The branch, master has been updated
via f4af0960a6e third_party: Bump version for socket_wrapper
via 66d3e5e49d3 s4:auth: Fix 'no delegation' logic in
gensec_gssapi_start()
via f3bbed9c222 s4:auth: Fix trailing white spaces in gensec_gssapi.c
via 2b98d2dd3e5 s4:tests: Use the command line option '--use-kerberos'
from 31203ee2075 rpc_server: Remove the source4 implementation of wkssvc
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f4af0960a6e67319dba00da5e21c7ae95d719d64
Author: Andreas Schneider <a...@samba.org>
Date: Thu Sep 11 12:39:49 2025 +0200
third_party: Bump version for socket_wrapper
Commit be007c2cf41085a8648965fc904f37d25d35a453 forgot to do that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15913
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Thu Sep 11 17:05:00 UTC 2025 on atb-devel-224
commit 66d3e5e49d34b0a4bfb8f2c862d48d11e27b2ea2
Author: Andreas Schneider <a...@samba.org>
Date: Wed Sep 10 15:13:37 2025 +0200
s4:auth: Fix 'no delegation' logic in gensec_gssapi_start()
This fixes samba4.ntvfs.cifs.krb5.base.lock test with MIT Kerberos.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15912
Signed-off-by: Andreas Schneider <a...@samba.org>
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Pair-Programmed-With: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Alexander Bokovoy <a...@samba.org>
commit f3bbed9c222fb96a1cf8805f7dfba92fa44aad1a
Author: Andreas Schneider <a...@samba.org>
Date: Wed Sep 10 15:13:13 2025 +0200
s4:auth: Fix trailing white spaces in gensec_gssapi.c
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Alexander Bokovoy <a...@samba.org>
commit 2b98d2dd3e55e096704bcdd5f7dca0e5d927e342
Author: Andreas Schneider <a...@samba.org>
Date: Tue Sep 9 10:12:42 2025 +0200
s4:tests: Use the command line option '--use-kerberos'
'--kerberos' is deprecated
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Alexander Bokovoy <a...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba_third_party.py | 2 +-
source4/auth/gensec/gensec_gssapi.c | 244 +++++++++++++++----------------
source4/selftest/tests.py | 44 +++++-
third_party/socket_wrapper/wscript | 2 +-
4 files changed, 164 insertions(+), 128 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_third_party.py
b/buildtools/wafsamba/samba_third_party.py
index b6c5ad60964..8f0c56dec79 100644
--- a/buildtools/wafsamba/samba_third_party.py
+++ b/buildtools/wafsamba/samba_third_party.py
@@ -24,7 +24,7 @@ Build.BuildContext.CHECK_CMOCKA = CHECK_CMOCKA
@conf
def CHECK_SOCKET_WRAPPER(conf):
- return conf.CHECK_BUNDLED_SYSTEM_PKG('socket_wrapper', minversion='1.5.0')
+ return conf.CHECK_BUNDLED_SYSTEM_PKG('socket_wrapper', minversion='1.5.1')
Build.BuildContext.CHECK_SOCKET_WRAPPER = CHECK_SOCKET_WRAPPER
@conf
diff --git a/source4/auth/gensec/gensec_gssapi.c
b/source4/auth/gensec/gensec_gssapi.c
index c43dc66ab4a..02cf7961ee4 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -1,8 +1,8 @@
-/*
+/*
Unix SMB/CIFS implementation.
Kerberos backend for GENSEC
-
+
Copyright (C) Andrew Bartlett <abart...@samba.org> 2004-2005
Copyright (C) Stefan Metzmacher <me...@samba.org> 2004-2005
@@ -10,13 +10,13 @@
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -181,7 +181,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security
*gensec_security)
gensec_gssapi_state->server_name = GSS_C_NO_NAME;
gensec_gssapi_state->client_name = GSS_C_NO_NAME;
-
+
gensec_gssapi_state->gss_want_flags = 0;
gensec_gssapi_state->expire_time = GENSEC_EXPIRE_TIME_INFINITY;
@@ -200,7 +200,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security
*gensec_security)
if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi",
"sequence", true)) {
gensec_gssapi_state->gss_want_flags |= GSS_C_SEQUENCE_FLAG;
}
- if (!(gensec_security->want_features & GENSEC_FEATURE_NO_DELEGATION)) {
+ if (gensec_security->want_features & GENSEC_FEATURE_NO_DELEGATION) {
gensec_gssapi_state->gss_want_flags &= ~GSS_C_DELEG_FLAG;
gensec_gssapi_state->gss_want_flags &= ~GSS_C_DELEG_POLICY_FLAG;
}
@@ -296,12 +296,12 @@ static NTSTATUS gensec_gssapi_server_start(struct
gensec_security *gensec_securi
gensec_gssapi_state = talloc_get_type(gensec_security->private_data,
struct gensec_gssapi_state);
machine_account = gensec_get_credentials(gensec_security);
-
+
if (!machine_account) {
DEBUG(3, ("No machine account credentials specified\n"));
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
} else {
- ret = cli_credentials_get_server_gss_creds(machine_account,
+ ret = cli_credentials_get_server_gss_creds(machine_account,
gensec_security->settings->lp_ctx, &gcc);
if (ret) {
DEBUG(1, ("Acquiring acceptor credentials failed: %s\n",
@@ -630,17 +630,17 @@ static NTSTATUS gensec_gssapi_update_internal(struct
gensec_security *gensec_sec
}
}
- maj_stat = gss_init_sec_context(&min_stat,
+ maj_stat = gss_init_sec_context(&min_stat,
gensec_gssapi_state->client_cred->creds,
-
&gensec_gssapi_state->gssapi_context,
-
gensec_gssapi_state->server_name,
+
&gensec_gssapi_state->gssapi_context,
+
gensec_gssapi_state->server_name,
gensec_gssapi_state->gss_oid,
-
gensec_gssapi_state->gss_want_flags,
+
gensec_gssapi_state->gss_want_flags,
time_req,
gensec_gssapi_state->input_chan_bindings,
- &input_token,
+ &input_token,
&gss_oid_p,
- &output_token,
+ &output_token,
&gensec_gssapi_state->gss_got_flags, /* ret flags */
&time_rec);
goto init_sec_context_done;
@@ -664,15 +664,15 @@ init_sec_context_done:
}
case GENSEC_SERVER:
{
- maj_stat = gss_accept_sec_context(&min_stat,
-
&gensec_gssapi_state->gssapi_context,
+ maj_stat = gss_accept_sec_context(&min_stat,
+
&gensec_gssapi_state->gssapi_context,
gensec_gssapi_state->server_cred->creds,
- &input_token,
+ &input_token,
gensec_gssapi_state->input_chan_bindings,
-
&gensec_gssapi_state->client_name,
+
&gensec_gssapi_state->client_name,
&gss_oid_p,
- &output_token,
-
&gensec_gssapi_state->gss_got_flags,
+ &output_token,
+
&gensec_gssapi_state->gss_got_flags,
&time_rec,
&gensec_gssapi_state->delegated_cred_handle);
if (gss_oid_p) {
@@ -715,7 +715,7 @@ init_sec_context_done:
}
default:
return NT_STATUS_INVALID_PARAMETER;
-
+
}
gensec_gssapi_state->gss_exchange_count++;
@@ -723,7 +723,7 @@ init_sec_context_done:
if (maj_stat == GSS_S_COMPLETE) {
*out = data_blob_talloc(out_mem_ctx,
output_token.value, output_token.length);
gss_release_buffer(&min_stat2, &output_token);
-
+
if (gensec_gssapi_state->gss_got_flags &
GSS_C_DELEG_FLAG &&
gensec_gssapi_state->delegated_cred_handle !=
GSS_C_NO_CREDENTIAL) {
DEBUG(5, ("gensec_gssapi: credentials were
delegated\n"));
@@ -755,7 +755,7 @@ init_sec_context_done:
} else if (maj_stat == GSS_S_CONTINUE_NEEDED) {
*out = data_blob_talloc(out_mem_ctx,
output_token.value, output_token.length);
gss_release_buffer(&min_stat2, &output_token);
-
+
return NT_STATUS_MORE_PROCESSING_REQUIRED;
} else if (maj_stat == GSS_S_BAD_BINDINGS) {
DBG_WARNING("Got GSS_S_BAD_BINDINGS\n");
@@ -784,7 +784,7 @@ init_sec_context_done:
role,
gensec_gssapi_state->gss_exchange_count);
- maj_stat = gss_inquire_cred(&min_stat,
+ maj_stat = gss_inquire_cred(&min_stat,
creds,
&name, &lifetime, &usage,
NULL);
@@ -807,12 +807,12 @@ init_sec_context_done:
buffer.length = 0;
}
if (lifetime > 0) {
- DEBUG(0, ("GSSAPI gss_inquire_cred
indicates expiry of %*.*s in %u sec for %s\n",
- (int)buffer.length,
(int)buffer.length, (char *)buffer.value,
+ DEBUG(0, ("GSSAPI gss_inquire_cred
indicates expiry of %*.*s in %u sec for %s\n",
+ (int)buffer.length,
(int)buffer.length, (char *)buffer.value,
lifetime, usage_string));
} else {
- DEBUG(0, ("GSSAPI gss_inquire_cred
indicates %*.*s has already expired for %s\n",
- (int)buffer.length,
(int)buffer.length, (char *)buffer.value,
+ DEBUG(0, ("GSSAPI gss_inquire_cred
indicates %*.*s has already expired for %s\n",
+ (int)buffer.length,
(int)buffer.length, (char *)buffer.value,
usage_string));
}
gss_release_buffer(&min_stat, &buffer);
@@ -871,8 +871,8 @@ init_sec_context_done:
switch (gensec_security->gensec_role) {
case GENSEC_CLIENT:
{
- uint8_t maxlength_proposed[4];
- uint8_t maxlength_accepted[4];
+ uint8_t maxlength_proposed[4];
+ uint8_t maxlength_accepted[4];
uint8_t security_supported;
int conf_state;
gss_qop_t qop_state;
@@ -883,19 +883,19 @@ init_sec_context_done:
* zero-length blob to the server (after the
* normal GSSAPI exchange), and it has replied
* with it's SASL negotiation */
-
- maj_stat = gss_unwrap(&min_stat,
-
gensec_gssapi_state->gssapi_context,
+
+ maj_stat = gss_unwrap(&min_stat,
+
gensec_gssapi_state->gssapi_context,
&input_token,
- &output_token,
+ &output_token,
&conf_state,
&qop_state);
if (GSS_ERROR(maj_stat)) {
- DEBUG(1, ("gensec_gssapi_update: GSS UnWrap of
SASL protection negotiation failed: %s\n",
+ DEBUG(1, ("gensec_gssapi_update: GSS UnWrap of
SASL protection negotiation failed: %s\n",
gssapi_error_string(out_mem_ctx,
maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
return NT_STATUS_ACCESS_DENIED;
}
-
+
if (output_token.length < 4) {
gss_release_buffer(&min_stat, &output_token);
return NT_STATUS_INVALID_PARAMETER;
@@ -907,9 +907,9 @@ init_sec_context_done:
/* first byte is the proposed security */
security_supported = maxlength_proposed[0];
maxlength_proposed[0] = '\0';
-
+
/* Rest is the proposed max wrap length */
- gensec_gssapi_state->max_wrap_buf_size =
MIN(RIVAL(maxlength_proposed, 0),
+ gensec_gssapi_state->max_wrap_buf_size =
MIN(RIVAL(maxlength_proposed, 0),
gensec_gssapi_state->max_wrap_buf_size);
gensec_gssapi_state->sasl_protection = 0;
if (security_supported & NEG_SEAL) {
@@ -935,23 +935,23 @@ init_sec_context_done:
RSIVAL(maxlength_accepted, 0,
gensec_gssapi_state->max_wrap_buf_size);
maxlength_accepted[0] =
gensec_gssapi_state->sasl_protection;
-
+
input_token.value = maxlength_accepted;
input_token.length = sizeof(maxlength_accepted);
- maj_stat = gss_wrap(&min_stat,
-
gensec_gssapi_state->gssapi_context,
+ maj_stat = gss_wrap(&min_stat,
+ gensec_gssapi_state->gssapi_context,
false,
GSS_C_QOP_DEFAULT,
&input_token,
&conf_state,
&output_token);
if (GSS_ERROR(maj_stat)) {
- DEBUG(1, ("GSS Update(SSF_NEG): GSS Wrap
failed: %s\n",
+ DEBUG(1, ("GSS Update(SSF_NEG): GSS Wrap
failed: %s\n",
gssapi_error_string(out_mem_ctx,
maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
return NT_STATUS_ACCESS_DENIED;
}
-
+
*out = data_blob_talloc(out_mem_ctx,
output_token.value, output_token.length);
gss_release_buffer(&min_stat, &output_token);
@@ -970,7 +970,7 @@ init_sec_context_done:
}
case GENSEC_SERVER:
{
- uint8_t maxlength_proposed[4];
+ uint8_t maxlength_proposed[4];
uint8_t security_supported = 0x0;
int conf_state;
@@ -978,17 +978,17 @@ init_sec_context_done:
if (in.length != 0) {
DEBUG(1, ("SASL/GSSAPI: client sent non-zero
length starting SASL negotiation!\n"));
}
-
+
/* Give the client some idea what we will support */
-
+
RSIVAL(maxlength_proposed, 0,
gensec_gssapi_state->max_wrap_buf_size);
/* first byte is the proposed security */
maxlength_proposed[0] = '\0';
-
+
gensec_gssapi_state->sasl_protection = 0;
if (gensec_have_feature(gensec_security,
GENSEC_FEATURE_SEAL)) {
security_supported |= NEG_SEAL;
- }
+ }
if (gensec_have_feature(gensec_security,
GENSEC_FEATURE_SIGN)) {
security_supported |= NEG_SIGN;
}
@@ -1000,23 +1000,23 @@ init_sec_context_done:
/* TODO: We may not wish to support this */
security_supported |= NEG_NONE;
maxlength_proposed[0] = security_supported;
-
+
input_token.value = maxlength_proposed;
input_token.length = sizeof(maxlength_proposed);
- maj_stat = gss_wrap(&min_stat,
-
gensec_gssapi_state->gssapi_context,
+ maj_stat = gss_wrap(&min_stat,
+ gensec_gssapi_state->gssapi_context,
false,
GSS_C_QOP_DEFAULT,
&input_token,
&conf_state,
&output_token);
if (GSS_ERROR(maj_stat)) {
- DEBUG(1, ("GSS Update(SSF_NEG): GSS Wrap
failed: %s\n",
+ DEBUG(1, ("GSS Update(SSF_NEG): GSS Wrap
failed: %s\n",
gssapi_error_string(out_mem_ctx,
maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
return NT_STATUS_ACCESS_DENIED;
}
-
+
*out = data_blob_talloc(out_mem_ctx,
output_token.value, output_token.length);
gss_release_buffer(&min_stat, &output_token);
@@ -1025,31 +1025,31 @@ init_sec_context_done:
}
default:
return NT_STATUS_INVALID_PARAMETER;
-
+
}
}
/* This is s server-only stage */
case STAGE_SASL_SSF_ACCEPT:
{
- uint8_t maxlength_accepted[4];
+ uint8_t maxlength_accepted[4];
uint8_t security_accepted;
int conf_state;
gss_qop_t qop_state;
input_token.length = in.length;
input_token.value = in.data;
-
- maj_stat = gss_unwrap(&min_stat,
- gensec_gssapi_state->gssapi_context,
+
+ maj_stat = gss_unwrap(&min_stat,
+ gensec_gssapi_state->gssapi_context,
&input_token,
- &output_token,
+ &output_token,
&conf_state,
&qop_state);
if (GSS_ERROR(maj_stat)) {
- DEBUG(1, ("gensec_gssapi_update: GSS UnWrap of SASL
protection negotiation failed: %s\n",
+ DEBUG(1, ("gensec_gssapi_update: GSS UnWrap of SASL
protection negotiation failed: %s\n",
gssapi_error_string(out_mem_ctx, maj_stat,
min_stat, gensec_gssapi_state->gss_oid)));
return NT_STATUS_ACCESS_DENIED;
}
-
+
if (output_token.length < 4) {
gss_release_buffer(&min_stat, &output_token);
return NT_STATUS_INVALID_PARAMETER;
@@ -1057,13 +1057,13 @@ init_sec_context_done:
memcpy(maxlength_accepted, output_token.value, 4);
gss_release_buffer(&min_stat, &output_token);
-
+
/* first byte is the proposed security */
security_accepted = maxlength_accepted[0];
maxlength_accepted[0] = '\0';
/* Rest is the proposed max wrap length */
- gensec_gssapi_state->max_wrap_buf_size =
MIN(RIVAL(maxlength_accepted, 0),
+ gensec_gssapi_state->max_wrap_buf_size =
MIN(RIVAL(maxlength_accepted, 0),
gensec_gssapi_state->max_wrap_buf_size);
gensec_gssapi_state->sasl_protection = 0;
@@ -1096,7 +1096,7 @@ init_sec_context_done:
}
*out = data_blob(NULL, 0);
- return NT_STATUS_OK;
+ return NT_STATUS_OK;
}
default:
return NT_STATUS_INVALID_PARAMETER;
@@ -1162,9 +1162,9 @@ static NTSTATUS gensec_gssapi_update_recv(struct
tevent_req *req,
return status;
}
-static NTSTATUS gensec_gssapi_wrap(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- const DATA_BLOB *in,
+static NTSTATUS gensec_gssapi_wrap(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *in,
DATA_BLOB *out)
{
struct gensec_gssapi_state *gensec_gssapi_state
@@ -1175,15 +1175,15 @@ static NTSTATUS gensec_gssapi_wrap(struct
gensec_security *gensec_security,
input_token.length = in->length;
input_token.value = in->data;
- maj_stat = gss_wrap(&min_stat,
- gensec_gssapi_state->gssapi_context,
+ maj_stat = gss_wrap(&min_stat,
+ gensec_gssapi_state->gssapi_context,
gensec_have_feature(gensec_security,
GENSEC_FEATURE_SEAL),
GSS_C_QOP_DEFAULT,
&input_token,
&conf_state,
&output_token);
if (GSS_ERROR(maj_stat)) {
- DEBUG(1, ("gensec_gssapi_wrap: GSS Wrap failed: %s\n",
+ DEBUG(1, ("gensec_gssapi_wrap: GSS Wrap failed: %s\n",
gssapi_error_string(mem_ctx, maj_stat, min_stat,
gensec_gssapi_state->gss_oid)));
return NT_STATUS_ACCESS_DENIED;
}
@@ -1195,13 +1195,13 @@ static NTSTATUS gensec_gssapi_wrap(struct
gensec_security *gensec_security,
size_t max_wrapped_size =
gensec_gssapi_max_wrapped_size(gensec_security);
if (max_wrapped_size < out->length) {
DEBUG(1, ("gensec_gssapi_wrap: when wrapped, INPUT data
(%u) is grew to be larger than SASL negotiated maximum output size (%u > %u)\n",
- (unsigned)in->length,
- (unsigned)out->length,
+ (unsigned)in->length,
+ (unsigned)out->length,
(unsigned int)max_wrapped_size));
return NT_STATUS_INVALID_PARAMETER;
}
}
-
+
if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)
&& !conf_state) {
return NT_STATUS_ACCESS_DENIED;
@@ -1209,9 +1209,9 @@ static NTSTATUS gensec_gssapi_wrap(struct gensec_security
*gensec_security,
return NT_STATUS_OK;
}
-static NTSTATUS gensec_gssapi_unwrap(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- const DATA_BLOB *in,
+static NTSTATUS gensec_gssapi_unwrap(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *in,
DATA_BLOB *out)
{
struct gensec_gssapi_state *gensec_gssapi_state
@@ -1222,7 +1222,7 @@ static NTSTATUS gensec_gssapi_unwrap(struct
gensec_security *gensec_security,
gss_qop_t qop_state;
input_token.length = in->length;
input_token.value = in->data;
-
+
if (gensec_gssapi_state->sasl) {
size_t max_wrapped_size =
gensec_gssapi_max_wrapped_size(gensec_security);
if (max_wrapped_size < in->length) {
@@ -1230,26 +1230,26 @@ static NTSTATUS gensec_gssapi_unwrap(struct
gensec_security *gensec_security,
return NT_STATUS_INVALID_PARAMETER;
}
}
-
+
/*
* FIXME: input_message_buffer is marked const, but gss_unwrap() may
* modify it (see calls to rrc_rotate() in _gssapi_unwrap_cfx()).
*/
- maj_stat = gss_unwrap(&min_stat,
- gensec_gssapi_state->gssapi_context,
+ maj_stat = gss_unwrap(&min_stat,
+ gensec_gssapi_state->gssapi_context,
&input_token,
- &output_token,
+ &output_token,
&conf_state,
&qop_state);
if (GSS_ERROR(maj_stat)) {
- DEBUG(1, ("gensec_gssapi_unwrap: GSS UnWrap failed: %s\n",
+ DEBUG(1, ("gensec_gssapi_unwrap: GSS UnWrap failed: %s\n",
gssapi_error_string(mem_ctx, maj_stat, min_stat,
gensec_gssapi_state->gss_oid)));
return NT_STATUS_ACCESS_DENIED;
}
*out = data_blob_talloc(mem_ctx, output_token.value,
output_token.length);
gss_release_buffer(&min_stat, &output_token);
-
+
if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)
&& !conf_state) {
return NT_STATUS_ACCESS_DENIED;
@@ -1259,21 +1259,21 @@ static NTSTATUS gensec_gssapi_unwrap(struct
gensec_security *gensec_security,
/* Find out the maximum input size negotiated on this connection */
-static size_t gensec_gssapi_max_input_size(struct gensec_security
*gensec_security)
+static size_t gensec_gssapi_max_input_size(struct gensec_security
*gensec_security)
{
struct gensec_gssapi_state *gensec_gssapi_state
= talloc_get_type(gensec_security->private_data, struct
gensec_gssapi_state);
OM_uint32 maj_stat, min_stat;
OM_uint32 max_input_size;
- maj_stat = gss_wrap_size_limit(&min_stat,
+ maj_stat = gss_wrap_size_limit(&min_stat,
gensec_gssapi_state->gssapi_context,
gensec_have_feature(gensec_security,
GENSEC_FEATURE_SEAL),
GSS_C_QOP_DEFAULT,
--
Samba Shared Repository
