/adprivate.h 2015-12-11 05:29:24.000000000 -0500 -+++ library/adprivate.h 2016-06-15 19:21:07.357447000 -0400 -@@ -39,4 +39,12 @@ - #endif - -+#ifdef HEIMDAL -+#define MAX_KEYTAB_NAME_LEN 1100 /* This is, what Samba does */ -+#define krb5_free_string(ctx, string) krb5_xfree(string) -+#define krb5_free_keytab_entry_contents krb5_kt_free_entry /* Samba as well */ -+#else -+typedef krb5_data krb5_salt; /* MIT Kerberos does not have this */ -+#endif -+ - /* Utilities */ - -@@ -133,5 +141,5 @@ int _adcli_str_has_suffix - const char *suffix); - --char * _adcli_str_dupn (void *data, -+char * _adcli_str_dupn (const void *data, - size_t len); - -@@ -248,5 +256,5 @@ krb5_error_code _adcli_krb5_keytab_add_ - krb5_data *password, - krb5_enctype *enctypes, -- krb5_data *salt); -+ const krb5_salt *salt); - - krb5_error_code _adcli_krb5_keytab_test_salt (krb5_context k5, -@@ -256,5 +264,5 @@ krb5_error_code _adcli_krb5_keytab_test - krb5_data *password, - krb5_enctype *enctypes, -- krb5_data *salt); -+ const krb5_salt *salt); - - krb5_error_code _adcli_krb5_keytab_discover_salt (krb5_context k5, -@@ -263,5 +271,5 @@ krb5_error_code _adcli_krb5_keytab_disc - krb5_data *password, - krb5_enctype *enctypes, -- krb5_data *salts, -+ const krb5_salt *salts, - int *discovered); - -@@ -269,5 +277,5 @@ krb5_error_code _adcli_krb5_w2k3_salt - krb5_principal principal, - const char *host_netbios, -- krb5_data *salt); -+ krb5_salt *salt); - - krb5_enctype * _adcli_krb5_parse_enctypes (const char *value); ---- library/adconn.h 2015-12-07 03:59:59.000000000 -0500 -+++ library/adconn.h 2016-06-15 17:34:40.511127000 -0400 -@@ -27,5 +27,9 @@ - #include "adutil.h" - --#include -+#ifdef HEIMDAL -+# include -+#else -+# include -+#endif - #include - ---- library/adenroll.c 2021-02-20 08:51:40.000000000 -0500 -+++ library/adenroll.c 2021-10-12 20:53:10.777253000 -0400 -@@ -29,5 +29,11 @@ - - #include --#include -+#ifdef HEIMDAL -+# include -+# define krb5_free_data_contents(ctx, data) krb5_data_free(data) -+# define krb5_free_enctypes(ctx, enctypes) free(enctypes) -+#else -+# include -+#endif - #include - #include -@@ -315,5 +321,7 @@ - char *password; - krb5_context k5; -+#ifndef HEIMDAL - krb5_error_code code; -+#endif - krb5_data buffer; - int at; -@@ -330,6 +338,10 @@ - buffer.data = password + at; - -+#ifdef HEIMDAL -+ krb5_generate_random_block(buffer.data, buffer.length); -+#else - code = krb5_c_random_make_octets (k5, &buffer); - return_val_if_fail (code == 0, NULL); -+#endif - - at += filter (buffer.data, buffer.length); -@@ -1302,5 +1314,5 @@ - _adcli_err ("Cannot set %s password: %.*s%s%s", - s_or_c (enroll), -- (int)result_code_string.length, result_code_string.data, -+ (int)result_code_string.length, (char *)result_code_string.data, - message ? ": " : "", message ? message : ""); - res = ADCLI_ERR_CREDENTIALS; -@@ -1350,5 +1362,6 @@ - } - -- code = krb5_change_password (k5, &creds, enroll->computer_password, -+ /* Use new krb5_set_password instead of deprecated krb5_change_password */ -+ code = krb5_set_password (k5, &creds, enroll->computer_password, NULL, - &result_code, &result_code_string, &result_string); - -@@ -1372,5 +1385,5 @@ - #endif - _adcli_err ("Cannot change computer password: %.*s%s%s", -- (int)result_code_string.length, result_code_string.data, -+ (int)result_code_string.length, (char *)result_code_string.data, - message ? ": " : "", message ? message : ""); - res = ADCLI_ERR_CREDENTIALS; -@@ -1749,5 +1762,5 @@ - return_unexpected_if_fail (code == 0); - -- enroll->keytab_name = name; -+ enroll->keytab_name = realloc(name, strlen(name) + 1); - enroll->keytab_name_is_krb5 = 1; - } -@@ -1765,6 +1778,6 @@ - krb5_error_code code; - krb5_principal principal; -- const char *realm; -- size_t len; -+ const char *realm, *entry_realm; -+ size_t len, entry_realm_len; - char *value; - char *name; -@@ -1772,11 +1785,22 @@ - /* Skip over any entry without a principal or realm */ - principal = entry->principal; -- if (!principal || !principal->realm.length) -+ if (principal == NULL) - return TRUE; -+#ifdef HEIMDAL -+ entry_realm = krb5_principal_get_realm(k5, principal); -+ if (entry_realm == NULL || entry_realm[0] == '\0') -+ return TRUE; -+ entry_realm_len = strlen(entry_realm); -+#else -+ if (!principal->realm.length) -+ return TRUE; -+ entry_realm = principal->realm.data; -+ entry_realm_len = principal->realm.length; -+#endif - - /* Use the first keytab entry as realm */ - realm = adcli_conn_get_domain_realm (enroll->conn); - if (!realm) { -- value = _adcli_str_dupn (principal->realm.data, principal->realm.length); -+ value = _adcli_str_dupn (entry_realm, entry_realm_len); - adcli_conn_set_domain_realm (enroll->conn, value); - _adcli_info ("Found realm in keytab: %s", value); -@@ -1787,5 +1811,5 @@ - /* Only look at entries that match the realm */ - len = strlen (realm); -- if (principal->realm.length != len && strncmp (realm, principal->realm.data, len) != 0) -+ if (entry_realm_len != len && strncmp (realm, entry_realm, len) != 0) - return TRUE; - -@@ -1888,7 +1912,13 @@ - } - --#define DEFAULT_SALT 1 -+enum SALTS { -+ STANDARD_SALT, -+ W2K3_SALT, -+ NULL_SALT, -+ _NUM_SALTS -+}; -+#define DEFAULT_SALT W2K3_SALT - --static krb5_data * -+static krb5_salt * - build_principal_salts (adcli_enroll *enroll, - krb5_context k5, -@@ -1896,23 +1926,29 @@ - { - krb5_error_code code; -- krb5_data *salts; -- const int count = 3; -- int i = 0; -+ krb5_salt *salts; - -- salts = calloc (count, sizeof (krb5_data)); -+ salts = calloc (_NUM_SALTS, sizeof (*salts)); - return_val_if_fail (salts != NULL, NULL); - - /* Build up the salts, first a standard kerberos salt */ -- code = krb5_principal2salt (k5, principal, &salts[i++]); -+#ifdef HEIMDAL -+ code = krb5_get_pw_salt(k5, principal, &salts[STANDARD_SALT]); -+#else -+ code = krb5_principal2salt(k5, principal, &salts[STANDARD_SALT]); -+#endif - return_val_if_fail (code == 0, NULL); - - /* Then a Windows 2003 computer account salt */ -- code = _adcli_krb5_w2k3_salt (k5, principal, enroll->computer_name, &salts[i++]); -+ code = _adcli_krb5_w2k3_salt (k5, principal, enroll->computer_name, &salts[W2K3_SALT]); - return_val_if_fail (code == 0, NULL); - - /* And lastly a null salt */ -- salts[i++].data = NULL; -+#ifdef HEIMDAL -+ salts[NULL_SALT].salttype = KRB5_PW_SALT; -+ salts[NULL_SALT].saltvalue.data = NULL; -+#else -+ salts[NULL_SALT].data = NULL; -+#endif - -- assert (count == i); - return salts; - } -@@ -1920,10 +1956,15 @@ - static void - free_principal_salts (krb5_context k5, -- krb5_data *salts) -+ krb5_salt *salts) - { - int i; - -+#ifdef HEIMDAL -+ for (i = 0; i < _NUM_SALTS; i++) -+ krb5_free_salt(k5, salts[i]); -+#else - for (i = 0; salts[i].data != NULL; i++) - krb5_free_data_contents (k5, salts + i); -+#endif - - free (salts); -@@ -1976,5 +2017,5 @@ - krb5_data password; - krb5_error_code code; -- krb5_data *salts; -+ krb5_salt *salts; - krb5_enctype *enctypes; - -@@ -2076,5 +2117,9 @@ - res = add_principal_to_keytab (enroll, k5, enroll->keytab_principals[i], - name, &which_salt, flags); -+#ifdef HEIMDAL -+ krb5_xfree(name); -+#else - krb5_free_unparsed_name (k5, name); -+#endif - - if (res != ADCLI_SUCCESS) -@@ -3349,5 +3394,10 @@ - /* check that ENCTYPE_UNKNOWN is filtered out */ - check_enctypes[0] = permitted_enctypes[0]; -+#ifdef HEIMDAL -+ /* XXX Not sure, if this is needed under Heimdal at all */ -+ check_enctypes[1] = KRB5_ENCTYPE_NULL; -+#else - check_enctypes[1] = ENCTYPE_UNKNOWN; -+#endif - check_enctypes[2] = 0; - adcli_enroll_set_keytab_enctypes (enroll, check_enctypes); ---- library/adkrb5.c 2021-02-20 08:51:40.000000000 -0500 -+++ library/adkrb5.c 2021-10-12 21:44:40.955444000 -0400 -@@ -28,5 +28,12 @@ - - #include --#include -+#ifndef ENOKEY -+# define ENOKEY ENOTCAPABLE -+#endif -+#ifdef HEIMDAL -+# include -+#else -+# include -+#endif - - #include -@@ -83,5 +90,9 @@ - /* See if we should remove this entry */ - if (!match_func (k5, &entry, match_data)) { -+#ifdef HEIMDAL -+ krb5_kt_free_entry(k5, &entry); -+#else - krb5_free_keytab_entry_contents (k5, &entry); -+#endif - continue; - } -@@ -96,5 +107,9 @@ - - code = krb5_kt_remove_entry (k5, keytab, &entry); -+#ifdef HEIMDAL -+ krb5_kt_free_entry(k5, &entry); -+#else - krb5_free_keytab_entry_contents (k5, &entry); -+#endif - - if (code != 0) -@@ -220,14 +235,20 @@ - void *data) - { -- krb5_boolean similar = FALSE; - match_enctype_kvno *closure = data; -+#ifndef HEIMDAL -+ krb5_boolean similar = FALSE; - krb5_error_code code; -+#endif - - assert (closure->enctype); - -+#ifndef HEIMDAL - code = krb5_c_enctype_compare (k5, closure->enctype, entry->key.enctype, - &similar); - - if (code == 0 && entry->vno == closure->kvno && similar) { -+#else -+ if (krb5_kt_compare(k5, entry, NULL, closure->kvno, closure->enctype)) { -+#endif - closure->matched = 1; - return 1; -@@ -267,5 +288,11 @@ - } - -- code = krb5_copy_keyblock_contents (k5, &entry.key, keyblock); -+ code = krb5_copy_keyblock_contents (k5, -+#ifdef HEIMDAL -+ &entry.keyblock, -+#else -+ &entry.key, -+#endif -+ keyblock); - krb5_free_keytab_entry_contents (k5, &entry); - break; -@@ -301,5 +328,10 @@ - memset (&entry, 0, sizeof (entry)); - -- code = _adcli_krb5_get_keyblock (k5, keytab, &entry.key, -+ code = _adcli_krb5_get_keyblock (k5, keytab, -+#ifdef HEIMDAL -+ &entry.keyblock, -+#else -+ &entry.key, -+#endif - match_enctype_and_kvno, &closure); - if (code != 0 || closure.matched == 0) { -@@ -329,5 +361,5 @@ - krb5_data *password, - krb5_enctype *enctypes, -- krb5_data *salt) -+ const krb5_salt *salt) - { - krb5_keytab_entry entry; -@@ -338,5 +370,10 @@ - memset (&entry, 0, sizeof(entry)); - -+#ifdef HEIMDAL -+ code = krb5_string_to_key_salt(k5, enctypes[i], password->data, -+ *salt, &entry.keyblock); -+#else - code = krb5_c_string_to_key (k5, enctypes[i], password, salt, &entry.key); -+#endif - if (code != 0) - return code; -@@ -364,5 +401,5 @@ - krb5_data *password, - krb5_enctype *enctypes, -- krb5_data *salt) -+ const krb5_salt *salt) - { - krb5_error_code code; -@@ -390,5 +427,5 @@ - krb5_data *password, - krb5_enctype *enctypes, -- krb5_data *salts, -+ const krb5_salt *salts, - int *discovered) - { -@@ -420,5 +457,11 @@ - } - -- for (i = 0; salts[i].data != NULL; i++) { -+ for (i = 0; -+#ifdef HEIMDAL -+ salts[i].saltvalue.data != NULL; -+#else -+ salts[i].data != NULL; -+#endif -+ i++) { - code = _adcli_krb5_keytab_test_salt (k5, scratch, principal, kvno, - password, salt_enctypes, &salts[i]); -@@ -440,11 +483,15 @@ - krb5_principal principal, - const char *host_netbios, -- krb5_data *salt) -+ krb5_salt *salt) - { -- krb5_data *realm; -- size_t size = 0; -- size_t host_length = 0; -+ const char *realm; -+#ifndef HEIMDAL -+ const krb5_data *krealm; -+#endif -+ size_t size = 0, realm_len; -+ size_t host_length; - size_t at = 0; - int i; -+ char *data; - - /* -@@ -453,41 +500,55 @@ - */ - -- realm = krb5_princ_realm (k5, principal); -+#ifdef HEIMDAL -+ salt->salttype = KRB5_PW_SALT; -+ realm = krb5_principal_get_realm(k5, principal); -+ realm_len = strlen(realm); -+#else -+ krealm = krb5_princ_realm (k5, principal); -+ realm = krealm->data; -+ realm_len = krealm->length; -+#endif - host_length = strlen (host_netbios); - -- size += realm->length; -+ size += realm_len; - size += 4; /* "host" */ - size += host_length; - size += 1; /* "." */ -- size += realm->length; -+ size += realm_len; - -- salt->data = malloc (size); -- return_val_if_fail (salt->data != NULL, ENOMEM); -+ data = malloc (size); -+ return_val_if_fail (data != NULL, ENOMEM); - - /* Upper case realm */ -- for (i = 0; i < realm->length; i++) -- salt->data[at + i] = toupper (realm->data[i]); -- at += realm->length; -+ for (i = 0; i < realm_len; i++) -+ data[at + i] = toupper (realm[i]); -+ at += realm_len; - - /* The string "host" */ -- memcpy (salt->data + at, "host", 4); -+ memcpy (data + at, "host", 4); - at += 4; - - /* The netbios name in lower case */ - for (i = 0; i < host_length; i++) -- salt->data[at + i] = tolower (host_netbios[i]); -+ data[at + i] = tolower (host_netbios[i]); - at += host_length; - - /* The dot */ -- memcpy (salt->data + at, ".", 1); -+ memcpy (data + at, ".", 1); - at += 1; - - /* Lower case realm */ -- for (i = 0; i < realm->length; i++) -- salt->data[at + i] = tolower (realm->data[i]); -- at += realm->length; -+ for (i = 0; i < realm_len; i++) -+ data[at + i] = tolower (realm[i]); -+ at += realm_len; - - assert (at == size); -+#ifdef HEIMDAL -+ salt->saltvalue.data = data; -+ salt->saltvalue.length = size; -+#else -+ salt->data = data; - salt->length = size; -+#endif - return 0; - } ---- library/adldap.c 2015-12-07 04:18:09.000000000 -0500 -+++ library/adldap.c 2016-06-15 17:36:22.374212000 -0400 -@@ -28,5 +28,9 @@ - - #include --#include -+#ifdef HEIMDAL -+# include -+#else -+# include -+#endif - #include - #include ---- library/adutil.c 2021-02-20 08:51:40.000000000 -0500 -+++ library/adutil.c 2024-01-18 18:14:00.000000000 -0400 -@@ -30,5 +30,4 @@ - #include - #include --#include - #include - #include -@@ -38,4 +38,9 @@ - #include - #include -+#ifdef __linux__ -+# include -+#else -+# include /* le32toh() */ -+#endif - - static adcli_message_func message_func = NULL; -@@ -84,4 +89,6 @@ - } - -+static void messagev(adcli_message_type, const char *, va_list) GNUC_PRINTF(2, 0); -+ - static void - messagev (adcli_message_type type, -@@ -414,5 +421,5 @@ - - char * --_adcli_str_dupn (void *data, -+_adcli_str_dupn (const void *data, - size_t len) - { ---- library/addisco.c 2015-12-07 04:18:09.000000000 -0500 -+++ library/addisco.c 2016-06-15 17:06:34.197797000 -0400 -@@ -32,4 +32,5 @@ - - #include -+#include - #include - ---- library/adconn.c 2015-12-16 04:33:30.000000000 -0500 -+++ library/adconn.c 2016-06-16 01:19:09.031863000 -0400 -@@ -27,10 +27,11 @@ - #include "adprivate.h" - #include "addisco.h" -+#include "adconn.h" - - #include --#include --#include - #include - -+#include -+ - #include - #include -@@ -386,5 +387,7 @@ - " %s = {\n" - " kdc = %s:88\n" -+#ifndef HEIMDAL - " master_kdc = %s:88\n" -+#endif - " kpasswd_server = %s\n" - " }\n" -@@ -392,5 +395,9 @@ - " %s = %s\n" - " %s = %s\n", -- conn->domain_realm, controller, controller, controller, -+ conn->domain_realm, controller, -+#ifndef HEIMDAL -+ controller, -+#endif -+ controller, - conn->canonical_host, conn->domain_realm, - conn->domain_controller, conn->domain_realm) < 0) -@@ -481,8 +488,10 @@ - return_val_if_fail (code == 0, code); - -+#ifndef HEIMDAL /* No such call in Heimdal -- not needed */ - if (ccache) { - code = krb5_get_init_creds_opt_set_out_ccache (k5, opt, ccache); - return_val_if_fail (code == 0, code); - } -+#endif - - memset (&dummy, 0, sizeof (dummy)); -@@ -554,8 +563,10 @@ - return_val_if_fail (code == 0, code); - -+#ifndef HEIMDAL /* No such call in Heimdal -- not needed */ - if (ccache) { - code = krb5_get_init_creds_opt_set_out_ccache (k5, opt, ccache); - return_val_if_fail (code == 0, code); - } -+#endif - - memset (&dummy, 0, sizeof (dummy)); -@@ -565,5 +576,5 @@ - code = krb5_get_init_creds_password (k5, creds, principal, - conn->user_password, null_prompter, NULL, -- 0, (char *)in_tkt_service, opt); -+ 0, in_tkt_service, opt); - - krb5_free_principal (k5, principal); -@@ -1014,5 +1025,9 @@ - - /* Clear the credential cache GSSAPI to use (for this thread) */ -+#ifdef HEIMDAL -+ status = gss_krb5_ccache_name (&minor, "", NULL); -+#else - status = gss_krb5_ccache_name (&minor, NULL, NULL); -+#endif - return_unexpected_if_fail (status == 0); - ---- tools/tools.c 2015-12-16 04:35:03.000000000 -0500 -+++ tools/tools.c 2016-06-16 02:53:00.103111000 -0400 -@@ -504,5 +504,12 @@ - errx (-1, "unexpected memory problems"); - adcli_conn_set_password_func (conn, adcli_prompt_password_func, NULL, NULL); -+#ifndef HEIMDAL -+ /* -+ * Only do this with MIT Kerberos. Heimdal does not support -+ * includedir and include directives and seems to work -+ * without this anyway. -+ */ - setup_krb5_conf_directory (conn); -+#endif - } - diff --git a/net-mgmt/adcli/files/patch-library_adconn.c b/net-mgmt/adcli/files/patch-library_adconn.c new file mode 100644 index 000000000000..56835ccff896 --- /dev/null +++ b/net-mgmt/adcli/files/patch-library_adconn.c @@ -0,0 +1,10 @@ +--- library/adconn.c.orig 2022-09-28 17:04:28 UTC ++++ library/adconn.c +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + + #include + #include diff --git a/net-mgmt/adcli/files/patch-library_addisco.c b/net-mgmt/adcli/files/patch-library_addisco.c new file mode 100644 index 000000000000..70a5f1f73b86 --- /dev/null +++ b/net-mgmt/adcli/files/patch-library_addisco.c @@ -0,0 +1,10 @@ +--- library/addisco.c.orig 2022-09-28 17:04:28 UTC ++++ library/addisco.c +@@ -32,6 +32,7 @@ + + #include + #include ++#include + + #include + #include diff --git a/net-mgmt/adcli/files/patch-library_adkrb5.c b/net-mgmt/adcli/files/patch-library_adkrb5.c new file mode 100644 index 000000000000..ca6b8c6b1266 --- /dev/null +++ b/net-mgmt/adcli/files/patch-library_adkrb5.c @@ -0,0 +1,20 @@ +--- library/adkrb5.c.orig 2022-09-28 17:04:28 UTC ++++ library/adkrb5.c +@@ -250,7 +250,7 @@ _adcli_krb5_get_keyblock (krb5_context k5, + krb5_error_code code; + + code = krb5_kt_start_seq_get (k5, keytab, &cursor); +- if (code == KRB5_KT_END || code == ENOENT) ++ if (code == KRB5_KT_END || code == KRB5_KT_NOTFOUND) + return 0; + else if (code != 0) + return code; +@@ -303,7 +303,7 @@ _adcli_krb5_keytab_copy_entries (krb5_context k5, + code = _adcli_krb5_get_keyblock (k5, keytab, &entry.key, + match_enctype_and_kvno, &closure); + if (code != 0 || closure.matched == 0) { +- return code != 0 ? code : ENOKEY; ++ return code != 0 ? code : KRB5_KT_NOTFOUND; + } + + entry.principal = principal;