svn rev #23637: branches/krb5-1-7/src/kadmin/cli/
tlyu@MIT.EDU
tlyu at MIT.EDU
Mon Jan 11 22:03:37 EST 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=23637
Commit By: tlyu
Log Message:
ticket: 6568
version_fixed: 1.7.1
status: resolved
pull up r22781 from trunk
------------------------------------------------------------------------
r22781 | ghudson | 2009-09-21 12:11:26 -0400 (Mon, 21 Sep 2009) | 10 lines
ticket: 6568
subject: Fix addprinc -randkey when policy requires multiple character classes
tags: pullup
target_version: 1.7.1
The fix for ticket #6074 (r20650) caused a partial regression of
ticket #115 (r9210) because the dummy password contained only one
character class. As a minimal 1.7 fix, use all five character classes
in the dummy password.
Changed Files:
U branches/krb5-1-7/src/kadmin/cli/kadmin.c
Modified: branches/krb5-1-7/src/kadmin/cli/kadmin.c
===================================================================
--- branches/krb5-1-7/src/kadmin/cli/kadmin.c 2010-01-12 02:50:15 UTC (rev 23636)
+++ branches/krb5-1-7/src/kadmin/cli/kadmin.c 2010-01-12 03:03:37 UTC (rev 23637)
@@ -1164,12 +1164,13 @@
char *cert_hash = NULL;
#endif /* APPLE_PKINIT */
- /*
- dummybuf is used to give random key a password,
- random key entires are created with DISALLOW_ALL_TIX
- so lets give them a known password utf8 valid pasword
- */
- for (i = 0; i < sizeof(dummybuf) - 1; i++)
+ /*
+ * We begin with a bad password and DISALLOW_ALL_TIX. The bad
+ * password must try to pass any password policy in place, and
+ * must be valid UTF-8 for the arcfour string-to-key).
+ */
+ strcpy(dummybuf, "6F a[");
+ for (i = strlen(dummybuf); i < sizeof(dummybuf) - 1; i++)
dummybuf[i] = 'a' + (random() % 25);
dummybuf[sizeof(dummybuf) - 1] = '\0';
More information about the cvs-krb5
mailing list