ticket: 6568

subject: Fix addprinc -randkey when policy requires multiple character classes tags: pullup target_version: 1.7.1 The fix for ticket #6074 (r20650) caused a partial regression of ticket #115 (r9210) because the dummy password contained only one character class. As a minimal 1.7 fix, use all five character classes in the dummy password. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22781 dc483132-0cff-0310-8789-dd5450dbe970
aadamowski · Sep 21, 2009 · 2ebf7d2 · 2ebf7d2
1 parent a6b780a
commit 2ebf7d2
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
@@ -1168,12 +1168,13 @@ void kadmin_addprinc(argc, argv)
     char *cert_hash = NULL;
 #endif /* APPLE_PKINIT */
 
-    /* 
-       dummybuf is used to give random key a password,
-       random key entires are created with DISALLOW_ALL_TIX
-       so lets give them a known password utf8 valid pasword
-    */
-    for (i = 0; i < sizeof(dummybuf) - 1; i++)
+    /*
+     * We begin with a bad password and DISALLOW_ALL_TIX.  The bad
+     * password must try to pass any password policy in place, and
+     * must be valid UTF-8 for the arcfour string-to-key).
+     */
+    strcpy(dummybuf, "6F a[");
+    for (i = strlen(dummybuf); i < sizeof(dummybuf) - 1; i++)
  	dummybuf[i] = 'a' + (random() % 25);
     dummybuf[sizeof(dummybuf) - 1] = '\0';