I believe the patch explains itself.
From ba7b4bf8d7c97f43d286728000a6f30c713f7a1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Tue, 13 Nov 2012 13:31:56 +0100 Subject: [PATCH 1/3] sudo: print message if old protocol is used
--- src/responder/sudo/sudosrv_cmd.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/responder/sudo/sudosrv_cmd.c b/src/responder/sudo/sudosrv_cmd.c index eb421373f394e59db7db615da17ef7370c375746..c6bbaea30be427f11e4a702bf516281ad0665dab 100644 --- a/src/responder/sudo/sudosrv_cmd.c +++ b/src/responder/sudo/sudosrv_cmd.c @@ -164,6 +164,7 @@ static int sudosrv_cmd(enum sss_sudo_type type, struct cli_ctx *cli_ctx) struct sudo_cmd_ctx *cmd_ctx = NULL; uint8_t *query_body = NULL; size_t query_len = 0; + uint32_t protocol = cli_ctx->cli_protocol_version->version; errno_t ret; /* create cmd_ctx */ @@ -185,9 +186,14 @@ static int sudosrv_cmd(enum sss_sudo_type type, struct cli_ctx *cli_ctx) } /* if protocol is invalid return */ - if (cli_ctx->cli_protocol_version->version != SSS_SUDO_PROTOCOL_VERSION) { - DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid protocol! [%d]\n", - cli_ctx->cli_protocol_version->version)); + if (protocol == 0) { + DEBUG(SSSDBG_FATAL_FAILURE, ("Protocol [%d] is not secure. " + "SSSD does not allow to use this protocol.\n", protocol)); + ret = EFAULT; + goto done; + } else if (protocol != SSS_SUDO_PROTOCOL_VERSION) { + DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid protocol version [%d]!\n", + protocol)); ret = EFAULT; goto done; } -- 1.7.11.7
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel