blob: 393ee5a5ed55942fdd8db429a38ad59eaa58368f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
SMB sharing on FIPS enabled hosts with Samba broken
Description of problem:
Similar to #2593 , newer security features on GNU+Linux host OSes are continuing
to break communication with guests running older OSes.
QEMU executes the `smbd` process in [slirp.c](net/slirp.c) to facilitate the SMB
sharing between guest and host.
The host `smbd` process links in GnuTLS for authentication ciphers and algorithm
primitives. When `smbd` processes SMB requests from these older OS's SMB implementations,
it errors out with error lines:
`Failed to setup SPNEGO negTokenInit request`
`Failed to start SPNEGO handler for negprot OID list!`
Steps to reproduce:
1. Access a GNU+Linux machine with GnuTLS library in FIPS mode which `smbd` links against
2. Run `qemu-system-*` with an older guest OS with a `smb` share to host
3. See errors in `/tmp/qemu.smb*/log.smbd`
Additional information:
#
|