From 71959d5e1ff0e524877081268ea4028e9cbbf9ed Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 2 Nov 2011 18:03:24 +0100
Subject: [PATCH] s4:smb_server: change the default for "server signing" to
 "default"

metze
---
 lib/param/loadparm.c              | 2 +-
 source4/smb_server/smb/signing.c  | 5 ++++-
 source4/smb_server/smb2/negprot.c | 5 ++++-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 1048e693910..4216e09966b 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -3382,7 +3382,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 	lpcfg_do_global_parameter(lp_ctx, "idmap trusted only", "False");
 
 	lpcfg_do_global_parameter(lp_ctx, "client signing", "default");
-	lpcfg_do_global_parameter(lp_ctx, "server signing", "auto");
+	lpcfg_do_global_parameter(lp_ctx, "server signing", "default");
 
 	lpcfg_do_global_parameter(lp_ctx, "use spnego", "True");
 
diff --git a/source4/smb_server/smb/signing.c b/source4/smb_server/smb/signing.c
index 3e08e219ec7..a3c91f66390 100644
--- a/source4/smb_server/smb/signing.c
+++ b/source4/smb_server/smb/signing.c
@@ -85,7 +85,7 @@ bool smbsrv_init_signing(struct smbsrv_connection *smb_conn)
 	}
 
 	signing_setting = lpcfg_server_signing(smb_conn->lp_ctx);
-	if (signing_setting == SMB_SIGNING_AUTO) {
+	if (signing_setting == SMB_SIGNING_DEFAULT) {
 		/*
 		 * If we are a domain controller, SMB signing is
 		 * really important, as it can prevent a number of
@@ -106,6 +106,9 @@ bool smbsrv_init_signing(struct smbsrv_connection *smb_conn)
 	}
 
 	switch (signing_setting) {
+	case SMB_SIGNING_DEFAULT:
+		smb_panic(__location__);
+		break;
 	case SMB_SIGNING_OFF:
 		smb_conn->signing.allow_smb_signing = false;
 		break;
diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c
index 892953635ca..24521da42e3 100644
--- a/source4/smb_server/smb2/negprot.c
+++ b/source4/smb_server/smb2/negprot.c
@@ -123,7 +123,7 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2
 	ZERO_STRUCT(io->out);
 
 	signing_setting = lpcfg_server_signing(lp_ctx);
-	if (signing_setting == SMB_SIGNING_AUTO) {
+	if (signing_setting == SMB_SIGNING_DEFAULT) {
 		/*
 		 * If we are a domain controller, SMB signing is
 		 * really important, as it can prevent a number of
@@ -144,6 +144,9 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2
 	}
 
 	switch (signing_setting) {
+	case SMB_SIGNING_DEFAULT:
+		smb_panic(__location__);
+		break;
 	case SMB_SIGNING_OFF:
 		io->out.security_mode = 0;
 		break;
-- 
2.11.4.GIT