blob: 5d29071acbcc4934fa2394975d0f6816bdf6c672 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
id = 2829
title = "SMB sharing on FIPS enabled hosts with Samba broken"
state = "opened"
created_at = "2025-02-21T20:06:48.512Z"
closed_at = "n/a"
labels = []
url = "https://gitlab.com/qemu-project/qemu/-/issues/2829"
host-os = "Ubuntu 22.04 (FIPS enabled)"
host-arch = "x86"
qemu-version = "QEMU emulator version 9.2.0"
guest-os = "Win7sp1"
guest-arch = "x86"
description = """Similar to #2593 , newer security features on GNU+Linux host OSes are continuing
to break communication with guests running older OSes.
QEMU executes the `smbd` process in [slirp.c](net/slirp.c) to facilitate the SMB
sharing between guest and host.
The host `smbd` process links in GnuTLS for authentication ciphers and algorithm
primitives. When `smbd` processes SMB requests from these older OS's SMB implementations,
it errors out with error lines:
`Failed to setup SPNEGO negTokenInit request`
`Failed to start SPNEGO handler for negprot OID list!`"""
reproduce = """1. Access a GNU+Linux machine with GnuTLS library in FIPS mode which `smbd` links against
2. Run `qemu-system-*` with an older guest OS with a `smb` share to host
3. See errors in `/tmp/qemu.smb*/log.smbd`"""
additional = """#"""
|