From f985f121d6c58b96b427dc64c7384da477a2c5bf Mon Sep 17 00:00:00 2001
From: Lukas Oyen <oyen@univention.de>
Date: Mon, 31 Jul 2017 16:52:53 +0200
Subject: [PATCH 1/4] Bug #36210: users/user: use UTC for setting
 pwdChangeNextLogin

---
 .../modules/univention/admin/handlers/users/user.py                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
index e82a8b7..5f5c9ad 100644
--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
@@ -1566,7 +1566,7 @@ class object(univention.admin.handlers.simpleLdap, mungeddial.Support):
 						raise univention.admin.uexceptions.primaryGroup
 
 			if self['passwordexpiry']:
-				today = time.strftime('%Y-%m-%d').split('-')
+				today = time.strftime('%Y-%m-%d', time.gmtime()).split('-')
 				expiry = self['passwordexpiry'].split('-')
 				# expiry.reverse()
 				# today.reverse()
-- 
2.7.4


From afdd66e2b86a3cac8180c86876f1807eeac01b06 Mon Sep 17 00:00:00 2001
From: Lukas Oyen <oyen@univention.de>
Date: Mon, 31 Jul 2017 17:14:11 +0200
Subject: [PATCH 2/4] Bug #36210: users/user: fix timezone problems with
 userexpiry

---
 .../modules/univention/admin/handlers/users/user.py | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
index 5f5c9ad..319a174 100644
--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
@@ -36,6 +36,7 @@ import string
 import re
 import copy
 import time
+import calendar
 import types
 import struct
 from M2Crypto import X509
@@ -1138,8 +1139,20 @@ def case_insensitive_in_list(dn, list):
 	return False
 
 
+def posixSecondsToDate(seconds):
+	return time.strftime("%Y-%m-%d", time.gmtime(seconds))
+
+
 def posixDaysToDate(days):
-	return time.strftime("%Y-%m-%d", time.gmtime(long(days) * 3600 * 24))
+	return posixSecondsToDate(long(days) * 3600 * 24)
+
+
+def dateToPosixSeconds(iso_date):
+	return calendar.timegm(time.strptime(iso_date, "%Y-%m-%d"))
+
+
+def dateToPosixDays(iso_date):
+	return dateToPosixSeconds(iso_date) / 3600 / 24
 
 
 def sambaWorkstationsMap(workstations):
@@ -1474,7 +1487,7 @@ class object(univention.admin.handlers.simpleLdap, mungeddial.Support):
 		elif 'samba' in self.options:
 			if self.oldattr.has_key('sambaKickoffTime'):
 				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'sambaKickoffTime is: %s' % self.oldattr['sambaKickoffTime'][0])
-				self.info['userexpiry'] = time.strftime("%Y-%m-%d", time.gmtime(long(self.oldattr['sambaKickoffTime'][0]) + (3600 * 24)))
+				self.info['userexpiry'] = posixSecondsToDate(self.oldattr['sambaKickoffTime'][0])
 
 		try:
 			givenName = self.oldattr.get('givenName', [''])[0]
@@ -2307,7 +2320,7 @@ class object(univention.admin.handlers.simpleLdap, mungeddial.Support):
 			if 'samba' in self.options:
 				sambaKickoffTime = ''
 				if self['userexpiry']:
-					sambaKickoffTime = "%d" % long(time.mktime(time.strptime(self['userexpiry'], "%Y-%m-%d")))
+					sambaKickoffTime = str(dateToPosixSeconds(self['userexpiry']))
 					univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'sambaKickoffTime: %s' % sambaKickoffTime)
 				old_sambaKickoffTime = self.oldattr.get('sambaKickoffTime', '')
 				if old_sambaKickoffTime != sambaKickoffTime:
@@ -2329,7 +2342,7 @@ class object(univention.admin.handlers.simpleLdap, mungeddial.Support):
 				if self.__is_posix_disabled() and self.hasChanged('disabled') and not self.hasChanged('userexpiry'):
 					shadowExpire = '1'
 				elif self['userexpiry']:
-					shadowExpire = "%d" % long(time.mktime(time.strptime(self['userexpiry'], "%Y-%m-%d")) / 3600 / 24 + 1)
+					shadowExpire = str(dateToPosixDays(self['userexpiry']))
 				elif self.__is_posix_disabled():
 					shadowExpire = '1'
 				else:
-- 
2.7.4


From 3ebeae0af8a1daa0a681ef1508cd10939c80ca44 Mon Sep 17 00:00:00 2001
From: Lukas Oyen <oyen@univention.de>
Date: Mon, 31 Jul 2017 16:01:26 +0200
Subject: [PATCH 3/4] Bug #36210: ucs-test: udm/users 25_script_lock* enable
 special posix cases

---
 .../tests/61_udm-users/25_script_lock_expired_accounts         | 10 +++++-----
 .../tests/61_udm-users/25_script_lock_expired_passwords        |  6 +++---
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/test/ucs-test/tests/61_udm-users/25_script_lock_expired_accounts b/test/ucs-test/tests/61_udm-users/25_script_lock_expired_accounts
index 7c47c99..4832419 100755
--- a/test/ucs-test/tests/61_udm-users/25_script_lock_expired_accounts
+++ b/test/ucs-test/tests/61_udm-users/25_script_lock_expired_accounts
@@ -3,7 +3,7 @@
 ## roles: [domaincontroller_master]
 ## exposure: dangerous
 ## packages: [univention-directory-manager-tools]
-## bugs: [35088]
+## bugs: [35088, 36210]
 
 from datetime import datetime, timedelta
 import univention.admin.uldap
@@ -40,18 +40,18 @@ def main():
 		for delta, initial_state, expected_state in [
 			[-9, 'none', 'none'],
 			[-8, 'none', 'none'],
-#			[-7, 'none', 'none'],  disabled due to bug #36210
-#			[-6, 'none', 'posix'],  disabled due to bug #36210
+			[-7, 'none', 'none'],
+			[-6, 'none', 'posix'],
 			[-5, 'none', 'posix'],
 			[-4, 'none', 'posix'],
 			[-3, 'none', 'posix'],
 			[-2, 'none', 'posix'],
 			[-1, 'none', 'posix'],
-#			[0, 'none', 'posix'],  disabled due to bug #36210
+			[0, 'none', 'posix'],
 			[1, 'none', 'none'],
 			[2, 'none', 'none'],
 			[-4, 'windows', 'all'],
-#			[0, 'windows', 'all'],  disabled due to bug #36210
+			[0, 'windows', 'all'],
 			[2, 'windows', 'windows'],
 		]:
 			userdata[create_user(delta, initial_state)] = [initial_state, expected_state]
diff --git a/test/ucs-test/tests/61_udm-users/25_script_lock_expired_passwords b/test/ucs-test/tests/61_udm-users/25_script_lock_expired_passwords
index 1e4cf5b..19f6080 100755
--- a/test/ucs-test/tests/61_udm-users/25_script_lock_expired_passwords
+++ b/test/ucs-test/tests/61_udm-users/25_script_lock_expired_passwords
@@ -3,7 +3,7 @@
 ## roles: [domaincontroller_master]
 ## exposure: dangerous
 ## packages: [univention-directory-manager-tools]
-## bugs: [35088]
+## bugs: [35088, 36210]
 
 import univention.admin.uldap
 import univention.admin.modules as udm_modules
@@ -43,11 +43,11 @@ def main():
 			[-3, 'none', 'posix'],
 			[-2, 'none', 'posix'],
 			[-1, 'none', 'posix'],
-#			[0, 'none', 'posix'],  disabled due to bug #36210
+			[0, 'none', 'posix'],
 			[1, 'none', 'none'],
 			[2, 'none', 'none'],
 			[-4, 'windows', 'all'],
-#			[0, 'windows', 'all'],  disabled due to bug #36210
+			[0, 'windows', 'all'],
 			[2, 'windows', 'windows'],
 		]:
 			userdata[create_user(delta, initial_state)] = [initial_state, expected_state]
-- 
2.7.4


From 60806754be45b2d4b95899935dda73dd9de16c55 Mon Sep 17 00:00:00 2001
From: Lukas Oyen <oyen@univention.de>
Date: Mon, 31 Jul 2017 16:09:00 +0200
Subject: [PATCH 4/4] Bug #36210: ucs-test: udm/users 25_script_lock* use
 subprocess.check_call()

---
 test/ucs-test/tests/61_udm-users/25_script_lock_expired_accounts  | 4 ++--
 test/ucs-test/tests/61_udm-users/25_script_lock_expired_passwords | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/ucs-test/tests/61_udm-users/25_script_lock_expired_accounts b/test/ucs-test/tests/61_udm-users/25_script_lock_expired_accounts
index 4832419..839fca6 100755
--- a/test/ucs-test/tests/61_udm-users/25_script_lock_expired_accounts
+++ b/test/ucs-test/tests/61_udm-users/25_script_lock_expired_accounts
@@ -3,7 +3,7 @@
 ## roles: [domaincontroller_master]
 ## exposure: dangerous
 ## packages: [univention-directory-manager-tools]
-## bugs: [35088, 36210]
+## bugs: [35088,36210]
 
 from datetime import datetime, timedelta
 import univention.admin.uldap
@@ -68,7 +68,7 @@ def main():
 				utils.fail('uid=%s should not be locked for posix prior to script execution!' % (entry['username'],))
 
 		print 'Calling lock_expired_accounts...'
-		subprocess.call(['/usr/share/univention-directory-manager-tools/lock_expired_accounts', '--only-last-week'])
+		subprocess.check_call(['/usr/share/univention-directory-manager-tools/lock_expired_accounts', '--only-last-week'])
 		print 'DONE'
 
 		results = udm_modules.lookup('users/user', None, lo, scope='sub', filter=ldap_filter)
diff --git a/test/ucs-test/tests/61_udm-users/25_script_lock_expired_passwords b/test/ucs-test/tests/61_udm-users/25_script_lock_expired_passwords
index 19f6080..d61ee76 100755
--- a/test/ucs-test/tests/61_udm-users/25_script_lock_expired_passwords
+++ b/test/ucs-test/tests/61_udm-users/25_script_lock_expired_passwords
@@ -64,7 +64,7 @@ def main():
 				utils.fail('uid=%s should not be locked for posix prior to script execution!' % (entry['username'],))
 
 		print 'Calling lock_expired_passwords...'
-		subprocess.call(['/usr/share/univention-directory-manager-tools/lock_expired_passwords'])
+		subprocess.check_call(['/usr/share/univention-directory-manager-tools/lock_expired_passwords'])
 		print 'DONE'
 
 		results = udm_modules.lookup('users/user', None, lo, scope='sub', filter=ldap_filter)
-- 
2.7.4