Only allow a modern checksum method for passwords.

author Wayne Davison <wayned@samba.org>

Wed, 25 Oct 2017 03:44:37 +0000 (20:44 -0700)

committer Wayne Davison <wayned@samba.org>

Wed, 25 Oct 2017 03:44:37 +0000 (20:44 -0700)
author Wayne Davison <wayned@samba.org>
Wed, 25 Oct 2017 03:44:37 +0000 (20:44 -0700)
committer Wayne Davison <wayned@samba.org>
Wed, 25 Oct 2017 03:44:37 +0000 (20:44 -0700)
diff --git a/authenticate.c b/authenticate.c

index d60ee20b6b53a9351efbdf175f36525ead220de6..a106b0f60a8cb88e37080bc5e2a58ce28c66f379 100644 (file)
--- a/authenticate.c
+++ b/authenticate.c
@@ -22,6 +22,7 @@
  #include "itypes.h"
  
  extern int read_only;
+extern int protocol_version;
  extern char *password_file;
  
  /***************************************************************************
@@ -237,6 +238,11 @@ char *auth_server(int f_in, int f_out, int module, const char *host,
         if (!users || !*users)
                 return "";
  
+       if (protocol_version < 21) { /* Don't allow a weak checksum for the password. */
+               rprintf(FERROR, "ERROR: protocol version is too old!\n");
+               exit_cleanup(RERR_PROTOCOL);
+       }
+
         gen_challenge(addr, challenge);
  
         io_printf(f_out, "%s%s\n", leader, challenge);
author	Wayne Davison <wayned@samba.org>
	Wed, 25 Oct 2017 03:44:37 +0000 (20:44 -0700)
committer	Wayne Davison <wayned@samba.org>
	Wed, 25 Oct 2017 03:44:37 +0000 (20:44 -0700)