[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Tue Jan 10 16:41:02 UTC 2017


The branch, master has been updated
       via  e84e44c messaging: Fix dead but not cleaned-up-yet destination sockets
       via  e6a5e6a script/autobuild.py: try make test TESTS=samba3.*ktest for samba-systemkrb5
       via  1204b44 selftest/selftest.pl: print out '[expanded] command: ' in all error cases
       via  133416a selftest/selftest.pl: we don't need to call Subunit::progress_pop() twice on error
       via  a5db045 selftest/selftesthelpers.py: let plantestsuite() use the env name in the test name
       via  3a870ba s4:gensec_gssapi: require a realm in gensec_gssapi_client_start()
       via  48bcca5 s4:gensec_gssapi: the value gensec_get_target_principal() should overwrite gensec_get_target_hostname()
       via  30c0706 auth/credentials: Always set the the realm if we set the principal from the ccache
       via  2a2c03c auth/credentials: remove const where we always return a talloc string
       via  3be1203 krb5_wrap: let smb_krb5_kinit_s4u2_ccache() work if store_creds.client and server have different realms
       via  ea0c35f s4:auth/gensec: remove unused dependencies to gensec_util
      from  207fa23 python/schema: fix tests flapping due to oid collision

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit e84e44ce923e5dc7529bb813e10a2890528a4ab0
Author: Volker Lendecke <vl at samba.org>
Date:   Tue Jan 10 12:30:54 2017 +0000

    messaging: Fix dead but not cleaned-up-yet destination sockets
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12509
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Tue Jan 10 17:40:58 CET 2017 on sn-devel-144

commit e6a5e6a01a3ada62a8490ae612e926738aa78a28
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Dec 23 14:07:51 2016 +0100

    script/autobuild.py: try make test TESTS=samba3.*ktest for samba-systemkrb5
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 1204b4432d23556bc8af32b0388141ae555cacb2
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Dec 29 12:35:48 2016 +0100

    selftest/selftest.pl: print out '[expanded] command: ' in all error cases
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 133416a8b9eaa7b84ce6b7144a737647183ff1e0
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Dec 29 21:45:32 2016 +0100

    selftest/selftest.pl: we don't need to call Subunit::progress_pop() twice on error
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit a5db045f98233ff6fda212000e23343a4ed0ab89
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Dec 29 15:57:03 2016 +0100

    selftest/selftesthelpers.py: let plantestsuite() use the env name in the test name
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 3a870baee8d9dbe5359f04a108814afc27e57d46
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Dec 29 15:20:00 2016 +0100

    s4:gensec_gssapi: require a realm in gensec_gssapi_client_start()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 48bcca566ebb3a5385b15b0525d7fbdd06361e04
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Dec 29 14:00:36 2016 +0100

    s4:gensec_gssapi: the value gensec_get_target_principal() should overwrite gensec_get_target_hostname()
    
    If gensec_get_target_principal() has a value, we no longer have to verify
    the gensec_get_target_hostname() value, it can be just an ipadress.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 30c07065300281e3a67197fe39ed928346480ff7
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Dec 21 22:17:22 2016 +0100

    auth/credentials: Always set the the realm if we set the principal from the ccache
    
    This fixes a bug in gensec_gssapi_client_start() where an invalid realm
    is used to get a Kerberos ticket.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 2a2c03c655e51ff83483bbde1ded36c2e679faa3
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Dec 29 15:26:00 2016 +0100

    auth/credentials: remove const where we always return a talloc string
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 3be1203987de8cf1ae6f30b6e3a6904e3d46990e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Dec 29 14:42:49 2016 +0100

    krb5_wrap: let smb_krb5_kinit_s4u2_ccache() work if store_creds.client and server have different realms
    
    As the principal in the resulting ccache may not match the realm of the
    target principal, we need to store the credentials twice.
    
    The caller uses the ccache principal's realm to construct the
    search key for the target principal.
    
    If we get administrator at SAMBADOMAIN via the NTLMSSP authentication
    and want to do s4u2selfproxy, we'll get ticket for
    
    client realm: SAMBADOMAIN
    client name: administrator
    server realm: SAMBA.EXAMPLE.COM
    server name: cifs/localdc
    
    This is stored in credential cache, but
    the caller will use cifs/localdc at SAMBADOMAIN as
    target_principal name when it tries to use the
    cache.
    
    So also store the ticket as:
    
    client realm: SAMBADOMAIN
    client name: administrator
    server realm: SAMBADOMAIN
    server name: cifs/localdc
    
    Note that it can always happen that the target is not in the clients
    realm, so we always deal with changing realm names, so this is not
    a s4u2self/proxy specific thing.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit ea0c35fbd1e1799fc0162377ffc116cffa8659ab
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Dec 29 17:16:22 2016 +0100

    s4:auth/gensec: remove unused dependencies to gensec_util
    
    gensec_util only contains gensec_tstream and is already a public_dep
    of 'gensec' itself.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 auth/credentials/credentials.c               | 12 +++++-----
 auth/credentials/credentials.h               |  6 ++---
 auth/credentials/credentials_krb5.c          | 20 +++++++++++++---
 lib/krb5_wrap/krb5_samba.c                   | 24 ++++++++++++++++++++
 script/autobuild.py                          |  2 +-
 selftest/selftest.pl                         |  5 +++-
 selftest/selftesthelpers.py                  |  6 ++++-
 selftest/skip.no-GSS_KRB5_CRED_NO_CI_FLAGS_X |  6 +++++
 selftest/wscript                             |  4 ++++
 source3/lib/messages.c                       | 11 +++++++++
 source4/auth/gensec/gensec_gssapi.c          | 34 +++++++++++++++++++++++-----
 source4/auth/gensec/wscript_build            |  4 ++--
 12 files changed, 111 insertions(+), 23 deletions(-)
 create mode 100644 selftest/skip.no-GSS_KRB5_CRED_NO_CI_FLAGS_X


Changeset truncated at 500 lines:

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 06648c7..ff444e3 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -193,7 +193,7 @@ _PUBLIC_ const char *cli_credentials_get_bind_dn(struct cli_credentials *cred)
  * @retval The username set on this context.
  * @note Return value will never be NULL except by programmer error.
  */
-_PUBLIC_ const char *cli_credentials_get_principal_and_obtained(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, enum credentials_obtained *obtained)
+_PUBLIC_ char *cli_credentials_get_principal_and_obtained(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, enum credentials_obtained *obtained)
 {
 	if (cred->machine_account_pending) {
 		cli_credentials_set_machine_account(cred,
@@ -256,7 +256,7 @@ _PUBLIC_ const char *cli_credentials_get_principal_and_obtained(struct cli_crede
  * @retval The username set on this context.
  * @note Return value will never be NULL except by programmer error.
  */
-_PUBLIC_ const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx)
+_PUBLIC_ char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx)
 {
 	enum credentials_obtained obtained;
 	return cli_credentials_get_principal_and_obtained(cred, mem_ctx, &obtained);
@@ -848,12 +848,12 @@ _PUBLIC_ void cli_credentials_parse_string(struct cli_credentials *credentials,
  * @param mem_ctx The memory context to place the result on
  */
 
-_PUBLIC_ const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx)
+_PUBLIC_ char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx)
 {
 	const char *bind_dn = cli_credentials_get_bind_dn(credentials);
-	const char *domain;
-	const char *username;
-	const char *name;
+	const char *domain = NULL;
+	const char *username = NULL;
+	char *name = NULL;
 
 	if (bind_dn) {
 		name = talloc_strdup(mem_ctx, bind_dn);
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index 6b0d83b..50f6994 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -113,7 +113,7 @@ void cli_credentials_set_machine_account_pending(struct cli_credentials *cred,
 						 struct loadparm_context *lp_ctx);
 void cli_credentials_set_conf(struct cli_credentials *cred, 
 			      struct loadparm_context *lp_ctx);
-const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx);
+char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx);
 int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, 
 					 struct loadparm_context *lp_ctx,
 					 struct gssapi_creds_container **_gcc);
@@ -189,7 +189,7 @@ bool cli_credentials_set_bind_dn(struct cli_credentials *cred,
 				 const char *bind_dn);
 const char *cli_credentials_get_bind_dn(struct cli_credentials *cred);
 bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained);
-const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx);
+char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx);
 bool cli_credentials_set_password_callback(struct cli_credentials *cred,
 					   const char *(*password_cb) (struct cli_credentials *));
 enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred);
@@ -257,7 +257,7 @@ bool cli_credentials_set_username_callback(struct cli_credentials *cred,
  * @retval The username set on this context.
  * @note Return value will never be NULL except by programmer error.
  */
-const char *cli_credentials_get_principal_and_obtained(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, enum credentials_obtained *obtained);
+char *cli_credentials_get_principal_and_obtained(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, enum credentials_obtained *obtained);
 bool cli_credentials_set_principal(struct cli_credentials *cred, 
 				   const char *val, 
 				   enum credentials_obtained obtained);
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index e974df9..a0346a2 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -107,7 +107,8 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred,
 					   enum credentials_obtained obtained,
 					   const char **error_string)
 {
-	
+	bool ok;
+	char *realm;
 	krb5_principal princ;
 	krb5_error_code ret;
 	char *name;
@@ -134,11 +135,24 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred,
 		return ret;
 	}
 
-	cli_credentials_set_principal(cred, name, obtained);
-
+	ok = cli_credentials_set_principal(cred, name, obtained);
+	if (!ok) {
+		krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ);
+		return ENOMEM;
+	}
 	free(name);
 
+	realm = smb_krb5_principal_get_realm(ccache->smb_krb5_context->krb5_context,
+					     princ);
 	krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ);
+	if (realm == NULL) {
+		return ENOMEM;
+	}
+	ok = cli_credentials_set_realm(cred, realm, obtained);
+	SAFE_FREE(realm);
+	if (!ok) {
+		return ENOMEM;
+	}
 
 	/* set the ccache_obtained here, as it just got set to UNINITIALISED by the calls above */
 	cred->ccache_obtained = obtained;
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index f8f3b16..bb0b5df 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1942,6 +1942,7 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
 	krb5_principal target_princ;
 	krb5_ccache tmp_cc;
 	const char *self_realm;
+	const char *client_realm = NULL;
 	krb5_principal blacklist_principal = NULL;
 	krb5_principal whitelist_principal = NULL;
 
@@ -2273,6 +2274,29 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
 		return code;
 	}
 
+	client_realm = krb5_principal_get_realm(ctx, store_creds.client);
+	if (client_realm != NULL) {
+		/*
+		 * Because the CANON flag doesn't have any impact
+		 * on the impersonate_principal => store_creds.client
+		 * realm mapping. We need to store the credentials twice,
+		 * once with the returned realm and once with the
+		 * realm of impersonate_principal.
+		 */
+		code = krb5_principal_set_realm(ctx, store_creds.server,
+						client_realm);
+		if (code != 0) {
+			krb5_free_cred_contents(ctx, &store_creds);
+			return code;
+		}
+
+		code = krb5_cc_store_cred(ctx, store_cc, &store_creds);
+		if (code != 0) {
+			krb5_free_cred_contents(ctx, &store_creds);
+			return code;
+		}
+	}
+
 	if (expire_time) {
 		*expire_time = (time_t) store_creds.times.endtime;
 	}
diff --git a/script/autobuild.py b/script/autobuild.py
index 3d76130..45f449b 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -169,7 +169,7 @@ tasks = {
                       ("make", "make -j", "text/plain"),
                       # we currently cannot run a full make test, a limited list of tests could be run
                       # via "make test TESTS=sometests"
-                      # ("test", "make test FAIL_IMMEDIATELY=1", "text/plain"),
+                      ("test", "make test FAIL_IMMEDIATELY=1 TESTS='samba3.*ktest'", "text/plain"),
                       ("install", "make install", "text/plain"),
                       ("check-clean-tree", "script/clean-source-tree.sh", "text/plain"),
                       ("clean", "make clean", "text/plain")
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index c54ea68..e1c3429 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -142,10 +142,13 @@ sub run_testsuite($$$$$)
 	Subunit::progress_pop();
 
 	if ($? == -1) {
-		Subunit::progress_pop();
+		print "command: $cmd\n";
+		printf "expanded command: %s\n", expand_environment_strings($cmd);
 		Subunit::end_testsuite($name, "error", "Unable to run $cmd: $!");
 		exit(1);
 	} elsif ($? & 127) {
+		print "command: $cmd\n";
+		printf "expanded command: %s\n", expand_environment_strings($cmd);
 		Subunit::end_testsuite($name, "error",
 			sprintf("%s died with signal %d, %s coredump\n", $cmd, ($? & 127),  ($? & 128) ? 'with' : 'without'));
 		exit(1);
diff --git a/selftest/selftesthelpers.py b/selftest/selftesthelpers.py
index 1a1e080..b0ece36 100644
--- a/selftest/selftesthelpers.py
+++ b/selftest/selftesthelpers.py
@@ -67,7 +67,11 @@ def plantestsuite(name, env, cmdline):
     :param cmdline: Command line to run
     """
     print "-- TEST --"
-    print name
+    if env == "none":
+        fullname = name
+    else:
+        fullname = "%s(%s)" % (name, env)
+    print fullname
     print env
     if isinstance(cmdline, list):
         cmdline = " ".join(cmdline)
diff --git a/selftest/skip.no-GSS_KRB5_CRED_NO_CI_FLAGS_X b/selftest/skip.no-GSS_KRB5_CRED_NO_CI_FLAGS_X
new file mode 100644
index 0000000..9ec679d
--- /dev/null
+++ b/selftest/skip.no-GSS_KRB5_CRED_NO_CI_FLAGS_X
@@ -0,0 +1,6 @@
+# GSS_KRB5_CRED_NO_CI_FLAGS_X is not available in older MIT releases (< 1.14)
+^samba3.rpc.lsa.lookupsids.krb5.*ncacn.*packet.*ktest
+^samba3.rpc.lsa.lookupsids.krb5.*ncacn.*sign.*ktest
+^samba3.blackbox.rpcclient.krb5.*ncacn.*krb5\].*ktest
+^samba3.blackbox.rpcclient.krb5.*ncacn.*packet\].*ktest
+^samba3.blackbox.rpcclient.krb5.*ncacn.*sign\].*ktest
diff --git a/selftest/wscript b/selftest/wscript
index 4a3fb4e..86deac5 100644
--- a/selftest/wscript
+++ b/selftest/wscript
@@ -231,6 +231,10 @@ def cmd_testonly(opt):
     # FIXME REMOVE ME!
     env.OPTIONS += " --use-dns-faking"
 
+    if not CONFIG_GET(opt, 'HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X'):
+        # older MIT krb5 libraries (< 1.14) don't have
+        # GSS_KRB5_CRED_NO_CI_FLAGS_X
+        env.OPTIONS += " --exclude=${srcdir}/selftest/skip.no-GSS_KRB5_CRED_NO_CI_FLAGS_X"
 
     subunit_cache = None
     # We use the full path rather than relative path to avoid problems on some platforms (ie. solaris 8).
diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index 505eb66..533e869 100644
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -626,6 +626,17 @@ int messaging_send_iov_from(struct messaging_context *msg_ctx,
 		unbecome_root();
 	}
 
+	if (ret == ECONNREFUSED) {
+		/*
+		 * Linux returns this when a socket exists in the file
+		 * system without a listening process. This is not
+		 * documented in susv4 or the linux manpages, but it's
+		 * easily testable. For the higher levels this is the
+		 * same as "destination does not exist"
+		 */
+		ret = ENOENT;
+	}
+
 	return ret;
 }
 
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index a6c4019..2ae2e23 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -307,7 +307,15 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
 	gss_buffer_desc name_token;
 	gss_OID name_type;
 	OM_uint32 maj_stat, min_stat;
+	const char *target_principal = NULL;
 	const char *hostname = gensec_get_target_hostname(gensec_security);
+	const char *service = gensec_get_target_service(gensec_security);
+	const char *realm = cli_credentials_get_realm(creds);
+
+	target_principal = gensec_get_target_principal(gensec_security);
+	if (target_principal != NULL) {
+		goto do_start;
+	}
 
 	if (!hostname) {
 		DEBUG(3, ("No hostname for target computer passed in, cannot use kerberos for this connection\n"));
@@ -322,6 +330,18 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
+	if (realm == NULL) {
+		char *cred_name = cli_credentials_get_unparsed_name(creds,
+								gensec_security);
+		DEBUG(3, ("cli_credentials(%s) without realm, "
+			  "cannot use kerberos for this connection %s/%s\n",
+			  cred_name, service, hostname));
+		TALLOC_FREE(cred_name);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+do_start:
+
 	nt_status = gensec_gssapi_start(gensec_security);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		return nt_status;
@@ -333,16 +353,18 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
 		gensec_gssapi_state->gss_want_flags &= ~(GSS_C_DELEG_FLAG|GSS_C_DELEG_POLICY_FLAG);
 	}
 
-	gensec_gssapi_state->target_principal = gensec_get_target_principal(gensec_security);
-	if (gensec_gssapi_state->target_principal) {
+	if (target_principal != NULL) {
 		name_type = GSS_C_NULL_OID;
 	} else {
-		gensec_gssapi_state->target_principal = talloc_asprintf(gensec_gssapi_state, "%s/%s@%s",
-					    gensec_get_target_service(gensec_security), 
-					    hostname, cli_credentials_get_realm(creds));
-
+		target_principal = talloc_asprintf(gensec_gssapi_state,
+					"%s/%s@%s", service, hostname, realm);
+		if (target_principal == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
 		name_type = GSS_C_NT_USER_NAME;
 	}
+	gensec_gssapi_state->target_principal = target_principal;
+
 	name_token.value  = discard_const_p(uint8_t, gensec_gssapi_state->target_principal);
 	name_token.length = strlen(gensec_gssapi_state->target_principal);
 
diff --git a/source4/auth/gensec/wscript_build b/source4/auth/gensec/wscript_build
index a1d30a9..098826a 100755
--- a/source4/auth/gensec/wscript_build
+++ b/source4/auth/gensec/wscript_build
@@ -13,7 +13,7 @@ bld.SAMBA_MODULE('gensec_krb5',
 	source='gensec_krb5.c ' + gensec_krb5_sources,
 	subsystem='gensec',
 	init_function='gensec_krb5_init',
-	deps='samba-credentials authkrb5 com_err gensec_util',
+	deps='samba-credentials authkrb5 com_err',
 	internal_module=False,
         enabled=bld.AD_DC_BUILD_IS_ENABLED()
 	)
@@ -23,7 +23,7 @@ bld.SAMBA_MODULE('gensec_gssapi',
 	source='gensec_gssapi.c',
 	subsystem='gensec',
 	init_function='gensec_gssapi_init',
-	deps='gssapi samba-credentials authkrb5 com_err gensec_util'
+	deps='gssapi samba-credentials authkrb5 com_err'
 	)
 
 bld.SAMBA_PYTHON('pygensec',


-- 
Samba Shared Repository



More information about the samba-cvs mailing list