From 559222206fd1fd3771c8057635d0002b57449da8 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Mon, 27 Jan 2020 12:56:15 +1000
Subject: [PATCH] 133 limit to human readable characters. (#174)

Implements #133, limit password generators to distict human readable characters. This removes the common confusions such as I,l, 1, 0, O, o, m,rn, etc . This in mind, they may not all have been found, but it should be easier now to improve upon.
---
 kanidmd/src/lib/access.rs |  8 ++++----
 kanidmd/src/lib/utils.rs  | 31 +++++++++++++++++++++++++------
 2 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/kanidmd/src/lib/access.rs b/kanidmd/src/lib/access.rs
index 0d4660c40..572877ff4 100644
--- a/kanidmd/src/lib/access.rs
+++ b/kanidmd/src/lib/access.rs
@@ -1115,7 +1115,7 @@ impl<'a> AccessControlsWriteTransaction<'a> {
             let uuid = acp.acp.uuid;
             self.acps_search.insert(uuid, acp);
         }
-        self.acps_search.compact();
+        // self.acps_search.compact();
         Ok(())
     }
 
@@ -1125,7 +1125,7 @@ impl<'a> AccessControlsWriteTransaction<'a> {
             let uuid = acp.acp.uuid;
             self.acps_create.insert(uuid, acp);
         }
-        self.acps_create.compact();
+        // self.acps_create.compact();
         Ok(())
     }
 
@@ -1135,7 +1135,7 @@ impl<'a> AccessControlsWriteTransaction<'a> {
             let uuid = acp.acp.uuid;
             self.acps_modify.insert(uuid, acp);
         }
-        self.acps_modify.compact();
+        // self.acps_modify.compact();
         Ok(())
     }
 
@@ -1146,7 +1146,7 @@ impl<'a> AccessControlsWriteTransaction<'a> {
             self.acps_delete.insert(uuid, acp);
         }
         // We could consider compact here ...
-        self.acps_delete.compact();
+        // self.acps_delete.compact();
         Ok(())
     }
 
diff --git a/kanidmd/src/lib/utils.rs b/kanidmd/src/lib/utils.rs
index b00bf6d8f..5f9821f30 100644
--- a/kanidmd/src/lib/utils.rs
+++ b/kanidmd/src/lib/utils.rs
@@ -2,9 +2,12 @@ use std::time::Duration;
 use std::time::SystemTime;
 use uuid::{Builder, Uuid};
 
-use rand::distributions::Alphanumeric;
+use rand::distributions::Distribution;
 use rand::{thread_rng, Rng};
 
+#[derive(Debug)]
+pub struct DistinctAlpha;
+
 pub type SID = [u8; 4];
 
 pub fn uuid_to_gid_u32(u: &Uuid) -> u32 {
@@ -28,7 +31,7 @@ pub fn uuid_from_duration(d: Duration, sid: SID) -> Uuid {
 }
 
 pub fn password_from_random() -> String {
-    let rand_string: String = thread_rng().sample_iter(&Alphanumeric).take(48).collect();
+    let rand_string: String = thread_rng().sample_iter(&DistinctAlpha).take(48).collect();
     rand_string
 }
 
@@ -36,10 +39,10 @@ pub fn readable_password_from_random() -> String {
     let mut trng = thread_rng();
     format!(
         "{}-{}-{}-{}",
-        trng.sample_iter(&Alphanumeric).take(4).collect::<String>(),
-        trng.sample_iter(&Alphanumeric).take(4).collect::<String>(),
-        trng.sample_iter(&Alphanumeric).take(4).collect::<String>(),
-        trng.sample_iter(&Alphanumeric).take(4).collect::<String>(),
+        trng.sample_iter(&DistinctAlpha).take(4).collect::<String>(),
+        trng.sample_iter(&DistinctAlpha).take(4).collect::<String>(),
+        trng.sample_iter(&DistinctAlpha).take(4).collect::<String>(),
+        trng.sample_iter(&DistinctAlpha).take(4).collect::<String>(),
     )
 }
 
@@ -51,6 +54,22 @@ pub fn uuid_from_now(sid: SID) -> Uuid {
     uuid_from_duration(d, sid)
 }
 
+impl Distribution<char> for DistinctAlpha {
+    fn sample<R: Rng + ?Sized>(&self, rng: &mut R) -> char {
+        const RANGE: u32 = 55;
+        const GEN_ASCII_STR_CHARSET: &[u8] = b"ABCDEFGHJKLMNPQRSTUVWXYZ\
+                abcdefghjkpqrstuvwxyz\
+                0123456789";
+        // This probably needs to be checked for entropy/quality
+        loop {
+            let var = rng.next_u32() >> (32 - 6);
+            if var < RANGE {
+                return GEN_ASCII_STR_CHARSET[var as usize] as char;
+            }
+        }
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use crate::utils::{uuid_from_duration, uuid_to_gid_u32};