svn rev #22781: trunk/src/kadmin/cli/

Mon Sep 21 12:11:27 EDT 2009

http://src.mit.edu/fisheye/changelog/krb5/?cs=22781
Commit By: ghudson
Log Message:
ticket: 6568
subject: Fix addprinc -randkey when policy requires multiple character classes
tags: pullup
target_version: 1.7.1

The fix for ticket #6074 (r20650) caused a partial regression of
ticket #115 (r9210) because the dummy password contained only one
character class.  As a minimal 1.7 fix, use all five character classes
in the dummy password.



Changed Files:
U   trunk/src/kadmin/cli/kadmin.c
Modified: trunk/src/kadmin/cli/kadmin.c
===================================================================

--- trunk/src/kadmin/cli/kadmin.c	2009-09-21 15:53:47 UTC (rev 22780)
+++ trunk/src/kadmin/cli/kadmin.c	2009-09-21 16:11:26 UTC (rev 22781)
@@ -1168,12 +1168,13 @@
     char *cert_hash = NULL;
 #endif /* APPLE_PKINIT */
 
-    /* 
-       dummybuf is used to give random key a password,
-       random key entires are created with DISALLOW_ALL_TIX
-       so lets give them a known password utf8 valid pasword
-    */
-    for (i = 0; i < sizeof(dummybuf) - 1; i++)
+    /*
+     * We begin with a bad password and DISALLOW_ALL_TIX.  The bad
+     * password must try to pass any password policy in place, and
+     * must be valid UTF-8 for the arcfour string-to-key).
+     */
+    strcpy(dummybuf, "6F a[");
+    for (i = strlen(dummybuf); i < sizeof(dummybuf) - 1; i++)
  	dummybuf[i] = 'a' + (random() % 25);
     dummybuf[sizeof(dummybuf) - 1] = '\0';
 


