From 1de37e8110e2b9fb69253cadfe4c1da1bc2e30f6 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Fri, 11 May 2012 09:08:59 -0400 Subject: Disallow '<' and non-ASCII characters in the DM password pkisilent does not handle these properly. https://fedorahosted.org/freeipa/ticket/2675 --- install/tools/ipa-server-install | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index f3377df6d..a5aa1deda 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -102,12 +102,14 @@ def validate_dm_password(password): raise ValueError("Password must be at least 8 characters long") if any(ord(c) < 0x20 for c in password): raise ValueError("Password must not contain control characters") - if ' ' in password: - raise ValueError("Password must not contain a space (\" \")") - if '&' in password: - raise ValueError("Password must not contain an ampersand (\"&\")") - if '\\' in password: - raise ValueError("Password must not contain a backslash (\"\\\")") + if any(ord(c) >= 0x7F for c in password): + raise ValueError("Password must only contain ASCII characters") + + # Disallow characters that pkisilent doesn't process properly: + bad_characters = ' &\\<' + if any(c in bad_characters for c in password): + raise ValueError('Password must not contain these characters: %s' % + ', '.join('"%s"' % c for c in bad_characters)) def parse_options(): # Guaranteed to give a random 200k range below the 2G mark (uint32_t limit) -- cgit