4 files changed, 61 insertions, 52 deletions
diff --git a/docs-xml/smbdotconf/security/serversigning.xml b/docs-xml/smbdotconf/security/serversigning.xml
index 0aced5d3c17..c94a3ee6ba2 100644
--- a/docs-xml/smbdotconf/security/serversigning.xml
+++ b/docs-xml/smbdotconf/security/serversigning.xml
@@ -6,10 +6,15 @@
 <description>
 
     <para>This controls whether the client is allowed or required to use SMB1 and SMB2 signing. Possible values
-    are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis>
+    are <emphasis>default</emphasis>, <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis>
     and <emphasis>disabled</emphasis>.
     </para>
 
+    <para>By default, and when smb signing is set to
+    <emphasis>default</emphasis>, smb signing enabled when
+    <smbconfoption name="server role"/> is <emphasis>active directory
+    domain controller</emphasis> and disabled otherwise.</para>
+
     <para>When set to auto, SMB1 signing is offered, but not enforced.
     When set to mandatory, SMB1 signing is required and if set
     to disabled, SMB signing is not offered either.</para>
@@ -20,5 +25,5 @@
     will still require SMB2 clients to use signing.</para>
 </description>
 
-<value type="default">Disabled</value>
+<value type="default">default</value>
 </samba:parameter>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 71f62edf828..df2ff6e11ba 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2611,3 +2611,45 @@ int lpcfg_security(struct loadparm_context *lp_ctx)
 	return lp_find_security(lpcfg__server_role(lp_ctx),
 				lpcfg__security(lp_ctx));
 }
+
+bool lpcfg_server_signing_allowed(struct loadparm_context *lp_ctx, bool *mandatory)
+{
+	bool allowed = true;
+	enum smb_signing_setting signing_setting = lpcfg_server_signing(lp_ctx);
+
+	*mandatory = false;
+
+	if (signing_setting == SMB_SIGNING_DEFAULT) {
+		/*
+		 * If we are a domain controller, SMB signing is
+		 * really important, as it can prevent a number of
+		 * attacks on communications between us and the
+		 * clients
+		 *
+		 * However, it really sucks (no sendfile, CPU
+		 * overhead) performance-wise when used on a
+		 * file server, so disable it by default
+		 * on non-DCs
+		 */
+
+		if (lpcfg_server_role(lp_ctx) >= ROLE_ACTIVE_DIRECTORY_DC) {
+			signing_setting = SMB_SIGNING_REQUIRED;
+		} else {
+			signing_setting = SMB_SIGNING_OFF;
+		}
+	}
+
+	switch (signing_setting) {
+	case SMB_SIGNING_REQUIRED:
+		*mandatory = true;
+		break;
+	case SMB_SIGNING_IF_REQUIRED:
+		break;
+	case SMB_SIGNING_DEFAULT:
+	case SMB_SIGNING_OFF:
+		allowed = false;
+		break;
+	}
+
+	return allowed;
+}
diff --git a/source3/smbd/signing.c b/source3/smbd/signing.c
index 2b622244c9f..295c9f1b790 100644
--- a/source3/smbd/signing.c
+++ b/source3/smbd/signing.c
@@ -23,6 +23,7 @@
 #include "smbd/smbd.h"
 #include "smbd/globals.h"
 #include "../libcli/smb/smb_signing.h"
+#include "lib/param/param.h"
 
 /***********************************************************
  Called to validate an incoming packet from the client.
@@ -168,20 +169,14 @@ static void smbd_shm_signing_free(TALLOC_CTX *mem_ctx, void *ptr)
 
 bool srv_init_signing(struct smbd_server_connection *conn)
 {
-	bool allowed = true;
+	bool allowed;
 	bool desired;
 	bool mandatory = false;
 
-	switch (lp_server_signing()) {
-	case SMB_SIGNING_REQUIRED:
-		mandatory = true;
-		break;
-	case SMB_SIGNING_IF_REQUIRED:
-		break;
-	case SMB_SIGNING_DEFAULT:
-	case SMB_SIGNING_OFF:
-		allowed = false;
-		break;
+	struct loadparm_context *lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers());
+	if (lp_ctx == NULL) {
+		DEBUG(10, ("loadparm_init_s3 failed\n"));
+		return false;
 	}
 
 	/*
@@ -192,7 +187,9 @@ bool srv_init_signing(struct smbd_server_connection *conn)
 	 * because not every client that requires signing
 	 * sends FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED.
 	 */
-	desired = allowed;
+
+	allowed = desired = lpcfg_server_signing_allowed(lp_ctx, &mandatory);
+	talloc_unlink(conn, lp_ctx);
 
 	if (lp_async_smb_echo_handler()) {
 		struct smbd_shm_signing *s;
diff --git a/source4/smb_server/smb/signing.c b/source4/smb_server/smb/signing.c
index d632e87ea7b..3fe7cff94fd 100644
--- a/source4/smb_server/smb/signing.c
+++ b/source4/smb_server/smb/signing.c
@@ -77,49 +77,14 @@ bool smbsrv_setup_signing(struct smbsrv_connection *smb_conn,
 
 bool smbsrv_init_signing(struct smbsrv_connection *smb_conn)
 {
-	enum smb_signing_setting signing_setting;
-
 	smb_conn->signing.mac_key = data_blob(NULL, 0);
 	if (!smbcli_set_signing_off(&smb_conn->signing)) {
 		return false;
 	}
 
-	signing_setting = lpcfg_server_signing(smb_conn->lp_ctx);
-	if (signing_setting == SMB_SIGNING_DEFAULT) {
-		/*
-		 * If we are a domain controller, SMB signing is
-		 * really important, as it can prevent a number of
-		 * attacks on communications between us and the
-		 * clients
-		 *
-		 * However, it really sucks (no sendfile, CPU
-		 * overhead) performance-wise when used on a
-		 * file server, so disable it by default
-		 * on non-DCs
-		 */
-
-		if (lpcfg_server_role(smb_conn->lp_ctx) >= ROLE_ACTIVE_DIRECTORY_DC) {
-			signing_setting = SMB_SIGNING_REQUIRED;
-		} else {
-			signing_setting = SMB_SIGNING_OFF;
-		}
-	}
-
-	switch (signing_setting) {
-	case SMB_SIGNING_DEFAULT:
-		smb_panic(__location__);
-		break;
-	case SMB_SIGNING_OFF:
-		smb_conn->signing.allow_smb_signing = false;
-		break;
-	case SMB_SIGNING_IF_REQUIRED:
-		smb_conn->signing.allow_smb_signing = true;
-		break;
-	case SMB_SIGNING_REQUIRED:
-		smb_conn->signing.allow_smb_signing = true;
-		smb_conn->signing.mandatory_signing = true;
-		break;
-	}
+	smb_conn->signing.allow_smb_signing
+		= lpcfg_server_signing_allowed(smb_conn->lp_ctx,
+					       &smb_conn->signing.mandatory_signing);
 	return true;
 }