URL:
https://github.com/freeipa/freeipa/pull/1502
Author: johnclarson
Title: #1502: Remove special characters from random password generation in host_add
OTPs.
Action: opened
PR body:
"""
https://pagure.io/freeipa/issue/7380
From d398d4282280fc3b730aa0d626e0a617db8dc90b Mon Sep 17 00:00:00 2001
From: John L segfault@XXXXXXXX
Date: Mon, 29 Jan 2018 12:25:31 -0500
Subject: [PATCH] This fixes a regression in how random host-add OTP password
are generated. Some shells try and interpret certain special characters when
they confront them in unattended ipa-client-install where the OTP is used.
Before 4.5.0, this was fixed by excluding an arbitrary list of special
characters during OTP random password generation. This fix goes a step
further and removes ALL special characters when the OTP is generated. In my
opinion, the period of time between random OTP generation and use is small
and the password is useless after the host is installed so removing special
characters presents minimal security risk
ipaserver/plugins/host.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py
index 6487cd612de96d11ed49b97425a31f22e481c98d..291a90a2abdaf6e95e96fb41889ce838d5f9b5f6
100644
--- a/ipaserver/plugins/host.py
+++ b/ipaserver/plugins/host.py
@@ -686,7 +686,7 @@ class host_add(LDAPCreate):
entry_attrs['objectclass'].remove('krbprincipal')
if options.get('random'):
entry_attrs['userpassword'] = ipa_generate_password(
entropy_bits=TMP_PWD_ENTROPY_BITS)
entropy_bits=TMP_PWD_ENTROPY_BITS, special=None)
# save the password so it can be displayed in post_callback
setattr(context, 'randompassword', entry_attrs['userpassword'])
--
1.8.3.1
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1502/head:pr1502
git checkout pr1502