testparm: clarify "Weak crypto is allowed" message

The message testparm prints about weak crypto is really
misleading: "Weak crypto is allowed" is often interpreted
in a way that smb.conf settings are bad by allowing weak
crypto.  While the actual meaning is about the ability to
fall back to weaker crypto for (backwards) compatibility,
and this has nothing to do with samba settings, it is the
gnutls settings. Clarify both of these, and eliminate an
if() and a local variable.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul  1 14:35:09 UTC 2022 on sn-devel-184

diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index 71bc4c2694e4a9c7d79a189bd1c6078472a61961..9555b436260589759c7f8847ac15ab6b74f3f2ba 100644 (file)
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -735,7 +735,6 @@ static void do_per_share_checks(int s)
        const char *caddr;
        static int show_defaults;
        static int skip_logic_checks = 0;
-       const char *weak_crypo_str = "";
        bool ok;
 
        struct poptOption long_options[] = {
@@ -870,12 +869,10 @@ static void do_per_share_checks(int s)
 
        fprintf(stderr,"Loaded services file OK.\n");
 
-       if (samba_gnutls_weak_crypto_allowed()) {
-               weak_crypo_str = "allowed";
-       } else {
-               weak_crypo_str = "disallowed";
-       }
-       fprintf(stderr, "Weak crypto is %s\n", weak_crypo_str);
+       fprintf(stderr,
+               "Weak crypto is %sallowed by GnuTLS "
+               "(e.g. NTLM as a compatibility fallback)\n",
+               samba_gnutls_weak_crypto_allowed() ? "" : "dis");
 
        if (skip_logic_checks == 0) {
                ret = do_global_checks();