Limit pwpolicy maxlife to 20000 days

Since krbMaxPwdLife attribute is represented as number of seconds, setting maxlife to high values such as 999 999 days (~2739 years) would result to overflow when parsing this attribute in kdb plugin, and hence default maxlife of 90 days would be applied. Limit the maximum value of maxlife that can be set through the framework to 20 000 days (~ 54 years). https://fedorahosted.org/freeipa/ticket/3817
author: Tomas Babej <tbabej@redhat.com> 2013-08-05 13:45:26 +0200
committer: Martin Kosek <mkosek@redhat.com> 2013-08-05 17:50:31 +0200
commit: f954f2d1b92db10113b766759897d66c57e1e3ab (patch)
tree: 54a371a135674bfd8a9923b8a0e661494dcd7416
parent: 5d141bd39cb99f2c2e16b61bcc4e06b734bbab04 (diff)
download: freeipa.git-f954f2d1b92db10113b766759897d66c57e1e3ab.tar.gz
freeipa.git-f954f2d1b92db10113b766759897d66c57e1e3ab.tar.xz
freeipa.git-f954f2d1b92db10113b766759897d66c57e1e3ab.zip
3 files changed, 5 insertions, 4 deletions
diff --git a/API.txt b/API.txt
index 50834ef6..47cf5411 100644
--- a/API.txt
+++ b/API.txt
@@ -2459,7 +2459,7 @@ arg: Str('cn', attribute=True, cli_name='group', multivalue=False, primary_key=T
 option: Str('addattr*', cli_name='addattr', exclude='webui')
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Int('cospriority', attribute=False, cli_name='priority', minvalue=0, multivalue=False, required=True)
-option: Int('krbmaxpwdlife', attribute=True, cli_name='maxlife', minvalue=0, multivalue=False, required=False)
+option: Int('krbmaxpwdlife', attribute=True, cli_name='maxlife', maxvalue=20000, minvalue=0, multivalue=False, required=False)
 option: Int('krbminpwdlife', attribute=True, cli_name='minlife', minvalue=0, multivalue=False, required=False)
 option: Int('krbpwdfailurecountinterval', attribute=True, cli_name='failinterval', minvalue=0, multivalue=False, required=False)
 option: Int('krbpwdhistorylength', attribute=True, cli_name='history', minvalue=0, multivalue=False, required=False)
@@ -2487,7 +2487,7 @@ arg: Str('criteria?', noextrawhitespace=False)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Str('cn', attribute=True, autofill=False, cli_name='group', multivalue=False, primary_key=True, query=True, required=False)
 option: Int('cospriority', attribute=False, autofill=False, cli_name='priority', minvalue=0, multivalue=False, query=True, required=False)
-option: Int('krbmaxpwdlife', attribute=True, autofill=False, cli_name='maxlife', minvalue=0, multivalue=False, query=True, required=False)
+option: Int('krbmaxpwdlife', attribute=True, autofill=False, cli_name='maxlife', maxvalue=20000, minvalue=0, multivalue=False, query=True, required=False)
 option: Int('krbminpwdlife', attribute=True, autofill=False, cli_name='minlife', minvalue=0, multivalue=False, query=True, required=False)
 option: Int('krbpwdfailurecountinterval', attribute=True, autofill=False, cli_name='failinterval', minvalue=0, multivalue=False, query=True, required=False)
 option: Int('krbpwdhistorylength', attribute=True, autofill=False, cli_name='history', minvalue=0, multivalue=False, query=True, required=False)
@@ -2511,7 +2511,7 @@ option: Str('addattr*', cli_name='addattr', exclude='webui')
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Int('cospriority', attribute=False, autofill=False, cli_name='priority', minvalue=0, multivalue=False, required=False)
 option: Str('delattr*', cli_name='delattr', exclude='webui')
-option: Int('krbmaxpwdlife', attribute=True, autofill=False, cli_name='maxlife', minvalue=0, multivalue=False, required=False)
+option: Int('krbmaxpwdlife', attribute=True, autofill=False, cli_name='maxlife', maxvalue=20000, minvalue=0, multivalue=False, required=False)
 option: Int('krbminpwdlife', attribute=True, autofill=False, cli_name='minlife', minvalue=0, multivalue=False, required=False)
 option: Int('krbpwdfailurecountinterval', attribute=True, autofill=False, cli_name='failinterval', minvalue=0, multivalue=False, required=False)
 option: Int('krbpwdhistorylength', attribute=True, autofill=False, cli_name='history', minvalue=0, multivalue=False, required=False)
diff --git a/VERSION b/VERSION
index c1f80834..313d5f96 100644
--- a/VERSION
+++ b/VERSION
@@ -89,4 +89,4 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=62
+IPA_API_VERSION_MINOR=63
diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py
index 9bbecf7c..da24f7c4 100644
--- a/ipalib/plugins/pwpolicy.py
+++ b/ipalib/plugins/pwpolicy.py
@@ -235,6 +235,7 @@ class pwpolicy(LDAPObject):
             label=_('Max lifetime (days)'),
             doc=_('Maximum password lifetime (in days)'),
             minvalue=0,
+            maxvalue=20000,  # a little over 54 years
         ),
         Int('krbminpwdlife?',
             cli_name='minlife',
author	Tomas Babej <tbabej@redhat.com>	2013-08-05 13:45:26 +0200
committer	Martin Kosek <mkosek@redhat.com>	2013-08-05 17:50:31 +0200
commit	f954f2d1b92db10113b766759897d66c57e1e3ab (patch)
tree	54a371a135674bfd8a9923b8a0e661494dcd7416
parent	5d141bd39cb99f2c2e16b61bcc4e06b734bbab04 (diff)
download	freeipa.git-f954f2d1b92db10113b766759897d66c57e1e3ab.tar.gz freeipa.git-f954f2d1b92db10113b766759897d66c57e1e3ab.tar.xz freeipa.git-f954f2d1b92db10113b766759897d66c57e1e3ab.zip