[Da-tools-commits] r359 .: Set shadow expiry for locked accounts

[Peter Palfrader]

------------------------------------------------------------
revno: 359
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Wed 2007-12-26 09:44:42 +0100
message:
  Set shadow expiry for locked accounts
  
  Explicity set shadow expiry to 1 for locked accounts.  Patch from mhy.
modified:
  debian/changelog
  ud-generate
    ------------------------------------------------------------
    revno: 349.1.3.1.1
    committer: Mark Hymers <mark at hymers.org.uk>
    branch nick: userdir-ldap-common-shadow
    timestamp: Wed 2007-12-26 00:36:13 +0000
    message:
      Set shadow expiry for locked accounts
    modified:
      ud-generate
    ------------------------------------------------------------
    revno: 349.1.4
    committer: Mark Hymers <mark at hymers.org.uk>
    branch nick: userdir-ldap-common
    timestamp: Wed 2007-12-26 00:37:11 +0000
    message:
      Merge shadow branch
    modified:
      ud-generate
-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog	2007-12-25 19:35:12 +0000
+++ b/debian/changelog	2007-12-26 08:44:42 +0000
@@ -17,8 +17,9 @@
   * ud-host: cleanup: Replace local copy HBaseDn of the centrally
     configured HostBaseDn [HE].
   * Add myself to uploaders.
+  * Set shadow expiry to 1 for locked accounts [mhy].
 
- -- Peter Palfrader <weasel at debian.org>  Tue, 25 Dec 2007 20:34:58 +0100
+ -- Peter Palfrader <weasel at debian.org>  Wed, 26 Dec 2007 09:44:24 +0100
 
 userdir-ldap (0.3.15) unstable; urgency=low
 

=== modified file 'ud-generate'
--- a/ud-generate	2007-09-04 17:11:52 +0000
+++ b/ud-generate	2007-12-26 00:36:13 +0000
@@ -147,11 +147,20 @@
          Pass = '*';
       else:
          Pass = Pass[7:];
+
+      # If the account is locked, mark it as such in shadow
+      # See Debian Bug #308229 for why we set it to 1 instead of 0
+      if (string.find(GetAttr(x,"userPassword"),"*LK*")  != -1) \
+          or GetAttr(x,"userPassword").startswith("!"):
+         ShadowExpire = '1'
+      else:
+         ShadowExpire = GetAttr(x,"shadowexpire")
+
       Line = "%s:%s:%s:%s:%s:%s:%s:%s:" % (GetAttr(x,"uid"),\
               Pass,GetAttr(x,"shadowLastChange"),\
               GetAttr(x,"shadowMin"),GetAttr(x,"shadowMax"),\
               GetAttr(x,"shadowWarning"),GetAttr(x,"shadowinactive"),\
-              GetAttr(x,"shadowexpire"));
+              ShadowExpire);
       Line = Sanitize(Line) + "\n";
       F.write("0%u %s" % (I,Line));
       F.write(".%s %s" % (GetAttr(x,"uid"),Line));