Bug 2611: password_cmd erzeugt ungültige Passworte.

src/laws.c

@@ -2181,6 +2181,21 @@ int email_cmd(unit * u, struct order *ord)
     return 0;
 }
 
+bool password_wellformed(const char *password)
+{
+    unsigned char *c = (unsigned char *)password;
+    int i;
+    if (!password || password[0]=='\0') {
+        return false;
+    }
+    for (i = 0; c[i] && i != PASSWORD_MAXSIZE; ++i) {
+        if (!isalnum(c[i])) {
+            return false;
+        }
+    }
+    return true;
+}
+
 int password_cmd(unit * u, struct order *ord)
 {
     char pwbuf[PASSWORD_MAXSIZE + 1];
@@ -2194,19 +2209,11 @@ int password_cmd(unit * u, struct order *ord)
         pwbuf[PASSWORD_MAXSIZE - 1] = '\0';
     }
 
-    if (s && *s) {
-        unsigned char *c = (unsigned char *)pwbuf;
-        int i, r = 0;
-
-        for (i = 0; c[i] && i != PASSWORD_MAXSIZE; ++i) {
-            if (!isalnum(c[i])) {
-                c[i] = 'X';
-                ++r;
-            }
-        }
-        if (r != 0) {
+    if (!s || !password_wellformed(s)) {
+        if (s) {
             cmistake(u, ord, 283, MSG_EVENT);
         }
+        password_generate(pwbuf, PASSWORD_MAXSIZE);
     }
     faction_setpassword(u->faction, password_hash(pwbuf, PASSWORD_DEFAULT));
     ADDMSG(&u->faction->msgs, msg_message("changepasswd", "value", pwbuf));

src/laws.h

@@ -48,6 +48,7 @@ extern "C" {
     void sinkships(struct region * r);
     void do_enter(struct region *r, bool is_final_attempt);
     bool long_order_allowed(const struct unit *u);
+    bool password_wellformed(const char *password);
 
     int password_cmd(struct unit *u, struct order *ord);
     int banner_cmd(struct unit *u, struct order *ord);

src/laws.test.c

@@ -49,37 +49,6 @@ static void test_new_building_can_be_renamed(CuTest * tc)
     test_teardown();
 }
 
-static void test_password_cmd(CuTest * tc)
-{
-    unit *u;
-    faction * f;
-    test_setup();
-    u = test_create_unit(f = test_create_faction(NULL), test_create_plain(0, 0));
-
-    u->thisorder = create_order(K_PASSWORD, f->locale, "abcdefgh");
-    password_cmd(u, u->thisorder);
-    CuAssertPtrNotNull(tc, faction_getpassword(f));
-    CuAssertTrue(tc, checkpasswd(f, "abcdefgh"));
-    CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "changepasswd"));
-    free_order(u->thisorder);
-
-    u->thisorder = create_order(K_PASSWORD, f->locale, "abc*de*");
-    password_cmd(u, u->thisorder);
-    CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "error283"));
-    CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "changepasswd"));
-    CuAssertTrue(tc, !checkpasswd(f, "abc*de*"));
-    CuAssertTrue(tc, checkpasswd(f, "abcXdeX"));
-    free_order(u->thisorder);
-
-    u->thisorder = create_order(K_PASSWORD, f->locale, "1234567890123456789012345678901234567890");
-    password_cmd(u, u->thisorder);
-    CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "error321"));
-    CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "changepasswd"));
-    CuAssertTrue(tc, checkpasswd(f, "1234567890123456789012345678901"));
-
-    test_teardown();
-}
-
 static void test_rename_building(CuTest * tc)
 {
     region *r;
@@ -1949,6 +1918,60 @@ static void test_long_order_on_ocean(CuTest *tc) {
     test_teardown();
 }
 
+static void test_password_cmd(CuTest *tc) {
+    unit *u;
+    message *msg;
+    faction * f;
+
+    CuAssertTrue(tc, password_wellformed("PASSword"));
+    CuAssertTrue(tc, password_wellformed("1234567"));
+    CuAssertTrue(tc, !password_wellformed("$password"));
+    CuAssertTrue(tc, !password_wellformed("no space"));
+
+    test_setup();
+    mt_create_error(283);
+    mt_create_error(321);
+    mt_create_va(mt_new("changepasswd", NULL), "value:string", MT_NEW_END);
+    u = test_create_unit(f = test_create_faction(NULL), test_create_plain(0, 0));
+    u->thisorder = create_order(K_PASSWORD, f->locale, "password1234", NULL);
+    password_cmd(u, u->thisorder);
+    CuAssertTrue(tc, checkpasswd(f, "password1234"));
+    CuAssertPtrNotNull(tc, msg = test_find_messagetype(f->msgs, "changepasswd"));
+    free_order(u->thisorder);
+    test_clear_messages(f);
+
+    u->thisorder = create_order(K_PASSWORD, f->locale, "bad-password", NULL);
+    password_cmd(u, u->thisorder);
+    CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "error283"));
+    CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "changepasswd"));
+    CuAssertTrue(tc, !checkpasswd(f, "password1234"));
+    free_order(u->thisorder);
+    test_clear_messages(f);
+
+    u->thisorder = create_order(K_PASSWORD, f->locale, "''", NULL);
+    password_cmd(u, u->thisorder);
+    CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "error283"));
+    CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "changepasswd"));
+    free_order(u->thisorder);
+    test_clear_messages(f);
+
+    u->thisorder = create_order(K_PASSWORD, f->locale, NULL);
+    password_cmd(u, u->thisorder);
+    CuAssertTrue(tc, !checkpasswd(f, "password1234"));
+    CuAssertPtrEquals(tc, NULL, test_find_messagetype(f->msgs, "error283"));
+    CuAssertPtrNotNull(tc, msg = test_find_messagetype(f->msgs, "changepasswd"));
+    free_order(u->thisorder);
+    test_clear_messages(f);
+
+    u->thisorder = create_order(K_PASSWORD, f->locale, "1234567890123456789012345678901234567890");
+    password_cmd(u, u->thisorder);
+    CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "error321"));
+    CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "changepasswd"));
+    CuAssertTrue(tc, checkpasswd(f, "1234567890123456789012345678901"));
+
+    test_teardown();
+}
+
 static void test_peasant_migration(CuTest *tc) {
     region *r1, *r2;
     int rmax;