From nobody Thu May 23 11:30:25 2024 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VlQvj6zd5z5LWdZ; Thu, 23 May 2024 11:30:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VlQvj6h0vz427r; Thu, 23 May 2024 11:30:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1716463825; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lK78flz43WAQKQWkVYEPCckDR5Ws1WXnUQ5+NdR249o=; b=Omk3LqyjKFwhv/JiHgA54YuhYoyNAGiPaBeuY2ag7luO6WB7C4/wMB+xkzYJBNsDiI1CaD yQ9uUh0XYgwNku8smPaZnmacVRqXkIuSJ1AFJCWkQvJmIKLBtAuirELNOoNLKy8rlcgMMR RsandRJTyurF6kUADaHkdb7akV6yHRDmv5Hiy7NySI/ZHHnBgH4+0zNXIyZhGTi68N/b7b l3rc3bNXOOaT2T6lPTs3UDlJrNJ/EW2T7sKspgjgYmZ9SjI7zjWf4oiaWxn5PW1bcsYXpS Z3WZAUIlw1aRrd5zGNXP0muvZnjySnQsgPmDJ87U75rUglkvbmVnAi2/oLr3cQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1716463825; a=rsa-sha256; cv=none; b=HkvQck747EbBCQfhuglqd8ZITdkIAIgOp7nidkq/6SLKENIPNrsSbgwEWoaLg68QB5fU9B zX87HieGv/7H74Ven+rN2rFsjZl0EFt3BGKWvJFdVFtocAPr955wr4H5Nloxka3OG5uGOk eU+Mt12Qer/aeC8uMlpiZUkZj16m04+QlSqtH8lcBifqFPpXVrRkMmX33T1EsJRnjrecjE NQzMwK86PfiqjfYeCSikuVbU6lfEbJDXKPfuzydMz6J7oxQB7i3zrnUEQ3lazvQE/odl0f AtKwI5t7eXD2WvLlp+Y+KOul0AcX8Osez1EfhpqmHWnkpbV6BaE0U6qfyn9HTw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1716463825; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lK78flz43WAQKQWkVYEPCckDR5Ws1WXnUQ5+NdR249o=; b=swpEI1mmHVjLV3iZd19vf4DW4bfl6tQIJ75qZzkqVaGhvhJlK6BWg0mBzP19667TVZLIVs xCBo7v1g93yazCKM2o59qTgVjrPE5ms2bM5Jqb1wB1WvyqWEkjuaiKwMjbNm18aPKD200n YR4zHJ+/iaHeNPks5tHCxcIpjoqacBSZYL3Lz/fkgE2WWeV8FlIRS7dhEhsDtG6tITZimX MkLNiRIuNC2AvRDabuZcCBp1jmf2g5gsSJV+wpe6Hck/rt8vasc+5ZvSfAzmFuBlCOeTA1 k/R4wT6satucD96evaqNgxMluelBwMdBMxYCi8Gn0nDrWBsoPSTY+LhRwIxJ8Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VlQvj6D82znjt; Thu, 23 May 2024 11:30:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 44NBUP9N048477; Thu, 23 May 2024 11:30:25 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 44NBUPBv048474; Thu, 23 May 2024 11:30:25 GMT (envelope-from git) Date: Thu, 23 May 2024 11:30:25 GMT Message-Id: <202405231130.44NBUPBv048474@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Gleb Popov Subject: git: b8e4873139e9 - main - net-mgmt/adcli: Remove homegrown Hiemdal support List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-all@freebsd.org Sender: owner-dev-commits-ports-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: arrowd X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b8e4873139e985e7d575537a139bb41330be4af3 Auto-Submitted: auto-generated The branch main has been updated by arrowd: URL: https://cgit.FreeBSD.org/ports/commit/?id=b8e4873139e985e7d575537a139bb41330be4af3 commit b8e4873139e985e7d575537a139bb41330be4af3 Author: Gleb Popov AuthorDate: 2024-05-23 10:47:32 +0000 Commit: Gleb Popov CommitDate: 2024-05-23 11:30:19 +0000 net-mgmt/adcli: Remove homegrown Hiemdal support The local patch adding Hiemdal support was causing 'adcli join' command to fail. Hiemdal is going away neverthless, so remove this patch. While here, fix Makefile style. Sponsored by: Serenity Cybersecurity, LLC --- net-mgmt/adcli/Makefile | 40 +- .../files/{patch-configure => patch-configure.ac} | 16 +- net-mgmt/adcli/files/patch-heimdal | 630 --------------------- net-mgmt/adcli/files/patch-library_adconn.c | 10 + net-mgmt/adcli/files/patch-library_addisco.c | 10 + net-mgmt/adcli/files/patch-library_adkrb5.c | 20 + 6 files changed, 59 insertions(+), 667 deletions(-) diff --git a/net-mgmt/adcli/Makefile b/net-mgmt/adcli/Makefile index 6a072c5974ba..1c7c2cad332b 100644 --- a/net-mgmt/adcli/Makefile +++ b/net-mgmt/adcli/Makefile @@ -1,8 +1,7 @@ PORTNAME= adcli PORTVERSION= 0.9.2 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= net-mgmt net security -MASTER_SITES= https://gitlab.freedesktop.org/realmd/adcli/-/archive/${PORTVERSION}/ MAINTAINER= ports@virtual-estates.net COMMENT= Tool for performing actions on an Active Directory domain @@ -14,44 +13,23 @@ BUILD_DEPENDS= xsltproc:textproc/libxslt \ docbook-xml>0:textproc/docbook-xml \ docbook-xsl>0:textproc/docbook-xsl -GNU_CONFIGURE= yes -GNU_CONFIGURE_MANPREFIX=${PREFIX}/share -TEST_TARGET= check +USES= autoreconf gssapi:mit,flags iconv ldap libtool localbase tar:bz2 -OPTIONS_DEFINE= DOCS -OPTIONS_SINGLE= GSSAPI -OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT -OPTIONS_DEFAULT= GSSAPI_BASE +USE_GITLAB= yes +GL_SITE= https://gitlab.freedesktop.org +GL_ACCOUNT= realmd +GNU_CONFIGURE= yes +CONFIGURE_ARGS= ${GSSAPI_CONFIGURE_ARGS} # xsltproc and docbook are needed to create the man-page. xmlto is only # required for generating HTML-documents, which are optional. CONFIGURE_ENV+= ac_cv_path_KRB5_CONFIG=${KRB5CONFIG} \ ac_cv_path_XMLTO=${PORT_OPTIONS:MDOCS:S|DOCS|${LOCALBASE}/bin/xmlto|:S|^$|${TRUE}|} -CONFIGURE_ARGS= --sysconfdir=/etc +TEST_TARGET= check -CFLAGS+= -I${ICONV_INCLUDE_PATH} -LDFLAGS+= -L${ICONV_LIB_PATH} ${ICONV_LIB} -USES= autoreconf iconv ldap libtool localbase tar:bz2 +OPTIONS_DEFINE= DOCS DOCS_BUILD_DEPENDS= xmlto:textproc/xmlto -GSSAPI_BASE_USES= gssapi -GSSAPI_MIT_USES= gssapi:mit,flags -GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags - -GSSAPI_BASE_CONFIGURE_ARGS= --sysconfdir=/etc -GSSAPI_BASE_CONFIGURE_ENV= KRB5_CFLAGS="-I${GSSAPIINCDIR}" \ - KRB5_LIBS="${GSSAPILIBS}" -GSSAPI_HEIMDAL_CONFIGURE_ARGS= --sysconfdir=${LOCALBASE}/etc -GSSAPI_HEIMDAL_CONFIGURE_ENV= KRB5_CFLAGS="-I${GSSAPIINCDIR}/heimdal" \ - KRB5_LIBS="${GSSAPILDFLAGS} ${GSSAPILIBS}" -GSSAPI_MIT_CONFIGURE_ARGS= --sysconfdir=${LOCALBASE}/etc -GSSAPI_MIT_CONFIGURE_ENV= KRB5_CFLAGS="-I${GSSAPIINCDIR}/gssapi" \ - KRB5_LIBS="${GSSAPILDFLAGS} ${GSSAPILIBS} -lk5crypto" - -GSSAPI_BASE_CFLAGS+= -DHEIMDAL -GSSAPI_HEIMDAL_CFLAGS+= -DHEIMDAL -# Quiets down warnings inside MIT's headers: -GSSAPI_MIT_CFLAGS+= -DTARGET_OS_MAC=0 post-build: ${RM} ${WRKSRC}/doc/html/adcli-docs.proc # An empty file... diff --git a/net-mgmt/adcli/files/patch-configure b/net-mgmt/adcli/files/patch-configure.ac similarity index 60% rename from net-mgmt/adcli/files/patch-configure rename to net-mgmt/adcli/files/patch-configure.ac index 86fdeacb99bb..04214ee81647 100644 --- a/net-mgmt/adcli/files/patch-configure +++ b/net-mgmt/adcli/files/patch-configure.ac @@ -1,6 +1,7 @@ ---- configure.ac 2021-02-20 08:51:40.000000000 -0500 -+++ configure.ac 2021-10-12 16:57:31.442711000 -0400 -@@ -104,5 +104,8 @@ +--- configure.ac.orig 2022-09-28 17:04:28 UTC ++++ configure.ac +@@ -103,7 +103,10 @@ for lib in "" "-lresolv"; do + saved_LIBS="$LIBS" LIBS="$LIBS $lib" AC_LINK_IFELSE([ - AC_LANG_PROGRAM([#include ], @@ -8,9 +9,11 @@ + [#include ] + [#include ] + [#include ]], - [res_query (0, 0, 0, 0, 0)]) - ], -@@ -269,11 +272,4 @@ + [res_query (0, 0, 0, 0, 0); + ns_get32 (NULL); + ns_get16 (NULL);]) +@@ -285,13 +288,6 @@ else + AC_MSG_ERROR([cat is not available]) else AC_DEFINE_UNQUOTED(BIN_CAT, "$BIN_CAT", [path to cat, used in unit test]) -fi @@ -22,3 +25,4 @@ - AC_DEFINE_UNQUOTED(BIN_TAC, "$BIN_TAC", [path to tac, used in unit test]) fi + AC_PATH_PROG(BIN_REV, rev, no) diff --git a/net-mgmt/adcli/files/patch-heimdal b/net-mgmt/adcli/files/patch-heimdal deleted file mode 100644 index 01beb36be797..000000000000 --- a/net-mgmt/adcli/files/patch-heimdal +++ /dev/null @@ -1,630 +0,0 @@ -Submitted upstream: - - https://bugs.freedesktop.org/show_bug.cgi?id=96558 - ---- library/adprivate.h 2015-12-11 05:29:24.000000000 -0500 -+++ library/adprivate.h 2016-06-15 19:21:07.357447000 -0400 -@@ -39,4 +39,12 @@ - #endif - -+#ifdef HEIMDAL -+#define MAX_KEYTAB_NAME_LEN 1100 /* This is, what Samba does */ -+#define krb5_free_string(ctx, string) krb5_xfree(string) -+#define krb5_free_keytab_entry_contents krb5_kt_free_entry /* Samba as well */ -+#else -+typedef krb5_data krb5_salt; /* MIT Kerberos does not have this */ -+#endif -+ - /* Utilities */ - -@@ -133,5 +141,5 @@ int _adcli_str_has_suffix - const char *suffix); - --char * _adcli_str_dupn (void *data, -+char * _adcli_str_dupn (const void *data, - size_t len); - -@@ -248,5 +256,5 @@ krb5_error_code _adcli_krb5_keytab_add_ - krb5_data *password, - krb5_enctype *enctypes, -- krb5_data *salt); -+ const krb5_salt *salt); - - krb5_error_code _adcli_krb5_keytab_test_salt (krb5_context k5, -@@ -256,5 +264,5 @@ krb5_error_code _adcli_krb5_keytab_test - krb5_data *password, - krb5_enctype *enctypes, -- krb5_data *salt); -+ const krb5_salt *salt); - - krb5_error_code _adcli_krb5_keytab_discover_salt (krb5_context k5, -@@ -263,5 +271,5 @@ krb5_error_code _adcli_krb5_keytab_disc - krb5_data *password, - krb5_enctype *enctypes, -- krb5_data *salts, -+ const krb5_salt *salts, - int *discovered); - -@@ -269,5 +277,5 @@ krb5_error_code _adcli_krb5_w2k3_salt - krb5_principal principal, - const char *host_netbios, -- krb5_data *salt); -+ krb5_salt *salt); - - krb5_enctype * _adcli_krb5_parse_enctypes (const char *value); ---- library/adconn.h 2015-12-07 03:59:59.000000000 -0500 -+++ library/adconn.h 2016-06-15 17:34:40.511127000 -0400 -@@ -27,5 +27,9 @@ - #include "adutil.h" - --#include -+#ifdef HEIMDAL -+# include -+#else -+# include -+#endif - #include - ---- library/adenroll.c 2021-02-20 08:51:40.000000000 -0500 -+++ library/adenroll.c 2021-10-12 20:53:10.777253000 -0400 -@@ -29,5 +29,11 @@ - - #include --#include -+#ifdef HEIMDAL -+# include -+# define krb5_free_data_contents(ctx, data) krb5_data_free(data) -+# define krb5_free_enctypes(ctx, enctypes) free(enctypes) -+#else -+# include -+#endif - #include - #include -@@ -315,5 +321,7 @@ - char *password; - krb5_context k5; -+#ifndef HEIMDAL - krb5_error_code code; -+#endif - krb5_data buffer; - int at; -@@ -330,6 +338,10 @@ - buffer.data = password + at; - -+#ifdef HEIMDAL -+ krb5_generate_random_block(buffer.data, buffer.length); -+#else - code = krb5_c_random_make_octets (k5, &buffer); - return_val_if_fail (code == 0, NULL); -+#endif - - at += filter (buffer.data, buffer.length); -@@ -1302,5 +1314,5 @@ - _adcli_err ("Cannot set %s password: %.*s%s%s", - s_or_c (enroll), -- (int)result_code_string.length, result_code_string.data, -+ (int)result_code_string.length, (char *)result_code_string.data, - message ? ": " : "", message ? message : ""); - res = ADCLI_ERR_CREDENTIALS; -@@ -1350,5 +1362,6 @@ - } - -- code = krb5_change_password (k5, &creds, enroll->computer_password, -+ /* Use new krb5_set_password instead of deprecated krb5_change_password */ -+ code = krb5_set_password (k5, &creds, enroll->computer_password, NULL, - &result_code, &result_code_string, &result_string); - -@@ -1372,5 +1385,5 @@ - #endif - _adcli_err ("Cannot change computer password: %.*s%s%s", -- (int)result_code_string.length, result_code_string.data, -+ (int)result_code_string.length, (char *)result_code_string.data, - message ? ": " : "", message ? message : ""); - res = ADCLI_ERR_CREDENTIALS; -@@ -1749,5 +1762,5 @@ - return_unexpected_if_fail (code == 0); - -- enroll->keytab_name = name; -+ enroll->keytab_name = realloc(name, strlen(name) + 1); - enroll->keytab_name_is_krb5 = 1; - } -@@ -1765,6 +1778,6 @@ - krb5_error_code code; - krb5_principal principal; -- const char *realm; -- size_t len; -+ const char *realm, *entry_realm; -+ size_t len, entry_realm_len; - char *value; - char *name; -@@ -1772,11 +1785,22 @@ - /* Skip over any entry without a principal or realm */ - principal = entry->principal; -- if (!principal || !principal->realm.length) -+ if (principal == NULL) - return TRUE; -+#ifdef HEIMDAL -+ entry_realm = krb5_principal_get_realm(k5, principal); -+ if (entry_realm == NULL || entry_realm[0] == '\0') -+ return TRUE; -+ entry_realm_len = strlen(entry_realm); -+#else -+ if (!principal->realm.length) -+ return TRUE; -+ entry_realm = principal->realm.data; -+ entry_realm_len = principal->realm.length; -+#endif - - /* Use the first keytab entry as realm */ - realm = adcli_conn_get_domain_realm (enroll->conn); - if (!realm) { -- value = _adcli_str_dupn (principal->realm.data, principal->realm.length); -+ value = _adcli_str_dupn (entry_realm, entry_realm_len); - adcli_conn_set_domain_realm (enroll->conn, value); - _adcli_info ("Found realm in keytab: %s", value); -@@ -1787,5 +1811,5 @@ - /* Only look at entries that match the realm */ - len = strlen (realm); -- if (principal->realm.length != len && strncmp (realm, principal->realm.data, len) != 0) -+ if (entry_realm_len != len && strncmp (realm, entry_realm, len) != 0) - return TRUE; - -@@ -1888,7 +1912,13 @@ - } - --#define DEFAULT_SALT 1 -+enum SALTS { -+ STANDARD_SALT, -+ W2K3_SALT, -+ NULL_SALT, -+ _NUM_SALTS -+}; -+#define DEFAULT_SALT W2K3_SALT - --static krb5_data * -+static krb5_salt * - build_principal_salts (adcli_enroll *enroll, - krb5_context k5, -@@ -1896,23 +1926,29 @@ - { - krb5_error_code code; -- krb5_data *salts; -- const int count = 3; -- int i = 0; -+ krb5_salt *salts; - -- salts = calloc (count, sizeof (krb5_data)); -+ salts = calloc (_NUM_SALTS, sizeof (*salts)); - return_val_if_fail (salts != NULL, NULL); - - /* Build up the salts, first a standard kerberos salt */ -- code = krb5_principal2salt (k5, principal, &salts[i++]); -+#ifdef HEIMDAL -+ code = krb5_get_pw_salt(k5, principal, &salts[STANDARD_SALT]); -+#else -+ code = krb5_principal2salt(k5, principal, &salts[STANDARD_SALT]); -+#endif - return_val_if_fail (code == 0, NULL); - - /* Then a Windows 2003 computer account salt */ -- code = _adcli_krb5_w2k3_salt (k5, principal, enroll->computer_name, &salts[i++]); -+ code = _adcli_krb5_w2k3_salt (k5, principal, enroll->computer_name, &salts[W2K3_SALT]); - return_val_if_fail (code == 0, NULL); - - /* And lastly a null salt */ -- salts[i++].data = NULL; -+#ifdef HEIMDAL -+ salts[NULL_SALT].salttype = KRB5_PW_SALT; -+ salts[NULL_SALT].saltvalue.data = NULL; -+#else -+ salts[NULL_SALT].data = NULL; -+#endif - -- assert (count == i); - return salts; - } -@@ -1920,10 +1956,15 @@ - static void - free_principal_salts (krb5_context k5, -- krb5_data *salts) -+ krb5_salt *salts) - { - int i; - -+#ifdef HEIMDAL -+ for (i = 0; i < _NUM_SALTS; i++) -+ krb5_free_salt(k5, salts[i]); -+#else - for (i = 0; salts[i].data != NULL; i++) - krb5_free_data_contents (k5, salts + i); -+#endif - - free (salts); -@@ -1976,5 +2017,5 @@ - krb5_data password; - krb5_error_code code; -- krb5_data *salts; -+ krb5_salt *salts; - krb5_enctype *enctypes; - -@@ -2076,5 +2117,9 @@ - res = add_principal_to_keytab (enroll, k5, enroll->keytab_principals[i], - name, &which_salt, flags); -+#ifdef HEIMDAL -+ krb5_xfree(name); -+#else - krb5_free_unparsed_name (k5, name); -+#endif - - if (res != ADCLI_SUCCESS) -@@ -3349,5 +3394,10 @@ - /* check that ENCTYPE_UNKNOWN is filtered out */ - check_enctypes[0] = permitted_enctypes[0]; -+#ifdef HEIMDAL -+ /* XXX Not sure, if this is needed under Heimdal at all */ -+ check_enctypes[1] = KRB5_ENCTYPE_NULL; -+#else - check_enctypes[1] = ENCTYPE_UNKNOWN; -+#endif - check_enctypes[2] = 0; - adcli_enroll_set_keytab_enctypes (enroll, check_enctypes); ---- library/adkrb5.c 2021-02-20 08:51:40.000000000 -0500 -+++ library/adkrb5.c 2021-10-12 21:44:40.955444000 -0400 -@@ -28,5 +28,12 @@ - - #include --#include -+#ifndef ENOKEY -+# define ENOKEY ENOTCAPABLE -+#endif -+#ifdef HEIMDAL -+# include -+#else -+# include -+#endif - - #include -@@ -83,5 +90,9 @@ - /* See if we should remove this entry */ - if (!match_func (k5, &entry, match_data)) { -+#ifdef HEIMDAL -+ krb5_kt_free_entry(k5, &entry); -+#else - krb5_free_keytab_entry_contents (k5, &entry); -+#endif - continue; - } -@@ -96,5 +107,9 @@ - - code = krb5_kt_remove_entry (k5, keytab, &entry); -+#ifdef HEIMDAL -+ krb5_kt_free_entry(k5, &entry); -+#else - krb5_free_keytab_entry_contents (k5, &entry); -+#endif - - if (code != 0) -@@ -220,14 +235,20 @@ - void *data) - { -- krb5_boolean similar = FALSE; - match_enctype_kvno *closure = data; -+#ifndef HEIMDAL -+ krb5_boolean similar = FALSE; - krb5_error_code code; -+#endif - - assert (closure->enctype); - -+#ifndef HEIMDAL - code = krb5_c_enctype_compare (k5, closure->enctype, entry->key.enctype, - &similar); - - if (code == 0 && entry->vno == closure->kvno && similar) { -+#else -+ if (krb5_kt_compare(k5, entry, NULL, closure->kvno, closure->enctype)) { -+#endif - closure->matched = 1; - return 1; -@@ -267,5 +288,11 @@ - } - -- code = krb5_copy_keyblock_contents (k5, &entry.key, keyblock); -+ code = krb5_copy_keyblock_contents (k5, -+#ifdef HEIMDAL -+ &entry.keyblock, -+#else -+ &entry.key, -+#endif -+ keyblock); - krb5_free_keytab_entry_contents (k5, &entry); - break; -@@ -301,5 +328,10 @@ - memset (&entry, 0, sizeof (entry)); - -- code = _adcli_krb5_get_keyblock (k5, keytab, &entry.key, -+ code = _adcli_krb5_get_keyblock (k5, keytab, -+#ifdef HEIMDAL -+ &entry.keyblock, -+#else -+ &entry.key, -+#endif - match_enctype_and_kvno, &closure); - if (code != 0 || closure.matched == 0) { -@@ -329,5 +361,5 @@ - krb5_data *password, - krb5_enctype *enctypes, -- krb5_data *salt) -+ const krb5_salt *salt) - { - krb5_keytab_entry entry; -@@ -338,5 +370,10 @@ - memset (&entry, 0, sizeof(entry)); - -+#ifdef HEIMDAL -+ code = krb5_string_to_key_salt(k5, enctypes[i], password->data, -+ *salt, &entry.keyblock); -+#else - code = krb5_c_string_to_key (k5, enctypes[i], password, salt, &entry.key); -+#endif - if (code != 0) - return code; -@@ -364,5 +401,5 @@ - krb5_data *password, - krb5_enctype *enctypes, -- krb5_data *salt) -+ const krb5_salt *salt) - { - krb5_error_code code; -@@ -390,5 +427,5 @@ - krb5_data *password, - krb5_enctype *enctypes, -- krb5_data *salts, -+ const krb5_salt *salts, - int *discovered) - { -@@ -420,5 +457,11 @@ - } - -- for (i = 0; salts[i].data != NULL; i++) { -+ for (i = 0; -+#ifdef HEIMDAL -+ salts[i].saltvalue.data != NULL; -+#else -+ salts[i].data != NULL; -+#endif -+ i++) { - code = _adcli_krb5_keytab_test_salt (k5, scratch, principal, kvno, - password, salt_enctypes, &salts[i]); -@@ -440,11 +483,15 @@ - krb5_principal principal, - const char *host_netbios, -- krb5_data *salt) -+ krb5_salt *salt) - { -- krb5_data *realm; -- size_t size = 0; -- size_t host_length = 0; -+ const char *realm; -+#ifndef HEIMDAL -+ const krb5_data *krealm; -+#endif -+ size_t size = 0, realm_len; -+ size_t host_length; - size_t at = 0; - int i; -+ char *data; - - /* -@@ -453,41 +500,55 @@ - */ - -- realm = krb5_princ_realm (k5, principal); -+#ifdef HEIMDAL -+ salt->salttype = KRB5_PW_SALT; -+ realm = krb5_principal_get_realm(k5, principal); -+ realm_len = strlen(realm); -+#else -+ krealm = krb5_princ_realm (k5, principal); -+ realm = krealm->data; -+ realm_len = krealm->length; -+#endif - host_length = strlen (host_netbios); - -- size += realm->length; -+ size += realm_len; - size += 4; /* "host" */ - size += host_length; - size += 1; /* "." */ -- size += realm->length; -+ size += realm_len; - -- salt->data = malloc (size); -- return_val_if_fail (salt->data != NULL, ENOMEM); -+ data = malloc (size); -+ return_val_if_fail (data != NULL, ENOMEM); - - /* Upper case realm */ -- for (i = 0; i < realm->length; i++) -- salt->data[at + i] = toupper (realm->data[i]); -- at += realm->length; -+ for (i = 0; i < realm_len; i++) -+ data[at + i] = toupper (realm[i]); -+ at += realm_len; - - /* The string "host" */ -- memcpy (salt->data + at, "host", 4); -+ memcpy (data + at, "host", 4); - at += 4; - - /* The netbios name in lower case */ - for (i = 0; i < host_length; i++) -- salt->data[at + i] = tolower (host_netbios[i]); -+ data[at + i] = tolower (host_netbios[i]); - at += host_length; - - /* The dot */ -- memcpy (salt->data + at, ".", 1); -+ memcpy (data + at, ".", 1); - at += 1; - - /* Lower case realm */ -- for (i = 0; i < realm->length; i++) -- salt->data[at + i] = tolower (realm->data[i]); -- at += realm->length; -+ for (i = 0; i < realm_len; i++) -+ data[at + i] = tolower (realm[i]); -+ at += realm_len; - - assert (at == size); -+#ifdef HEIMDAL -+ salt->saltvalue.data = data; -+ salt->saltvalue.length = size; -+#else -+ salt->data = data; - salt->length = size; -+#endif - return 0; - } ---- library/adldap.c 2015-12-07 04:18:09.000000000 -0500 -+++ library/adldap.c 2016-06-15 17:36:22.374212000 -0400 -@@ -28,5 +28,9 @@ - - #include --#include -+#ifdef HEIMDAL -+# include -+#else -+# include -+#endif - #include - #include ---- library/adutil.c 2021-02-20 08:51:40.000000000 -0500 -+++ library/adutil.c 2024-01-18 18:14:00.000000000 -0400 -@@ -30,5 +30,4 @@ - #include - #include --#include - #include - #include -@@ -38,4 +38,9 @@ - #include - #include -+#ifdef __linux__ -+# include -+#else -+# include /* le32toh() */ -+#endif - - static adcli_message_func message_func = NULL; -@@ -84,4 +89,6 @@ - } - -+static void messagev(adcli_message_type, const char *, va_list) GNUC_PRINTF(2, 0); -+ - static void - messagev (adcli_message_type type, -@@ -414,5 +421,5 @@ - - char * --_adcli_str_dupn (void *data, -+_adcli_str_dupn (const void *data, - size_t len) - { ---- library/addisco.c 2015-12-07 04:18:09.000000000 -0500 -+++ library/addisco.c 2016-06-15 17:06:34.197797000 -0400 -@@ -32,4 +32,5 @@ - - #include -+#include - #include - ---- library/adconn.c 2015-12-16 04:33:30.000000000 -0500 -+++ library/adconn.c 2016-06-16 01:19:09.031863000 -0400 -@@ -27,10 +27,11 @@ - #include "adprivate.h" - #include "addisco.h" -+#include "adconn.h" - - #include --#include --#include - #include - -+#include -+ - #include - #include -@@ -386,5 +387,7 @@ - " %s = {\n" - " kdc = %s:88\n" -+#ifndef HEIMDAL - " master_kdc = %s:88\n" -+#endif - " kpasswd_server = %s\n" - " }\n" -@@ -392,5 +395,9 @@ - " %s = %s\n" - " %s = %s\n", -- conn->domain_realm, controller, controller, controller, -+ conn->domain_realm, controller, -+#ifndef HEIMDAL -+ controller, -+#endif -+ controller, - conn->canonical_host, conn->domain_realm, - conn->domain_controller, conn->domain_realm) < 0) -@@ -481,8 +488,10 @@ - return_val_if_fail (code == 0, code); - -+#ifndef HEIMDAL /* No such call in Heimdal -- not needed */ - if (ccache) { - code = krb5_get_init_creds_opt_set_out_ccache (k5, opt, ccache); - return_val_if_fail (code == 0, code); - } -+#endif - - memset (&dummy, 0, sizeof (dummy)); -@@ -554,8 +563,10 @@ - return_val_if_fail (code == 0, code); - -+#ifndef HEIMDAL /* No such call in Heimdal -- not needed */ - if (ccache) { - code = krb5_get_init_creds_opt_set_out_ccache (k5, opt, ccache); - return_val_if_fail (code == 0, code); - } -+#endif - - memset (&dummy, 0, sizeof (dummy)); -@@ -565,5 +576,5 @@ - code = krb5_get_init_creds_password (k5, creds, principal, - conn->user_password, null_prompter, NULL, -- 0, (char *)in_tkt_service, opt); -+ 0, in_tkt_service, opt); - - krb5_free_principal (k5, principal); -@@ -1014,5 +1025,9 @@ - - /* Clear the credential cache GSSAPI to use (for this thread) */ -+#ifdef HEIMDAL -+ status = gss_krb5_ccache_name (&minor, "", NULL); -+#else - status = gss_krb5_ccache_name (&minor, NULL, NULL); -+#endif - return_unexpected_if_fail (status == 0); - ---- tools/tools.c 2015-12-16 04:35:03.000000000 -0500 -+++ tools/tools.c 2016-06-16 02:53:00.103111000 -0400 -@@ -504,5 +504,12 @@ - errx (-1, "unexpected memory problems"); - adcli_conn_set_password_func (conn, adcli_prompt_password_func, NULL, NULL); -+#ifndef HEIMDAL -+ /* -+ * Only do this with MIT Kerberos. Heimdal does not support -+ * includedir and include directives and seems to work -+ * without this anyway. -+ */ - setup_krb5_conf_directory (conn); -+#endif - } - diff --git a/net-mgmt/adcli/files/patch-library_adconn.c b/net-mgmt/adcli/files/patch-library_adconn.c new file mode 100644 index 000000000000..56835ccff896 --- /dev/null +++ b/net-mgmt/adcli/files/patch-library_adconn.c @@ -0,0 +1,10 @@ +--- library/adconn.c.orig 2022-09-28 17:04:28 UTC ++++ library/adconn.c +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + + #include + #include diff --git a/net-mgmt/adcli/files/patch-library_addisco.c b/net-mgmt/adcli/files/patch-library_addisco.c new file mode 100644 index 000000000000..70a5f1f73b86 --- /dev/null +++ b/net-mgmt/adcli/files/patch-library_addisco.c @@ -0,0 +1,10 @@ +--- library/addisco.c.orig 2022-09-28 17:04:28 UTC ++++ library/addisco.c +@@ -32,6 +32,7 @@ + + #include + #include ++#include + + #include + #include diff --git a/net-mgmt/adcli/files/patch-library_adkrb5.c b/net-mgmt/adcli/files/patch-library_adkrb5.c new file mode 100644 index 000000000000..ca6b8c6b1266 --- /dev/null +++ b/net-mgmt/adcli/files/patch-library_adkrb5.c @@ -0,0 +1,20 @@ +--- library/adkrb5.c.orig 2022-09-28 17:04:28 UTC ++++ library/adkrb5.c +@@ -250,7 +250,7 @@ _adcli_krb5_get_keyblock (krb5_context k5, + krb5_error_code code; + + code = krb5_kt_start_seq_get (k5, keytab, &cursor); +- if (code == KRB5_KT_END || code == ENOENT) ++ if (code == KRB5_KT_END || code == KRB5_KT_NOTFOUND) + return 0; + else if (code != 0) + return code; +@@ -303,7 +303,7 @@ _adcli_krb5_keytab_copy_entries (krb5_context k5, + code = _adcli_krb5_get_keyblock (k5, keytab, &entry.key, + match_enctype_and_kvno, &closure); + if (code != 0 || closure.matched == 0) { +- return code != 0 ? code : ENOKEY; ++ return code != 0 ? code : KRB5_KT_NOTFOUND; + } + + entry.principal = principal;