Looking for GSSAPI expertise, particularly GSSAPI_HEIMDAL porting of newer security/PuTTY 0.77

From: Matthias Andree <mandree_at_FreeBSD.org>
Date: Thu, 02 Jun 2022 17:46:04 UTC
Greetings,

I am the maintainer of the security/putty and putty-nogtk ports, and the 
upstream maintainer recently (between 0.76 and 0.77) switched build 
system from autoconf to cmake, and now we're a bit trying to fix up the 
broken bits and pieces (aka fallout) that caused me to disable 
GSSAPI_BASE and GSSAPI_HEIMDAL for now.

Specifically, is there someone who has some time at hands to point me to 
good GSSAPI practical coding guides, or has even more time so we can go 
over particular issues hands-on, with IRC or some other chat software?

Issues I am currently facing:

1. GSSAPI_BASE - we have an upstream patch that might make things work, 
but executables only end up with libgssapi.so in addition to other libs, 
but no gssapi_krb5, roken, crypto, ... (in stark contrast to what I am 
getting with the security/krb5 port based build with GSSAPI_MIT).

2. test system where I can obtain a Kerberos ticket with kinit and log 
in to an unprivileged SSH account and possibly test GSSAPI credential 
delegation.

3. GSSAPI_HEIMDAL - apparently we now get clashes between 
application-local headers and Heimdal library headers:

> FAILED: ssh/CMakeFiles/sshcommon.dir/pgssapi.c.o /usr/local/libexec/ccache/cc -DHAVE_CMAKE_H -I/usr/ports/security/putty/work/putty-0.77/charset -I/usr/local/include/gtk-3.0 -I/usr/local/include/pango-1.0 -I/usr/local/include -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/local/include/harfbuzz -I/usr/local/include/freetype2 -I/usr/local/include/libpng16 -I/usr/local/include/fribidi -I/usr/local/include/cairo -I/usr/local/include/pixman-1 -I/usr/local/include/gdk-pixbuf-2.0 -I/usr/local/include/gio-unix-2.0 -I/usr/local/include/libepoll-shim -I/usr/local/include/atk-1.0 -I/usr/local/include/at-spi2-atk/2.0 -I/usr/local/include/dbus-1.0 -I/usr/local/lib/dbus-1.0/include -I/usr/local/include/at-spi-2.0 -I/usr/local/include/heimdal -I/usr/ports/security/putty/work/putty-0.77 -I/usr/ports/security/putty/work/.build/CMakeFiles -I/usr/ports/security/putty/work/putty-0.77/unix -I/usr/ports/security/putty/work/putty-0.77/terminal -O2 -pipe  -fstack-protector-strong -fno-strict-aliasing -O2 -pipe  -fstack-protector-strong -fno-strict-aliasing -I/usr/local/include/heimdal -MD -MT ssh/CMakeFiles/sshcommon.dir/pgssapi.c.o -MF ssh/CMakeFiles/sshcommon.dir/pgssapi.c.o.d -o ssh/CMakeFiles/sshcommon.dir/pgssapi.c.o -c /usr/ports/security/putty/work/putty-0.77/ssh/pgssapi.c
> /usr/ports/security/putty/work/putty-0.77/ssh/pgssapi.c:90:15: error: expected identifier or '('
> const_gss_OID GSS_C_NT_USER_NAME           = oids+0;
>               ^
> /usr/local/include/heimdal/gssapi/gssapi.h:291:29: note: expanded from macro 'GSS_C_NT_USER_NAME'
> #define GSS_C_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc)
>                             ^
> /usr/ports/security/putty/work/putty-0.77/ssh/pgssapi.c:90:15: error: expected ')'
> /usr/local/include/heimdal/gssapi/gssapi.h:291:29: note: expanded from macro 'GSS_C_NT_USER_NAME'
> #define GSS_C_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc)
>                             ^
> /usr/ports/security/putty/work/putty-0.77/ssh/pgssapi.c:90:15: note: to match this '('
> /usr/local/include/heimdal/gssapi/gssapi.h:291:28: note: expanded from macro 'GSS_C_NT_USER_NAME'
> #define GSS_C_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc)
>                            ^
> /usr/ports/security/putty/work/putty-0.77/ssh/pgssapi.c:91:15: error: expected identifier or '('
> const_gss_OID GSS_C_NT_MACHINE_UID_NAME    = oids+1;
>               ^ 


TIA.

Regards,
Matthias