os.rename(File + ".tdb.tmp",File+".tdb");
# Generate the password list
-def GenPasswd(l,File,HomePrefix):
+def GenPasswd(l,File,HomePrefix,PwdMarker):
F = None;
try:
F = open(File + ".tdb.tmp","w");
if len(GetAttr(x,"gecos")) > 100 or len(GetAttr(x,"loginShell")) > 50:
continue;
- Line = "%s:x:%s:%s:%s:%s%s:%s" % (GetAttr(x,"uid"),\
+ Line = "%s:%s:%s:%s:%s:%s%s:%s" % (GetAttr(x,"uid"),\
+ PwdMarker,\
GetAttr(x,"uidNumber"),GetAttr(x,"gidNumber"),\
GetAttr(x,"gecos"),HomePrefix,GetAttr(x,"uid"),\
GetAttr(x,"loginShell"));
Pass = '*';
else:
Pass = Pass[7:];
+
+ # If the account is locked, mark it as such in shadow
+ # See Debian Bug #308229 for why we set it to 1 instead of 0
+ if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1) \
+ or GetAttr(x,"userPassword").startswith("!"):
+ ShadowExpire = '1'
+ else:
+ ShadowExpire = GetAttr(x,"shadowexpire")
+
Line = "%s:%s:%s:%s:%s:%s:%s:%s:" % (GetAttr(x,"uid"),\
Pass,GetAttr(x,"shadowLastChange"),\
GetAttr(x,"shadowMin"),GetAttr(x,"shadowMax"),\
GetAttr(x,"shadowWarning"),GetAttr(x,"shadowinactive"),\
- GetAttr(x,"shadowexpire"));
+ ShadowExpire);
Line = Sanitize(Line) + "\n";
F.write("0%u %s" % (I,Line));
F.write(".%s %s" % (GetAttr(x,"uid"),Line));
DoLink(GlobalDir,OutDir,"disabled-accounts")
sys.stdout.flush();
- GenPasswd(l,OutDir+"passwd",Split[1]);
+ if ExtraList.has_key("[NOPASSWD]"):
+ GenPasswd(l,OutDir+"passwd",Split[1], "*");
+ else:
+ GenPasswd(l,OutDir+"passwd",Split[1], "x");
sys.stdout.flush();
GenGroup(l,OutDir+"group");
if ExtraList.has_key("[UNTRUSTED]"):