Fix addprinc -randkey when policy requires multiple character classes

The fix for ticket #6074 (r20650) caused a partial regression of
ticket #115 (r9210) because the dummy password contained only one
character class.  As a minimal 1.7 fix, use all five character classes
in the dummy password.

ticket: 6568
tags: pullup
target_version: 1.7.1

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22781 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
index 513e716bbea6e6d9072b416b9f4ce9fbf7fc4981..e57d497c813842898b4c9ee80e7fa305c2091dff 100644 (file)
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -1168,12 +1168,13 @@ void kadmin_addprinc(argc, argv)
     char *cert_hash = NULL;
 #endif /* APPLE_PKINIT */
 
-    /* 
-       dummybuf is used to give random key a password,
-       random key entires are created with DISALLOW_ALL_TIX
-       so lets give them a known password utf8 valid pasword
-    */
-    for (i = 0; i < sizeof(dummybuf) - 1; i++)
+    /*
+     * We begin with a bad password and DISALLOW_ALL_TIX.  The bad
+     * password must try to pass any password policy in place, and
+     * must be valid UTF-8 for the arcfour string-to-key).
+     */
+    strcpy(dummybuf, "6F a[");
+    for (i = strlen(dummybuf); i < sizeof(dummybuf) - 1; i++)
        dummybuf[i] = 'a' + (random() % 25);
     dummybuf[sizeof(dummybuf) - 1] = '\0';