diff --git a/lam/lib/modules/windowsUser.inc b/lam/lib/modules/windowsUser.inc index 53c20ad8..f9fb5947 100644 --- a/lam/lib/modules/windowsUser.inc +++ b/lam/lib/modules/windowsUser.inc @@ -3373,6 +3373,28 @@ class windowsUser extends baseModule implements passwordService { return $replacements; } + /** + * Returns if the given account is expired. + * + * @param array $attrs LDAP attributes + * @return bool expired + */ + public static function isAccountExpired($attrs) { + $attrs = array_change_key_case($attrs, CASE_LOWER); + if (empty($attrs['accountexpires'][0])) { + return false; + } + $value = $attrs['accountexpires'][0]; + if ($value < 1) { + return false; + } + $seconds = substr($value, 0, -7); + $time = new DateTime('1601-01-01', new DateTimeZone('UTC')); + $time->add(new DateInterval('PT' . $seconds . 'S')); + $now = new DateTime(null, getTimeZone()); + return ($time < $now); + } + } if (interface_exists('\LAM\JOB\Job', false)) { diff --git a/lam/lib/types/user.inc b/lam/lib/types/user.inc index 53d6a36b..721c7741 100644 --- a/lam/lib/types/user.inc +++ b/lam/lib/types/user.inc @@ -359,6 +359,13 @@ class user extends baseType { $expiredLabels[] = _('Shadow') . ': ' . _('Password expiration'); } } + $windowsModule = $container->getAccountModule('windowsUser'); + if ($windowsModule != null) { + $windowsAttrs = $windowsModule->getAttributes(); + if (windowsUser::isAccountExpired($windowsAttrs)) { + $expiredLabels[] = _('Windows') . ': ' . _('Account expiration'); + } + } if (!empty($expiredLabels)) { $expiredTip = ''; foreach ($expiredLabels as $label) { @@ -927,6 +934,7 @@ class lamUserList extends lamList { $attrs[] = 'shadowLastChange'; $attrs[] = 'shadowMax'; $attrs[] = 'shadowInactive'; + $attrs[] = 'accountExpires'; $attrs[] = 'objectClass'; } return $attrs; @@ -961,7 +969,8 @@ class lamUserList extends lamList { || ($windowsAvailable && !$windowsLocked); $shadowExpired = shadowAccount::isAccountExpired($this->entries[$i]); $shadowPasswordExpired = shadowAccount::isPasswordExpired($this->entries[$i]); - $expired = $shadowExpired || $shadowPasswordExpired; + $windowsExpired = windowsUser::isAccountExpired($this->entries[$i]); + $expired = $shadowExpired || $shadowPasswordExpired || $windowsExpired; $status = self::FILTER_UNLOCKED; if ($expired) { $status = self::FILTER_EXPIRED; @@ -1014,7 +1023,8 @@ class lamUserList extends lamList { && (!$windowsAvailable || $windowsLocked); $shadowExpired = shadowAccount::isAccountExpired($attrs); $shadowPasswordExpired = shadowAccount::isPasswordExpired($attrs); - $expired = $shadowExpired || $shadowPasswordExpired; + $windowsExpired = windowsUser::isAccountExpired($attrs); + $expired = $shadowExpired || $shadowPasswordExpired || $windowsExpired; $icon = 'unlocked.png'; if ($expired) { $icon = 'expired.png'; @@ -1066,6 +1076,9 @@ class lamUserList extends lamList { $windowsIcon = 'lock.png'; } $tipContent .= ''; + if ($windowsExpired) { + $tipContent .= ''; + } } if ($windowsAvailable && $windowsPasswordLocked) { $tipContent .= ''; diff --git a/lam/tests/lib/modules/shadowAccountTest.php b/lam/tests/lib/modules/shadowAccountTest.php index 43b9c458..bb3f9f80 100644 --- a/lam/tests/lib/modules/shadowAccountTest.php +++ b/lam/tests/lib/modules/shadowAccountTest.php @@ -3,7 +3,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2016 Roland Gruber + Copyright (C) 2016 - 2017 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -254,4 +254,4 @@ if (is_readable('lam/lib/passwordExpirationJob.inc')) { } -?> \ No newline at end of file +?> diff --git a/lam/tests/lib/modules/windowsUserTest.php b/lam/tests/lib/modules/windowsUserTest.php new file mode 100644 index 00000000..9c443adb --- /dev/null +++ b/lam/tests/lib/modules/windowsUserTest.php @@ -0,0 +1,84 @@ + array('user')); + + $this->assertFalse(windowsUser::isAccountExpired($attrs)); + } + + public function test_isAccountExpired_notExpired() { + $expire = $this->getTimeStamp(14); + $attrs = array( + 'objectClass' => array('user'), + 'accounTExpIRes' => array(0 => $expire) + ); + + $this->assertFalse(windowsUser::isAccountExpired($attrs)); + } + + public function test_isAccountExpired_expired() { + $expire = $this->getTimeStamp(-14); + $attrs = array( + 'objectClass' => array('user'), + 'accounTExpIRes' => array(0 => $expire) + ); + + $this->assertTrue(windowsUser::isAccountExpired($attrs)); + } + + /** + * Returns the timestamp from now with given time difference. + * + * @param int $diff time difference in days + */ + private function getTimeStamp($diff) { + $timeBase = new DateTime('1601-01-01', getTimeZone()); + $time = new DateTime(null, getTimeZone()); + if ($diff > 0) { + $time->add(new DateInterval('P' . $diff . 'D')); + } + else { + $time->sub(new DateInterval('P' . abs($diff) . 'D')); + } + $timeDiff = $time->diff($timeBase); + $days = $timeDiff->format('%a'); + $seconds = $days * 24 * 3600 - ($time->getOffset()); + echo $seconds . ' '; + return $seconds . '0000000'; + } + + } + +?>
' . _('Windows') . '  
' . _('Windows') . ': ' . _('Account expiration') . '  
' . _('Locked till') . '  ' . $windowsPasswordLockedTime->format('Y-m-d H:i:s') . '