WIP: Samba's client command line UI

Andrew Bartlett abartlet at samba.org
Wed Aug 19 22:07:05 UTC 2020

On Wed, 2020-08-19 at 10:02 +0200, Andreas Schneider via samba-
technical wrote:
> Hi,
> I'm working to cleaning up the mess we have with our client cmdline
> UI [1].

Thank you so much for taking this on.  I really do appreciate it.

> Currently we have a source3 and a source4 parsing implementation. I
> have 
> rewritten the command line parsing code. The only real difference
> between the 
> two is only how the config file is loaded. So I created a s3 and s4
> config 
> loader and that's it.

Awesome.  I've been trying (and sadly failing) to do something similar
in the python code, generally using the s3 config loader and just
wrapping it into an s4/python object.  It almost worked, but got stuck
on some odd cases in the upgrade tools that relies on smb.conf
behaviour too much.

> The big change is that we need new options to fix a lot of issues
> face: The 
> biggest change is probably about Kerberos:
> 	--use-kerberos=yes|auto|no
> New is that we have options to correctly request signing and
> encryption:
>       --gensec-client-protection=plain|sign|seal
>       --smb-signing=off|if_required|desired|required
>       --smb-ipc-signing=off|if_required|desired|required
>       --smb-encryption=off|if_required|desired|required
> You can find the code at [2].
> 	NOTE that this is still work in progress and no all the stuff
> is
> 	wired correctly yet!
> But I wanted to show you what I'm working on and you can comment. 

I really appreciate this.  It is awesome seeing planned work being
discussed here recently and I celebrate this and similar efforts.

> Feedback is welcome :-)

>From the example above, I did just wonder if we are still presenting
too much nerdview.  That is, why should a user need to know what GENSEC
or SMB-IPC is?

What do you think about a single option of --connection-protection?

Thanks for all the hard work!

Andrew Bartlett
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          

More information about the samba-technical mailing list