Fix DNS SOA serial parameters boundaries

Set correct boundaries for DNS SOA serial parameters (see RFC 1035, 2181). https://fedorahosted.org/freeipa/ticket/2568
author: Martin Kosek <mkosek@redhat.com> 2012-09-04 16:05:34 +0200
committer: Martin Kosek <mkosek@redhat.com> 2012-09-06 14:57:48 +0200
commit: 6abe476459e83d9457b22693b22b55c6c98a1a58 (patch)
tree: 94da8e21df49228a126c0c11bacbc39f12333b27
parent: cfbea2a99e53dea54aaa0a1670c2bed194c4dc2c (diff)
download: freeipa-6abe476459e83d9457b22693b22b55c6c98a1a58.tar.gz
freeipa-6abe476459e83d9457b22693b22b55c6c98a1a58.tar.xz
freeipa-6abe476459e83d9457b22693b22b55c6c98a1a58.zip
4 files changed, 52 insertions, 20 deletions
diff --git a/API.txt b/API.txt
index aef12b7eb..cfdfaae70 100644
--- a/API.txt
+++ b/API.txt
@@ -1014,12 +1014,12 @@ arg: Str('idnsname', attribute=True, cli_name='name', multivalue=False, primary_
 option: Str('name_from_ip', attribute=False, cli_name='name_from_ip', multivalue=False, required=False)
 option: Str('idnssoamname', attribute=True, cli_name='name_server', multivalue=False, required=True)
 option: Str('idnssoarname', attribute=True, cli_name='admin_email', multivalue=False, required=True)
-option: Int('idnssoaserial', attribute=True, autofill=True, cli_name='serial', minvalue=1, multivalue=False, required=True)
-option: Int('idnssoarefresh', attribute=True, autofill=True, cli_name='refresh', default=3600, minvalue=0, multivalue=False, required=True)
-option: Int('idnssoaretry', attribute=True, autofill=True, cli_name='retry', default=900, minvalue=0, multivalue=False, required=True)
-option: Int('idnssoaexpire', attribute=True, autofill=True, cli_name='expire', default=1209600, minvalue=0, multivalue=False, required=True)
-option: Int('idnssoaminimum', attribute=True, autofill=True, cli_name='minimum', default=3600, maxvalue=10800, minvalue=0, multivalue=False, required=True)
-option: Int('dnsttl', attribute=True, cli_name='ttl', multivalue=False, required=False)
+option: Int('idnssoaserial', attribute=True, autofill=True, cli_name='serial', maxvalue=4294967295, minvalue=1, multivalue=False, required=True)
+option: Int('idnssoarefresh', attribute=True, autofill=True, cli_name='refresh', default=3600, maxvalue=2147483647, minvalue=0, multivalue=False, required=True)
+option: Int('idnssoaretry', attribute=True, autofill=True, cli_name='retry', default=900, maxvalue=2147483647, minvalue=0, multivalue=False, required=True)
+option: Int('idnssoaexpire', attribute=True, autofill=True, cli_name='expire', default=1209600, maxvalue=2147483647, minvalue=0, multivalue=False, required=True)
+option: Int('idnssoaminimum', attribute=True, autofill=True, cli_name='minimum', default=3600, maxvalue=2147483647, minvalue=0, multivalue=False, required=True)
+option: Int('dnsttl', attribute=True, cli_name='ttl', maxvalue=2147483647, minvalue=0, multivalue=False, required=False)
 option: StrEnum('dnsclass', attribute=True, cli_name='class', multivalue=False, required=False, values=(u'IN', u'CS', u'CH', u'HS'))
 option: Str('idnsupdatepolicy', attribute=True, autofill=True, cli_name='update_policy', multivalue=False, required=False)
 option: Bool('idnsallowdynupdate', attribute=True, autofill=True, cli_name='dynamic_update', default=False, multivalue=False, required=False)
@@ -1070,12 +1070,12 @@ option: Str('idnsname', attribute=True, autofill=False, cli_name='name', multiva
 option: Str('name_from_ip', attribute=False, autofill=False, cli_name='name_from_ip', multivalue=False, query=True, required=False)
 option: Str('idnssoamname', attribute=True, autofill=False, cli_name='name_server', multivalue=False, query=True, required=False)
 option: Str('idnssoarname', attribute=True, autofill=False, cli_name='admin_email', multivalue=False, query=True, required=False)
-option: Int('idnssoaserial', attribute=True, autofill=False, cli_name='serial', minvalue=1, multivalue=False, query=True, required=False)
-option: Int('idnssoarefresh', attribute=True, autofill=False, cli_name='refresh', default=3600, minvalue=0, multivalue=False, query=True, required=False)
-option: Int('idnssoaretry', attribute=True, autofill=False, cli_name='retry', default=900, minvalue=0, multivalue=False, query=True, required=False)
-option: Int('idnssoaexpire', attribute=True, autofill=False, cli_name='expire', default=1209600, minvalue=0, multivalue=False, query=True, required=False)
-option: Int('idnssoaminimum', attribute=True, autofill=False, cli_name='minimum', default=3600, maxvalue=10800, minvalue=0, multivalue=False, query=True, required=False)
-option: Int('dnsttl', attribute=True, autofill=False, cli_name='ttl', multivalue=False, query=True, required=False)
+option: Int('idnssoaserial', attribute=True, autofill=False, cli_name='serial', maxvalue=4294967295, minvalue=1, multivalue=False, query=True, required=False)
+option: Int('idnssoarefresh', attribute=True, autofill=False, cli_name='refresh', default=3600, maxvalue=2147483647, minvalue=0, multivalue=False, query=True, required=False)
+option: Int('idnssoaretry', attribute=True, autofill=False, cli_name='retry', default=900, maxvalue=2147483647, minvalue=0, multivalue=False, query=True, required=False)
+option: Int('idnssoaexpire', attribute=True, autofill=False, cli_name='expire', default=1209600, maxvalue=2147483647, minvalue=0, multivalue=False, query=True, required=False)
+option: Int('idnssoaminimum', attribute=True, autofill=False, cli_name='minimum', default=3600, maxvalue=2147483647, minvalue=0, multivalue=False, query=True, required=False)
+option: Int('dnsttl', attribute=True, autofill=False, cli_name='ttl', maxvalue=2147483647, minvalue=0, multivalue=False, query=True, required=False)
 option: StrEnum('dnsclass', attribute=True, autofill=False, cli_name='class', multivalue=False, query=True, required=False, values=(u'IN', u'CS', u'CH', u'HS'))
 option: Str('idnsupdatepolicy', attribute=True, autofill=False, cli_name='update_policy', multivalue=False, query=True, required=False)
 option: Bool('idnszoneactive', attribute=True, autofill=False, cli_name='zone_active', multivalue=False, query=True, required=False)
@@ -1102,12 +1102,12 @@ arg: Str('idnsname', attribute=True, cli_name='name', multivalue=False, primary_
 option: Str('name_from_ip', attribute=False, autofill=False, cli_name='name_from_ip', multivalue=False, required=False)
 option: Str('idnssoamname', attribute=True, autofill=False, cli_name='name_server', multivalue=False, required=False)
 option: Str('idnssoarname', attribute=True, autofill=False, cli_name='admin_email', multivalue=False, required=False)
-option: Int('idnssoaserial', attribute=True, autofill=False, cli_name='serial', minvalue=1, multivalue=False, required=False)
-option: Int('idnssoarefresh', attribute=True, autofill=False, cli_name='refresh', default=3600, minvalue=0, multivalue=False, required=False)
-option: Int('idnssoaretry', attribute=True, autofill=False, cli_name='retry', default=900, minvalue=0, multivalue=False, required=False)
-option: Int('idnssoaexpire', attribute=True, autofill=False, cli_name='expire', default=1209600, minvalue=0, multivalue=False, required=False)
-option: Int('idnssoaminimum', attribute=True, autofill=False, cli_name='minimum', default=3600, maxvalue=10800, minvalue=0, multivalue=False, required=False)
-option: Int('dnsttl', attribute=True, autofill=False, cli_name='ttl', multivalue=False, required=False)
+option: Int('idnssoaserial', attribute=True, autofill=False, cli_name='serial', maxvalue=4294967295, minvalue=1, multivalue=False, required=False)
+option: Int('idnssoarefresh', attribute=True, autofill=False, cli_name='refresh', default=3600, maxvalue=2147483647, minvalue=0, multivalue=False, required=False)
+option: Int('idnssoaretry', attribute=True, autofill=False, cli_name='retry', default=900, maxvalue=2147483647, minvalue=0, multivalue=False, required=False)
+option: Int('idnssoaexpire', attribute=True, autofill=False, cli_name='expire', default=1209600, maxvalue=2147483647, minvalue=0, multivalue=False, required=False)
+option: Int('idnssoaminimum', attribute=True, autofill=False, cli_name='minimum', default=3600, maxvalue=2147483647, minvalue=0, multivalue=False, required=False)
+option: Int('dnsttl', attribute=True, autofill=False, cli_name='ttl', maxvalue=2147483647, minvalue=0, multivalue=False, required=False)
 option: StrEnum('dnsclass', attribute=True, autofill=False, cli_name='class', multivalue=False, required=False, values=(u'IN', u'CS', u'CH', u'HS'))
 option: Str('idnsupdatepolicy', attribute=True, autofill=False, cli_name='update_policy', multivalue=False, required=False)
 option: Bool('idnsallowdynupdate', attribute=True, autofill=False, cli_name='dynamic_update', default=False, multivalue=False, required=False)
diff --git a/VERSION b/VERSION
index 41316cb1c..25776435c 100644
--- a/VERSION
+++ b/VERSION
@@ -79,4 +79,4 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=41
+IPA_API_VERSION_MINOR=42
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index e9f8b0cc0..8e2970994 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -1585,6 +1585,7 @@ class dnszone(LDAPObject):
             label=_('SOA serial'),
             doc=_('SOA record serial number'),
             minvalue=1,
+            maxvalue=4294967295,
             default_from=_create_zone_serial,
             autofill=True,
         ),
@@ -1593,6 +1594,7 @@ class dnszone(LDAPObject):
             label=_('SOA refresh'),
             doc=_('SOA record refresh time'),
             minvalue=0,
+            maxvalue=2147483647,
             default=3600,
             autofill=True,
         ),
@@ -1601,6 +1603,7 @@ class dnszone(LDAPObject):
             label=_('SOA retry'),
             doc=_('SOA record retry time'),
             minvalue=0,
+            maxvalue=2147483647,
             default=900,
             autofill=True,
         ),
@@ -1610,6 +1613,7 @@ class dnszone(LDAPObject):
             doc=_('SOA record expire time'),
             default=1209600,
             minvalue=0,
+            maxvalue=2147483647,
             autofill=True,
         ),
         Int('idnssoaminimum',
@@ -1618,13 +1622,15 @@ class dnszone(LDAPObject):
             doc=_('How long should negative responses be cached'),
             default=3600,
             minvalue=0,
-            maxvalue=10800,
+            maxvalue=2147483647,
             autofill=True,
         ),
         Int('dnsttl?',
             cli_name='ttl',
             label=_('SOA time to live'),
             doc=_('SOA record time to live'),
+            minvalue=0,
+            maxvalue=2147483647, # see RFC 2181
         ),
         StrEnum('dnsclass?',
             cli_name='class',
diff --git a/tests/test_xmlrpc/test_dns_plugin.py b/tests/test_xmlrpc/test_dns_plugin.py
index 2b6d53c0b..e5c8a7c03 100644
--- a/tests/test_xmlrpc/test_dns_plugin.py
+++ b/tests/test_xmlrpc/test_dns_plugin.py
@@ -1103,6 +1103,32 @@ class test_dns(Declarative):
 
 
         dict(
+            desc='Set SOA serial of zone %r to high number' % dnszone1,
+            command=('dnszone_mod', [dnszone1], {'idnssoaserial': 4294967295}),
+            expected={
+                'value': dnszone1,
+                'summary': None,
+                'result': {
+                    'idnsname': [dnszone1],
+                    'idnszoneactive': [u'TRUE'],
+                    'nsrecord': [dnszone1_mname],
+                    'mxrecord': [u'0 ns1.dnszone.test.'],
+                    'locrecord': [u"49 11 42.400 N 16 36 29.600 E 227.64"],
+                    'idnssoamname': [dnszone1_mname],
+                    'idnssoarname': [dnszone1_rname],
+                    'idnssoaserial': [u'4294967295'],
+                    'idnssoarefresh': [u'5478'],
+                    'idnssoaretry': [fuzzy_digits],
+                    'idnssoaexpire': [fuzzy_digits],
+                    'idnssoaminimum': [fuzzy_digits],
+                    'idnsallowquery': [u'!10.0.0.0/8;any;'],
+                    'idnsallowtransfer': [u'80.142.15.80;'],
+                },
+            },
+        ),
+
+
+        dict(
             desc='Try to create duplicate PTR record for %r with --a-create-reverse' % dnsres1,
             command=('dnsrecord_add', [dnszone1, dnsres1], {'arecord': u'80.142.15.80',
                                                             'a_extra_create_reverse' : True}),
author	Martin Kosek <mkosek@redhat.com>	2012-09-04 16:05:34 +0200
committer	Martin Kosek <mkosek@redhat.com>	2012-09-06 14:57:48 +0200
commit	6abe476459e83d9457b22693b22b55c6c98a1a58 (patch)
tree	94da8e21df49228a126c0c11bacbc39f12333b27
parent	cfbea2a99e53dea54aaa0a1670c2bed194c4dc2c (diff)
download	freeipa-6abe476459e83d9457b22693b22b55c6c98a1a58.tar.gz freeipa-6abe476459e83d9457b22693b22b55c6c98a1a58.tar.xz freeipa-6abe476459e83d9457b22693b22b55c6c98a1a58.zip