mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-22 23:23:30 -06:00
Fix upper bound of password policy grace limit
It was defined as an unsigned value (2**32) because it originally was. During the review an additional setting of disabled (-1) was added so the value needed to be signed. The upper bound needs to be 2**31 which is provided by the xmlrpc client MAXINT import. Fixes: https://pagure.io/freeipa/issue/9243 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Michal Polovka <mpolovka@redhat.com>
This commit is contained in:
parent
94835d19b5
commit
36591995ac
@ -406,7 +406,7 @@ class pwpolicy(LDAPObject):
|
||||
label=_('Grace login limit'),
|
||||
doc=_('Number of LDAP authentications allowed after expiration'),
|
||||
minvalue=-1,
|
||||
maxvalue=Int.MAX_UINT32,
|
||||
maxvalue=Int.MAXINT,
|
||||
default=-1,
|
||||
autofill=True,
|
||||
),
|
||||
|
@ -25,6 +25,7 @@ import pytest
|
||||
|
||||
from ipalib import api
|
||||
from ipalib import errors
|
||||
from ipalib.parameters import Int
|
||||
from ipapython.dn import DN
|
||||
from ipatests.test_xmlrpc import objectclasses
|
||||
from ipatests.test_xmlrpc.xmlrpc_test import (XMLRPC_test, assert_attr_equal,
|
||||
@ -219,6 +220,17 @@ class test_pwpolicy(XMLRPC_test):
|
||||
krbminpwdlife=50)['result']
|
||||
assert_attr_equal(entry, 'krbminpwdlife', '50')
|
||||
|
||||
# Test upper bound
|
||||
entry = api.Command['pwpolicy_mod'](
|
||||
self.group, passwordgracelimit=Int.MAXINT)['result']
|
||||
assert_attr_equal(entry, 'passwordgracelimit', str(Int.MAXINT))
|
||||
|
||||
# Test bad values
|
||||
for value in (Int.MAXINT + 1, -2):
|
||||
with pytest.raises(errors.ValidationError):
|
||||
entry = api.Command['pwpolicy_mod'](
|
||||
self.group, passwordgracelimit=value)['result']
|
||||
|
||||
def test_maxlife_pwpolicy(self):
|
||||
"""Check maxlife error message where minlife > maxlife specified
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user