11168 – smb.conf, testparm, man page and signing options are inconsistent

Bug 11168 - smb.conf, testparm, man page and signing options are inconsistent

Summary: smb.conf, testparm, man page and signing options are inconsistent

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	4.1.17
Hardware:	x64 Linux

Importance:	P5 major (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-03-17 14:44 UTC by Raphael Olszewski
Modified:	2022-12-16 20:10 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Raphael Olszewski 2015-03-17 14:44:45 UTC

using the signing options is inconsistent:

man smb.conf talks about
   client signing (G)
      Possible values are auto, mandatory and disabled.
   server signing (G)
      Possible values are auto, mandatory and disabled

using smb.conf with
        client signing = mandatory
        server signing = mandatory
testparm now shows
        client signing = required
        server signing = required

now mixing in smb.conf
        client signing = mandatory
        server signing = required
testparm shows
        client signing = required
        server signing = required
But manpage say: use mandatory - not required

I request to fix this to avoid this inconsitency and misunderstandings.

Comment 1 Jones Syue 2015-04-27 01:32:06 UTC

Hmm perhaps could leave them as aliases and clear documented,
not sure if for backward compatible.

/* samba-4.1.17/lib/param/table_param.c */
/* SMB signing types. */
static const struct enum_list enum_smb_signing_vals[] = {
	{SMB_SIGNING_DEFAULT, "default"},
	{SMB_SIGNING_OFF, "No"},
	{SMB_SIGNING_OFF, "False"},
	{SMB_SIGNING_OFF, "0"},
	{SMB_SIGNING_OFF, "Off"},
	{SMB_SIGNING_OFF, "disabled"},
	{SMB_SIGNING_IF_REQUIRED, "if_required"},
	{SMB_SIGNING_IF_REQUIRED, "Yes"},
	{SMB_SIGNING_IF_REQUIRED, "True"},
	{SMB_SIGNING_IF_REQUIRED, "1"},
	{SMB_SIGNING_IF_REQUIRED, "On"},
	{SMB_SIGNING_IF_REQUIRED, "enabled"},
	{SMB_SIGNING_IF_REQUIRED, "auto"},
	{SMB_SIGNING_REQUIRED, "required"},
	{SMB_SIGNING_REQUIRED, "mandatory"},
	{SMB_SIGNING_REQUIRED, "force"},
	{SMB_SIGNING_REQUIRED, "forced"},
	{SMB_SIGNING_REQUIRED, "enforced"},
	{-1, NULL}
};

/* samba-4.1.17/source3/smbd/signing.c */
/***********************************************************
 Called by server negprot when signing has been negotiated.
************************************************************/

bool srv_init_signing(struct smbd_server_connection *conn)
{
	bool allowed = true;
	bool desired;
	bool mandatory = false;

	switch (lp_server_signing()) {
	case SMB_SIGNING_REQUIRED:
		mandatory = true;
		break;
	case SMB_SIGNING_IF_REQUIRED:
		break;
	case SMB_SIGNING_DEFAULT:
	case SMB_SIGNING_OFF:
		allowed = false;
		break;
	}
...

Comment 2 sp33dy1 2022-12-16 13:34:14 UTC

Hello, I don't know if it was resolved, I don't see anything.
I have the same problem in Samba 4.10.16 - "client signing = mandatory" in smb.conf, but testparm shows "client signing = required".

Comment 3 sp33dy1 2022-12-16 20:10:05 UTC

(In reply to sp33dy1 from comment #2)
Ok, I understand now, "mandatory" and "required" are aliases for the same setting.
It's kinda confusing anyway...