Fix DNS SOA serial parameters boundaries

Set correct boundaries for DNS SOA serial parameters (see RFC 1035,
2181).

https://fedorahosted.org/freeipa/ticket/2568

API.txt

@@ -1014,12 +1014,12 @@ arg: Str('idnsname', attribute=True, cli_name='name', multivalue=False, primary_
 option: Str('name_from_ip', attribute=False, cli_name='name_from_ip', multivalue=False, required=False)
 option: Str('idnssoamname', attribute=True, cli_name='name_server', multivalue=False, required=True)
 option: Str('idnssoarname', attribute=True, cli_name='admin_email', multivalue=False, required=True)
-option: Int('idnssoaserial', attribute=True, autofill=True, cli_name='serial', minvalue=1, multivalue=False, required=True)
-option: Int('idnssoarefresh', attribute=True, autofill=True, cli_name='refresh', default=3600, minvalue=0, multivalue=False, required=True)
-option: Int('idnssoaretry', attribute=True, autofill=True, cli_name='retry', default=900, minvalue=0, multivalue=False, required=True)
-option: Int('idnssoaexpire', attribute=True, autofill=True, cli_name='expire', default=1209600, minvalue=0, multivalue=False, required=True)
-option: Int('idnssoaminimum', attribute=True, autofill=True, cli_name='minimum', default=3600, maxvalue=10800, minvalue=0, multivalue=False, required=True)
-option: Int('dnsttl', attribute=True, cli_name='ttl', multivalue=False, required=False)
+option: Int('idnssoaserial', attribute=True, autofill=True, cli_name='serial', maxvalue=4294967295, minvalue=1, multivalue=False, required=True)
+option: Int('idnssoarefresh', attribute=True, autofill=True, cli_name='refresh', default=3600, maxvalue=2147483647, minvalue=0, multivalue=False, required=True)
+option: Int('idnssoaretry', attribute=True, autofill=True, cli_name='retry', default=900, maxvalue=2147483647, minvalue=0, multivalue=False, required=True)
+option: Int('idnssoaexpire', attribute=True, autofill=True, cli_name='expire', default=1209600, maxvalue=2147483647, minvalue=0, multivalue=False, required=True)
+option: Int('idnssoaminimum', attribute=True, autofill=True, cli_name='minimum', default=3600, maxvalue=2147483647, minvalue=0, multivalue=False, required=True)
+option: Int('dnsttl', attribute=True, cli_name='ttl', maxvalue=2147483647, minvalue=0, multivalue=False, required=False)
 option: StrEnum('dnsclass', attribute=True, cli_name='class', multivalue=False, required=False, values=(u'IN', u'CS', u'CH', u'HS'))
 option: Str('idnsupdatepolicy', attribute=True, autofill=True, cli_name='update_policy', multivalue=False, required=False)
 option: Bool('idnsallowdynupdate', attribute=True, autofill=True, cli_name='dynamic_update', default=False, multivalue=False, required=False)
@@ -1070,12 +1070,12 @@ option: Str('idnsname', attribute=True, autofill=False, cli_name='name', multiva
 option: Str('name_from_ip', attribute=False, autofill=False, cli_name='name_from_ip', multivalue=False, query=True, required=False)
 option: Str('idnssoamname', attribute=True, autofill=False, cli_name='name_server', multivalue=False, query=True, required=False)
 option: Str('idnssoarname', attribute=True, autofill=False, cli_name='admin_email', multivalue=False, query=True, required=False)
-option: Int('idnssoaserial', attribute=True, autofill=False, cli_name='serial', minvalue=1, multivalue=False, query=True, required=False)
-option: Int('idnssoarefresh', attribute=True, autofill=False, cli_name='refresh', default=3600, minvalue=0, multivalue=False, query=True, required=False)
-option: Int('idnssoaretry', attribute=True, autofill=False, cli_name='retry', default=900, minvalue=0, multivalue=False, query=True, required=False)
-option: Int('idnssoaexpire', attribute=True, autofill=False, cli_name='expire', default=1209600, minvalue=0, multivalue=False, query=True, required=False)
-option: Int('idnssoaminimum', attribute=True, autofill=False, cli_name='minimum', default=3600, maxvalue=10800, minvalue=0, multivalue=False, query=True, required=False)
-option: Int('dnsttl', attribute=True, autofill=False, cli_name='ttl', multivalue=False, query=True, required=False)
+option: Int('idnssoaserial', attribute=True, autofill=False, cli_name='serial', maxvalue=4294967295, minvalue=1, multivalue=False, query=True, required=False)
+option: Int('idnssoarefresh', attribute=True, autofill=False, cli_name='refresh', default=3600, maxvalue=2147483647, minvalue=0, multivalue=False, query=True, required=False)
+option: Int('idnssoaretry', attribute=True, autofill=False, cli_name='retry', default=900, maxvalue=2147483647, minvalue=0, multivalue=False, query=True, required=False)
+option: Int('idnssoaexpire', attribute=True, autofill=False, cli_name='expire', default=1209600, maxvalue=2147483647, minvalue=0, multivalue=False, query=True, required=False)
+option: Int('idnssoaminimum', attribute=True, autofill=False, cli_name='minimum', default=3600, maxvalue=2147483647, minvalue=0, multivalue=False, query=True, required=False)
+option: Int('dnsttl', attribute=True, autofill=False, cli_name='ttl', maxvalue=2147483647, minvalue=0, multivalue=False, query=True, required=False)
 option: StrEnum('dnsclass', attribute=True, autofill=False, cli_name='class', multivalue=False, query=True, required=False, values=(u'IN', u'CS', u'CH', u'HS'))
 option: Str('idnsupdatepolicy', attribute=True, autofill=False, cli_name='update_policy', multivalue=False, query=True, required=False)
 option: Bool('idnszoneactive', attribute=True, autofill=False, cli_name='zone_active', multivalue=False, query=True, required=False)
@@ -1102,12 +1102,12 @@ arg: Str('idnsname', attribute=True, cli_name='name', multivalue=False, primary_
 option: Str('name_from_ip', attribute=False, autofill=False, cli_name='name_from_ip', multivalue=False, required=False)
 option: Str('idnssoamname', attribute=True, autofill=False, cli_name='name_server', multivalue=False, required=False)
 option: Str('idnssoarname', attribute=True, autofill=False, cli_name='admin_email', multivalue=False, required=False)
-option: Int('idnssoaserial', attribute=True, autofill=False, cli_name='serial', minvalue=1, multivalue=False, required=False)
-option: Int('idnssoarefresh', attribute=True, autofill=False, cli_name='refresh', default=3600, minvalue=0, multivalue=False, required=False)
-option: Int('idnssoaretry', attribute=True, autofill=False, cli_name='retry', default=900, minvalue=0, multivalue=False, required=False)
-option: Int('idnssoaexpire', attribute=True, autofill=False, cli_name='expire', default=1209600, minvalue=0, multivalue=False, required=False)
-option: Int('idnssoaminimum', attribute=True, autofill=False, cli_name='minimum', default=3600, maxvalue=10800, minvalue=0, multivalue=False, required=False)
-option: Int('dnsttl', attribute=True, autofill=False, cli_name='ttl', multivalue=False, required=False)
+option: Int('idnssoaserial', attribute=True, autofill=False, cli_name='serial', maxvalue=4294967295, minvalue=1, multivalue=False, required=False)
+option: Int('idnssoarefresh', attribute=True, autofill=False, cli_name='refresh', default=3600, maxvalue=2147483647, minvalue=0, multivalue=False, required=False)
+option: Int('idnssoaretry', attribute=True, autofill=False, cli_name='retry', default=900, maxvalue=2147483647, minvalue=0, multivalue=False, required=False)
+option: Int('idnssoaexpire', attribute=True, autofill=False, cli_name='expire', default=1209600, maxvalue=2147483647, minvalue=0, multivalue=False, required=False)
+option: Int('idnssoaminimum', attribute=True, autofill=False, cli_name='minimum', default=3600, maxvalue=2147483647, minvalue=0, multivalue=False, required=False)
+option: Int('dnsttl', attribute=True, autofill=False, cli_name='ttl', maxvalue=2147483647, minvalue=0, multivalue=False, required=False)
 option: StrEnum('dnsclass', attribute=True, autofill=False, cli_name='class', multivalue=False, required=False, values=(u'IN', u'CS', u'CH', u'HS'))
 option: Str('idnsupdatepolicy', attribute=True, autofill=False, cli_name='update_policy', multivalue=False, required=False)
 option: Bool('idnsallowdynupdate', attribute=True, autofill=False, cli_name='dynamic_update', default=False, multivalue=False, required=False)

VERSION

@@ -79,4 +79,4 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=41
+IPA_API_VERSION_MINOR=42

ipalib/plugins/dns.py

@@ -1585,6 +1585,7 @@ class dnszone(LDAPObject):
             label=_('SOA serial'),
             doc=_('SOA record serial number'),
             minvalue=1,
+            maxvalue=4294967295,
             default_from=_create_zone_serial,
             autofill=True,
         ),
@@ -1593,6 +1594,7 @@ class dnszone(LDAPObject):
             label=_('SOA refresh'),
             doc=_('SOA record refresh time'),
             minvalue=0,
+            maxvalue=2147483647,
             default=3600,
             autofill=True,
         ),
@@ -1601,6 +1603,7 @@ class dnszone(LDAPObject):
             label=_('SOA retry'),
             doc=_('SOA record retry time'),
             minvalue=0,
+            maxvalue=2147483647,
             default=900,
             autofill=True,
         ),
@@ -1610,6 +1613,7 @@ class dnszone(LDAPObject):
             doc=_('SOA record expire time'),
             default=1209600,
             minvalue=0,
+            maxvalue=2147483647,
             autofill=True,
         ),
         Int('idnssoaminimum',
@@ -1618,13 +1622,15 @@ class dnszone(LDAPObject):
             doc=_('How long should negative responses be cached'),
             default=3600,
             minvalue=0,
-            maxvalue=10800,
+            maxvalue=2147483647,
             autofill=True,
         ),
         Int('dnsttl?',
             cli_name='ttl',
             label=_('SOA time to live'),
             doc=_('SOA record time to live'),
+            minvalue=0,
+            maxvalue=2147483647, # see RFC 2181
         ),
         StrEnum('dnsclass?',
             cli_name='class',

tests/test_xmlrpc/test_dns_plugin.py

@@ -1102,6 +1102,32 @@ class test_dns(Declarative):
         ),
 
 
+        dict(
+            desc='Set SOA serial of zone %r to high number' % dnszone1,
+            command=('dnszone_mod', [dnszone1], {'idnssoaserial': 4294967295}),
+            expected={
+                'value': dnszone1,
+                'summary': None,
+                'result': {
+                    'idnsname': [dnszone1],
+                    'idnszoneactive': [u'TRUE'],
+                    'nsrecord': [dnszone1_mname],
+                    'mxrecord': [u'0 ns1.dnszone.test.'],
+                    'locrecord': [u"49 11 42.400 N 16 36 29.600 E 227.64"],
+                    'idnssoamname': [dnszone1_mname],
+                    'idnssoarname': [dnszone1_rname],
+                    'idnssoaserial': [u'4294967295'],
+                    'idnssoarefresh': [u'5478'],
+                    'idnssoaretry': [fuzzy_digits],
+                    'idnssoaexpire': [fuzzy_digits],
+                    'idnssoaminimum': [fuzzy_digits],
+                    'idnsallowquery': [u'!10.0.0.0/8;any;'],
+                    'idnsallowtransfer': [u'80.142.15.80;'],
+                },
+            },
+        ),
+
+
         dict(
             desc='Try to create duplicate PTR record for %r with --a-create-reverse' % dnsres1,
             command=('dnsrecord_add', [dnszone1, dnsres1], {'arecord': u'80.142.15.80',