Univention Bugzilla – Attachment 9412 Details for
Bug 41574
Handling of userexpiry is unexact
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
userexpiry2accountExpires.patch
userexpiry2accountExpires.patch (text/plain), 7.25 KB, created by
Arvid Requate
on 2018-02-21 18:00 CET
(
hide
)
Description:
userexpiry2accountExpires.patch
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2018-02-21 18:00 CET
Size:
7.25 KB
patch
obsolete
>diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py >index 546fdd5c3a..cfec7e021e 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py >@@ -1094,8 +1094,8 @@ def posixSecondsToLocaltimeDate(seconds): > return time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(seconds)) > > >-def posixDaysToDate(days): >- return time.strftime("%Y-%m-%d", time.gmtime(long(days) * 3600 * 24)) >+def posixDaysToLocalDate(days): >+ return time.strftime("%Y-%m-%d", time.localtime(long(days) * 3600 * 24)) > > > def sambaWorkstationsMap(workstations): >@@ -1267,22 +1267,23 @@ def unmapShadowExpireToUserexpiry(oldattr): > # shadowExpire contains the absolute date to expire the account. > > if 'shadowExpire' in oldattr and len(oldattr['shadowExpire']) > 0: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'userexpiry: %s' % posixDaysToDate(oldattr['shadowExpire'][0])) >+ univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'userexpiry: %s' % posixDaysToLocalDate(oldattr['shadowExpire'][0])) > if oldattr['shadowExpire'][0] != '1': >- return posixDaysToDate(oldattr['shadowExpire'][0]) >+ return posixDaysToLocalDate(oldattr['shadowExpire'][0]) > > > def unmapKrb5ValidEndToUserexpiry(oldattr): > if 'krb5ValidEnd' in oldattr: > krb5validend = oldattr['krb5ValidEnd'][0] > univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'krb5validend is: %s' % krb5validend) >- return "%s-%s-%s" % (krb5validend[0:4], krb5validend[4:6], krb5validend[6:8]) >+ userexpiry_epoch = calendar.timegm(time.strptime(krb5validend, '%Y%m%d%H%M%SZ')) >+ return time.strftime("%Y-%m-%d", time.localtime(userexpiry_epoch)) > > > def unmapSambaKickoffTimeToUserexpiry(oldattr): > if 'sambaKickoffTime' in oldattr: > univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'sambaKickoffTime is: %s' % oldattr['sambaKickoffTime'][0]) >- return time.strftime("%Y-%m-%d", time.gmtime(long(oldattr['sambaKickoffTime'][0]) + (3600 * 24))) >+ return time.strftime("%Y-%m-%d", time.localtime(long(oldattr['sambaKickoffTime'][0]) + (3600 * 24))) > > > def unmapPasswordExpiry(oldattr): >@@ -1293,7 +1294,7 @@ def unmapPasswordExpiry(oldattr): > shadow_last_change = int(oldattr['shadowLastChange'][0]) > except ValueError: > univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'users/user: failed to calculate password expiration correctly, use only shadowMax instead') >- return posixDaysToDate(shadow_last_change + shadow_max) >+ return posixDaysToLocalDate(shadow_last_change + shadow_max) > > > def unmapDisabled(oldattr): >@@ -2048,7 +2049,7 @@ class object(univention.admin.handlers.simpleLdap): > return ml > > krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >+ krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])) > ml.append(('krb5Key', self.oldattr.get('krb5Key', []), krb_keys)) > ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) > return ml >@@ -2193,7 +2194,8 @@ class object(univention.admin.handlers.simpleLdap): > if self.hasChanged('userexpiry'): > krb5ValidEnd = '' > if self['userexpiry']: >- krb5ValidEnd = "%s%s%s000000Z" % (self['userexpiry'][0:4], self['userexpiry'][5:7], self['userexpiry'][8:10]) >+ userexpiry_epoch = time.mktime(time.strptime(self['userexpiry'], "%Y-%m-%d")) >+ krb5ValidEnd = time.strftime("%Y%m%d000000Z", time.gmtime(userexpiry_epoch)) > univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'krb5ValidEnd: %s' % krb5ValidEnd) > old_krb5ValidEnd = self.oldattr.get('krb5ValidEnd', '') > if old_krb5ValidEnd != krb5ValidEnd: >@@ -2208,7 +2210,7 @@ class object(univention.admin.handlers.simpleLdap): > if self['disabled'] == '1' and self.hasChanged('disabled') and not self.hasChanged('userexpiry'): > shadowExpire = '1' > elif self['userexpiry']: >- shadowExpire = "%d" % long(time.mktime(time.strptime(self['userexpiry'], "%Y-%m-%d")) / 3600 / 24 + 1) >+ shadowExpire = "%d" % long(time.mktime(time.strptime(self['userexpiry'], "%Y-%m-%d")) / 3600 / 24) > elif self['disabled'] == '1': > shadowExpire = '1' > else: >diff --git a/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py b/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py >index dcbc203ed7..1c6fc15ce9 100644 >--- a/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py >+++ b/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py >@@ -215,19 +215,19 @@ def encode_s4_resultlist(s4_resultlist): > return s4_resultlist > > >-def unix2s4_time(l): >+def userexpiry2accountExpires(l): > d = 116444736000000000L # difference between 1601 and 1970 >- return long(time.mktime(time.gmtime(time.mktime(time.strptime(l, "%Y-%m-%d")) + 90000))) * 10000000 + d # 90000s are one day and one hour >+ return long(time.mktime(time.strptime(l, "%Y-%m-%d")) - 86400) * 10000000 + d # 86400s is one day > > >-def s42unix_time(l): >+def accountExpires2userexpiry(l): > d = 116444736000000000L # difference between 1601 and 1970 >- return time.strftime("%d.%m.%y", time.gmtime((l - d) / 10000000)) >+ return time.strftime("%Y-%m-%d", time.localtime((l - d) / 10000000) + 86400) > > > def samba2s4_time(l): > d = 116444736000000000L # difference between 1601 and 1970 >- return long(time.mktime(time.localtime(l))) * 10000000 + d >+ return long(l) * 10000000 + d > > > def s42samba_time(l): >@@ -2129,9 +2129,10 @@ class s4(univention.s4connector.ucs): > modlist.append((ldap.MOD_REPLACE, 'accountExpires', ['9223372036854775807'])) > else: > # ucs account expired >- if 'accountExpires' in ldap_object_s4 and ldap_object_s4['accountExpires'][0] != unix2s4_time(ucs_admin_object['userexpiry']): >+ accountExpires_ucs = userexpiry2accountExpires(ucs_admin_object['userexpiry']) >+ if 'accountExpires' in ldap_object_s4 and ldap_object_s4['accountExpires'][0] != accountExpires_ucs: > # s4 account not expired -> change >- modlist.append((ldap.MOD_REPLACE, 'accountExpires', [str(unix2s4_time(ucs_admin_object['userexpiry']))])) >+ modlist.append((ldap.MOD_REPLACE, 'accountExpires', [str(accountExpires_ucs)])) > > if modlist: > ud.debug(ud.LDAP, ud.ALL, "disable_user_from_ucs: modlist: %s" % modlist) >@@ -2171,9 +2172,10 @@ class s4(univention.s4connector.ucs): > # s4 account expired > ud.debug(ud.LDAP, ud.INFO, "sync account_expire: s4time: %s unixtime: %s" % (long(ldap_object_s4['accountExpires'][0]), ucs_admin_object['userexpiry'])) > >- if s42unix_time(long(ldap_object_s4['accountExpires'][0])) != ucs_admin_object['userexpiry']: >+ userexpiry_s4 = accountExpires2userexpiry(long(ldap_object_s4['accountExpires'][0])) >+ if userexpiry_s4 != ucs_admin_object['userexpiry']: > # ucs account not expired -> change >- ucs_admin_object['userexpiry'] = s42unix_time(long(ldap_object_s4['accountExpires'][0])) >+ ucs_admin_object['userexpiry'] = userexpiry_s4 > modified = 1 > > if modified:
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
Actions:
View
|
Diff
Attachments on
bug 41574
:
9095
|
9407
|
9408
| 9412