e3eedea157
The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/adcli#7f6164b3c3a4a601d61d5a45b8bfc3b107d0365a
78 lines
2.3 KiB
Diff
78 lines
2.3 KiB
Diff
From 2750f536ac6746756335eec8332060d2365a4126 Mon Sep 17 00:00:00 2001
|
|
From: Sumit Bose <sbose@redhat.com>
|
|
Date: Tue, 27 Oct 2020 14:44:07 +0100
|
|
Subject: [PATCH 07/10] enroll: more filters for random characters
|
|
|
|
Make handling of random strings more flexible.
|
|
|
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112
|
|
---
|
|
library/adenroll.c | 30 +++++++++++++++++++++++++++---
|
|
1 file changed, 27 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/library/adenroll.c b/library/adenroll.c
|
|
index 9cdc79b..44383cc 100644
|
|
--- a/library/adenroll.c
|
|
+++ b/library/adenroll.c
|
|
@@ -259,6 +259,29 @@ ensure_computer_sam (adcli_result res,
|
|
return ADCLI_SUCCESS;
|
|
}
|
|
|
|
+typedef int (rand_filter) (char *password, int length);
|
|
+
|
|
+static int
|
|
+filter_sam_chars (char *password,
|
|
+ int length)
|
|
+{
|
|
+ int i, j;
|
|
+
|
|
+ /*
|
|
+ * There are a couple of restrictions for characters in the
|
|
+ * sAMAccountName attribute value, for our purpose (random suffix)
|
|
+ * letters and numbers are sufficient.
|
|
+ */
|
|
+ for (i = 0, j = 0; i < length; i++) {
|
|
+ if (password[i] >= 48 && password[i] <= 122 &&
|
|
+ isalnum (password[i]))
|
|
+ password[j++] = password[i];
|
|
+ }
|
|
+
|
|
+ /* return the number of valid characters remaining */
|
|
+ return j;
|
|
+}
|
|
+
|
|
static int
|
|
filter_password_chars (char *password,
|
|
int length)
|
|
@@ -283,7 +306,8 @@ filter_password_chars (char *password,
|
|
|
|
static char *
|
|
generate_host_password (adcli_enroll *enroll,
|
|
- size_t length)
|
|
+ size_t length,
|
|
+ rand_filter *filter)
|
|
{
|
|
char *password;
|
|
krb5_context k5;
|
|
@@ -305,7 +329,7 @@ generate_host_password (adcli_enroll *enroll,
|
|
code = krb5_c_random_make_octets (k5, &buffer);
|
|
return_val_if_fail (code == 0, NULL);
|
|
|
|
- at += filter_password_chars (buffer.data, buffer.length);
|
|
+ at += filter (buffer.data, buffer.length);
|
|
assert (at <= length);
|
|
}
|
|
|
|
@@ -333,7 +357,7 @@ ensure_computer_password (adcli_result res,
|
|
_adcli_info ("Using default reset computer password");
|
|
|
|
} else {
|
|
- enroll->computer_password = generate_host_password (enroll, length);
|
|
+ enroll->computer_password = generate_host_password (enroll, length, filter_password_chars);
|
|
return_unexpected_if_fail (enroll->computer_password != NULL);
|
|
_adcli_info ("Generated %d character computer password", length);
|
|
}
|
|
--
|
|
2.28.0
|
|
|