|
Lines 2030-2058
def _modlist_password_change(self, ml):
|
Link Here
|
|---|
|
|---|
| 2030 |
pwd_change_next_login = self.hasChanged('pwdChangeNextLogin') and self['pwdChangeNextLogin'] == '1' |
2030 |
pwd_change_next_login = self.hasChanged('pwdChangeNextLogin') and self['pwdChangeNextLogin'] == '1' |
| 2031 |
unset_pwd_change_next_login = self.hasChanged('pwdChangeNextLogin') and self['pwdChangeNextLogin'] == '0' |
2031 |
unset_pwd_change_next_login = self.hasChanged('pwdChangeNextLogin') and self['pwdChangeNextLogin'] == '0' |
| 2032 |
|
2032 |
|
|
|
2033 |
old_shadow_last_change = self.oldattr.get('shadowLastChange', [''])[0] |
| 2034 |
old_shadow_max = self.oldattr.get('shadowMax', [''])[0] |
| 2035 |
shadow_last_change = old_shadow_last_change |
| 2036 |
shadow_max = old_shadow_max |
| 2037 |
|
| 2033 |
if pwd_change_next_login: |
2038 |
if pwd_change_next_login: |
| 2034 |
# force user to change password on next login |
2039 |
shadow_last_change = '0' |
| 2035 |
shadowMax = "1" |
2040 |
elif modifypassword or (unset_pwd_change_next_login and old_shadow_last_change == '0') or (pwhistoryPolicy.expiryInterval and not old_shadow_last_change): |
| 2036 |
elif not pwhistoryPolicy.expiryInterval or unset_pwd_change_next_login: |
2041 |
# 1. The password was changed |
| 2037 |
# 1. no pw expiry interval is defined or |
2042 |
# 2. User doesn't need to change password on next login anymore |
| 2038 |
# 2. remove that user has to change password on next login |
2043 |
# 3. a password history policy exists but no last password change date |
| 2039 |
shadowMax = '' |
2044 |
shadow_last_change = str(int(long(time.time()) / 3600 / 24)) |
|
|
2045 |
|
| 2046 |
if pwhistoryPolicy.expiryInterval: |
| 2047 |
# a password history policy exists |
| 2048 |
shadow_max = pwhistoryPolicy.expiryInterval |
| 2040 |
else: |
2049 |
else: |
| 2041 |
shadowMax = pwhistoryPolicy.expiryInterval |
2050 |
# no password history policy exists anymore (could be removed) |
| 2042 |
|
2051 |
shadow_max = '' |
| 2043 |
old_shadowMax = self.oldattr.get('shadowMax', [''])[0] |
|
|
| 2044 |
if old_shadowMax != shadowMax: |
| 2045 |
ml.append(('shadowMax', old_shadowMax, shadowMax)) |
| 2046 |
|
2052 |
|
| 2047 |
now = (long(time.time()) / 3600 / 24) |
2053 |
if old_shadow_last_change != shadow_last_change: |
| 2048 |
shadowLastChange = '' |
2054 |
ml.append(('shadowLastChange', old_shadow_last_change, shadow_last_change)) |
| 2049 |
if pwhistoryPolicy.expiryInterval or unset_pwd_change_next_login: |
|
|
| 2050 |
shadowLastChange = str(int(now)) |
| 2051 |
if pwd_change_next_login: |
| 2052 |
shadowLastChange = str(int(now) - int(shadowMax) - 1) |
| 2053 |
|
2055 |
|
| 2054 |
if shadowLastChange: # FIXME: this check causes, that the value is not unset. Is this correct? |
2056 |
if old_shadow_max != shadow_max: |
| 2055 |
ml.append(('shadowLastChange', self.oldattr.get('shadowLastChange', [''])[0], shadowLastChange)) |
2057 |
ml.append(('shadowMax', old_shadow_max, shadow_max)) |
| 2056 |
|
2058 |
|
| 2057 |
# if pwdChangeNextLogin has been set, set sambaPwdLastSet to 0 (see UCS Bug #17890) |
2059 |
# if pwdChangeNextLogin has been set, set sambaPwdLastSet to 0 (see UCS Bug #17890) |
| 2058 |
# OLD behavior was: set sambaPwdLastSet to 1 (see UCS Bug #8292 and Samba Bug #4313) |
2060 |
# OLD behavior was: set sambaPwdLastSet to 1 (see UCS Bug #8292 and Samba Bug #4313) |