Univention Bugzilla – Attachment 8007 Details for
Bug 41865
Kerberos auth fails due to expired keys when maxPwdAge setting is too large (713239 days)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
udm: set bounds on {min,max}PasswordAge
41865-kerberos-max-password-age.diff (text/plain), 3.64 KB, created by
Lukas Oyen
on 2016-09-14 16:05:19 CEST
(
hide
)
Description:
udm: set bounds on {min,max}PasswordAge
Filename:
MIME Type:
Creator:
Lukas Oyen
Created:
2016-09-14 16:05:19 CEST
Size:
3.64 KB
patch
obsolete
>diff --git management/univention-directory-manager-modules/modules/univention/admin/de.po management/univention-directory-manager-modules/modules/univention/admin/de.po >index dc3b2ac..3084325 100644 >--- management/univention-directory-manager-modules/modules/univention/admin/de.po >+++ management/univention-directory-manager-modules/modules/univention/admin/de.po >@@ -1675,6 +1675,9 @@ msgstr "" > "Ziffer oder einem Buchstaben beginnen und enden, und darf nicht \"admin\" " > "sein." > >+msgid "Value out of bounds (%d - %d seconds)" >+msgstr "Wert auĂerhalb des erlaubten Bereichs (%d - %d Sekunden)." >+ > #: modules/univention/admin/uexceptions.py:84 > msgid "Values do not match." > msgstr "Die Werte sind nicht gleich." >diff --git management/univention-directory-manager-modules/modules/univention/admin/handlers/settings/sambadomain.py management/univention-directory-manager-modules/modules/univention/admin/handlers/settings/sambadomain.py >index 3b165d1..68de959 100644 >--- management/univention-directory-manager-modules/modules/univention/admin/handlers/settings/sambadomain.py >+++ management/univention-directory-manager-modules/modules/univention/admin/handlers/settings/sambadomain.py >@@ -145,7 +145,7 @@ property_descriptions={ > 'minPasswordAge': univention.admin.property( > short_description=_('Minimum password age'), > long_description='', >- syntax=univention.admin.syntax.UNIX_TimeInterval, >+ syntax=univention.admin.syntax.SambaMinPwdAge, > multivalue=0, > options=[], > required=0, >@@ -175,7 +175,7 @@ property_descriptions={ > 'maxPasswordAge': univention.admin.property( > short_description=_('Maximum password age'), > long_description='', >- syntax=univention.admin.syntax.UNIX_TimeInterval, >+ syntax=univention.admin.syntax.SambaMaxPwdAge, > multivalue=0, > options=[], > required=0, >diff --git management/univention-directory-manager-modules/modules/univention/admin/syntax.py management/univention-directory-manager-modules/modules/univention/admin/syntax.py >index 918e3c3..32a7a7b 100644 >--- management/univention-directory-manager-modules/modules/univention/admin/syntax.py >+++ management/univention-directory-manager-modules/modules/univention/admin/syntax.py >@@ -1331,6 +1331,44 @@ class UNIX_TimeInterval( complex ): > subsyntaxes = ( ( '', integer ), ( '', TimeUnits ) ) > size = ( 'Half', 'Half' ) > >+ @classmethod >+ def parse(cls, texts): >+ return super(UNIX_TimeInterval, cls).parse(texts) >+ >+class UNIX_BoundedTimeInterval( UNIX_TimeInterval ): >+ lower_bound = -1 # in seconds, -1 unbounded >+ upper_bound = -1 # in seconds, -1 unbounded >+ error_message = _ ("Value out of bounds (%d - %d seconds)") >+ >+ @classmethod >+ def parse(cls, texts): >+ parsed = super(UNIX_BoundedTimeInterval, cls).parse(texts) >+ >+ in_seconds = int(parsed[0]) >+ if len(parsed) > 1: >+ in_seconds = { >+ 'seconds': lambda x: x, >+ 'minutes': lambda x: x * 60, >+ 'hours': lambda x: x * 60 * 60, >+ 'days': lambda x: x * 24 * 60 * 60, >+ }[parsed[1]](in_seconds) >+ >+ msg = cls.error_message % (cls.lower_bound, cls.upper_bound) >+ if cls.lower_bound != -1 and in_seconds < cls.lower_bound: >+ raise univention.admin.uexceptions.valueError(msg) >+ if cls.upper_bound != -1 and in_seconds > cls.upper_bound: >+ raise univention.admin.uexceptions.valueError(msg) >+ >+ return parsed >+ >+class SambaMinPwdAge( UNIX_BoundedTimeInterval ): >+ lower_bound = 0 >+ upper_bound = 998 * 24 * 60 * 60 # 998 days in seconds >+ >+class SambaMaxPwdAge( UNIX_BoundedTimeInterval ): >+ lower_bound = 0 >+ upper_bound = 999 * 24 * 60 * 60 # 999 days in seconds >+ > class NetworkType( select ): > choices = ( ( 'ethernet', _( 'Ethernet' ) ), ( 'fddi', _( 'FDDI' ) ), ( 'token-ring', _( 'Token-Ring' ) ) ) >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=8007">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 41865
: 8007 |
9307