From: Mark Hymers <mark@hymers.org.uk>
Date: Wed, 26 Dec 2007 00:36:13 +0000 (+0000)
Subject: Set shadow expiry for locked accounts
X-Git-Tag: userdir-ldap-0.3.16~20^2~2^2
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=commitdiff_plain;h=a16c92fd46fc40665ede85a4328a89586f6575ba

Set shadow expiry for locked accounts
---

diff --git a/ud-generate b/ud-generate
index c6484cb..3a9840b 100755
--- a/ud-generate
+++ b/ud-generate
@@ -147,11 +147,20 @@ def GenShadow(l,File):
          Pass = '*';
       else:
          Pass = Pass[7:];
+
+      # If the account is locked, mark it as such in shadow
+      # See Debian Bug #308229 for why we set it to 1 instead of 0
+      if (string.find(GetAttr(x,"userPassword"),"*LK*")  != -1) \
+          or GetAttr(x,"userPassword").startswith("!"):
+         ShadowExpire = '1'
+      else:
+         ShadowExpire = GetAttr(x,"shadowexpire")
+
       Line = "%s:%s:%s:%s:%s:%s:%s:%s:" % (GetAttr(x,"uid"),\
               Pass,GetAttr(x,"shadowLastChange"),\
               GetAttr(x,"shadowMin"),GetAttr(x,"shadowMax"),\
               GetAttr(x,"shadowWarning"),GetAttr(x,"shadowinactive"),\
-              GetAttr(x,"shadowexpire"));
+              ShadowExpire);
       Line = Sanitize(Line) + "\n";
       F.write("0%u %s" % (I,Line));
       F.write(".%s %s" % (GetAttr(x,"uid"),Line));