Re: [SSSD] [PATCH] sudo: print message if old protocol is used

Thu, 15 Nov 2012 08:54:35 -0800 

On 11/15/2012 02:30 PM, Simo Sorce wrote:

On Thu, 2012-11-15 at 12:13 +0100, Pavel Březina wrote:

@@ -185,9 +186,14 @@ static int sudosrv_cmd(enum sss_sudo_type type,
struct cli_ctx *cli_ctx)
      }

      /* if protocol is invalid return */
-    if (cli_ctx->cli_protocol_version->version !=
SSS_SUDO_PROTOCOL_VERSION) {
-        DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid protocol! [%d]\n",
-              cli_ctx->cli_protocol_version->version));
+    if (protocol == 0) {
+        DEBUG(SSSDBG_FATAL_FAILURE, ("Protocol [%d] is not secure. "
+              "SSSD does not allow to use this protocol.\n",
protocol));
+        ret = EFAULT;
+        goto done;
+    } else if (protocol != SSS_SUDO_PROTOCOL_VERSION) {
+        DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid protocol version [%d]!
\n",
+                                     protocol));
          ret = EFAULT;
          goto done;


Nitpicking, but for this kind of situations I think a switch/case
statement would be much more clear (also avoids adding a variable as you
use it once):

switch(cli_ctx->cli_protocol_version->version) {
case 0:
     DEBUG(..);
     break;
case SSS_SUDO_PROTOCOL_VERSION:
     break;
default:
     DEBUG("invalid"...);
     break;
}

Simo.



OK. New patch is attached.


From bd7bf1384fd1bef3f5ccb23a081a656add6f475f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Tue, 13 Nov 2012 13:31:56 +0100
Subject: [PATCH] sudo: print message if old protocol is used

---
 src/responder/sudo/sudosrv_cmd.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/responder/sudo/sudosrv_cmd.c b/src/responder/sudo/sudosrv_cmd.c
index eb421373f394e59db7db615da17ef7370c375746..9ad1be42b75fd592846bd5ae9ed60f78c70cc391 100644
--- a/src/responder/sudo/sudosrv_cmd.c
+++ b/src/responder/sudo/sudosrv_cmd.c
@@ -164,6 +164,7 @@ static int sudosrv_cmd(enum sss_sudo_type type, struct cli_ctx *cli_ctx)
     struct sudo_cmd_ctx *cmd_ctx = NULL;
     uint8_t *query_body = NULL;
     size_t query_len = 0;
+    uint32_t protocol = cli_ctx->cli_protocol_version->version;
     errno_t ret;
 
     /* create cmd_ctx */
@@ -185,9 +186,20 @@ static int sudosrv_cmd(enum sss_sudo_type type, struct cli_ctx *cli_ctx)
     }
 
     /* if protocol is invalid return */
-    if (cli_ctx->cli_protocol_version->version != SSS_SUDO_PROTOCOL_VERSION) {
-        DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid protocol! [%d]\n",
-              cli_ctx->cli_protocol_version->version));
+    switch (protocol) {
+    case 0:
+        DEBUG(SSSDBG_FATAL_FAILURE, ("Protocol [%d] is not secure. "
+              "SSSD does not allow to use this protocol.\n", protocol));
+        ret = EFAULT;
+        goto done;
+        break;
+    case SSS_SUDO_PROTOCOL_VERSION:
+        DEBUG(SSSDBG_TRACE_INTERNAL, ("Using protocol version [%d]\n",
+                                      protocol));
+        break;
+    default:
+        DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid protocol version [%d]!\n",
+                                     protocol));
         ret = EFAULT;
         goto done;
     }
-- 
1.7.11.7


_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to