sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-04-28 01:26:39 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

net-mgmt/adcli: Remove homegrown Hiemdal support

Browse source 
The local patch adding Hiemdal support was causing 'adcli join' command to fail.
Hiemdal is going away neverthless, so remove this patch.
While here, fix Makefile style.

Sponsored by:	Serenity Cybersecurity, LLC
This commit is contained in:
Gleb Popov 2024-05-23 13:47:32 +03:00
parent aa50e1eb06
commit b8e4873139
6 changed files with 60 additions and 668 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
net-mgmt/adcli/Makefile
View file

@ -1,8 +1,7 @@
PORTNAME= adcli PORTNAME= adcli
PORTVERSION= 0.9.2 PORTVERSION= 0.9.2
PORTREVISION= 2 PORTREVISION= 3
CATEGORIES= net-mgmt net security CATEGORIES= net-mgmt net security
MASTER_SITES= https://gitlab.freedesktop.org/realmd/adcli/-/archive/${PORTVERSION}/
MAINTAINER= ports@virtual-estates.net MAINTAINER= ports@virtual-estates.net
COMMENT= Tool for performing actions on an Active Directory domain COMMENT= Tool for performing actions on an Active Directory domain
@ -14,44 +13,23 @@ BUILD_DEPENDS= xsltproc:textproc/libxslt \
docbook-xml>0:textproc/docbook-xml \ docbook-xml>0:textproc/docbook-xml \
docbook-xsl>0:textproc/docbook-xsl docbook-xsl>0:textproc/docbook-xsl
USES= autoreconf gssapi:mit,flags iconv ldap libtool localbase tar:bz2
USE_GITLAB= yes
GL_SITE= https://gitlab.freedesktop.org
GL_ACCOUNT= realmd
GNU_CONFIGURE= yes GNU_CONFIGURE= yes
GNU_CONFIGURE_MANPREFIX=${PREFIX}/share CONFIGURE_ARGS= ${GSSAPI_CONFIGURE_ARGS}
TEST_TARGET= check
OPTIONS_DEFINE= DOCS
OPTIONS_SINGLE= GSSAPI
OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
OPTIONS_DEFAULT= GSSAPI_BASE
# xsltproc and docbook are needed to create the man-page. xmlto is only # xsltproc and docbook are needed to create the man-page. xmlto is only
# required for generating HTML-documents, which are optional. # required for generating HTML-documents, which are optional.
CONFIGURE_ENV+= ac_cv_path_KRB5_CONFIG=${KRB5CONFIG} \ CONFIGURE_ENV+= ac_cv_path_KRB5_CONFIG=${KRB5CONFIG} \
ac_cv_path_XMLTO=${PORT_OPTIONS:MDOCS:S|DOCS|${LOCALBASE}/bin/xmlto|:S|^$|${TRUE}|} ac_cv_path_XMLTO=${PORT_OPTIONS:MDOCS:S|DOCS|${LOCALBASE}/bin/xmlto|:S|^$|${TRUE}|}
CONFIGURE_ARGS= --sysconfdir=/etc TEST_TARGET= check
CFLAGS+= -I${ICONV_INCLUDE_PATH} OPTIONS_DEFINE= DOCS
LDFLAGS+= -L${ICONV_LIB_PATH} ${ICONV_LIB}
USES= autoreconf iconv ldap libtool localbase tar:bz2
DOCS_BUILD_DEPENDS= xmlto:textproc/xmlto DOCS_BUILD_DEPENDS= xmlto:textproc/xmlto
GSSAPI_BASE_USES= gssapi
GSSAPI_MIT_USES= gssapi:mit,flags
GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags
GSSAPI_BASE_CONFIGURE_ARGS= --sysconfdir=/etc
GSSAPI_BASE_CONFIGURE_ENV= KRB5_CFLAGS="-I${GSSAPIINCDIR}" \
KRB5_LIBS="${GSSAPILIBS}"
GSSAPI_HEIMDAL_CONFIGURE_ARGS= --sysconfdir=${LOCALBASE}/etc
GSSAPI_HEIMDAL_CONFIGURE_ENV= KRB5_CFLAGS="-I${GSSAPIINCDIR}/heimdal" \
KRB5_LIBS="${GSSAPILDFLAGS} ${GSSAPILIBS}"
GSSAPI_MIT_CONFIGURE_ARGS= --sysconfdir=${LOCALBASE}/etc
GSSAPI_MIT_CONFIGURE_ENV= KRB5_CFLAGS="-I${GSSAPIINCDIR}/gssapi" \
KRB5_LIBS="${GSSAPILDFLAGS} ${GSSAPILIBS} -lk5crypto"
GSSAPI_BASE_CFLAGS+= -DHEIMDAL
GSSAPI_HEIMDAL_CFLAGS+= -DHEIMDAL
# Quiets down warnings inside MIT's headers:
GSSAPI_MIT_CFLAGS+= -DTARGET_OS_MAC=0
post-build: post-build:
${RM} ${WRKSRC}/doc/html/adcli-docs.proc # An empty file... ${RM} ${WRKSRC}/doc/html/adcli-docs.proc # An empty file...

16
net-mgmt/adcli/files/patch-configure → net-mgmt/adcli/files/patch-configure.ac
View file

@ -1,6 +1,7 @@
--- configure.ac 2021-02-20 08:51:40.000000000 -0500 --- configure.ac.orig 2022-09-28 17:04:28 UTC
+++ configure.ac 2021-10-12 16:57:31.442711000 -0400 +++ configure.ac
@@ -104,5 +104,8 @@ @@ -103,7 +103,10 @@ for lib in "" "-lresolv"; do
saved_LIBS="$LIBS"
LIBS="$LIBS $lib" LIBS="$LIBS $lib"
AC_LINK_IFELSE([ AC_LINK_IFELSE([
- AC_LANG_PROGRAM([#include <resolv.h>], - AC_LANG_PROGRAM([#include <resolv.h>],
@ -8,9 +9,11 @@
+ [#include <netinet/in.h>] + [#include <netinet/in.h>]
+ [#include <arpa/nameser.h>] + [#include <arpa/nameser.h>]
+ [#include <resolv.h>]], + [#include <resolv.h>]],
[res_query (0, 0, 0, 0, 0)]) [res_query (0, 0, 0, 0, 0);
], ns_get32 (NULL);
@@ -269,11 +272,4 @@ ns_get16 (NULL);])
@@ -285,13 +288,6 @@ else
AC_MSG_ERROR([cat is not available])
else else
AC_DEFINE_UNQUOTED(BIN_CAT, "$BIN_CAT", [path to cat, used in unit test]) AC_DEFINE_UNQUOTED(BIN_CAT, "$BIN_CAT", [path to cat, used in unit test])
-fi -fi
@ -22,3 +25,4 @@
- AC_DEFINE_UNQUOTED(BIN_TAC, "$BIN_TAC", [path to tac, used in unit test]) - AC_DEFINE_UNQUOTED(BIN_TAC, "$BIN_TAC", [path to tac, used in unit test])
fi fi
AC_PATH_PROG(BIN_REV, rev, no)

630
net-mgmt/adcli/files/patch-heimdal
View file

@ -1,630 +0,0 @@
Submitted upstream:
https://bugs.freedesktop.org/show_bug.cgi?id=96558
--- library/adprivate.h 2015-12-11 05:29:24.000000000 -0500
+++ library/adprivate.h 2016-06-15 19:21:07.357447000 -0400
@@ -39,4 +39,12 @@
#endif
+#ifdef HEIMDAL
+#define MAX_KEYTAB_NAME_LEN 1100 /* This is, what Samba does */
+#define krb5_free_string(ctx, string) krb5_xfree(string)
+#define krb5_free_keytab_entry_contents krb5_kt_free_entry /* Samba as well */
+#else
+typedef krb5_data krb5_salt; /* MIT Kerberos does not have this */
+#endif
+
/* Utilities */
@@ -133,5 +141,5 @@ int _adcli_str_has_suffix
const char *suffix);
-char * _adcli_str_dupn (void *data,
+char * _adcli_str_dupn (const void *data,
size_t len);
@@ -248,5 +256,5 @@ krb5_error_code _adcli_krb5_keytab_add_
krb5_data *password,
krb5_enctype *enctypes,
- krb5_data *salt);
+ const krb5_salt *salt);
krb5_error_code _adcli_krb5_keytab_test_salt (krb5_context k5,
@@ -256,5 +264,5 @@ krb5_error_code _adcli_krb5_keytab_test
krb5_data *password,
krb5_enctype *enctypes,
- krb5_data *salt);
+ const krb5_salt *salt);
krb5_error_code _adcli_krb5_keytab_discover_salt (krb5_context k5,
@@ -263,5 +271,5 @@ krb5_error_code _adcli_krb5_keytab_disc
krb5_data *password,
krb5_enctype *enctypes,
- krb5_data *salts,
+ const krb5_salt *salts,
int *discovered);
@@ -269,5 +277,5 @@ krb5_error_code _adcli_krb5_w2k3_salt
krb5_principal principal,
const char *host_netbios,
- krb5_data *salt);
+ krb5_salt *salt);
krb5_enctype * _adcli_krb5_parse_enctypes (const char *value);
--- library/adconn.h 2015-12-07 03:59:59.000000000 -0500
+++ library/adconn.h 2016-06-15 17:34:40.511127000 -0400
@@ -27,5 +27,9 @@
#include "adutil.h"
-#include <krb5/krb5.h>
+#ifdef HEIMDAL
+# include <krb5.h>
+#else
+# include <krb5/krb5.h>
+#endif
#include <ldap.h>
--- library/adenroll.c 2021-02-20 08:51:40.000000000 -0500
+++ library/adenroll.c 2021-10-12 20:53:10.777253000 -0400
@@ -29,5 +29,11 @@
#include <gssapi/gssapi_krb5.h>
-#include <krb5/krb5.h>
+#ifdef HEIMDAL
+# include <krb5.h>
+# define krb5_free_data_contents(ctx, data) krb5_data_free(data)
+# define krb5_free_enctypes(ctx, enctypes) free(enctypes)
+#else
+# include <krb5/krb5.h>
+#endif
#include <ldap.h>
#include <sasl/sasl.h>
@@ -315,5 +321,7 @@
char *password;
krb5_context k5;
+#ifndef HEIMDAL
krb5_error_code code;
+#endif
krb5_data buffer;
int at;
@@ -330,6 +338,10 @@
buffer.data = password + at;
+#ifdef HEIMDAL
+ krb5_generate_random_block(buffer.data, buffer.length);
+#else
code = krb5_c_random_make_octets (k5, &buffer);
return_val_if_fail (code == 0, NULL);
+#endif
at += filter (buffer.data, buffer.length);
@@ -1302,5 +1314,5 @@
_adcli_err ("Cannot set %s password: %.*s%s%s",
s_or_c (enroll),
- (int)result_code_string.length, result_code_string.data,
+ (int)result_code_string.length, (char *)result_code_string.data,
message ? ": " : "", message ? message : "");
res = ADCLI_ERR_CREDENTIALS;
@@ -1350,5 +1362,6 @@
}
- code = krb5_change_password (k5, &creds, enroll->computer_password,
+ /* Use new krb5_set_password instead of deprecated krb5_change_password */
+ code = krb5_set_password (k5, &creds, enroll->computer_password, NULL,
&result_code, &result_code_string, &result_string);
@@ -1372,5 +1385,5 @@
#endif
_adcli_err ("Cannot change computer password: %.*s%s%s",
- (int)result_code_string.length, result_code_string.data,
+ (int)result_code_string.length, (char *)result_code_string.data,
message ? ": " : "", message ? message : "");
res = ADCLI_ERR_CREDENTIALS;
@@ -1749,5 +1762,5 @@
return_unexpected_if_fail (code == 0);
- enroll->keytab_name = name;
+ enroll->keytab_name = realloc(name, strlen(name) + 1);
enroll->keytab_name_is_krb5 = 1;
}
@@ -1765,6 +1778,6 @@
krb5_error_code code;
krb5_principal principal;
- const char *realm;
- size_t len;
+ const char *realm, *entry_realm;
+ size_t len, entry_realm_len;
char *value;
char *name;
@@ -1772,11 +1785,22 @@
/* Skip over any entry without a principal or realm */
principal = entry->principal;
- if (!principal || !principal->realm.length)
+ if (principal == NULL)
return TRUE;
+#ifdef HEIMDAL
+ entry_realm = krb5_principal_get_realm(k5, principal);
+ if (entry_realm == NULL || entry_realm[0] == '\0')
+ return TRUE;
+ entry_realm_len = strlen(entry_realm);
+#else
+ if (!principal->realm.length)
+ return TRUE;
+ entry_realm = principal->realm.data;
+ entry_realm_len = principal->realm.length;
+#endif
/* Use the first keytab entry as realm */
realm = adcli_conn_get_domain_realm (enroll->conn);
if (!realm) {
- value = _adcli_str_dupn (principal->realm.data, principal->realm.length);
+ value = _adcli_str_dupn (entry_realm, entry_realm_len);
adcli_conn_set_domain_realm (enroll->conn, value);
_adcli_info ("Found realm in keytab: %s", value);
@@ -1787,5 +1811,5 @@
/* Only look at entries that match the realm */
len = strlen (realm);
- if (principal->realm.length != len && strncmp (realm, principal->realm.data, len) != 0)
+ if (entry_realm_len != len && strncmp (realm, entry_realm, len) != 0)
return TRUE;
@@ -1888,7 +1912,13 @@
}
-#define DEFAULT_SALT 1
+enum SALTS {
+ STANDARD_SALT,
+ W2K3_SALT,
+ NULL_SALT,
+ _NUM_SALTS
+};
+#define DEFAULT_SALT W2K3_SALT
-static krb5_data *
+static krb5_salt *
build_principal_salts (adcli_enroll *enroll,
krb5_context k5,
@@ -1896,23 +1926,29 @@
{
krb5_error_code code;
- krb5_data *salts;
- const int count = 3;
- int i = 0;
+ krb5_salt *salts;
- salts = calloc (count, sizeof (krb5_data));
+ salts = calloc (_NUM_SALTS, sizeof (*salts));
return_val_if_fail (salts != NULL, NULL);
/* Build up the salts, first a standard kerberos salt */
- code = krb5_principal2salt (k5, principal, &salts[i++]);
+#ifdef HEIMDAL
+ code = krb5_get_pw_salt(k5, principal, &salts[STANDARD_SALT]);
+#else
+ code = krb5_principal2salt(k5, principal, &salts[STANDARD_SALT]);
+#endif
return_val_if_fail (code == 0, NULL);
/* Then a Windows 2003 computer account salt */
- code = _adcli_krb5_w2k3_salt (k5, principal, enroll->computer_name, &salts[i++]);
+ code = _adcli_krb5_w2k3_salt (k5, principal, enroll->computer_name, &salts[W2K3_SALT]);
return_val_if_fail (code == 0, NULL);
/* And lastly a null salt */
- salts[i++].data = NULL;
+#ifdef HEIMDAL
+ salts[NULL_SALT].salttype = KRB5_PW_SALT;
+ salts[NULL_SALT].saltvalue.data = NULL;
+#else
+ salts[NULL_SALT].data = NULL;
+#endif
- assert (count == i);
return salts;
}
@@ -1920,10 +1956,15 @@
static void
free_principal_salts (krb5_context k5,
- krb5_data *salts)
+ krb5_salt *salts)
{
int i;
+#ifdef HEIMDAL
+ for (i = 0; i < _NUM_SALTS; i++)
+ krb5_free_salt(k5, salts[i]);
+#else
for (i = 0; salts[i].data != NULL; i++)
krb5_free_data_contents (k5, salts + i);
+#endif
free (salts);
@@ -1976,5 +2017,5 @@
krb5_data password;
krb5_error_code code;
- krb5_data *salts;
+ krb5_salt *salts;
krb5_enctype *enctypes;
@@ -2076,5 +2117,9 @@
res = add_principal_to_keytab (enroll, k5, enroll->keytab_principals[i],
name, &which_salt, flags);
+#ifdef HEIMDAL
+ krb5_xfree(name);
+#else
krb5_free_unparsed_name (k5, name);
+#endif
if (res != ADCLI_SUCCESS)
@@ -3349,5 +3394,10 @@
/* check that ENCTYPE_UNKNOWN is filtered out */
check_enctypes[0] = permitted_enctypes[0];
+#ifdef HEIMDAL
+ /* XXX Not sure, if this is needed under Heimdal at all */
+ check_enctypes[1] = KRB5_ENCTYPE_NULL;
+#else
check_enctypes[1] = ENCTYPE_UNKNOWN;
+#endif
check_enctypes[2] = 0;
adcli_enroll_set_keytab_enctypes (enroll, check_enctypes);
--- library/adkrb5.c 2021-02-20 08:51:40.000000000 -0500
+++ library/adkrb5.c 2021-10-12 21:44:40.955444000 -0400
@@ -28,5 +28,12 @@
#include <gssapi/gssapi_krb5.h>
-#include <krb5/krb5.h>
+#ifndef ENOKEY
+# define ENOKEY ENOTCAPABLE
+#endif
+#ifdef HEIMDAL
+# include <krb5.h>
+#else
+# include <krb5/krb5.h>
+#endif
#include <assert.h>
@@ -83,5 +90,9 @@
/* See if we should remove this entry */
if (!match_func (k5, &entry, match_data)) {
+#ifdef HEIMDAL
+ krb5_kt_free_entry(k5, &entry);
+#else
krb5_free_keytab_entry_contents (k5, &entry);
+#endif
continue;
}
@@ -96,5 +107,9 @@
code = krb5_kt_remove_entry (k5, keytab, &entry);
+#ifdef HEIMDAL
+ krb5_kt_free_entry(k5, &entry);
+#else
krb5_free_keytab_entry_contents (k5, &entry);
+#endif
if (code != 0)
@@ -220,14 +235,20 @@
void *data)
{
- krb5_boolean similar = FALSE;
match_enctype_kvno *closure = data;
+#ifndef HEIMDAL
+ krb5_boolean similar = FALSE;
krb5_error_code code;
+#endif
assert (closure->enctype);
+#ifndef HEIMDAL
code = krb5_c_enctype_compare (k5, closure->enctype, entry->key.enctype,
&similar);
if (code == 0 && entry->vno == closure->kvno && similar) {
+#else
+ if (krb5_kt_compare(k5, entry, NULL, closure->kvno, closure->enctype)) {
+#endif
closure->matched = 1;
return 1;
@@ -267,5 +288,11 @@
}
- code = krb5_copy_keyblock_contents (k5, &entry.key, keyblock);
+ code = krb5_copy_keyblock_contents (k5,
+#ifdef HEIMDAL
+ &entry.keyblock,
+#else
+ &entry.key,
+#endif
+ keyblock);
krb5_free_keytab_entry_contents (k5, &entry);
break;
@@ -301,5 +328,10 @@
memset (&entry, 0, sizeof (entry));
- code = _adcli_krb5_get_keyblock (k5, keytab, &entry.key,
+ code = _adcli_krb5_get_keyblock (k5, keytab,
+#ifdef HEIMDAL
+ &entry.keyblock,
+#else
+ &entry.key,
+#endif
match_enctype_and_kvno, &closure);
if (code != 0 || closure.matched == 0) {
@@ -329,5 +361,5 @@
krb5_data *password,
krb5_enctype *enctypes,
- krb5_data *salt)
+ const krb5_salt *salt)
{
krb5_keytab_entry entry;
@@ -338,5 +370,10 @@
memset (&entry, 0, sizeof(entry));
+#ifdef HEIMDAL
+ code = krb5_string_to_key_salt(k5, enctypes[i], password->data,
+ *salt, &entry.keyblock);
+#else
code = krb5_c_string_to_key (k5, enctypes[i], password, salt, &entry.key);
+#endif
if (code != 0)
return code;
@@ -364,5 +401,5 @@
krb5_data *password,
krb5_enctype *enctypes,
- krb5_data *salt)
+ const krb5_salt *salt)
{
krb5_error_code code;
@@ -390,5 +427,5 @@
krb5_data *password,
krb5_enctype *enctypes,
- krb5_data *salts,
+ const krb5_salt *salts,
int *discovered)
{
@@ -420,5 +457,11 @@
}
- for (i = 0; salts[i].data != NULL; i++) {
+ for (i = 0;
+#ifdef HEIMDAL
+ salts[i].saltvalue.data != NULL;
+#else
+ salts[i].data != NULL;
+#endif
+ i++) {
code = _adcli_krb5_keytab_test_salt (k5, scratch, principal, kvno,
password, salt_enctypes, &salts[i]);
@@ -440,11 +483,15 @@
krb5_principal principal,
const char *host_netbios,
- krb5_data *salt)
+ krb5_salt *salt)
{
- krb5_data *realm;
- size_t size = 0;
- size_t host_length = 0;
+ const char *realm;
+#ifndef HEIMDAL
+ const krb5_data *krealm;
+#endif
+ size_t size = 0, realm_len;
+ size_t host_length;
size_t at = 0;
int i;
+ char *data;
/*
@@ -453,41 +500,55 @@
*/
- realm = krb5_princ_realm (k5, principal);
+#ifdef HEIMDAL
+ salt->salttype = KRB5_PW_SALT;
+ realm = krb5_principal_get_realm(k5, principal);
+ realm_len = strlen(realm);
+#else
+ krealm = krb5_princ_realm (k5, principal);
+ realm = krealm->data;
+ realm_len = krealm->length;
+#endif
host_length = strlen (host_netbios);
- size += realm->length;
+ size += realm_len;
size += 4; /* "host" */
size += host_length;
size += 1; /* "." */
- size += realm->length;
+ size += realm_len;
- salt->data = malloc (size);
- return_val_if_fail (salt->data != NULL, ENOMEM);
+ data = malloc (size);
+ return_val_if_fail (data != NULL, ENOMEM);
/* Upper case realm */
- for (i = 0; i < realm->length; i++)
- salt->data[at + i] = toupper (realm->data[i]);
- at += realm->length;
+ for (i = 0; i < realm_len; i++)
+ data[at + i] = toupper (realm[i]);
+ at += realm_len;
/* The string "host" */
- memcpy (salt->data + at, "host", 4);
+ memcpy (data + at, "host", 4);
at += 4;
/* The netbios name in lower case */
for (i = 0; i < host_length; i++)
- salt->data[at + i] = tolower (host_netbios[i]);
+ data[at + i] = tolower (host_netbios[i]);
at += host_length;
/* The dot */
- memcpy (salt->data + at, ".", 1);
+ memcpy (data + at, ".", 1);
at += 1;
/* Lower case realm */
- for (i = 0; i < realm->length; i++)
- salt->data[at + i] = tolower (realm->data[i]);
- at += realm->length;
+ for (i = 0; i < realm_len; i++)
+ data[at + i] = tolower (realm[i]);
+ at += realm_len;
assert (at == size);
+#ifdef HEIMDAL
+ salt->saltvalue.data = data;
+ salt->saltvalue.length = size;
+#else
+ salt->data = data;
salt->length = size;
+#endif
return 0;
}
--- library/adldap.c 2015-12-07 04:18:09.000000000 -0500
+++ library/adldap.c 2016-06-15 17:36:22.374212000 -0400
@@ -28,5 +28,9 @@
#include <gssapi/gssapi_krb5.h>
-#include <krb5/krb5.h>
+#ifdef HEIMDAL
+# include <krb5.h>
+#else
+# include <krb5/krb5.h>
+#endif
#include <ldap.h>
#include <sasl/sasl.h>
--- library/adutil.c 2021-02-20 08:51:40.000000000 -0500
+++ library/adutil.c 2024-01-18 18:14:00.000000000 -0400
@@ -30,5 +30,4 @@
#include <assert.h>
#include <ctype.h>
-#include <endian.h>
#include <errno.h>
#include <stdio.h>
@@ -38,4 +38,9 @@
#include <time.h>
#include <sys/wait.h>
+#ifdef __linux__
+# include <endian.h>
+#else
+# include <sys/endian.h> /* le32toh() */
+#endif
static adcli_message_func message_func = NULL;
@@ -84,4 +89,6 @@
}
+static void messagev(adcli_message_type, const char *, va_list) GNUC_PRINTF(2, 0);
+
static void
messagev (adcli_message_type type,
@@ -414,5 +421,5 @@
char *
-_adcli_str_dupn (void *data,
+_adcli_str_dupn (const void *data,
size_t len)
{
--- library/addisco.c 2015-12-07 04:18:09.000000000 -0500
+++ library/addisco.c 2016-06-15 17:06:34.197797000 -0400
@@ -32,4 +32,5 @@
#include <arpa/inet.h>
+#include <netinet/in.h>
#include <arpa/nameser.h>
--- library/adconn.c 2015-12-16 04:33:30.000000000 -0500
+++ library/adconn.c 2016-06-16 01:19:09.031863000 -0400
@@ -27,10 +27,11 @@
#include "adprivate.h"
#include "addisco.h"
+#include "adconn.h"
#include <gssapi/gssapi_krb5.h>
-#include <krb5/krb5.h>
-#include <ldap.h>
#include <sasl/sasl.h>
+#include <netinet/in.h>
+
#include <sys/types.h>
#include <sys/socket.h>
@@ -386,5 +387,7 @@
" %s = {\n"
" kdc = %s:88\n"
+#ifndef HEIMDAL
" master_kdc = %s:88\n"
+#endif
" kpasswd_server = %s\n"
" }\n"
@@ -392,5 +395,9 @@
" %s = %s\n"
" %s = %s\n",
- conn->domain_realm, controller, controller, controller,
+ conn->domain_realm, controller,
+#ifndef HEIMDAL
+ controller,
+#endif
+ controller,
conn->canonical_host, conn->domain_realm,
conn->domain_controller, conn->domain_realm) < 0)
@@ -481,8 +488,10 @@
return_val_if_fail (code == 0, code);
+#ifndef HEIMDAL /* No such call in Heimdal -- not needed */
if (ccache) {
code = krb5_get_init_creds_opt_set_out_ccache (k5, opt, ccache);
return_val_if_fail (code == 0, code);
}
+#endif
memset (&dummy, 0, sizeof (dummy));
@@ -554,8 +563,10 @@
return_val_if_fail (code == 0, code);
+#ifndef HEIMDAL /* No such call in Heimdal -- not needed */
if (ccache) {
code = krb5_get_init_creds_opt_set_out_ccache (k5, opt, ccache);
return_val_if_fail (code == 0, code);
}
+#endif
memset (&dummy, 0, sizeof (dummy));
@@ -565,5 +576,5 @@
code = krb5_get_init_creds_password (k5, creds, principal,
conn->user_password, null_prompter, NULL,
- 0, (char *)in_tkt_service, opt);
+ 0, in_tkt_service, opt);
krb5_free_principal (k5, principal);
@@ -1014,5 +1025,9 @@
/* Clear the credential cache GSSAPI to use (for this thread) */
+#ifdef HEIMDAL
+ status = gss_krb5_ccache_name (&minor, "", NULL);
+#else
status = gss_krb5_ccache_name (&minor, NULL, NULL);
+#endif
return_unexpected_if_fail (status == 0);
--- tools/tools.c 2015-12-16 04:35:03.000000000 -0500
+++ tools/tools.c 2016-06-16 02:53:00.103111000 -0400
@@ -504,5 +504,12 @@
errx (-1, "unexpected memory problems");
adcli_conn_set_password_func (conn, adcli_prompt_password_func, NULL, NULL);
+#ifndef HEIMDAL
+ /*
+ * Only do this with MIT Kerberos. Heimdal does not support
+ * includedir and include directives and seems to work
+ * without this anyway.
+ */
setup_krb5_conf_directory (conn);
+#endif
}

10
net-mgmt/adcli/files/patch-library_adconn.c Normal file
View file

@ -0,0 +1,10 @@
--- library/adconn.c.orig 2022-09-28 17:04:28 UTC
+++ library/adconn.c
@@ -31,6 +31,7 @@
#include <krb5/krb5.h>
#include <ldap.h>
#include <sasl/sasl.h>
+#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>

10
net-mgmt/adcli/files/patch-library_addisco.c Normal file
View file

@ -0,0 +1,10 @@
--- library/addisco.c.orig 2022-09-28 17:04:28 UTC
+++ library/addisco.c
@@ -32,6 +32,7 @@
#include <arpa/inet.h>
#include <arpa/nameser.h>
+#include <netinet/in.h>
#include <assert.h>
#include <netdb.h>

20
net-mgmt/adcli/files/patch-library_adkrb5.c Normal file
View file

@ -0,0 +1,20 @@
--- library/adkrb5.c.orig 2022-09-28 17:04:28 UTC
+++ library/adkrb5.c
@@ -250,7 +250,7 @@ _adcli_krb5_get_keyblock (krb5_context k5,
krb5_error_code code;
code = krb5_kt_start_seq_get (k5, keytab, &cursor);
- if (code == KRB5_KT_END || code == ENOENT)
+ if (code == KRB5_KT_END || code == KRB5_KT_NOTFOUND)
return 0;
else if (code != 0)
return code;
@@ -303,7 +303,7 @@ _adcli_krb5_keytab_copy_entries (krb5_context k5,
code = _adcli_krb5_get_keyblock (k5, keytab, &entry.key,
match_enctype_and_kvno, &closure);
if (code != 0 || closure.matched == 0) {
- return code != 0 ? code : ENOKEY;
+ return code != 0 ? code : KRB5_KT_NOTFOUND;
}
entry.principal = principal;