I believe the patch explains itself.
From ba7b4bf8d7c97f43d286728000a6f30c713f7a1c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Tue, 13 Nov 2012 13:31:56 +0100
Subject: [PATCH 1/3] sudo: print message if old protocol is used
---
src/responder/sudo/sudosrv_cmd.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/responder/sudo/sudosrv_cmd.c b/src/responder/sudo/sudosrv_cmd.c
index eb421373f394e59db7db615da17ef7370c375746..c6bbaea30be427f11e4a702bf516281ad0665dab 100644
--- a/src/responder/sudo/sudosrv_cmd.c
+++ b/src/responder/sudo/sudosrv_cmd.c
@@ -164,6 +164,7 @@ static int sudosrv_cmd(enum sss_sudo_type type, struct cli_ctx *cli_ctx)
struct sudo_cmd_ctx *cmd_ctx = NULL;
uint8_t *query_body = NULL;
size_t query_len = 0;
+ uint32_t protocol = cli_ctx->cli_protocol_version->version;
errno_t ret;
/* create cmd_ctx */
@@ -185,9 +186,14 @@ static int sudosrv_cmd(enum sss_sudo_type type, struct cli_ctx *cli_ctx)
}
/* if protocol is invalid return */
- if (cli_ctx->cli_protocol_version->version != SSS_SUDO_PROTOCOL_VERSION) {
- DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid protocol! [%d]\n",
- cli_ctx->cli_protocol_version->version));
+ if (protocol == 0) {
+ DEBUG(SSSDBG_FATAL_FAILURE, ("Protocol [%d] is not secure. "
+ "SSSD does not allow to use this protocol.\n", protocol));
+ ret = EFAULT;
+ goto done;
+ } else if (protocol != SSS_SUDO_PROTOCOL_VERSION) {
+ DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid protocol version [%d]!\n",
+ protocol));
ret = EFAULT;
goto done;
}
--
1.7.11.7
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
