git: b8e4873139e9 - main - net-mgmt/adcli: Remove homegrown Hiemdal support
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 23 May 2024 11:30:25 UTC
The branch main has been updated by arrowd:
URL: https://cgit.FreeBSD.org/ports/commit/?id=b8e4873139e985e7d575537a139bb41330be4af3
commit b8e4873139e985e7d575537a139bb41330be4af3
Author: Gleb Popov <arrowd@FreeBSD.org>
AuthorDate: 2024-05-23 10:47:32 +0000
Commit: Gleb Popov <arrowd@FreeBSD.org>
CommitDate: 2024-05-23 11:30:19 +0000
net-mgmt/adcli: Remove homegrown Hiemdal support
The local patch adding Hiemdal support was causing 'adcli join' command to fail.
Hiemdal is going away neverthless, so remove this patch.
While here, fix Makefile style.
Sponsored by: Serenity Cybersecurity, LLC
---
net-mgmt/adcli/Makefile | 40 +-
.../files/{patch-configure => patch-configure.ac} | 16 +-
net-mgmt/adcli/files/patch-heimdal | 630 ---------------------
net-mgmt/adcli/files/patch-library_adconn.c | 10 +
net-mgmt/adcli/files/patch-library_addisco.c | 10 +
net-mgmt/adcli/files/patch-library_adkrb5.c | 20 +
6 files changed, 59 insertions(+), 667 deletions(-)
diff --git a/net-mgmt/adcli/Makefile b/net-mgmt/adcli/Makefile
index 6a072c5974ba..1c7c2cad332b 100644
--- a/net-mgmt/adcli/Makefile
+++ b/net-mgmt/adcli/Makefile
@@ -1,8 +1,7 @@
PORTNAME= adcli
PORTVERSION= 0.9.2
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= net-mgmt net security
-MASTER_SITES= https://gitlab.freedesktop.org/realmd/adcli/-/archive/${PORTVERSION}/
MAINTAINER= ports@virtual-estates.net
COMMENT= Tool for performing actions on an Active Directory domain
@@ -14,44 +13,23 @@ BUILD_DEPENDS= xsltproc:textproc/libxslt \
docbook-xml>0:textproc/docbook-xml \
docbook-xsl>0:textproc/docbook-xsl
-GNU_CONFIGURE= yes
-GNU_CONFIGURE_MANPREFIX=${PREFIX}/share
-TEST_TARGET= check
+USES= autoreconf gssapi:mit,flags iconv ldap libtool localbase tar:bz2
-OPTIONS_DEFINE= DOCS
-OPTIONS_SINGLE= GSSAPI
-OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
-OPTIONS_DEFAULT= GSSAPI_BASE
+USE_GITLAB= yes
+GL_SITE= https://gitlab.freedesktop.org
+GL_ACCOUNT= realmd
+GNU_CONFIGURE= yes
+CONFIGURE_ARGS= ${GSSAPI_CONFIGURE_ARGS}
# xsltproc and docbook are needed to create the man-page. xmlto is only
# required for generating HTML-documents, which are optional.
CONFIGURE_ENV+= ac_cv_path_KRB5_CONFIG=${KRB5CONFIG} \
ac_cv_path_XMLTO=${PORT_OPTIONS:MDOCS:S|DOCS|${LOCALBASE}/bin/xmlto|:S|^$|${TRUE}|}
-CONFIGURE_ARGS= --sysconfdir=/etc
+TEST_TARGET= check
-CFLAGS+= -I${ICONV_INCLUDE_PATH}
-LDFLAGS+= -L${ICONV_LIB_PATH} ${ICONV_LIB}
-USES= autoreconf iconv ldap libtool localbase tar:bz2
+OPTIONS_DEFINE= DOCS
DOCS_BUILD_DEPENDS= xmlto:textproc/xmlto
-GSSAPI_BASE_USES= gssapi
-GSSAPI_MIT_USES= gssapi:mit,flags
-GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags
-
-GSSAPI_BASE_CONFIGURE_ARGS= --sysconfdir=/etc
-GSSAPI_BASE_CONFIGURE_ENV= KRB5_CFLAGS="-I${GSSAPIINCDIR}" \
- KRB5_LIBS="${GSSAPILIBS}"
-GSSAPI_HEIMDAL_CONFIGURE_ARGS= --sysconfdir=${LOCALBASE}/etc
-GSSAPI_HEIMDAL_CONFIGURE_ENV= KRB5_CFLAGS="-I${GSSAPIINCDIR}/heimdal" \
- KRB5_LIBS="${GSSAPILDFLAGS} ${GSSAPILIBS}"
-GSSAPI_MIT_CONFIGURE_ARGS= --sysconfdir=${LOCALBASE}/etc
-GSSAPI_MIT_CONFIGURE_ENV= KRB5_CFLAGS="-I${GSSAPIINCDIR}/gssapi" \
- KRB5_LIBS="${GSSAPILDFLAGS} ${GSSAPILIBS} -lk5crypto"
-
-GSSAPI_BASE_CFLAGS+= -DHEIMDAL
-GSSAPI_HEIMDAL_CFLAGS+= -DHEIMDAL
-# Quiets down warnings inside MIT's headers:
-GSSAPI_MIT_CFLAGS+= -DTARGET_OS_MAC=0
post-build:
${RM} ${WRKSRC}/doc/html/adcli-docs.proc # An empty file...
diff --git a/net-mgmt/adcli/files/patch-configure b/net-mgmt/adcli/files/patch-configure.ac
similarity index 60%
rename from net-mgmt/adcli/files/patch-configure
rename to net-mgmt/adcli/files/patch-configure.ac
index 86fdeacb99bb..04214ee81647 100644
--- a/net-mgmt/adcli/files/patch-configure
+++ b/net-mgmt/adcli/files/patch-configure.ac
@@ -1,6 +1,7 @@
---- configure.ac 2021-02-20 08:51:40.000000000 -0500
-+++ configure.ac 2021-10-12 16:57:31.442711000 -0400
-@@ -104,5 +104,8 @@
+--- configure.ac.orig 2022-09-28 17:04:28 UTC
++++ configure.ac
+@@ -103,7 +103,10 @@ for lib in "" "-lresolv"; do
+ saved_LIBS="$LIBS"
LIBS="$LIBS $lib"
AC_LINK_IFELSE([
- AC_LANG_PROGRAM([#include <resolv.h>],
@@ -8,9 +9,11 @@
+ [#include <netinet/in.h>]
+ [#include <arpa/nameser.h>]
+ [#include <resolv.h>]],
- [res_query (0, 0, 0, 0, 0)])
- ],
-@@ -269,11 +272,4 @@
+ [res_query (0, 0, 0, 0, 0);
+ ns_get32 (NULL);
+ ns_get16 (NULL);])
+@@ -285,13 +288,6 @@ else
+ AC_MSG_ERROR([cat is not available])
else
AC_DEFINE_UNQUOTED(BIN_CAT, "$BIN_CAT", [path to cat, used in unit test])
-fi
@@ -22,3 +25,4 @@
- AC_DEFINE_UNQUOTED(BIN_TAC, "$BIN_TAC", [path to tac, used in unit test])
fi
+ AC_PATH_PROG(BIN_REV, rev, no)
diff --git a/net-mgmt/adcli/files/patch-heimdal b/net-mgmt/adcli/files/patch-heimdal
deleted file mode 100644
index 01beb36be797..000000000000
--- a/net-mgmt/adcli/files/patch-heimdal
+++ /dev/null
@@ -1,630 +0,0 @@
-Submitted upstream:
-
- https://bugs.freedesktop.org/show_bug.cgi?id=96558
-
---- library/adprivate.h 2015-12-11 05:29:24.000000000 -0500
-+++ library/adprivate.h 2016-06-15 19:21:07.357447000 -0400
-@@ -39,4 +39,12 @@
- #endif
-
-+#ifdef HEIMDAL
-+#define MAX_KEYTAB_NAME_LEN 1100 /* This is, what Samba does */
-+#define krb5_free_string(ctx, string) krb5_xfree(string)
-+#define krb5_free_keytab_entry_contents krb5_kt_free_entry /* Samba as well */
-+#else
-+typedef krb5_data krb5_salt; /* MIT Kerberos does not have this */
-+#endif
-+
- /* Utilities */
-
-@@ -133,5 +141,5 @@ int _adcli_str_has_suffix
- const char *suffix);
-
--char * _adcli_str_dupn (void *data,
-+char * _adcli_str_dupn (const void *data,
- size_t len);
-
-@@ -248,5 +256,5 @@ krb5_error_code _adcli_krb5_keytab_add_
- krb5_data *password,
- krb5_enctype *enctypes,
-- krb5_data *salt);
-+ const krb5_salt *salt);
-
- krb5_error_code _adcli_krb5_keytab_test_salt (krb5_context k5,
-@@ -256,5 +264,5 @@ krb5_error_code _adcli_krb5_keytab_test
- krb5_data *password,
- krb5_enctype *enctypes,
-- krb5_data *salt);
-+ const krb5_salt *salt);
-
- krb5_error_code _adcli_krb5_keytab_discover_salt (krb5_context k5,
-@@ -263,5 +271,5 @@ krb5_error_code _adcli_krb5_keytab_disc
- krb5_data *password,
- krb5_enctype *enctypes,
-- krb5_data *salts,
-+ const krb5_salt *salts,
- int *discovered);
-
-@@ -269,5 +277,5 @@ krb5_error_code _adcli_krb5_w2k3_salt
- krb5_principal principal,
- const char *host_netbios,
-- krb5_data *salt);
-+ krb5_salt *salt);
-
- krb5_enctype * _adcli_krb5_parse_enctypes (const char *value);
---- library/adconn.h 2015-12-07 03:59:59.000000000 -0500
-+++ library/adconn.h 2016-06-15 17:34:40.511127000 -0400
-@@ -27,5 +27,9 @@
- #include "adutil.h"
-
--#include <krb5/krb5.h>
-+#ifdef HEIMDAL
-+# include <krb5.h>
-+#else
-+# include <krb5/krb5.h>
-+#endif
- #include <ldap.h>
-
---- library/adenroll.c 2021-02-20 08:51:40.000000000 -0500
-+++ library/adenroll.c 2021-10-12 20:53:10.777253000 -0400
-@@ -29,5 +29,11 @@
-
- #include <gssapi/gssapi_krb5.h>
--#include <krb5/krb5.h>
-+#ifdef HEIMDAL
-+# include <krb5.h>
-+# define krb5_free_data_contents(ctx, data) krb5_data_free(data)
-+# define krb5_free_enctypes(ctx, enctypes) free(enctypes)
-+#else
-+# include <krb5/krb5.h>
-+#endif
- #include <ldap.h>
- #include <sasl/sasl.h>
-@@ -315,5 +321,7 @@
- char *password;
- krb5_context k5;
-+#ifndef HEIMDAL
- krb5_error_code code;
-+#endif
- krb5_data buffer;
- int at;
-@@ -330,6 +338,10 @@
- buffer.data = password + at;
-
-+#ifdef HEIMDAL
-+ krb5_generate_random_block(buffer.data, buffer.length);
-+#else
- code = krb5_c_random_make_octets (k5, &buffer);
- return_val_if_fail (code == 0, NULL);
-+#endif
-
- at += filter (buffer.data, buffer.length);
-@@ -1302,5 +1314,5 @@
- _adcli_err ("Cannot set %s password: %.*s%s%s",
- s_or_c (enroll),
-- (int)result_code_string.length, result_code_string.data,
-+ (int)result_code_string.length, (char *)result_code_string.data,
- message ? ": " : "", message ? message : "");
- res = ADCLI_ERR_CREDENTIALS;
-@@ -1350,5 +1362,6 @@
- }
-
-- code = krb5_change_password (k5, &creds, enroll->computer_password,
-+ /* Use new krb5_set_password instead of deprecated krb5_change_password */
-+ code = krb5_set_password (k5, &creds, enroll->computer_password, NULL,
- &result_code, &result_code_string, &result_string);
-
-@@ -1372,5 +1385,5 @@
- #endif
- _adcli_err ("Cannot change computer password: %.*s%s%s",
-- (int)result_code_string.length, result_code_string.data,
-+ (int)result_code_string.length, (char *)result_code_string.data,
- message ? ": " : "", message ? message : "");
- res = ADCLI_ERR_CREDENTIALS;
-@@ -1749,5 +1762,5 @@
- return_unexpected_if_fail (code == 0);
-
-- enroll->keytab_name = name;
-+ enroll->keytab_name = realloc(name, strlen(name) + 1);
- enroll->keytab_name_is_krb5 = 1;
- }
-@@ -1765,6 +1778,6 @@
- krb5_error_code code;
- krb5_principal principal;
-- const char *realm;
-- size_t len;
-+ const char *realm, *entry_realm;
-+ size_t len, entry_realm_len;
- char *value;
- char *name;
-@@ -1772,11 +1785,22 @@
- /* Skip over any entry without a principal or realm */
- principal = entry->principal;
-- if (!principal || !principal->realm.length)
-+ if (principal == NULL)
- return TRUE;
-+#ifdef HEIMDAL
-+ entry_realm = krb5_principal_get_realm(k5, principal);
-+ if (entry_realm == NULL || entry_realm[0] == '\0')
-+ return TRUE;
-+ entry_realm_len = strlen(entry_realm);
-+#else
-+ if (!principal->realm.length)
-+ return TRUE;
-+ entry_realm = principal->realm.data;
-+ entry_realm_len = principal->realm.length;
-+#endif
-
- /* Use the first keytab entry as realm */
- realm = adcli_conn_get_domain_realm (enroll->conn);
- if (!realm) {
-- value = _adcli_str_dupn (principal->realm.data, principal->realm.length);
-+ value = _adcli_str_dupn (entry_realm, entry_realm_len);
- adcli_conn_set_domain_realm (enroll->conn, value);
- _adcli_info ("Found realm in keytab: %s", value);
-@@ -1787,5 +1811,5 @@
- /* Only look at entries that match the realm */
- len = strlen (realm);
-- if (principal->realm.length != len && strncmp (realm, principal->realm.data, len) != 0)
-+ if (entry_realm_len != len && strncmp (realm, entry_realm, len) != 0)
- return TRUE;
-
-@@ -1888,7 +1912,13 @@
- }
-
--#define DEFAULT_SALT 1
-+enum SALTS {
-+ STANDARD_SALT,
-+ W2K3_SALT,
-+ NULL_SALT,
-+ _NUM_SALTS
-+};
-+#define DEFAULT_SALT W2K3_SALT
-
--static krb5_data *
-+static krb5_salt *
- build_principal_salts (adcli_enroll *enroll,
- krb5_context k5,
-@@ -1896,23 +1926,29 @@
- {
- krb5_error_code code;
-- krb5_data *salts;
-- const int count = 3;
-- int i = 0;
-+ krb5_salt *salts;
-
-- salts = calloc (count, sizeof (krb5_data));
-+ salts = calloc (_NUM_SALTS, sizeof (*salts));
- return_val_if_fail (salts != NULL, NULL);
-
- /* Build up the salts, first a standard kerberos salt */
-- code = krb5_principal2salt (k5, principal, &salts[i++]);
-+#ifdef HEIMDAL
-+ code = krb5_get_pw_salt(k5, principal, &salts[STANDARD_SALT]);
-+#else
-+ code = krb5_principal2salt(k5, principal, &salts[STANDARD_SALT]);
-+#endif
- return_val_if_fail (code == 0, NULL);
-
- /* Then a Windows 2003 computer account salt */
-- code = _adcli_krb5_w2k3_salt (k5, principal, enroll->computer_name, &salts[i++]);
-+ code = _adcli_krb5_w2k3_salt (k5, principal, enroll->computer_name, &salts[W2K3_SALT]);
- return_val_if_fail (code == 0, NULL);
-
- /* And lastly a null salt */
-- salts[i++].data = NULL;
-+#ifdef HEIMDAL
-+ salts[NULL_SALT].salttype = KRB5_PW_SALT;
-+ salts[NULL_SALT].saltvalue.data = NULL;
-+#else
-+ salts[NULL_SALT].data = NULL;
-+#endif
-
-- assert (count == i);
- return salts;
- }
-@@ -1920,10 +1956,15 @@
- static void
- free_principal_salts (krb5_context k5,
-- krb5_data *salts)
-+ krb5_salt *salts)
- {
- int i;
-
-+#ifdef HEIMDAL
-+ for (i = 0; i < _NUM_SALTS; i++)
-+ krb5_free_salt(k5, salts[i]);
-+#else
- for (i = 0; salts[i].data != NULL; i++)
- krb5_free_data_contents (k5, salts + i);
-+#endif
-
- free (salts);
-@@ -1976,5 +2017,5 @@
- krb5_data password;
- krb5_error_code code;
-- krb5_data *salts;
-+ krb5_salt *salts;
- krb5_enctype *enctypes;
-
-@@ -2076,5 +2117,9 @@
- res = add_principal_to_keytab (enroll, k5, enroll->keytab_principals[i],
- name, &which_salt, flags);
-+#ifdef HEIMDAL
-+ krb5_xfree(name);
-+#else
- krb5_free_unparsed_name (k5, name);
-+#endif
-
- if (res != ADCLI_SUCCESS)
-@@ -3349,5 +3394,10 @@
- /* check that ENCTYPE_UNKNOWN is filtered out */
- check_enctypes[0] = permitted_enctypes[0];
-+#ifdef HEIMDAL
-+ /* XXX Not sure, if this is needed under Heimdal at all */
-+ check_enctypes[1] = KRB5_ENCTYPE_NULL;
-+#else
- check_enctypes[1] = ENCTYPE_UNKNOWN;
-+#endif
- check_enctypes[2] = 0;
- adcli_enroll_set_keytab_enctypes (enroll, check_enctypes);
---- library/adkrb5.c 2021-02-20 08:51:40.000000000 -0500
-+++ library/adkrb5.c 2021-10-12 21:44:40.955444000 -0400
-@@ -28,5 +28,12 @@
-
- #include <gssapi/gssapi_krb5.h>
--#include <krb5/krb5.h>
-+#ifndef ENOKEY
-+# define ENOKEY ENOTCAPABLE
-+#endif
-+#ifdef HEIMDAL
-+# include <krb5.h>
-+#else
-+# include <krb5/krb5.h>
-+#endif
-
- #include <assert.h>
-@@ -83,5 +90,9 @@
- /* See if we should remove this entry */
- if (!match_func (k5, &entry, match_data)) {
-+#ifdef HEIMDAL
-+ krb5_kt_free_entry(k5, &entry);
-+#else
- krb5_free_keytab_entry_contents (k5, &entry);
-+#endif
- continue;
- }
-@@ -96,5 +107,9 @@
-
- code = krb5_kt_remove_entry (k5, keytab, &entry);
-+#ifdef HEIMDAL
-+ krb5_kt_free_entry(k5, &entry);
-+#else
- krb5_free_keytab_entry_contents (k5, &entry);
-+#endif
-
- if (code != 0)
-@@ -220,14 +235,20 @@
- void *data)
- {
-- krb5_boolean similar = FALSE;
- match_enctype_kvno *closure = data;
-+#ifndef HEIMDAL
-+ krb5_boolean similar = FALSE;
- krb5_error_code code;
-+#endif
-
- assert (closure->enctype);
-
-+#ifndef HEIMDAL
- code = krb5_c_enctype_compare (k5, closure->enctype, entry->key.enctype,
- &similar);
-
- if (code == 0 && entry->vno == closure->kvno && similar) {
-+#else
-+ if (krb5_kt_compare(k5, entry, NULL, closure->kvno, closure->enctype)) {
-+#endif
- closure->matched = 1;
- return 1;
-@@ -267,5 +288,11 @@
- }
-
-- code = krb5_copy_keyblock_contents (k5, &entry.key, keyblock);
-+ code = krb5_copy_keyblock_contents (k5,
-+#ifdef HEIMDAL
-+ &entry.keyblock,
-+#else
-+ &entry.key,
-+#endif
-+ keyblock);
- krb5_free_keytab_entry_contents (k5, &entry);
- break;
-@@ -301,5 +328,10 @@
- memset (&entry, 0, sizeof (entry));
-
-- code = _adcli_krb5_get_keyblock (k5, keytab, &entry.key,
-+ code = _adcli_krb5_get_keyblock (k5, keytab,
-+#ifdef HEIMDAL
-+ &entry.keyblock,
-+#else
-+ &entry.key,
-+#endif
- match_enctype_and_kvno, &closure);
- if (code != 0 || closure.matched == 0) {
-@@ -329,5 +361,5 @@
- krb5_data *password,
- krb5_enctype *enctypes,
-- krb5_data *salt)
-+ const krb5_salt *salt)
- {
- krb5_keytab_entry entry;
-@@ -338,5 +370,10 @@
- memset (&entry, 0, sizeof(entry));
-
-+#ifdef HEIMDAL
-+ code = krb5_string_to_key_salt(k5, enctypes[i], password->data,
-+ *salt, &entry.keyblock);
-+#else
- code = krb5_c_string_to_key (k5, enctypes[i], password, salt, &entry.key);
-+#endif
- if (code != 0)
- return code;
-@@ -364,5 +401,5 @@
- krb5_data *password,
- krb5_enctype *enctypes,
-- krb5_data *salt)
-+ const krb5_salt *salt)
- {
- krb5_error_code code;
-@@ -390,5 +427,5 @@
- krb5_data *password,
- krb5_enctype *enctypes,
-- krb5_data *salts,
-+ const krb5_salt *salts,
- int *discovered)
- {
-@@ -420,5 +457,11 @@
- }
-
-- for (i = 0; salts[i].data != NULL; i++) {
-+ for (i = 0;
-+#ifdef HEIMDAL
-+ salts[i].saltvalue.data != NULL;
-+#else
-+ salts[i].data != NULL;
-+#endif
-+ i++) {
- code = _adcli_krb5_keytab_test_salt (k5, scratch, principal, kvno,
- password, salt_enctypes, &salts[i]);
-@@ -440,11 +483,15 @@
- krb5_principal principal,
- const char *host_netbios,
-- krb5_data *salt)
-+ krb5_salt *salt)
- {
-- krb5_data *realm;
-- size_t size = 0;
-- size_t host_length = 0;
-+ const char *realm;
-+#ifndef HEIMDAL
-+ const krb5_data *krealm;
-+#endif
-+ size_t size = 0, realm_len;
-+ size_t host_length;
- size_t at = 0;
- int i;
-+ char *data;
-
- /*
-@@ -453,41 +500,55 @@
- */
-
-- realm = krb5_princ_realm (k5, principal);
-+#ifdef HEIMDAL
-+ salt->salttype = KRB5_PW_SALT;
-+ realm = krb5_principal_get_realm(k5, principal);
-+ realm_len = strlen(realm);
-+#else
-+ krealm = krb5_princ_realm (k5, principal);
-+ realm = krealm->data;
-+ realm_len = krealm->length;
-+#endif
- host_length = strlen (host_netbios);
-
-- size += realm->length;
-+ size += realm_len;
- size += 4; /* "host" */
- size += host_length;
- size += 1; /* "." */
-- size += realm->length;
-+ size += realm_len;
-
-- salt->data = malloc (size);
-- return_val_if_fail (salt->data != NULL, ENOMEM);
-+ data = malloc (size);
-+ return_val_if_fail (data != NULL, ENOMEM);
-
- /* Upper case realm */
-- for (i = 0; i < realm->length; i++)
-- salt->data[at + i] = toupper (realm->data[i]);
-- at += realm->length;
-+ for (i = 0; i < realm_len; i++)
-+ data[at + i] = toupper (realm[i]);
-+ at += realm_len;
-
- /* The string "host" */
-- memcpy (salt->data + at, "host", 4);
-+ memcpy (data + at, "host", 4);
- at += 4;
-
- /* The netbios name in lower case */
- for (i = 0; i < host_length; i++)
-- salt->data[at + i] = tolower (host_netbios[i]);
-+ data[at + i] = tolower (host_netbios[i]);
- at += host_length;
-
- /* The dot */
-- memcpy (salt->data + at, ".", 1);
-+ memcpy (data + at, ".", 1);
- at += 1;
-
- /* Lower case realm */
-- for (i = 0; i < realm->length; i++)
-- salt->data[at + i] = tolower (realm->data[i]);
-- at += realm->length;
-+ for (i = 0; i < realm_len; i++)
-+ data[at + i] = tolower (realm[i]);
-+ at += realm_len;
-
- assert (at == size);
-+#ifdef HEIMDAL
-+ salt->saltvalue.data = data;
-+ salt->saltvalue.length = size;
-+#else
-+ salt->data = data;
- salt->length = size;
-+#endif
- return 0;
- }
---- library/adldap.c 2015-12-07 04:18:09.000000000 -0500
-+++ library/adldap.c 2016-06-15 17:36:22.374212000 -0400
-@@ -28,5 +28,9 @@
-
- #include <gssapi/gssapi_krb5.h>
--#include <krb5/krb5.h>
-+#ifdef HEIMDAL
-+# include <krb5.h>
-+#else
-+# include <krb5/krb5.h>
-+#endif
- #include <ldap.h>
- #include <sasl/sasl.h>
---- library/adutil.c 2021-02-20 08:51:40.000000000 -0500
-+++ library/adutil.c 2024-01-18 18:14:00.000000000 -0400
-@@ -30,5 +30,4 @@
- #include <assert.h>
- #include <ctype.h>
--#include <endian.h>
- #include <errno.h>
- #include <stdio.h>
-@@ -38,4 +38,9 @@
- #include <time.h>
- #include <sys/wait.h>
-+#ifdef __linux__
-+# include <endian.h>
-+#else
-+# include <sys/endian.h> /* le32toh() */
-+#endif
-
- static adcli_message_func message_func = NULL;
-@@ -84,4 +89,6 @@
- }
-
-+static void messagev(adcli_message_type, const char *, va_list) GNUC_PRINTF(2, 0);
-+
- static void
- messagev (adcli_message_type type,
-@@ -414,5 +421,5 @@
-
- char *
--_adcli_str_dupn (void *data,
-+_adcli_str_dupn (const void *data,
- size_t len)
- {
---- library/addisco.c 2015-12-07 04:18:09.000000000 -0500
-+++ library/addisco.c 2016-06-15 17:06:34.197797000 -0400
-@@ -32,4 +32,5 @@
-
- #include <arpa/inet.h>
-+#include <netinet/in.h>
- #include <arpa/nameser.h>
-
---- library/adconn.c 2015-12-16 04:33:30.000000000 -0500
-+++ library/adconn.c 2016-06-16 01:19:09.031863000 -0400
-@@ -27,10 +27,11 @@
- #include "adprivate.h"
- #include "addisco.h"
-+#include "adconn.h"
-
- #include <gssapi/gssapi_krb5.h>
--#include <krb5/krb5.h>
--#include <ldap.h>
- #include <sasl/sasl.h>
-
-+#include <netinet/in.h>
-+
- #include <sys/types.h>
- #include <sys/socket.h>
-@@ -386,5 +387,7 @@
- " %s = {\n"
- " kdc = %s:88\n"
-+#ifndef HEIMDAL
- " master_kdc = %s:88\n"
-+#endif
- " kpasswd_server = %s\n"
- " }\n"
-@@ -392,5 +395,9 @@
- " %s = %s\n"
- " %s = %s\n",
-- conn->domain_realm, controller, controller, controller,
-+ conn->domain_realm, controller,
-+#ifndef HEIMDAL
-+ controller,
-+#endif
-+ controller,
- conn->canonical_host, conn->domain_realm,
- conn->domain_controller, conn->domain_realm) < 0)
-@@ -481,8 +488,10 @@
- return_val_if_fail (code == 0, code);
-
-+#ifndef HEIMDAL /* No such call in Heimdal -- not needed */
- if (ccache) {
- code = krb5_get_init_creds_opt_set_out_ccache (k5, opt, ccache);
- return_val_if_fail (code == 0, code);
- }
-+#endif
-
- memset (&dummy, 0, sizeof (dummy));
-@@ -554,8 +563,10 @@
- return_val_if_fail (code == 0, code);
-
-+#ifndef HEIMDAL /* No such call in Heimdal -- not needed */
- if (ccache) {
- code = krb5_get_init_creds_opt_set_out_ccache (k5, opt, ccache);
- return_val_if_fail (code == 0, code);
- }
-+#endif
-
- memset (&dummy, 0, sizeof (dummy));
-@@ -565,5 +576,5 @@
- code = krb5_get_init_creds_password (k5, creds, principal,
- conn->user_password, null_prompter, NULL,
-- 0, (char *)in_tkt_service, opt);
-+ 0, in_tkt_service, opt);
-
- krb5_free_principal (k5, principal);
-@@ -1014,5 +1025,9 @@
-
- /* Clear the credential cache GSSAPI to use (for this thread) */
-+#ifdef HEIMDAL
-+ status = gss_krb5_ccache_name (&minor, "", NULL);
-+#else
- status = gss_krb5_ccache_name (&minor, NULL, NULL);
-+#endif
- return_unexpected_if_fail (status == 0);
-
---- tools/tools.c 2015-12-16 04:35:03.000000000 -0500
-+++ tools/tools.c 2016-06-16 02:53:00.103111000 -0400
-@@ -504,5 +504,12 @@
- errx (-1, "unexpected memory problems");
- adcli_conn_set_password_func (conn, adcli_prompt_password_func, NULL, NULL);
-+#ifndef HEIMDAL
-+ /*
-+ * Only do this with MIT Kerberos. Heimdal does not support
-+ * includedir and include directives and seems to work
-+ * without this anyway.
-+ */
- setup_krb5_conf_directory (conn);
-+#endif
- }
-
diff --git a/net-mgmt/adcli/files/patch-library_adconn.c b/net-mgmt/adcli/files/patch-library_adconn.c
new file mode 100644
index 000000000000..56835ccff896
--- /dev/null
+++ b/net-mgmt/adcli/files/patch-library_adconn.c
@@ -0,0 +1,10 @@
+--- library/adconn.c.orig 2022-09-28 17:04:28 UTC
++++ library/adconn.c
+@@ -31,6 +31,7 @@
+ #include <krb5/krb5.h>
+ #include <ldap.h>
+ #include <sasl/sasl.h>
++#include <netinet/in.h>
+
+ #include <sys/types.h>
+ #include <sys/socket.h>
diff --git a/net-mgmt/adcli/files/patch-library_addisco.c b/net-mgmt/adcli/files/patch-library_addisco.c
new file mode 100644
index 000000000000..70a5f1f73b86
--- /dev/null
+++ b/net-mgmt/adcli/files/patch-library_addisco.c
@@ -0,0 +1,10 @@
+--- library/addisco.c.orig 2022-09-28 17:04:28 UTC
++++ library/addisco.c
+@@ -32,6 +32,7 @@
+
+ #include <arpa/inet.h>
+ #include <arpa/nameser.h>
++#include <netinet/in.h>
+
+ #include <assert.h>
+ #include <netdb.h>
diff --git a/net-mgmt/adcli/files/patch-library_adkrb5.c b/net-mgmt/adcli/files/patch-library_adkrb5.c
new file mode 100644
index 000000000000..ca6b8c6b1266
--- /dev/null
+++ b/net-mgmt/adcli/files/patch-library_adkrb5.c
@@ -0,0 +1,20 @@
+--- library/adkrb5.c.orig 2022-09-28 17:04:28 UTC
++++ library/adkrb5.c
+@@ -250,7 +250,7 @@ _adcli_krb5_get_keyblock (krb5_context k5,
+ krb5_error_code code;
+
+ code = krb5_kt_start_seq_get (k5, keytab, &cursor);
+- if (code == KRB5_KT_END || code == ENOENT)
++ if (code == KRB5_KT_END || code == KRB5_KT_NOTFOUND)
+ return 0;
+ else if (code != 0)
+ return code;
+@@ -303,7 +303,7 @@ _adcli_krb5_keytab_copy_entries (krb5_context k5,
+ code = _adcli_krb5_get_keyblock (k5, keytab, &entry.key,
+ match_enctype_and_kvno, &closure);
+ if (code != 0 || closure.matched == 0) {
+- return code != 0 ? code : ENOKEY;
++ return code != 0 ? code : KRB5_KT_NOTFOUND;
+ }
+
+ entry.principal = principal;