Re: [Qemu-devel] Bug#727756: qemu: Broken -smb with latest SAMBA package. (Unsupported security=share option)
26.10.2013 13:07, Michael Büsch wrote: Package: qemu Version: 1.6.0+dfsg-2 Severity: normal Tags: patch The smb.conf automatically generated by qemu's -smb option fails on current samba, because smbd rejects the security=share option with the following warning: WARNING: Ignoring invalid value 'share' for parameter 'security' Which makes it fall back to security=user without guest login. This results in being unable to login to the samba server from the guest OS. The attached patch fixes this by selecting 'user' explicitly and mapping unknown users to guest logins. Index: qemu-1.6.0+dfsg/net/slirp.c === --- qemu-1.6.0+dfsg.orig/net/slirp.c +++ qemu-1.6.0+dfsg/net/slirp.c @@ -529,7 +529,8 @@ static int slirp_smb(SlirpState* s, cons "state directory=%s\n" "log file=%s/log.smbd\n" "smb passwd file=%s/smbpasswd\n" -"security = share\n" +"security = user\n" +"map to guest = Bad User\n" "[qemu]\n" "path=%s\n" "read only=no\n" Thank you for the report and the patch Michael. Are you sure the result is equivalent? I mean, it *looks* like okay, because [qemu] share definition - which looks like this: [qemu] path=%s read only=no guest ok=yes force user=%s explicitly says that guest is okay, and forces user to the right one. And it should work the same with other versions of samba too. But samba collected so many semi-conflicting options with years, so I'm not sure anymore. Also, which users are "bad" -- will it be possible for our user to "clash" with some built-in/known user? Cc'ing qemu-devel@ because this needs to be resolved upstream too. Thank you again, /mjt
Re: [Qemu-devel] Bug#727756: qemu: Broken -smb with latest SAMBA package. (Unsupported security=share option)
On Sat, 26 Oct 2013 13:19:29 +0400 Michael Tokarev wrote: > Thank you for the report and the patch Michael. Are you sure the result > is equivalent? Well, I am far from being an SMB expert. So I can't really say whether this is equivalent. I also posted this patch to the qemu-devel list, but didn't get a reply, yet. I tested this with a Windows XP client. Without this patch the client will always ask for username and password. Which I am unable to supply (smbpasswd is empty after all). With this patch applied, the share works without authentication. And this is how it used to work in previous versions, too. > explicitly says that guest is okay, and forces user to the > right one. And it should work the same with other versions > of samba too. I only tried this with smbd from sid. My guess is that it would work on older versions, too. But that is untested. > Also, which users are "bad" -- will it be possible for our > user to "clash" with some built-in/known user? 'bad" users seem to be users that are not in the smbpasswd file. As qemu creates an empty smbpasswd file, all users probably are "bad". But I'm not sure if there are exceptions to that. > Cc'ing qemu-devel@ because this needs to be resolved > upstream too. signature.asc Description: PGP signature
Re: [Qemu-devel] Bug#727756: qemu: Broken -smb with latest SAMBA package. (Unsupported security=share option)
26.10.2013 20:44, Michael Büsch wrote: [] Also, which users are "bad" -- will it be possible for our user to "clash" with some built-in/known user? 'bad" users seem to be users that are not in the smbpasswd file. As qemu creates an empty smbpasswd file, all users probably are "bad". That looks right. Are you okay adding your Signed-off-by to the patch you initially submitted? If yes, I'll make a formal patch submission upstream. Because, well, this bothers several people already. Thank you! /mjt
Re: [Qemu-devel] Bug#727756: qemu: Broken -smb with latest SAMBA package. (Unsupported security=share option)
On Fri, 01 Nov 2013 13:32:49 +0400 Michael Tokarev wrote: > That looks right. Are you okay adding your Signed-off-by to the patch > you initially submitted? If yes, I'll make a formal patch submission > upstream. Here you go. From: Michael Buesch Subject: [PATCH] qemu/slirp: Fix SMB security configuration on newer samba versions The smb.conf automatically generated by qemu's -smb option fails on current samba, because smbd rejects the security=share option with the following warning: > WARNING: Ignoring invalid value 'share' for parameter 'security' Which makes it fall back to security=user without guest login. This results in being unable to login to the samba server from the guest OS. This fixes it by selecting 'user' explicitly and mapping unknown users to guest logins. Signed-off-by: Michael Buesch --- Index: qemu-1.6.0+dfsg/net/slirp.c === --- qemu-1.6.0+dfsg.orig/net/slirp.c +++ qemu-1.6.0+dfsg/net/slirp.c @@ -529,7 +529,8 @@ static int slirp_smb(SlirpState* s, cons "state directory=%s\n" "log file=%s/log.smbd\n" "smb passwd file=%s/smbpasswd\n" -"security = share\n" +"security = user\n" +"map to guest = Bad User\n" "[qemu]\n" "path=%s\n" "read only=no\n" signature.asc Description: PGP signature
