s3/utils: Add warning to testparm for "client ipc signing" param values

We should warn about security sensitive settings where we can,
client ipc signing has 2 values that can allow connections to proceed
without SMB signing. This may be unavoidable (e.g. connecting to legacy
systems) but nevertheless it is worthwhile to warn.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun  6 22:40:12 CEST 2017 on sn-devel-144

source3/utils/testparm.c

@@ -229,6 +229,18 @@ static int do_global_checks(void)
 				"must differ.\n\n");
 	}
 
+	if (lp_client_ipc_signing() == SMB_SIGNING_IF_REQUIRED
+	 || lp_client_ipc_signing() == SMB_SIGNING_OFF) {
+		fprintf(stderr, "WARNING: The 'client ipc signing' value "
+			"%s SMB signing is not used when contacting a "
+			"domain controller or other server. "
+			"This setting is not recommended; please be "
+			"aware of the security implications when using "
+			"this configuration setting.\n\n",
+			lp_client_ipc_signing() == SMB_SIGNING_OFF ?
+			"ensures" : "may mean");
+	}
+
 	if (strlen(lp_netbios_name()) > 15) {
 		fprintf(stderr, "WARNING: The 'netbios name' is too long "
 				"(max. 15 chars).\n\n");