pull up r22781 from trunk

 ------------------------------------------------------------------------
 r22781 | ghudson | 2009-09-21 12:11:26 -0400 (Mon, 21 Sep 2009) | 10 lines

 ticket: 6568
 subject: Fix addprinc -randkey when policy requires multiple character classes
 tags: pullup
 target_version: 1.7.1

 The fix for ticket #6074 (r20650) caused a partial regression of
 ticket #115 (r9210) because the dummy password contained only one
 character class.  As a minimal 1.7 fix, use all five character classes
 in the dummy password.

ticket: 6568
version_fixed: 1.7.1
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23637 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
index 213842c9ed01665ff63a5b363db99e08acb9e759..d7fff1307331c9d0edba2d6277eba153406f2d21 100644 (file)
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -1164,12 +1164,13 @@ void kadmin_addprinc(argc, argv)
     char *cert_hash = NULL;
 #endif /* APPLE_PKINIT */
 
-    /* 
-       dummybuf is used to give random key a password,
-       random key entires are created with DISALLOW_ALL_TIX
-       so lets give them a known password utf8 valid pasword
-    */
-    for (i = 0; i < sizeof(dummybuf) - 1; i++)
+    /*
+     * We begin with a bad password and DISALLOW_ALL_TIX.  The bad
+     * password must try to pass any password policy in place, and
+     * must be valid UTF-8 for the arcfour string-to-key).
+     */
+    strcpy(dummybuf, "6F a[");
+    for (i = strlen(dummybuf); i < sizeof(dummybuf) - 1; i++)
        dummybuf[i] = 'a' + (random() % 25);
     dummybuf[sizeof(dummybuf) - 1] = '\0';