r3380: - changed the default behaviour of server signing. We now have a default

setting of "server signing = auto", which means to offer signing
  only if we have domain logons enabled (ie. we are a DC). This is a
  better match for what windows clients want, as unfortunately windows
  clients always use signing if it is offered, and when they use signing
  they not only go slower because of the signing itself, they also
  disable large readx/writex support, so they end up sending very small
  IOs for.

- changed the default max xmit again, this time matching longhorn,
  which uses 12288. That seems to be a fairly good compromise value.
(This used to be commit e63edc8171)

source4/include/smb.h

@@ -33,7 +33,8 @@
 #define SMB_PORT2 139
 #define SMB_PORTS "445 139"
 
-enum smb_signing_state {SMB_SIGNING_OFF, SMB_SIGNING_SUPPORTED, SMB_SIGNING_REQUIRED};
+enum smb_signing_state {SMB_SIGNING_OFF, SMB_SIGNING_SUPPORTED, 
+			SMB_SIGNING_REQUIRED, SMB_SIGNING_AUTO};
 
 /* deny modes */
 #define DENY_DOS 0

source4/libcli/raw/smb_signing.c

@@ -394,6 +394,7 @@ BOOL smbcli_init_signing(struct smbcli_transport *transport)
 		transport->negotiate.sign_info.allow_smb_signing = False;
 		break;
 	case SMB_SIGNING_SUPPORTED:
+	case SMB_SIGNING_AUTO:
 		transport->negotiate.sign_info.allow_smb_signing = True;
 		break;
 	case SMB_SIGNING_REQUIRED:

source4/param/loadparm.c

@@ -198,8 +198,8 @@ typedef struct
 	BOOL bLanmanAuth;
 	BOOL bNTLMAuth;
 	BOOL bUseSpnego;
-	BOOL server_signing;
-	BOOL client_signing;
+	int  server_signing;
+	int  client_signing;
 	BOOL bClientLanManAuth;
 	BOOL bClientNTLMv2Auth;
 	BOOL bHostMSDfs;
@@ -456,12 +456,12 @@ static const struct enum_list enum_smb_signing_vals[] = {
 	{SMB_SIGNING_SUPPORTED, "1"},
 	{SMB_SIGNING_SUPPORTED, "On"},
 	{SMB_SIGNING_SUPPORTED, "enabled"},
-	{SMB_SIGNING_SUPPORTED, "auto"},
 	{SMB_SIGNING_REQUIRED, "required"},
 	{SMB_SIGNING_REQUIRED, "mandatory"},
 	{SMB_SIGNING_REQUIRED, "force"},
 	{SMB_SIGNING_REQUIRED, "forced"},
 	{SMB_SIGNING_REQUIRED, "enforced"},
+	{SMB_SIGNING_AUTO, "auto"},
 	{-1, NULL}
 };
 
@@ -939,7 +939,7 @@ static void init_globals(void)
 	do_parameter("load printers", "True");
 
 	do_parameter("max mux", "50");
-	do_parameter("max xmit", "65535");
+	do_parameter("max xmit", "12288");
 	do_parameter("lpqcachetime", "10");
 	do_parameter("DisableSpoolss", "False");
 	do_parameter("password level", "0");
@@ -1006,7 +1006,7 @@ static void init_globals(void)
 	do_parameter("name cache timeout", "660"); /* In seconds */
 
 	do_parameter("client signing", "Yes");
-	do_parameter("server signing", "Yes");
+	do_parameter("server signing", "auto");
 
 	do_parameter("use spnego", "True");
 

source4/smb_server/signing.c

@@ -110,6 +110,13 @@ BOOL srv_init_signing(struct smbsrv_connection *smb_conn)
 		smb_conn->signing.allow_smb_signing = True;
 		smb_conn->signing.mandatory_signing = True;
 		break;
+	case SMB_SIGNING_AUTO:
+		if (lp_domain_logons()) {
+			smb_conn->signing.allow_smb_signing = True;
+		} else {
+			smb_conn->signing.allow_smb_signing = False;
+		}
+		break;
 	}
 	return True;
 }