From ced7fa4b45adaf2807a5dc84de4fd0dfbcfed55a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 22 Apr 2004 06:17:50 +0000 Subject: [PATCH] r323: added rough password quality checking in generate_random_str(), so we generate passwords that are likely to be accepted by the win2003 quality checks (This used to be commit 5954969f278e7f23190fe7301bfdc608f480eef6) --- source4/lib/genrand.c | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/source4/lib/genrand.c b/source4/lib/genrand.c index e2e66f7e580..14234199616 100644 --- a/source4/lib/genrand.c +++ b/source4/lib/genrand.c @@ -242,6 +242,27 @@ void generate_random_buffer( unsigned char *out, int len, BOOL do_reseed_now) } } + +/* + very basic password quality checker +*/ +static BOOL check_password_quality(const char *s) +{ + int has_digit=0, has_capital=0, has_lower=0; + while (*s) { + if (isdigit(*s)) { + has_digit++; + } else if (isupper(*s)) { + has_capital++; + } else if (islower(*s)) { + has_lower++; + } + s++; + } + + return has_digit && has_lower && has_capital; +} + /******************************************************************* Use the random number generator to generate a random string. ********************************************************************/ @@ -257,11 +278,19 @@ char *generate_random_str(size_t len) if (len > sizeof(retstr)-1) len = sizeof(retstr) -1; - generate_random_buffer( retstr, len, False); + +again: + generate_random_buffer(retstr, len, False); for (i = 0; i < len; i++) - retstr[i] = c_list[ retstr[i] % (sizeof(c_list)-1) ]; + retstr[i] = c_list[retstr[i] % (sizeof(c_list)-1) ]; retstr[i] = '\0'; + /* we need to make sure the random string passes basic quality tests + or it might be rejected by windows as a password */ + if (len >= 7 && !check_password_quality(retstr)) { + goto again; + } + return (char *)retstr; }