Attachment 9412 Details for Bug 41574

[patch] userexpiry2accountExpires.patch

userexpiry2accountExpires.patch (text/plain), 7.25 KB, created by Arvid Requate on 2018-02-21 18:00 CET

(hide)

Description:

Filename:

MIME Type:

Creator: Arvid Requate

Created: 2018-02-21 18:00 CET

Size: 7.25 KB

patch

obsolete

>diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
>index 546fdd5c3a..cfec7e021e 100644
>--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
>+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
>@@ -1094,8 +1094,8 @@ def posixSecondsToLocaltimeDate(seconds):
> 	return time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(seconds))
> 
> 
>-def posixDaysToDate(days):
>-	return time.strftime("%Y-%m-%d", time.gmtime(long(days) * 3600 * 24))
>+def posixDaysToLocalDate(days):
>+	return time.strftime("%Y-%m-%d", time.localtime(long(days) * 3600 * 24))
> 
> 
> def sambaWorkstationsMap(workstations):
>@@ -1267,22 +1267,23 @@ def unmapShadowExpireToUserexpiry(oldattr):
> 	# shadowExpire contains the absolute date to expire the account.
> 
> 	if 'shadowExpire' in oldattr and len(oldattr['shadowExpire']) > 0:
>-		univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'userexpiry: %s' % posixDaysToDate(oldattr['shadowExpire'][0]))
>+		univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'userexpiry: %s' % posixDaysToLocalDate(oldattr['shadowExpire'][0]))
> 		if oldattr['shadowExpire'][0] != '1':
>-			return posixDaysToDate(oldattr['shadowExpire'][0])
>+			return posixDaysToLocalDate(oldattr['shadowExpire'][0])
> 
> 
> def unmapKrb5ValidEndToUserexpiry(oldattr):
> 	if 'krb5ValidEnd' in oldattr:
> 		krb5validend = oldattr['krb5ValidEnd'][0]
> 		univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'krb5validend is: %s' % krb5validend)
>-		return "%s-%s-%s" % (krb5validend[0:4], krb5validend[4:6], krb5validend[6:8])
>+		userexpiry_epoch = calendar.timegm(time.strptime(krb5validend, '%Y%m%d%H%M%SZ'))
>+		return time.strftime("%Y-%m-%d", time.localtime(userexpiry_epoch))
> 
> 
> def unmapSambaKickoffTimeToUserexpiry(oldattr):
> 	if 'sambaKickoffTime' in oldattr:
> 		univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'sambaKickoffTime is: %s' % oldattr['sambaKickoffTime'][0])
>-		return time.strftime("%Y-%m-%d", time.gmtime(long(oldattr['sambaKickoffTime'][0]) + (3600 * 24)))
>+		return time.strftime("%Y-%m-%d", time.localtime(long(oldattr['sambaKickoffTime'][0]) + (3600 * 24)))
> 
> 
> def unmapPasswordExpiry(oldattr):
>@@ -1293,7 +1294,7 @@ def unmapPasswordExpiry(oldattr):
> 			shadow_last_change = int(oldattr['shadowLastChange'][0])
> 		except ValueError:
> 			univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'users/user: failed to calculate password expiration correctly, use only shadowMax instead')
>-		return posixDaysToDate(shadow_last_change + shadow_max)
>+		return posixDaysToLocalDate(shadow_last_change + shadow_max)
> 
> 
> def unmapDisabled(oldattr):
>@@ -2048,7 +2049,7 @@ class object(univention.admin.handlers.simpleLdap):
> 			return ml
> 
> 		krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
>-		krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1)
>+		krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]))
> 		ml.append(('krb5Key', self.oldattr.get('krb5Key', []), krb_keys))
> 		ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
> 		return ml
>@@ -2193,7 +2194,8 @@ class object(univention.admin.handlers.simpleLdap):
> 		if self.hasChanged('userexpiry'):
> 			krb5ValidEnd = ''
> 			if self['userexpiry']:
>-				krb5ValidEnd = "%s%s%s000000Z" % (self['userexpiry'][0:4], self['userexpiry'][5:7], self['userexpiry'][8:10])
>+				userexpiry_epoch = time.mktime(time.strptime(self['userexpiry'], "%Y-%m-%d"))
>+				krb5ValidEnd = time.strftime("%Y%m%d000000Z", time.gmtime(userexpiry_epoch))
> 				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'krb5ValidEnd: %s' % krb5ValidEnd)
> 			old_krb5ValidEnd = self.oldattr.get('krb5ValidEnd', '')
> 			if old_krb5ValidEnd != krb5ValidEnd:
>@@ -2208,7 +2210,7 @@ class object(univention.admin.handlers.simpleLdap):
> 			if self['disabled'] == '1' and self.hasChanged('disabled') and not self.hasChanged('userexpiry'):
> 				shadowExpire = '1'
> 			elif self['userexpiry']:
>-				shadowExpire = "%d" % long(time.mktime(time.strptime(self['userexpiry'], "%Y-%m-%d")) / 3600 / 24 + 1)
>+				shadowExpire = "%d" % long(time.mktime(time.strptime(self['userexpiry'], "%Y-%m-%d")) / 3600 / 24)
> 			elif self['disabled'] == '1':
> 				shadowExpire = '1'
> 			else:
>diff --git a/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py b/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py
>index dcbc203ed7..1c6fc15ce9 100644
>--- a/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py
>+++ b/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py
>@@ -215,19 +215,19 @@ def encode_s4_resultlist(s4_resultlist):
> 	return s4_resultlist
> 
> 
>-def unix2s4_time(l):
>+def userexpiry2accountExpires(l):
> 	d = 116444736000000000L  # difference between 1601 and 1970
>-	return long(time.mktime(time.gmtime(time.mktime(time.strptime(l, "%Y-%m-%d")) + 90000))) * 10000000 + d  # 90000s are one day and one hour
>+	return long(time.mktime(time.strptime(l, "%Y-%m-%d")) - 86400) * 10000000 + d  # 86400s is one day
> 
> 
>-def s42unix_time(l):
>+def accountExpires2userexpiry(l):
> 	d = 116444736000000000L  # difference between 1601 and 1970
>-	return time.strftime("%d.%m.%y", time.gmtime((l - d) / 10000000))
>+	return time.strftime("%Y-%m-%d", time.localtime((l - d) / 10000000) + 86400)
> 
> 
> def samba2s4_time(l):
> 	d = 116444736000000000L  # difference between 1601 and 1970
>-	return long(time.mktime(time.localtime(l))) * 10000000 + d
>+	return long(l) * 10000000 + d
> 
> 
> def s42samba_time(l):
>@@ -2129,9 +2129,10 @@ class s4(univention.s4connector.ucs):
> 				modlist.append((ldap.MOD_REPLACE, 'accountExpires', ['9223372036854775807']))
> 		else:
> 			# ucs account expired
>-			if 'accountExpires' in ldap_object_s4 and ldap_object_s4['accountExpires'][0] != unix2s4_time(ucs_admin_object['userexpiry']):
>+			accountExpires_ucs = userexpiry2accountExpires(ucs_admin_object['userexpiry'])
>+			if 'accountExpires' in ldap_object_s4 and ldap_object_s4['accountExpires'][0] != accountExpires_ucs:
> 				# s4 account not expired -> change
>-				modlist.append((ldap.MOD_REPLACE, 'accountExpires', [str(unix2s4_time(ucs_admin_object['userexpiry']))]))
>+				modlist.append((ldap.MOD_REPLACE, 'accountExpires', [str(accountExpires_ucs)]))
> 
> 		if modlist:
> 			ud.debug(ud.LDAP, ud.ALL, "disable_user_from_ucs: modlist: %s" % modlist)
>@@ -2171,9 +2172,10 @@ class s4(univention.s4connector.ucs):
> 			# s4 account expired
> 			ud.debug(ud.LDAP, ud.INFO, "sync account_expire:      s4time: %s    unixtime: %s" % (long(ldap_object_s4['accountExpires'][0]), ucs_admin_object['userexpiry']))
> 
>-			if s42unix_time(long(ldap_object_s4['accountExpires'][0])) != ucs_admin_object['userexpiry']:
>+			userexpiry_s4 = accountExpires2userexpiry(long(ldap_object_s4['accountExpires'][0]))
>+			if userexpiry_s4 != ucs_admin_object['userexpiry']:
> 				# ucs account not expired -> change
>-				ucs_admin_object['userexpiry'] = s42unix_time(long(ldap_object_s4['accountExpires'][0]))
>+				ucs_admin_object['userexpiry'] = userexpiry_s4
> 				modified = 1
> 
> 		if modified:

Actions: View | Diff

Attachments on bug 41574: 9095 | 9407 | 9408 | 9412