Bug 11168 - smb.conf, testparm, man page and signing options are inconsistent
smb.conf, testparm, man page and signing options are inconsistent
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services
4.1.17
x64 Linux
: P5 major
: ---
Assigned To: Samba QA Contact
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-03-17 14:44 UTC by Raphael Olszewski
Modified: 2015-04-27 01:32 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Raphael Olszewski 2015-03-17 14:44:45 UTC
using the signing options is inconsistent:

man smb.conf talks about
   client signing (G)
      Possible values are auto, mandatory and disabled.
   server signing (G)
      Possible values are auto, mandatory and disabled

using smb.conf with
        client signing = mandatory
        server signing = mandatory
testparm now shows
        client signing = required
        server signing = required

now mixing in smb.conf
        client signing = mandatory
        server signing = required
testparm shows
        client signing = required
        server signing = required
But manpage say: use mandatory - not required

I request to fix this to avoid this inconsitency and misunderstandings.
Comment 1 Jones Syue 2015-04-27 01:32:06 UTC
Hmm perhaps could leave them as aliases and clear documented,
not sure if for backward compatible.

/* samba-4.1.17/lib/param/table_param.c */
/* SMB signing types. */
static const struct enum_list enum_smb_signing_vals[] = {
	{SMB_SIGNING_DEFAULT, "default"},
	{SMB_SIGNING_OFF, "No"},
	{SMB_SIGNING_OFF, "False"},
	{SMB_SIGNING_OFF, "0"},
	{SMB_SIGNING_OFF, "Off"},
	{SMB_SIGNING_OFF, "disabled"},
	{SMB_SIGNING_IF_REQUIRED, "if_required"},
	{SMB_SIGNING_IF_REQUIRED, "Yes"},
	{SMB_SIGNING_IF_REQUIRED, "True"},
	{SMB_SIGNING_IF_REQUIRED, "1"},
	{SMB_SIGNING_IF_REQUIRED, "On"},
	{SMB_SIGNING_IF_REQUIRED, "enabled"},
	{SMB_SIGNING_IF_REQUIRED, "auto"},
	{SMB_SIGNING_REQUIRED, "required"},
	{SMB_SIGNING_REQUIRED, "mandatory"},
	{SMB_SIGNING_REQUIRED, "force"},
	{SMB_SIGNING_REQUIRED, "forced"},
	{SMB_SIGNING_REQUIRED, "enforced"},
	{-1, NULL}
};

/* samba-4.1.17/source3/smbd/signing.c */
/***********************************************************
 Called by server negprot when signing has been negotiated.
************************************************************/

bool srv_init_signing(struct smbd_server_connection *conn)
{
	bool allowed = true;
	bool desired;
	bool mandatory = false;

	switch (lp_server_signing()) {
	case SMB_SIGNING_REQUIRED:
		mandatory = true;
		break;
	case SMB_SIGNING_IF_REQUIRED:
		break;
	case SMB_SIGNING_DEFAULT:
	case SMB_SIGNING_OFF:
		allowed = false;
		break;
	}
...