IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Limit pwpolicy maxlife to 20000 days

Browse Source 
Since krbMaxPwdLife attribute is represented as number of seconds,
setting maxlife to high values such as 999 999 days (~2739 years)
would result to overflow when parsing this attribute in kdb plugin,
and hence default maxlife of 90 days would be applied.

Limit the maximum value of maxlife that can be set through the
framework to 20 000 days (~ 54 years).

https://fedorahosted.org/freeipa/ticket/3817
This commit is contained in:
Tomas Babej 2013-08-05 13:45:26 +02:00 committed by Martin Kosek
parent 5d141bd39c
commit f954f2d1b9
3 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
API.txt
View File

@ -2459,7 +2459,7 @@ arg: Str('cn', attribute=True, cli_name='group', multivalue=False, primary_key=T
option: Str('addattr*', cli_name='addattr', exclude='webui') option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Int('cospriority', attribute=False, cli_name='priority', minvalue=0, multivalue=False, required=True) option: Int('cospriority', attribute=False, cli_name='priority', minvalue=0, multivalue=False, required=True)
option: Int('krbmaxpwdlife', attribute=True, cli_name='maxlife', minvalue=0, multivalue=False, required=False) option: Int('krbmaxpwdlife', attribute=True, cli_name='maxlife', maxvalue=20000, minvalue=0, multivalue=False, required=False)
option: Int('krbminpwdlife', attribute=True, cli_name='minlife', minvalue=0, multivalue=False, required=False) option: Int('krbminpwdlife', attribute=True, cli_name='minlife', minvalue=0, multivalue=False, required=False)
option: Int('krbpwdfailurecountinterval', attribute=True, cli_name='failinterval', minvalue=0, multivalue=False, required=False) option: Int('krbpwdfailurecountinterval', attribute=True, cli_name='failinterval', minvalue=0, multivalue=False, required=False)
option: Int('krbpwdhistorylength', attribute=True, cli_name='history', minvalue=0, multivalue=False, required=False) option: Int('krbpwdhistorylength', attribute=True, cli_name='history', minvalue=0, multivalue=False, required=False)
@ -2487,7 +2487,7 @@ arg: Str('criteria?', noextrawhitespace=False)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Str('cn', attribute=True, autofill=False, cli_name='group', multivalue=False, primary_key=True, query=True, required=False) option: Str('cn', attribute=True, autofill=False, cli_name='group', multivalue=False, primary_key=True, query=True, required=False)
option: Int('cospriority', attribute=False, autofill=False, cli_name='priority', minvalue=0, multivalue=False, query=True, required=False) option: Int('cospriority', attribute=False, autofill=False, cli_name='priority', minvalue=0, multivalue=False, query=True, required=False)
option: Int('krbmaxpwdlife', attribute=True, autofill=False, cli_name='maxlife', minvalue=0, multivalue=False, query=True, required=False) option: Int('krbmaxpwdlife', attribute=True, autofill=False, cli_name='maxlife', maxvalue=20000, minvalue=0, multivalue=False, query=True, required=False)
option: Int('krbminpwdlife', attribute=True, autofill=False, cli_name='minlife', minvalue=0, multivalue=False, query=True, required=False) option: Int('krbminpwdlife', attribute=True, autofill=False, cli_name='minlife', minvalue=0, multivalue=False, query=True, required=False)
option: Int('krbpwdfailurecountinterval', attribute=True, autofill=False, cli_name='failinterval', minvalue=0, multivalue=False, query=True, required=False) option: Int('krbpwdfailurecountinterval', attribute=True, autofill=False, cli_name='failinterval', minvalue=0, multivalue=False, query=True, required=False)
option: Int('krbpwdhistorylength', attribute=True, autofill=False, cli_name='history', minvalue=0, multivalue=False, query=True, required=False) option: Int('krbpwdhistorylength', attribute=True, autofill=False, cli_name='history', minvalue=0, multivalue=False, query=True, required=False)
@ -2511,7 +2511,7 @@ option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Int('cospriority', attribute=False, autofill=False, cli_name='priority', minvalue=0, multivalue=False, required=False) option: Int('cospriority', attribute=False, autofill=False, cli_name='priority', minvalue=0, multivalue=False, required=False)
option: Str('delattr*', cli_name='delattr', exclude='webui') option: Str('delattr*', cli_name='delattr', exclude='webui')
option: Int('krbmaxpwdlife', attribute=True, autofill=False, cli_name='maxlife', minvalue=0, multivalue=False, required=False) option: Int('krbmaxpwdlife', attribute=True, autofill=False, cli_name='maxlife', maxvalue=20000, minvalue=0, multivalue=False, required=False)
option: Int('krbminpwdlife', attribute=True, autofill=False, cli_name='minlife', minvalue=0, multivalue=False, required=False) option: Int('krbminpwdlife', attribute=True, autofill=False, cli_name='minlife', minvalue=0, multivalue=False, required=False)
option: Int('krbpwdfailurecountinterval', attribute=True, autofill=False, cli_name='failinterval', minvalue=0, multivalue=False, required=False) option: Int('krbpwdfailurecountinterval', attribute=True, autofill=False, cli_name='failinterval', minvalue=0, multivalue=False, required=False)
option: Int('krbpwdhistorylength', attribute=True, autofill=False, cli_name='history', minvalue=0, multivalue=False, required=False) option: Int('krbpwdhistorylength', attribute=True, autofill=False, cli_name='history', minvalue=0, multivalue=False, required=False)

2
VERSION
View File

@ -89,4 +89,4 @@ IPA_DATA_VERSION=20100614120000
# # # #
######################################################## ########################################################
IPA_API_VERSION_MAJOR=2 IPA_API_VERSION_MAJOR=2
IPA_API_VERSION_MINOR=62 IPA_API_VERSION_MINOR=63

1
ipalib/plugins/pwpolicy.py
View File

@ -235,6 +235,7 @@ class pwpolicy(LDAPObject):
label=_('Max lifetime (days)'), label=_('Max lifetime (days)'),
doc=_('Maximum password lifetime (in days)'), doc=_('Maximum password lifetime (in days)'),
minvalue=0, minvalue=0,
maxvalue=20000, # a little over 54 years
), ),
Int('krbminpwdlife?', Int('krbminpwdlife?',
cli_name='minlife', cli_name='minlife',