From: Michael Tokarev <mjt@tls.msk.ru>
Date: Fri, 20 May 2022 06:48:32 +0000 (+0300)
Subject: testparm: clarify "Weak crypto is allowed" message
X-Git-Tag: tevent-0.13.0~211
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b609734c52dc12cf80faa693e981a4ef0ce4be4a;p=thirdparty%2Fsamba.git

testparm: clarify "Weak crypto is allowed" message

The message testparm prints about weak crypto is really
misleading: "Weak crypto is allowed" is often interpreted
in a way that smb.conf settings are bad by allowing weak
crypto.  While the actual meaning is about the ability to
fall back to weaker crypto for (backwards) compatibility,
and this has nothing to do with samba settings, it is the
gnutls settings. Clarify both of these, and eliminate an
if() and a local variable.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul  1 14:35:09 UTC 2022 on sn-devel-184
---

diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index 71bc4c2694e..9555b436260 100644
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -735,7 +735,6 @@ static void do_per_share_checks(int s)
 	const char *caddr;
 	static int show_defaults;
 	static int skip_logic_checks = 0;
-	const char *weak_crypo_str = "";
 	bool ok;
 
 	struct poptOption long_options[] = {
@@ -870,12 +869,10 @@ static void do_per_share_checks(int s)
 
 	fprintf(stderr,"Loaded services file OK.\n");
 
-	if (samba_gnutls_weak_crypto_allowed()) {
-		weak_crypo_str = "allowed";
-	} else {
-		weak_crypo_str = "disallowed";
-	}
-	fprintf(stderr, "Weak crypto is %s\n", weak_crypo_str);
+	fprintf(stderr,
+		"Weak crypto is %sallowed by GnuTLS "
+		"(e.g. NTLM as a compatibility fallback)\n",
+	        samba_gnutls_weak_crypto_allowed() ? "" : "dis");
 
 	if (skip_logic_checks == 0) {
 		ret = do_global_checks();