Univention Bugzilla – Attachment 9330 Details for
Bug 45957
simplify "user has to change password on next logon behavior" (shadowLastChange)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
45957.patch (text/plain), 3.11 KB, created by
Florian Best
on 2017-12-27 21:50:18 CET
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Florian Best
Created:
2017-12-27 21:50:18 CET
Size:
3.11 KB
patch
obsolete
>commit 2d94a794e321e628670cc94ba71be2d1dad9c28b >Author: Florian Best <best@univention.de> >Date: Tue Dec 19 12:30:09 2017 +0100 > > Bug #45842: simplify shadowLastChange behavior by setting 0 if password should be changed on next login > >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py >index 523bea6..7899128 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py >@@ -2030,29 +2030,31 @@ def _modlist_password_change(self, ml): > pwd_change_next_login = self.hasChanged('pwdChangeNextLogin') and self['pwdChangeNextLogin'] == '1' > unset_pwd_change_next_login = self.hasChanged('pwdChangeNextLogin') and self['pwdChangeNextLogin'] == '0' > >+ old_shadow_last_change = self.oldattr.get('shadowLastChange', [''])[0] >+ old_shadow_max = self.oldattr.get('shadowMax', [''])[0] >+ shadow_last_change = old_shadow_last_change >+ shadow_max = old_shadow_max >+ > if pwd_change_next_login: >- # force user to change password on next login >- shadowMax = "1" >- elif not pwhistoryPolicy.expiryInterval or unset_pwd_change_next_login: >- # 1. no pw expiry interval is defined or >- # 2. remove that user has to change password on next login >- shadowMax = '' >+ shadow_last_change = '0' >+ elif modifypassword or (unset_pwd_change_next_login and old_shadow_last_change == '0') or (pwhistoryPolicy.expiryInterval and not old_shadow_last_change): >+ # 1. The password was changed >+ # 2. User doesn't need to change password on next login anymore >+ # 3. a password history policy exists but no last password change date >+ shadow_last_change = str(int(long(time.time()) / 3600 / 24)) >+ >+ if pwhistoryPolicy.expiryInterval: >+ # a password history policy exists >+ shadow_max = pwhistoryPolicy.expiryInterval > else: >- shadowMax = pwhistoryPolicy.expiryInterval >- >- old_shadowMax = self.oldattr.get('shadowMax', [''])[0] >- if old_shadowMax != shadowMax: >- ml.append(('shadowMax', old_shadowMax, shadowMax)) >+ # no password history policy exists anymore (could be removed) >+ shadow_max = '' > >- now = (long(time.time()) / 3600 / 24) >- shadowLastChange = '' >- if pwhistoryPolicy.expiryInterval or unset_pwd_change_next_login: >- shadowLastChange = str(int(now)) >- if pwd_change_next_login: >- shadowLastChange = str(int(now) - int(shadowMax) - 1) >+ if old_shadow_last_change != shadow_last_change: >+ ml.append(('shadowLastChange', old_shadow_last_change, shadow_last_change)) > >- if shadowLastChange: # FIXME: this check causes, that the value is not unset. Is this correct? >- ml.append(('shadowLastChange', self.oldattr.get('shadowLastChange', [''])[0], shadowLastChange)) >+ if old_shadow_max != shadow_max: >+ ml.append(('shadowMax', old_shadow_max, shadow_max)) > > # if pwdChangeNextLogin has been set, set sambaPwdLastSet to 0 (see UCS Bug #17890) > # OLD behavior was: set sambaPwdLastSet to 1 (see UCS Bug #8292 and Samba Bug #4313)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9330">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 45957
: 9330