From: Peter Palfrader Date: Wed, 26 Dec 2007 08:44:42 +0000 (+0100) Subject: Set shadow expiry for locked accounts X-Git-Tag: userdir-ldap-0.3.16~23 X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=a68ea1d6816deb875bbec4ac5fbb332fd7e7535c;hp=b5d1c9eb0c00707a94f9553da76a4cf6a38a4b2a;p=mirror%2Fuserdir-ldap.git Set shadow expiry for locked accounts Explicity set shadow expiry to 1 for locked accounts. Patch from mhy. --- diff --git a/debian/changelog b/debian/changelog index f0c7af2..ca0ed89 100644 --- a/debian/changelog +++ b/debian/changelog @@ -17,8 +17,9 @@ userdir-ldap (0.3.15+xxx) XXunstable; urgency=low * ud-host: cleanup: Replace local copy HBaseDn of the centrally configured HostBaseDn [HE]. * Add myself to uploaders. + * Set shadow expiry to 1 for locked accounts [mhy]. - -- Peter Palfrader Tue, 25 Dec 2007 20:34:58 +0100 + -- Peter Palfrader Wed, 26 Dec 2007 09:44:24 +0100 userdir-ldap (0.3.15) unstable; urgency=low diff --git a/ud-generate b/ud-generate index c6484cb..3a9840b 100755 --- a/ud-generate +++ b/ud-generate @@ -147,11 +147,20 @@ def GenShadow(l,File): Pass = '*'; else: Pass = Pass[7:]; + + # If the account is locked, mark it as such in shadow + # See Debian Bug #308229 for why we set it to 1 instead of 0 + if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1) \ + or GetAttr(x,"userPassword").startswith("!"): + ShadowExpire = '1' + else: + ShadowExpire = GetAttr(x,"shadowexpire") + Line = "%s:%s:%s:%s:%s:%s:%s:%s:" % (GetAttr(x,"uid"),\ Pass,GetAttr(x,"shadowLastChange"),\ GetAttr(x,"shadowMin"),GetAttr(x,"shadowMax"),\ GetAttr(x,"shadowWarning"),GetAttr(x,"shadowinactive"),\ - GetAttr(x,"shadowexpire")); + ShadowExpire); Line = Sanitize(Line) + "\n"; F.write("0%u %s" % (I,Line)); F.write(".%s %s" % (GetAttr(x,"uid"),Line));