From af683b8925e9711fddba357a88fd35470e3cbc3a Mon Sep 17 00:00:00 2001 From: hickert Date: Tue, 6 Jul 2010 07:13:14 +0000 Subject: [PATCH] Updated password expiry handling -Do not expire admin accounts -Fixed class_password.inc to only use expiry if it is enabled. git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6@18939 594d385d-05f5-0310-b6e9-bd551577e9d8 --- gosa-core/include/functions.inc | 7 +++++-- gosa-core/plugins/personal/password/class_password.inc | 3 ++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc index 5052f921d..805acec79 100644 --- a/gosa-core/include/functions.inc +++ b/gosa-core/include/functions.inc @@ -677,13 +677,16 @@ function ldap_login_user ($username, $password) */ function ldap_expired_account($config, $userdn, $uid) { + + // Skip this for the admin account, we do not want to lock him out. + if($uid == 'admin') return(0); + $ldap= $config->get_ldap_link(); $ldap->cd($config->current['BASE']); $ldap->cat($userdn); $attrs= $ldap->fetch(); $current= floor(date("U") /60 /60 /24); - // Fetch required attributes foreach(array('shadowExpire','shadowLastChange','shadowMax','shadowMin', 'shadowInactive','shadowWarning') as $attr){ @@ -759,7 +762,7 @@ function ldap_expired_account($config, $userdn, $uid) } } - return(NULL); + return(0); } diff --git a/gosa-core/plugins/personal/password/class_password.inc b/gosa-core/plugins/personal/password/class_password.inc index 7006dc777..c8540ae22 100644 --- a/gosa-core/plugins/personal/password/class_password.inc +++ b/gosa-core/plugins/personal/password/class_password.inc @@ -68,8 +68,10 @@ class password extends plugin $smarty->assign("NotAllowed" , !preg_match("/w/i",$password_ACLS)); /* Display expiration template */ + $smarty->assign("passwordExpired", FALSE); if ($this->config->get_cfg_value("handleExpiredAccounts") == "true"){ $expired= ldap_expired_account($this->config, $ui->dn, $ui->username); + $smarty->assign("passwordExpired", $expired & POSIX_FORCE_PASSWORD_CHANGE); if($expired == POSIX_DISALLOW_PASSWORD_CHANGE){ return($smarty->fetch(get_template_path("nochange.tpl", TRUE))); } @@ -82,7 +84,6 @@ class password extends plugin $smarty->assign("proposalEnabled" , $this->proposalEnabled); $smarty->assign("proposalSelected" , $this->proposalSelected); - $smarty->assign("passwordExpired", ldap_expired_account($this->config, $ui->dn, $ui->uid) & POSIX_FORCE_PASSWORD_CHANGE); if(isset($_POST['proposalSelected'])) $this->proposalSelected = get_post('proposalSelected') == 1; -- 2.30.2