diff options
author | Greg Hudson <ghudson@mit.edu> | 2009-09-21 16:11:26 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2009-09-21 16:11:26 +0000 |
commit | f36a5ba4e2fd034d9f261b1b4faaa28e7c7e46e7 (patch) | |
tree | 42f00ab252151810b9b38b39d23b1b02fd2c1be1 /src/kadmin | |
parent | aa53ac48167aeb7d355284aa59541802d3980795 (diff) | |
download | krb5-f36a5ba4e2fd034d9f261b1b4faaa28e7c7e46e7.zip krb5-f36a5ba4e2fd034d9f261b1b4faaa28e7c7e46e7.tar.gz krb5-f36a5ba4e2fd034d9f261b1b4faaa28e7c7e46e7.tar.bz2 |
Fix addprinc -randkey when policy requires multiple character classes
The fix for ticket #6074 (r20650) caused a partial regression of
ticket #115 (r9210) because the dummy password contained only one
character class. As a minimal 1.7 fix, use all five character classes
in the dummy password.
ticket: 6568
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22781 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kadmin')
-rw-r--r-- | src/kadmin/cli/kadmin.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index 513e716b..e57d497 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -1168,12 +1168,13 @@ void kadmin_addprinc(argc, argv) char *cert_hash = NULL; #endif /* APPLE_PKINIT */ - /* - dummybuf is used to give random key a password, - random key entires are created with DISALLOW_ALL_TIX - so lets give them a known password utf8 valid pasword - */ - for (i = 0; i < sizeof(dummybuf) - 1; i++) + /* + * We begin with a bad password and DISALLOW_ALL_TIX. The bad + * password must try to pass any password policy in place, and + * must be valid UTF-8 for the arcfour string-to-key). + */ + strcpy(dummybuf, "6F a["); + for (i = strlen(dummybuf); i < sizeof(dummybuf) - 1; i++) dummybuf[i] = 'a' + (random() % 25); dummybuf[sizeof(dummybuf) - 1] = '\0'; |