Bug 11168 - smb.conf, testparm, man page and signing options are inconsistent
Summary: smb.conf, testparm, man page and signing options are inconsistent
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.1.17
Hardware: x64 Linux
: P5 major (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-17 14:44 UTC by Raphael Olszewski
Modified: 2022-12-16 20:10 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Raphael Olszewski 2015-03-17 14:44:45 UTC
using the signing options is inconsistent:

man smb.conf talks about
   client signing (G)
      Possible values are auto, mandatory and disabled.
   server signing (G)
      Possible values are auto, mandatory and disabled

using smb.conf with
        client signing = mandatory
        server signing = mandatory
testparm now shows
        client signing = required
        server signing = required

now mixing in smb.conf
        client signing = mandatory
        server signing = required
testparm shows
        client signing = required
        server signing = required
But manpage say: use mandatory - not required

I request to fix this to avoid this inconsitency and misunderstandings.
Comment 1 Jones Syue (dead mail address) 2015-04-27 01:32:06 UTC
Hmm perhaps could leave them as aliases and clear documented,
not sure if for backward compatible.

/* samba-4.1.17/lib/param/table_param.c */
/* SMB signing types. */
static const struct enum_list enum_smb_signing_vals[] = {
	{SMB_SIGNING_DEFAULT, "default"},
	{SMB_SIGNING_OFF, "No"},
	{SMB_SIGNING_OFF, "False"},
	{SMB_SIGNING_OFF, "0"},
	{SMB_SIGNING_OFF, "Off"},
	{SMB_SIGNING_OFF, "disabled"},
	{SMB_SIGNING_IF_REQUIRED, "if_required"},
	{SMB_SIGNING_IF_REQUIRED, "Yes"},
	{SMB_SIGNING_IF_REQUIRED, "True"},
	{SMB_SIGNING_IF_REQUIRED, "1"},
	{SMB_SIGNING_IF_REQUIRED, "On"},
	{SMB_SIGNING_IF_REQUIRED, "enabled"},
	{SMB_SIGNING_IF_REQUIRED, "auto"},
	{SMB_SIGNING_REQUIRED, "required"},
	{SMB_SIGNING_REQUIRED, "mandatory"},
	{SMB_SIGNING_REQUIRED, "force"},
	{SMB_SIGNING_REQUIRED, "forced"},
	{SMB_SIGNING_REQUIRED, "enforced"},
	{-1, NULL}
};

/* samba-4.1.17/source3/smbd/signing.c */
/***********************************************************
 Called by server negprot when signing has been negotiated.
************************************************************/

bool srv_init_signing(struct smbd_server_connection *conn)
{
	bool allowed = true;
	bool desired;
	bool mandatory = false;

	switch (lp_server_signing()) {
	case SMB_SIGNING_REQUIRED:
		mandatory = true;
		break;
	case SMB_SIGNING_IF_REQUIRED:
		break;
	case SMB_SIGNING_DEFAULT:
	case SMB_SIGNING_OFF:
		allowed = false;
		break;
	}
...
Comment 2 sp33dy1 2022-12-16 13:34:14 UTC
Hello, I don't know if it was resolved, I don't see anything.
I have the same problem in Samba 4.10.16 - "client signing = mandatory" in smb.conf, but testparm shows "client signing = required".
Comment 3 sp33dy1 2022-12-16 20:10:05 UTC
(In reply to sp33dy1 from comment #2)
Ok, I understand now, "mandatory" and "required" are aliases for the same setting.
It's kinda confusing anyway...