From: Wayne Davison <wayned@samba.org>
Date: Wed, 25 Oct 2017 03:44:37 +0000 (-0700)
Subject: Only allow a modern checksum method for passwords.
X-Git-Tag: v3.1.3pre1~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9a480deec4d20277d8e20bc55515ef0640ca1e55;p=thirdparty%2Frsync.git

Only allow a modern checksum method for passwords.
---

diff --git a/authenticate.c b/authenticate.c
index d60ee20b..a106b0f6 100644
--- a/authenticate.c
+++ b/authenticate.c
@@ -22,6 +22,7 @@
 #include "itypes.h"
 
 extern int read_only;
+extern int protocol_version;
 extern char *password_file;
 
 /***************************************************************************
@@ -237,6 +238,11 @@ char *auth_server(int f_in, int f_out, int module, const char *host,
 	if (!users || !*users)
 		return "";
 
+	if (protocol_version < 21) { /* Don't allow a weak checksum for the password. */
+		rprintf(FERROR, "ERROR: protocol version is too old!\n");
+		exit_cleanup(RERR_PROTOCOL);
+	}
+
 	gen_challenge(addr, challenge);
 
 	io_printf(f_out, "%s%s\n", leader, challenge);