From: Tom Yu Date: Tue, 12 Jan 2010 03:03:37 +0000 (+0000) Subject: pull up r22781 from trunk X-Git-Tag: krb5-1.7.1-beta1~17 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=de6c352119566ff3f4f9b616a5e85f3d01f009ff;p=krb5.git pull up r22781 from trunk ------------------------------------------------------------------------ r22781 | ghudson | 2009-09-21 12:11:26 -0400 (Mon, 21 Sep 2009) | 10 lines ticket: 6568 subject: Fix addprinc -randkey when policy requires multiple character classes tags: pullup target_version: 1.7.1 The fix for ticket #6074 (r20650) caused a partial regression of ticket #115 (r9210) because the dummy password contained only one character class. As a minimal 1.7 fix, use all five character classes in the dummy password. ticket: 6568 version_fixed: 1.7.1 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23637 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index 213842c9e..d7fff1307 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -1164,12 +1164,13 @@ void kadmin_addprinc(argc, argv) char *cert_hash = NULL; #endif /* APPLE_PKINIT */ - /* - dummybuf is used to give random key a password, - random key entires are created with DISALLOW_ALL_TIX - so lets give them a known password utf8 valid pasword - */ - for (i = 0; i < sizeof(dummybuf) - 1; i++) + /* + * We begin with a bad password and DISALLOW_ALL_TIX. The bad + * password must try to pass any password policy in place, and + * must be valid UTF-8 for the arcfour string-to-key). + */ + strcpy(dummybuf, "6F a["); + for (i = strlen(dummybuf); i < sizeof(dummybuf) - 1; i++) dummybuf[i] = 'a' + (random() % 25); dummybuf[sizeof(dummybuf) - 1] = '\0';