Debian Bug report logs -
#727756
qemu: Broken -smb with latest SAMBA package. (Unsupported security=share option)
Reported by: Michael Büsch <m@bues.ch>
Date: Sat, 26 Oct 2013 09:09:01 UTC
Severity: normal
Tags: patch
Found in version qemu/1.6.0+dfsg-2
Fixed in version qemu/1.7.0+dfsg-2
Done: Michael Tokarev <mjt@tls.msk.ru>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, m@bues.ch, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#727756; Package qemu.
(Sat, 26 Oct 2013 09:09:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Büsch <m@bues.ch>:
New Bug report received and forwarded. Copy sent to m@bues.ch, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Sat, 26 Oct 2013 09:09:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: qemu
Version: 1.6.0+dfsg-2
Severity: normal
Tags: patch
The smb.conf automatically generated by qemu's -smb option fails on current
samba,
because smbd rejects the security=share option with the following warning:
> WARNING: Ignoring invalid value 'share' for parameter 'security'
Which makes it fall back to security=user without guest login.
This results in being unable to login to the samba server from the guest OS.
The attached patch fixes this by selecting 'user' explicitly and mapping
unknown users to guest logins.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.11-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages qemu depends on:
ii qemu-system 1.6.0+dfsg-2
ii qemu-user 1.6.0+dfsg-2
ii qemu-utils 1.6.0+dfsg-2
qemu recommends no packages.
Versions of packages qemu suggests:
pn qemu-user-static <none>
-- no debconf information
[fix-smb-security-share.patch (text/x-diff, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#727756; Package qemu.
(Sat, 26 Oct 2013 09:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Tokarev <mjt@tls.msk.ru>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Sat, 26 Oct 2013 09:21:04 GMT) (full text, mbox, link).
Message #10 received at 727756@bugs.debian.org (full text, mbox, reply):
26.10.2013 13:07, Michael Büsch wrote:
> Package: qemu
> Version: 1.6.0+dfsg-2
> Severity: normal
> Tags: patch
>
> The smb.conf automatically generated by qemu's -smb option fails on current samba,
> because smbd rejects the security=share option with the following warning:
>
>> WARNING: Ignoring invalid value 'share' for parameter 'security'
>
> Which makes it fall back to security=user without guest login.
> This results in being unable to login to the samba server from the guest OS.
>
> The attached patch fixes this by selecting 'user' explicitly and mapping
> unknown users to guest logins.
Index: qemu-1.6.0+dfsg/net/slirp.c
===================================================================
--- qemu-1.6.0+dfsg.orig/net/slirp.c
+++ qemu-1.6.0+dfsg/net/slirp.c
@@ -529,7 +529,8 @@ static int slirp_smb(SlirpState* s, cons
"state directory=%s\n"
"log file=%s/log.smbd\n"
"smb passwd file=%s/smbpasswd\n"
- "security = share\n"
+ "security = user\n"
+ "map to guest = Bad User\n"
"[qemu]\n"
"path=%s\n"
"read only=no\n"
Thank you for the report and the patch Michael. Are you sure the result
is equivalent? I mean, it *looks* like okay, because [qemu] share definition -
which looks like this:
[qemu]
path=%s
read only=no
guest ok=yes
force user=%s
explicitly says that guest is okay, and forces user to the
right one. And it should work the same with other versions
of samba too.
But samba collected so many semi-conflicting options with
years, so I'm not sure anymore.
Also, which users are "bad" -- will it be possible for our
user to "clash" with some built-in/known user?
Cc'ing qemu-devel@ because this needs to be resolved
upstream too.
Thank you again,
/mjt
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#727756; Package qemu.
(Sat, 26 Oct 2013 17:06:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Büsch <m@bues.ch>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Sat, 26 Oct 2013 17:06:10 GMT) (full text, mbox, link).
Message #15 received at 727756@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Sat, 26 Oct 2013 13:19:29 +0400
Michael Tokarev <mjt@tls.msk.ru> wrote:
> Thank you for the report and the patch Michael. Are you sure the result
> is equivalent?
Well, I am far from being an SMB expert. So I can't really say whether this
is equivalent.
I also posted this patch to the qemu-devel list, but didn't get a reply, yet.
I tested this with a Windows XP client. Without this patch the
client will always ask for username and password. Which I am unable to
supply (smbpasswd is empty after all).
With this patch applied, the share works without authentication. And this
is how it used to work in previous versions, too.
> explicitly says that guest is okay, and forces user to the
> right one. And it should work the same with other versions
> of samba too.
I only tried this with smbd from sid.
My guess is that it would work on older versions, too. But that is
untested.
> Also, which users are "bad" -- will it be possible for our
> user to "clash" with some built-in/known user?
'bad" users seem to be users that are not in the smbpasswd file.
As qemu creates an empty smbpasswd file, all users probably are "bad".
But I'm not sure if there are exceptions to that.
> Cc'ing qemu-devel@ because this needs to be resolved
> upstream too.
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#727756; Package qemu.
(Fri, 01 Nov 2013 09:36:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Tokarev <mjt@tls.msk.ru>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Fri, 01 Nov 2013 09:36:04 GMT) (full text, mbox, link).
Message #20 received at 727756@bugs.debian.org (full text, mbox, reply):
26.10.2013 20:44, Michael Büsch wrote:
[]
>> Also, which users are "bad" -- will it be possible for our
>> user to "clash" with some built-in/known user?
>
> 'bad" users seem to be users that are not in the smbpasswd file.
> As qemu creates an empty smbpasswd file, all users probably are "bad".
That looks right. Are you okay adding your Signed-off-by to the patch
you initially submitted? If yes, I'll make a formal patch submission
upstream.
Because, well, this bothers several people already.
Thank you!
/mjt
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#727756; Package qemu.
(Fri, 01 Nov 2013 09:57:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Büsch <m@bues.ch>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Fri, 01 Nov 2013 09:57:04 GMT) (full text, mbox, link).
Message #25 received at 727756@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Fri, 01 Nov 2013 13:32:49 +0400
Michael Tokarev <mjt@tls.msk.ru> wrote:
> That looks right. Are you okay adding your Signed-off-by to the patch
> you initially submitted? If yes, I'll make a formal patch submission
> upstream.
Here you go.
[fix-smb-security-share.patch (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#727756; Package qemu.
(Fri, 01 Nov 2013 10:15:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Tokarev <mjt@tls.msk.ru>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Fri, 01 Nov 2013 10:15:05 GMT) (full text, mbox, link).
Message #30 received at 727756@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
01.11.2013 13:54, Michael Büsch wrote:
> On Fri, 01 Nov 2013 13:32:49 +0400
> Michael Tokarev <mjt@tls.msk.ru> wrote:
>
>> That looks right. Are you okay adding your Signed-off-by to the patch
>> you initially submitted? If yes, I'll make a formal patch submission
>> upstream.
>
> Here you go.
Thank you!
Adding Jan as slirp maintainer, and my
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
If Jan picks it up, that's fine. If not, I think it can go
to the trivial patches queue.
Jan, if you missed context, it is in http://bugs.debian.org/727756
It is not the first time this issue pops up on qemu-devel@
/mjt
[fix-smb-security-share.patch (text/x-patch, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#727756; Package qemu.
(Sun, 03 Nov 2013 20:09:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Jan Kiszka <jan.kiszka@web.de>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Sun, 03 Nov 2013 20:09:07 GMT) (full text, mbox, link).
Message #35 received at 727756@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On 2013-11-01 11:10, Michael Tokarev wrote:
> 01.11.2013 13:54, Michael Büsch wrote:
>> On Fri, 01 Nov 2013 13:32:49 +0400
>> Michael Tokarev <mjt@tls.msk.ru> wrote:
>>
>>> That looks right. Are you okay adding your Signed-off-by to the patch
>>> you initially submitted? If yes, I'll make a formal patch submission
>>> upstream.
>>
>> Here you go.
>
> Thank you!
>
> Adding Jan as slirp maintainer, and my
>
> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
>
> If Jan picks it up, that's fine. If not, I think it can go
> to the trivial patches queue.
Works fine, applied to queues/slirp.
But this is not a trivial patch as the fix is not obvious for a reader
(unless you know smb.conf semantics by heart).
Jan
[signature.asc (application/pgp-signature, attachment)]
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility.
(Thu, 28 Nov 2013 21:27:28 GMT) (full text, mbox, link).
Notification sent
to Michael Büsch <m@bues.ch>:
Bug acknowledged by developer.
(Thu, 28 Nov 2013 21:27:28 GMT) (full text, mbox, link).
Message #40 received at 727756-close@bugs.debian.org (full text, mbox, reply):
Source: qemu
Source-Version: 1.7.0+dfsg-2
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 727756@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 29 Nov 2013 00:16:44 +0400
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-utils qemu-guest-agent qemu-kvm
Architecture: source amd64 all
Version: 1.7.0+dfsg-2
Distribution: unstable
Urgency: low
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
qemu - fast processor emulator
qemu-guest-agent - Guest-side qemu-system agent
qemu-keymaps - QEMU keyboard maps
qemu-kvm - QEMU Full virtualization on x86 hardware (transitional package)
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 722914 727756 727762 728876
Changes:
qemu (1.7.0+dfsg-2) unstable; urgency=low
.
* switch from vgabios to seavgabios
* rework update-alternatives handling for qemu-system (Closes: #722914)
* mention closing of #326886, #390444, #706237 and CVE-2013-4375 for 1.7.0
* rearrange libvte-dev build-dependency to come together with gtk, and
comment it out (since gtk frontend isn't being built)
* re-introduce qemu-kvm package with just a wrapper (/usr/bin/kvm)
and make this wrapper to force kvm mode (Closes: #727762)
* use less strict dependency on qemu-keymaps
* added fix-smb-security-share.patch by Michael Büsch (Closes: #727756)
* added move-ncalrpc-dir-to-tmp.patch by Michael Büsch (Closes: #728876)
Checksums-Sha1:
b9caa12523c59d04d5375dc49fe7c91f33e03dc0 3052 qemu_1.7.0+dfsg-2.dsc
0dee7f6d459208282b401dcdc5947717d4b1aaa2 60717 qemu_1.7.0+dfsg-2.debian.tar.gz
a338ab05c5184aeaadb2aec36e2846ef32e8fa38 204224 qemu_1.7.0+dfsg-2_amd64.deb
f8160bce897d1fd5acf9bfc385a2df80cc423637 55696 qemu-keymaps_1.7.0+dfsg-2_all.deb
092a19ec91c369d6ed900466129dd3a23607e99e 44104 qemu-system_1.7.0+dfsg-2_amd64.deb
acdde24f8837e5db2c6964fc266ff9d4b9195400 183218 qemu-system-common_1.7.0+dfsg-2_amd64.deb
b2222d749bfb5d86dfb9417562b5e28b86508ca2 4875546 qemu-system-misc_1.7.0+dfsg-2_amd64.deb
f5311a93bccf0a7c4a5e5d409f6ead820b804045 1651918 qemu-system-arm_1.7.0+dfsg-2_amd64.deb
002a807198bf2f6109a5609f3b1d75718a223638 2707384 qemu-system-mips_1.7.0+dfsg-2_amd64.deb
2fffe7c4ff1b06325bd342f2645610b08df96c0e 2541386 qemu-system-ppc_1.7.0+dfsg-2_amd64.deb
12fdcfb6311ce628e7233c1c7d33788d198056c4 1603778 qemu-system-sparc_1.7.0+dfsg-2_amd64.deb
bf02209543780b5ec32f8662a7375564cda70aae 1970844 qemu-system-x86_1.7.0+dfsg-2_amd64.deb
cc407b309fdbbf10a5431016eef0119df5fb4e35 4847848 qemu-user_1.7.0+dfsg-2_amd64.deb
57dea5e16e4b4346e6b47e8ccb58edea033422b4 7176992 qemu-user-static_1.7.0+dfsg-2_amd64.deb
431e3271551986cf5e45fac29b5f329dc3059d52 426130 qemu-utils_1.7.0+dfsg-2_amd64.deb
88da41dbaa0d0aa38dfad789b3a743633ae8130b 128118 qemu-guest-agent_1.7.0+dfsg-2_amd64.deb
7fda455fc444d78e074b9db8f8a16cd8811f6429 45002 qemu-kvm_1.7.0+dfsg-2_amd64.deb
Checksums-Sha256:
e479e832e62f6d0dff0cb4eefc3c61588ccf99f00ae5e8d4e04fdeff92f0a270 3052 qemu_1.7.0+dfsg-2.dsc
552568ea4e74a4261b99ac6488d0fc9cd6bcbccfa91a11033a3e4bb78af86945 60717 qemu_1.7.0+dfsg-2.debian.tar.gz
4c12d2d3eb24dff34e8c1dd4d8950922d8866bd121cb6e494842741369dd4a01 204224 qemu_1.7.0+dfsg-2_amd64.deb
e6c61fd3f2a4b392374c223a738841ca148ab2c7b7cf7a85a357b261a3eeaddc 55696 qemu-keymaps_1.7.0+dfsg-2_all.deb
bdf9e45d5fba5945847e8c1a3b60face8d52b8e8aa7dde0ce409c47e5582b1cf 44104 qemu-system_1.7.0+dfsg-2_amd64.deb
d5adcbeaf860e89f411eaeff7cbcfbf12dd73e143d880302f8a8063548ddabf7 183218 qemu-system-common_1.7.0+dfsg-2_amd64.deb
4883f7e73940a7c91450e8c679245c41cfa078a56007978eb4be52723e7455da 4875546 qemu-system-misc_1.7.0+dfsg-2_amd64.deb
5d0252b3e85f7f97160667eabce002dc2297ec43f89d563a7ce578ef3da79832 1651918 qemu-system-arm_1.7.0+dfsg-2_amd64.deb
786a83e3d419da2a1508563ddf73c7c7ba063747ba88670d960439f13135fcd9 2707384 qemu-system-mips_1.7.0+dfsg-2_amd64.deb
4a45f3438497cf41756fdae135cc27db34debd008f0778404671b1f72d6f873c 2541386 qemu-system-ppc_1.7.0+dfsg-2_amd64.deb
04722807fde98c78135d2d3ba54508b199e98fbc5bc0706ec76081e3af39a97e 1603778 qemu-system-sparc_1.7.0+dfsg-2_amd64.deb
b7efd0932fb241d935053ee28db8599cb6e4def1a0255e87ef6a7dd81b408565 1970844 qemu-system-x86_1.7.0+dfsg-2_amd64.deb
354e358b498f9026d9645eec1e79a435a20baadc1bd732cfd692782d21772908 4847848 qemu-user_1.7.0+dfsg-2_amd64.deb
ba0288dd7d4a6890d55711f6dfefa9a82b6bc954141d8f4e557b293a297cb5b3 7176992 qemu-user-static_1.7.0+dfsg-2_amd64.deb
e1fa6058fa158bb9292d42832cc75f0e1f7b4fcbfa83fee11454eb99cac6c2bc 426130 qemu-utils_1.7.0+dfsg-2_amd64.deb
c142d0687d84af1c8649a52c4e42394dc6b15d41dc361c40801ffd2527cbfff1 128118 qemu-guest-agent_1.7.0+dfsg-2_amd64.deb
fd2dad81b456b992f80821d88d486016ce080f5363b9f593110acf078d888871 45002 qemu-kvm_1.7.0+dfsg-2_amd64.deb
Files:
0833a38102a198bf7051b8d795c2aa0d 3052 otherosfs optional qemu_1.7.0+dfsg-2.dsc
a6961b34387a6087ab5c31952382030a 60717 otherosfs optional qemu_1.7.0+dfsg-2.debian.tar.gz
a252ebb6f8cf56782066f21df67891ba 204224 otherosfs optional qemu_1.7.0+dfsg-2_amd64.deb
cf2180f0ba6c8d3d6ed23ac11bb73706 55696 otherosfs optional qemu-keymaps_1.7.0+dfsg-2_all.deb
bff94e14ecac6462f03040732be5cc17 44104 otherosfs optional qemu-system_1.7.0+dfsg-2_amd64.deb
157fb79da65769f2b23df0948d82deed 183218 otherosfs optional qemu-system-common_1.7.0+dfsg-2_amd64.deb
b2d53c119fb59a9ad0ca29db64cc66a9 4875546 otherosfs optional qemu-system-misc_1.7.0+dfsg-2_amd64.deb
432b70a0332e07b8a60e39d99569bd97 1651918 otherosfs optional qemu-system-arm_1.7.0+dfsg-2_amd64.deb
d2b83562517e71b62238ae3e4b36f2df 2707384 otherosfs optional qemu-system-mips_1.7.0+dfsg-2_amd64.deb
a6fd30b7487b035b95ca9769535c11cf 2541386 otherosfs optional qemu-system-ppc_1.7.0+dfsg-2_amd64.deb
8af35d0079d65888e98ba7c3beb5a7ea 1603778 otherosfs optional qemu-system-sparc_1.7.0+dfsg-2_amd64.deb
2750f4e32f1f0853619ee8cea0de664e 1970844 otherosfs optional qemu-system-x86_1.7.0+dfsg-2_amd64.deb
456f0ddbc2c7ced4a96713e0b271c10a 4847848 otherosfs optional qemu-user_1.7.0+dfsg-2_amd64.deb
d2ba1f5cec0d857af0afa5f1a57d8a51 7176992 otherosfs optional qemu-user-static_1.7.0+dfsg-2_amd64.deb
bef677ce63960826c670a23bb0421839 426130 otherosfs optional qemu-utils_1.7.0+dfsg-2_amd64.deb
f48d014cd9e8d64368e700bd942bcb3a 128118 otherosfs optional qemu-guest-agent_1.7.0+dfsg-2_amd64.deb
a8ace0f94cf579af60687026f3d3ec22 45002 otherosfs optional qemu-kvm_1.7.0+dfsg-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iJwEAQECAAYFAlKXp4IACgkQUlPFrXTwyDibLgP/bUNK0pgygqYFw/pLX5ZYwnPe
eTdyxHo1TdfJV+ZAovucFHusFTZrgnpNwa+bHrvQZCcCK4EEqlj5IcF+hZscfeaz
I5Dp7Yc20MSDI91EAmSC3IXQJJ82TDDZuXwH2ZKLSHdbt1vnuLRJuWR8gCrI/C6e
q0LcYh5T88GEJ3PQ7eU=
=T/hH
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 28 Dec 2013 07:36:10 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Fri Nov 24 21:19:57 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.