Univention Bugzilla – Attachment 9152 Details for
Bug 45282
S4-Connector still reads&writes deprecated sambaPwdMustChange
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
remove_sambaPwdMustChange.patch
remove_sambaPwdMustChange.patch (text/plain), 5.19 KB, created by
Arvid Requate
on 2017-08-29 13:02:58 CEST
(
hide
)
Description:
remove_sambaPwdMustChange.patch
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2017-08-29 13:02:58 CEST
Size:
5.19 KB
patch
obsolete
>Index: modules/univention/s4connector/s4/password.py >=================================================================== >--- modules/univention/s4connector/s4/password.py (Revision 82507) >+++ modules/univention/s4connector/s4/password.py (Arbeitskopie) >@@ -503,10 +503,9 @@ > sambaPwdLastSet = long(ucs_object_attributes['sambaPwdLastSet'][0]) > ud.debug(ud.LDAP, ud.INFO, "password_sync_ucs_to_s4: sambaPwdLastSet: %s" % sambaPwdLastSet) > >- sambaPwdMustChange = -1 > if 'sambaPwdMustChange' in ucs_object_attributes: > sambaPwdMustChange = long(ucs_object_attributes['sambaPwdMustChange'][0]) >- ud.debug(ud.LDAP, ud.INFO, "password_sync_ucs_to_s4: sambaPwdMustChange: %s" % sambaPwdMustChange) >+ ud.debug(ud.LDAP, ud.WARN, "password_sync_ucs_to_s4: Ignoring sambaPwdMustChange: %s" % sambaPwdMustChange) > > ucsLMhash = ucs_object_attributes.get('sambaLMPassword', [None])[0] > ucsNThash = ucs_object_attributes.get('sambaNTPassword', [None])[0] >@@ -607,18 +606,14 @@ > # else: > # modlist.append((ldap.MOD_ADD, 'msDS-KeyVersionNumber', krb5KeyVersionNumber)) > >- if sambaPwdMustChange >= 0 and sambaPwdMustChange < time.time(): >- # password expired, must be changed on next login >+ if sambaPwdLastSet is None: >+ sambaPwdLastSet = int(time.time()) >+ newpwdlastset = str(univention.s4connector.s4.samba2s4_time(sambaPwdLastSet)) >+ elif sambaPwdLastSet in [0, 1]: > ud.debug(ud.LDAP, ud.INFO, "password_sync_ucs_to_s4: samba pwd expired, set newpwdLastSet to 0") > newpwdlastset = "0" > else: >- if sambaPwdLastSet is None: >- sambaPwdLastSet = int(time.time()) >- newpwdlastset = str(univention.s4connector.s4.samba2s4_time(sambaPwdLastSet)) >- elif sambaPwdLastSet in [0, 1]: >- newpwdlastset = "0" >- else: >- newpwdlastset = str(univention.s4connector.s4.samba2s4_time(sambaPwdLastSet)) >+ newpwdlastset = str(univention.s4connector.s4.samba2s4_time(sambaPwdLastSet)) > ud.debug(ud.LDAP, ud.INFO, "password_sync_ucs_to_s4: pwdlastset in modlist: %s" % newpwdlastset) > modlist.append((ldap.MOD_REPLACE, 'pwdlastset', newpwdlastset)) > modlist.append((ldap.MOD_REPLACE, 'badPwdCount', '0')) >@@ -716,7 +711,7 @@ > sambaPwdMustChange = '' > if 'sambaPwdMustChange' in ucs_object_attributes: > sambaPwdMustChange = ucs_object_attributes['sambaPwdMustChange'][0] >- ud.debug(ud.LDAP, ud.INFO, "password_sync_s4_to_ucs: sambaPwdMustChange: %s" % sambaPwdMustChange) >+ ud.debug(ud.LDAP, ud.WARN, "password_sync_s4_to_ucs: Found sambaPwdMustChange: %s" % sambaPwdMustChange) > krb5Key_ucs = ucs_object_attributes.get('krb5Key', []) > userPassword_ucs = ucs_object_attributes.get('userPassword', [None])[0] > krb5KeyVersionNumber = ucs_object_attributes.get('krb5KeyVersionNumber', [None])[0] >@@ -774,9 +769,7 @@ > ud.debug(ud.LDAP, ud.INFO, "password_sync_s4_to_ucs: No password change to sync to UCS") > > if pwd_changed and (pwdLastSet or pwdLastSet == 0): >- newSambaPwdMustChange = sambaPwdMustChange > if pwdLastSet == 0: # pwd change on next login >- newSambaPwdMustChange = str(pwdLastSet) > newSambaPwdLastSet = str(pwdLastSet) > else: > newSambaPwdLastSet = str(univention.s4connector.s4.s42samba_time(pwdLastSet)) >@@ -784,19 +777,15 @@ > if not userobject: > ud.debug(ud.LDAP, ud.ERROR, "password_sync_s4_to_ucs: couldn't get user-object from UCS") > return False >- sambaPwdMustChange = sambaPwdMustChange.strip() >- if not sambaPwdMustChange.isdigit(): >- pass >- elif pwd_changed or (long(sambaPwdMustChange) < time.time() and not pwdLastSet == 0): >+ >+ if pwd_changed: > pwhistoryPolicy = userobject.loadPolicyObject('policies/pwhistory') > try: > expiryInterval = int(pwhistoryPolicy['expiryInterval']) >- newSambaPwdMustChange = str(long(newSambaPwdLastSet) + (expiryInterval * 3600 * 24)) > except: # FIXME: which exception is to be caught? > # expiryInterval is empty or no legal int-string > pwhistoryPolicy['expiryInterval'] = '' > expiryInterval = -1 >- newSambaPwdMustChange = '' > > ud.debug(ud.LDAP, ud.INFO, "password_sync_s4_to_ucs: pwhistoryPolicy: expiryInterval: %s" % expiryInterval) > >@@ -808,15 +797,9 @@ > modlist.append(('sambaPwdLastSet', '', newSambaPwdLastSet)) > ud.debug(ud.LDAP, ud.INFO, "password_sync_s4_to_ucs: sambaPwdLastSet in modlist (set): %s" % newSambaPwdLastSet) > >- if sambaPwdMustChange != newSambaPwdMustChange: >- # change if password has changed or "change pwd on next login" is not set >- # set sambaPwdMustChange regarding to the univention-policy >- if sambaPwdMustChange: >- modlist.append(('sambaPwdMustChange', sambaPwdMustChange, newSambaPwdMustChange)) >- ud.debug(ud.LDAP, ud.INFO, "password_sync_s4_to_ucs: sambaPwdMustChange in modlist (replace): %s" % newSambaPwdMustChange) >- else: >- modlist.append(('sambaPwdMustChange', '', newSambaPwdMustChange)) >- ud.debug(ud.LDAP, ud.INFO, "password_sync_s4_to_ucs: sambaPwdMustChange in modlist (set): %s" % newSambaPwdMustChange) >+ if sambaPwdMustChange: >+ modlist.append(('sambaPwdMustChange', sambaPwdMustChange, '')) >+ ud.debug(ud.LDAP, ud.INFO, "password_sync_s4_to_ucs: Removing sambaPwdMustChange: %s" % newSambaPwdMustChange) > > if len(modlist) > 0: > ud.debug(ud.LDAP, ud.INFO, "password_sync_s4_to_ucs: modlist: %s" % modlist)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9152">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 45282
: 9152