sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code

s4-gensec: Move parsing of the PAC blob and creating the session_info into auth

Browse Source 
This uses a single callback to handle the PAC from the DATA_BLOB
format until it becomes a struct auth_session_info.

This allows a seperation between the GSS acceptor code and the PAC
interpretation code based on the supplied auth context.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 29 01:10:59 CET 2011 on sn-devel-104
This commit is contained in:
Andrew Bartlett 2011-12-28 17:48:45 +11:00
parent fc226f81c6
commit 149f8f16be
9 changed files with 247 additions and 168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
auth/gensec/gensec.h
View File

@ -73,6 +73,7 @@ struct cli_credentials;
struct gensec_settings;
struct tevent_context;
struct tevent_req;
struct smb_krb5_context;
struct gensec_settings {
struct loadparm_context *lp_ctx;

16
source4/auth/auth.h
View File

@ -55,6 +55,7 @@ struct auth_check_password_request;
struct auth4_context;
struct auth_session_info;
struct ldb_dn;
struct smb_krb5_context;
struct auth_operations {
const char *name;
@ -129,17 +130,20 @@ struct auth4_context {
NTSTATUS (*set_challenge)(struct auth4_context *auth_ctx, const uint8_t chal[8], const char *set_by);
NTSTATUS (*get_user_info_dc_principal)(TALLOC_CTX *mem_ctx,
struct auth4_context *auth_ctx,
const char *principal,
struct ldb_dn *user_dn,
struct auth_user_info_dc **user_info_dc);
NTSTATUS (*generate_session_info)(TALLOC_CTX *mem_ctx,
struct auth4_context *auth_context,
struct auth_user_info_dc *user_info_dc,
uint32_t session_info_flags,
struct auth_session_info **session_info);
NTSTATUS (*generate_session_info_pac)(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx_out,
struct smb_krb5_context *smb_krb5_context,
DATA_BLOB *pac_blob,
const char *principal_name,
const struct tsocket_address *remote_address,
uint32_t session_info_flags,
struct auth_session_info **session_info);
};
/* this structure is used by backends to determine the size of some critical types */

114
source4/auth/gensec/gensec_gssapi.c
View File

@ -1307,16 +1307,38 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
TALLOC_CTX *mem_ctx;
struct gensec_gssapi_state *gensec_gssapi_state
= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
struct auth_user_info_dc *user_info_dc = NULL;
struct auth_session_info *session_info = NULL;
OM_uint32 maj_stat, min_stat;
DATA_BLOB pac_blob;
struct PAC_SIGNATURE_DATA *pac_srv_sig = NULL;
struct PAC_SIGNATURE_DATA *pac_kdc_sig = NULL;
DATA_BLOB pac_blob, *pac_blob_ptr = NULL;
gss_buffer_desc name_token;
char *principal_string;
mem_ctx = talloc_named(mem_ctx_out, 0, "gensec_gssapi_session_info context");
NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
maj_stat = gss_display_name (&min_stat,
gensec_gssapi_state->client_name,
&name_token,
NULL);
if (GSS_ERROR(maj_stat)) {
DEBUG(1, ("GSS display_name failed: %s\n",
gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
talloc_free(mem_ctx);
return NT_STATUS_FOOBAR;
}
principal_string = talloc_strndup(mem_ctx,
(const char *)name_token.value,
name_token.length);
gss_release_buffer(&min_stat, &name_token);
if (!principal_string) {
talloc_free(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
nt_status = gssapi_obtain_pac_blob(mem_ctx, gensec_gssapi_state->gssapi_context,
gensec_gssapi_state->client_name,
&pac_blob);
@ -1326,78 +1348,14 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
* kind...
*/
if (NT_STATUS_IS_OK(nt_status)) {
pac_srv_sig = talloc(mem_ctx, struct PAC_SIGNATURE_DATA);
if (!pac_srv_sig) {
talloc_free(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
pac_kdc_sig = talloc(mem_ctx, struct PAC_SIGNATURE_DATA);
if (!pac_kdc_sig) {
talloc_free(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
nt_status = kerberos_pac_blob_to_user_info_dc(mem_ctx,
pac_blob,
gensec_gssapi_state->smb_krb5_context->krb5_context,
&user_info_dc,
pac_srv_sig,
pac_kdc_sig);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
return nt_status;
}
} else {
gss_buffer_desc name_token;
char *principal_string;
maj_stat = gss_display_name (&min_stat,
gensec_gssapi_state->client_name,
&name_token,
NULL);
if (GSS_ERROR(maj_stat)) {
DEBUG(1, ("GSS display_name failed: %s\n",
gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
talloc_free(mem_ctx);
return NT_STATUS_FOOBAR;
}
principal_string = talloc_strndup(mem_ctx,
(const char *)name_token.value,
name_token.length);
gss_release_buffer(&min_stat, &name_token);
if (!principal_string) {
talloc_free(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
if (gensec_security->auth_context &&
!gensec_setting_bool(gensec_security->settings, "gensec", "require_pac", false)) {
DEBUG(1, ("Unable to find PAC, resorting to local user lookup: %s\n",
gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
nt_status = gensec_security->auth_context->get_user_info_dc_principal(mem_ctx,
gensec_security->auth_context,
principal_string,
NULL,
&user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
return nt_status;
}
} else {
DEBUG(1, ("Unable to find PAC in ticket from %s, failing to allow access: %s\n",
principal_string,
gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
return NT_STATUS_ACCESS_DENIED;
}
pac_blob_ptr = &pac_blob;
}
/* references the user_info_dc into the session_info */
nt_status = gensec_generate_session_info(mem_ctx, gensec_security,
user_info_dc, &session_info);
nt_status = gensec_generate_session_info_pac(mem_ctx,
gensec_security,
gensec_gssapi_state->smb_krb5_context,
pac_blob_ptr, principal_string,
gensec_get_remote_address(gensec_security),
&session_info);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
return nt_status;
@ -1409,12 +1367,6 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
return nt_status;
}
/* Allow torture tests to check the PAC signatures */
if (session_info->torture) {
session_info->torture->pac_srv_sig = talloc_steal(session_info->torture, pac_srv_sig);
session_info->torture->pac_kdc_sig = talloc_steal(session_info->torture, pac_kdc_sig);
}
if (!(gensec_gssapi_state->got_flags & GSS_C_DELEG_FLAG)) {
DEBUG(10, ("gensec_gssapi: NO delegated credentials supplied by client\n"));
} else {

79
source4/auth/gensec/gensec_krb5.c
View File

@ -618,14 +618,12 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
krb5_context context = gensec_krb5_state->smb_krb5_context->krb5_context;
struct auth_user_info_dc *user_info_dc = NULL;
struct auth_session_info *session_info = NULL;
struct PAC_LOGON_INFO *logon_info;
krb5_principal client_principal;
char *principal_string;
DATA_BLOB pac;
DATA_BLOB pac_blob, *pac_blob_ptr = NULL;
krb5_data pac_data;
krb5_error_code ret;
@ -659,49 +657,15 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
KRB5_AUTHDATA_WIN2K_PAC,
&pac_data);
if (ret && gensec_setting_bool(gensec_security->settings, "gensec", "require_pac", false)) {
DEBUG(1, ("Unable to find PAC in ticket from %s, failing to allow access: %s \n",
principal_string,
smb_get_krb5_error_message(context,
ret, mem_ctx)));
free(principal_string);
krb5_free_principal(context, client_principal);
talloc_free(mem_ctx);
return NT_STATUS_ACCESS_DENIED;
} else if (ret) {
if (ret) {
/* NO pac */
DEBUG(5, ("krb5_ticket_get_authorization_data_type failed to find PAC: %s\n",
smb_get_krb5_error_message(context,
ret, mem_ctx)));
if (gensec_security->auth_context &&
!gensec_setting_bool(gensec_security->settings, "gensec", "require_pac", false)) {
DEBUG(1, ("Unable to find PAC for %s, resorting to local user lookup: %s",
principal_string, smb_get_krb5_error_message(context,
ret, mem_ctx)));
nt_status = gensec_security->auth_context->get_user_info_dc_principal(mem_ctx,
gensec_security->auth_context,
principal_string,
NULL, &user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
free(principal_string);
krb5_free_principal(context, client_principal);
talloc_free(mem_ctx);
return nt_status;
}
} else {
DEBUG(1, ("Unable to find PAC in ticket from %s, failing to allow access\n",
principal_string));
free(principal_string);
krb5_free_principal(context, client_principal);
talloc_free(mem_ctx);
return NT_STATUS_ACCESS_DENIED;
}
} else {
/* Found pac */
union netr_Validation validation;
pac = data_blob_talloc(mem_ctx, pac_data.data, pac_data.length);
if (!pac.data) {
pac_blob = data_blob_talloc(mem_ctx, pac_data.data, pac_data.length);
if (!pac_blob.data) {
free(principal_string);
krb5_free_principal(context, client_principal);
talloc_free(mem_ctx);
@ -709,12 +673,12 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
}
/* decode and verify the pac */
nt_status = kerberos_pac_logon_info(gensec_krb5_state,
pac,
gensec_krb5_state->smb_krb5_context->krb5_context,
NULL, gensec_krb5_state->keyblock,
client_principal,
gensec_krb5_state->ticket->ticket.authtime, &logon_info);
nt_status = kerberos_decode_pac(gensec_krb5_state,
pac_blob,
gensec_krb5_state->smb_krb5_context->krb5_context,
NULL, gensec_krb5_state->keyblock,
client_principal,
gensec_krb5_state->ticket->ticket.authtime, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
free(principal_string);
@ -723,26 +687,19 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
return nt_status;
}
validation.sam3 = &logon_info->info3;
nt_status = make_user_info_dc_netlogon_validation(mem_ctx,
NULL,
3, &validation,
true, /* This user was authenticated */
&user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
free(principal_string);
krb5_free_principal(context, client_principal);
talloc_free(mem_ctx);
return nt_status;
}
pac_blob_ptr = &pac_blob;
}
nt_status = gensec_generate_session_info_pac(mem_ctx,
gensec_security,
gensec_krb5_state->smb_krb5_context,
pac_blob_ptr, principal_string,
gensec_get_remote_address(gensec_security),
&session_info);
free(principal_string);
krb5_free_principal(context, client_principal);
/* references the user_info_dc into the session_info */
nt_status = gensec_generate_session_info(mem_ctx, gensec_security, user_info_dc, &session_info);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
return nt_status;

97
source4/auth/gensec/gensec_util.c
View File

@ -22,8 +22,13 @@
#include "includes.h"
#include "auth/gensec/gensec.h"
#include "auth/gensec/gensec_proto.h"
#include "auth/auth.h"
#include "auth/credentials/credentials.h"
#include "auth/system_session_proto.h"
#include "system/kerberos.h"
#include "auth/kerberos/kerberos.h"
#include "auth/kerberos/kerberos_util.h"
NTSTATUS gensec_generate_session_info(TALLOC_CTX *mem_ctx,
struct gensec_security *gensec_security,
@ -57,3 +62,95 @@ NTSTATUS gensec_generate_session_info(TALLOC_CTX *mem_ctx,
}
return nt_status;
}
NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx_out,
struct gensec_security *gensec_security,
struct smb_krb5_context *smb_krb5_context,
DATA_BLOB *pac_blob,
const char *principal_string,
const struct tsocket_address *remote_address,
struct auth_session_info **session_info)
{
NTSTATUS nt_status;
uint32_t session_info_flags = 0;
TALLOC_CTX *mem_ctx;
struct auth_user_info_dc *user_info_dc;
struct PAC_SIGNATURE_DATA *pac_srv_sig = NULL;
struct PAC_SIGNATURE_DATA *pac_kdc_sig = NULL;
if (gensec_security->want_features & GENSEC_FEATURE_UNIX_TOKEN) {
session_info_flags |= AUTH_SESSION_INFO_UNIX_TOKEN;
}
session_info_flags |= AUTH_SESSION_INFO_DEFAULT_GROUPS;
if (!pac_blob) {
if (!gensec_setting_bool(gensec_security->settings, "gensec", "require_pac", false)) {
DEBUG(1, ("Unable to find PAC in ticket from %s, failing to allow access\n",
principal_string));
return NT_STATUS_ACCESS_DENIED;
}
DEBUG(1, ("Unable to find PAC for %s, resorting to local user lookup\n",
principal_string));
}
if (gensec_security->auth_context) {
return gensec_security->auth_context->generate_session_info_pac(gensec_security->auth_context,
mem_ctx_out,
smb_krb5_context,
pac_blob,
principal_string,
remote_address,
session_info_flags,
session_info);
} else if (!pac_blob) {
DEBUG(0, ("Cannot generate a session_info without either the PAC or the auth_context\n"));
return NT_STATUS_NO_SUCH_USER;
}
mem_ctx = talloc_named(mem_ctx_out, 0, "gensec_gssapi_session_info context");
NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
pac_srv_sig = talloc(mem_ctx, struct PAC_SIGNATURE_DATA);
if (!pac_srv_sig) {
talloc_free(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
pac_kdc_sig = talloc(mem_ctx, struct PAC_SIGNATURE_DATA);
if (!pac_kdc_sig) {
talloc_free(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
nt_status = kerberos_pac_blob_to_user_info_dc(mem_ctx,
*pac_blob,
smb_krb5_context->krb5_context,
&user_info_dc,
pac_srv_sig,
pac_kdc_sig);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
return nt_status;
}
session_info_flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
nt_status = auth_generate_session_info(mem_ctx_out,
NULL,
NULL,
user_info_dc, session_info_flags,
session_info);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
return nt_status;
}
if ((*session_info)->torture) {
(*session_info)->torture->pac_srv_sig
= talloc_steal((*session_info)->torture, pac_srv_sig);
(*session_info)->torture->pac_kdc_sig
= talloc_steal((*session_info)->torture, pac_kdc_sig);
}
talloc_free(mem_ctx);
return nt_status;
}

6
source4/auth/gensec/wscript_build
View File

@ -2,14 +2,14 @@
bld.SAMBA_SUBSYSTEM('gensec_util',
source='socket.c gensec_tstream.c gensec_util.c',
deps='tevent-util tevent samba-util LIBTSOCKET',
deps='tevent-util tevent samba-util LIBTSOCKET KERBEROS_UTIL',
autoproto='gensec_proto.h')
bld.SAMBA_MODULE('gensec_krb5',
source='gensec_krb5.c',
subsystem='gensec',
init_function='gensec_krb5_init',
deps='samba-credentials authkrb5 auth_session com_err',
deps='samba-credentials authkrb5 auth_session com_err gensec_util',
internal_module=False,
)
@ -18,7 +18,7 @@ bld.SAMBA_MODULE('gensec_gssapi',
source='gensec_gssapi.c',
subsystem='gensec',
init_function='gensec_gssapi_init',
deps='gssapi samba-credentials authkrb5 com_err'
deps='gssapi samba-credentials authkrb5 com_err gensec_util'
)

1
source4/auth/kerberos/kerberos_pac.c
View File

@ -30,6 +30,7 @@
#include "librpc/gen_ndr/ndr_krb5pac.h"
#include <ldb.h>
#include "auth/auth_sam_reply.h"
#include "auth/kerberos/kerberos_util.h"
_PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
DATA_BLOB blob,

99
source4/auth/ntlm/auth.c
View File

@ -28,6 +28,16 @@
#include "dsdb/samdb/samdb.h"
#include "libcli/wbclient/wbclient.h"
#include "lib/util/samba_modules.h"
#include "auth/credentials/credentials.h"
#include "system/kerberos.h"
#include "auth/kerberos/kerberos.h"
#include "auth/kerberos/kerberos_util.h"
static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
struct auth4_context *auth_context,
struct auth_user_info_dc *user_info_dc,
uint32_t session_info_flags,
struct auth_session_info **session_info);
/***************************************************************************
Set a fixed challenge
@ -104,24 +114,34 @@ PAC isn't available, and for tokenGroups in the DSDB stack.
Supply either a principal or a DN
****************************************************************************/
_PUBLIC_ NTSTATUS auth_get_user_info_dc_principal(TALLOC_CTX *mem_ctx,
struct auth4_context *auth_ctx,
const char *principal,
struct ldb_dn *user_dn,
struct auth_user_info_dc **user_info_dc)
static NTSTATUS auth_generate_session_info_principal(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx,
const char *principal,
struct ldb_dn *user_dn,
uint32_t session_info_flags,
struct auth_session_info **session_info)
{
NTSTATUS nt_status;
struct auth_method_context *method;
struct auth_user_info_dc *user_info_dc;
for (method = auth_ctx->methods; method; method = method->next) {
if (!method->ops->get_user_info_dc_principal) {
continue;
}
nt_status = method->ops->get_user_info_dc_principal(mem_ctx, auth_ctx, principal, user_dn, user_info_dc);
nt_status = method->ops->get_user_info_dc_principal(mem_ctx, auth_ctx, principal, user_dn, &user_info_dc);
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NOT_IMPLEMENTED)) {
continue;
}
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
nt_status = auth_generate_session_info_wrapper(mem_ctx, auth_ctx,
user_info_dc,
session_info_flags, session_info);
talloc_free(user_info_dc);
return nt_status;
}
@ -407,19 +427,22 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req,
return NT_STATUS_OK;
}
/* Wrapper because we don't want to expose all callers to needing to
* know that session_info is generated from the main ldb, and because
* we need to break a depenency loop between the DCE/RPC layer and the
* generation of unix tokens via IRPC */
/* Wrapper because we don't want to expose all callers to needing to
* know that session_info is generated from the main ldb, and because
* we need to break a depenency loop between the DCE/RPC layer and the
* generation of unix tokens via IRPC */
static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
struct auth4_context *auth_context,
struct auth_user_info_dc *user_info_dc,
uint32_t session_info_flags,
struct auth_session_info **session_info)
struct auth4_context *auth_context,
struct auth_user_info_dc *user_info_dc,
uint32_t session_info_flags,
struct auth_session_info **session_info)
{
NTSTATUS status = auth_generate_session_info(mem_ctx, auth_context->lp_ctx,
auth_context->sam_ctx, user_info_dc,
session_info_flags, session_info);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if ((session_info_flags & AUTH_SESSION_INFO_UNIX_TOKEN)
&& NT_STATUS_IS_OK(status)) {
@ -441,6 +464,50 @@ static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
return status;
}
/* Wrapper because we don't want to expose all callers to needing to
* know anything about the PAC or auth subsystem internal structures
* before we output a struct auth session_info */
static NTSTATUS auth_generate_session_info_pac(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx_out,
struct smb_krb5_context *smb_krb5_context,
DATA_BLOB *pac_blob,
const char *principal_name,
const struct tsocket_address *remote_address,
uint32_t session_info_flags,
struct auth_session_info **session_info)
{
NTSTATUS status;
struct auth_user_info_dc *user_info_dc;
TALLOC_CTX *mem_ctx;
if (!pac_blob) {
return auth_generate_session_info_principal(auth_ctx, mem_ctx_out, principal_name,
NULL, session_info_flags, session_info);
}
mem_ctx = talloc_named(mem_ctx_out, 0, "gensec_gssapi_session_info context");
NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
status = kerberos_pac_blob_to_user_info_dc(mem_ctx,
*pac_blob,
smb_krb5_context->krb5_context,
&user_info_dc, NULL, NULL);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(mem_ctx);
return status;
}
if (user_info_dc->info->authenticated) {
session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
}
status = auth_generate_session_info_wrapper(mem_ctx_out, auth_ctx,
user_info_dc,
session_info_flags, session_info);
talloc_free(mem_ctx);
return status;
}
/***************************************************************************
Make a auth_info struct for the auth subsystem
- Allow the caller to specify the methods to use, including optionally the SAM to use
@ -462,7 +529,7 @@ _PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **
return NT_STATUS_INTERNAL_ERROR;
}
ctx = talloc(mem_ctx, struct auth4_context);
ctx = talloc_zero(mem_ctx, struct auth4_context);
NT_STATUS_HAVE_NO_MEMORY(ctx);
ctx->challenge.set_by = NULL;
ctx->challenge.may_be_modified = false;
@ -499,8 +566,8 @@ _PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **
ctx->get_challenge = auth_get_challenge;
ctx->set_challenge = auth_context_set_challenge;
ctx->challenge_may_be_modified = auth_challenge_may_be_modified;
ctx->get_user_info_dc_principal = auth_get_user_info_dc_principal;
ctx->generate_session_info = auth_generate_session_info_wrapper;
ctx->generate_session_info_pac = auth_generate_session_info_pac;
*auth_ctx = ctx;

2
source4/auth/ntlm/wscript_build
View File

@ -51,7 +51,7 @@ bld.SAMBA_MODULE('auth4_unix',
bld.SAMBA_LIBRARY('auth4',
source='auth.c auth_util.c auth_simple.c',
autoproto='auth_proto.h',
deps='samba-util security samdb samba-credentials tevent-util LIBWBCLIENT_OLD auth_unix_token samba-modules',
deps='samba-util security samdb samba-credentials tevent-util LIBWBCLIENT_OLD auth_unix_token samba-modules KERBEROS_UTIL',
private_library=True
)