|
 |
541bac |
From 2750f536ac6746756335eec8332060d2365a4126 Mon Sep 17 00:00:00 2001
|
|
|
541bac |
From: Sumit Bose <sbose@redhat.com>
|
|
|
541bac |
Date: Tue, 27 Oct 2020 14:44:07 +0100
|
|
|
541bac |
Subject: [PATCH 4/7] enroll: more filters for random characters
|
|
|
541bac |
|
|
|
541bac |
Make handling of random strings more flexible.
|
|
|
541bac |
|
|
|
541bac |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112
|
|
|
541bac |
---
|
|
|
541bac |
library/adenroll.c | 30 +++++++++++++++++++++++++++---
|
|
|
541bac |
1 file changed, 27 insertions(+), 3 deletions(-)
|
|
|
541bac |
|
|
|
541bac |
diff --git a/library/adenroll.c b/library/adenroll.c
|
|
|
541bac |
index 9cdc79b..44383cc 100644
|
|
|
541bac |
--- a/library/adenroll.c
|
|
|
541bac |
+++ b/library/adenroll.c
|
|
|
541bac |
@@ -259,6 +259,29 @@ ensure_computer_sam (adcli_result res,
|
|
|
541bac |
return ADCLI_SUCCESS;
|
|
|
541bac |
}
|
|
|
541bac |
|
|
|
541bac |
+typedef int (rand_filter) (char *password, int length);
|
|
|
541bac |
+
|
|
|
541bac |
+static int
|
|
|
541bac |
+filter_sam_chars (char *password,
|
|
|
541bac |
+ int length)
|
|
|
541bac |
+{
|
|
|
541bac |
+ int i, j;
|
|
|
541bac |
+
|
|
|
541bac |
+ /*
|
|
|
541bac |
+ * There are a couple of restrictions for characters in the
|
|
|
541bac |
+ * sAMAccountName attribute value, for our purpose (random suffix)
|
|
|
541bac |
+ * letters and numbers are sufficient.
|
|
|
541bac |
+ */
|
|
|
541bac |
+ for (i = 0, j = 0; i < length; i++) {
|
|
|
541bac |
+ if (password[i] >= 48 && password[i] <= 122 &&
|
|
|
541bac |
+ isalnum (password[i]))
|
|
|
541bac |
+ password[j++] = password[i];
|
|
|
541bac |
+ }
|
|
|
541bac |
+
|
|
|
541bac |
+ /* return the number of valid characters remaining */
|
|
|
541bac |
+ return j;
|
|
|
541bac |
+}
|
|
|
541bac |
+
|
|
|
541bac |
static int
|
|
|
541bac |
filter_password_chars (char *password,
|
|
|
541bac |
int length)
|
|
|
541bac |
@@ -283,7 +306,8 @@ filter_password_chars (char *password,
|
|
|
541bac |
|
|
|
541bac |
static char *
|
|
|
541bac |
generate_host_password (adcli_enroll *enroll,
|
|
|
541bac |
- size_t length)
|
|
|
541bac |
+ size_t length,
|
|
|
541bac |
+ rand_filter *filter)
|
|
|
541bac |
{
|
|
|
541bac |
char *password;
|
|
|
541bac |
krb5_context k5;
|
|
|
541bac |
@@ -305,7 +329,7 @@ generate_host_password (adcli_enroll *enroll,
|
|
|
541bac |
code = krb5_c_random_make_octets (k5, &buffer);
|
|
|
541bac |
return_val_if_fail (code == 0, NULL);
|
|
|
541bac |
|
|
|
541bac |
- at += filter_password_chars (buffer.data, buffer.length);
|
|
|
541bac |
+ at += filter (buffer.data, buffer.length);
|
|
|
541bac |
assert (at <= length);
|
|
|
541bac |
}
|
|
|
541bac |
|
|
|
541bac |
@@ -333,7 +357,7 @@ ensure_computer_password (adcli_result res,
|
|
|
541bac |
_adcli_info ("Using default reset computer password");
|
|
|
541bac |
|
|
|
541bac |
} else {
|
|
|
541bac |
- enroll->computer_password = generate_host_password (enroll, length);
|
|
|
541bac |
+ enroll->computer_password = generate_host_password (enroll, length, filter_password_chars);
|
|
|
541bac |
return_unexpected_if_fail (enroll->computer_password != NULL);
|
|
|
541bac |
_adcli_info ("Generated %d character computer password", length);
|
|
|
541bac |
}
|
|
|
541bac |
--
|
|
|
541bac |
2.28.0
|
|
|
541bac |
|