diff --git a/lam/lib/modules/windowsUser.inc b/lam/lib/modules/windowsUser.inc
index 53c20ad8..f9fb5947 100644
--- a/lam/lib/modules/windowsUser.inc
+++ b/lam/lib/modules/windowsUser.inc
@@ -3373,6 +3373,28 @@ class windowsUser extends baseModule implements passwordService {
return $replacements;
}
+ /**
+ * Returns if the given account is expired.
+ *
+ * @param array $attrs LDAP attributes
+ * @return bool expired
+ */
+ public static function isAccountExpired($attrs) {
+ $attrs = array_change_key_case($attrs, CASE_LOWER);
+ if (empty($attrs['accountexpires'][0])) {
+ return false;
+ }
+ $value = $attrs['accountexpires'][0];
+ if ($value < 1) {
+ return false;
+ }
+ $seconds = substr($value, 0, -7);
+ $time = new DateTime('1601-01-01', new DateTimeZone('UTC'));
+ $time->add(new DateInterval('PT' . $seconds . 'S'));
+ $now = new DateTime(null, getTimeZone());
+ return ($time < $now);
+ }
+
}
if (interface_exists('\LAM\JOB\Job', false)) {
diff --git a/lam/lib/types/user.inc b/lam/lib/types/user.inc
index 53d6a36b..721c7741 100644
--- a/lam/lib/types/user.inc
+++ b/lam/lib/types/user.inc
@@ -359,6 +359,13 @@ class user extends baseType {
$expiredLabels[] = _('Shadow') . ': ' . _('Password expiration');
}
}
+ $windowsModule = $container->getAccountModule('windowsUser');
+ if ($windowsModule != null) {
+ $windowsAttrs = $windowsModule->getAttributes();
+ if (windowsUser::isAccountExpired($windowsAttrs)) {
+ $expiredLabels[] = _('Windows') . ': ' . _('Account expiration');
+ }
+ }
if (!empty($expiredLabels)) {
$expiredTip = '
';
foreach ($expiredLabels as $label) {
@@ -927,6 +934,7 @@ class lamUserList extends lamList {
$attrs[] = 'shadowLastChange';
$attrs[] = 'shadowMax';
$attrs[] = 'shadowInactive';
+ $attrs[] = 'accountExpires';
$attrs[] = 'objectClass';
}
return $attrs;
@@ -961,7 +969,8 @@ class lamUserList extends lamList {
|| ($windowsAvailable && !$windowsLocked);
$shadowExpired = shadowAccount::isAccountExpired($this->entries[$i]);
$shadowPasswordExpired = shadowAccount::isPasswordExpired($this->entries[$i]);
- $expired = $shadowExpired || $shadowPasswordExpired;
+ $windowsExpired = windowsUser::isAccountExpired($this->entries[$i]);
+ $expired = $shadowExpired || $shadowPasswordExpired || $windowsExpired;
$status = self::FILTER_UNLOCKED;
if ($expired) {
$status = self::FILTER_EXPIRED;
@@ -1014,7 +1023,8 @@ class lamUserList extends lamList {
&& (!$windowsAvailable || $windowsLocked);
$shadowExpired = shadowAccount::isAccountExpired($attrs);
$shadowPasswordExpired = shadowAccount::isPasswordExpired($attrs);
- $expired = $shadowExpired || $shadowPasswordExpired;
+ $windowsExpired = windowsUser::isAccountExpired($attrs);
+ $expired = $shadowExpired || $shadowPasswordExpired || $windowsExpired;
$icon = 'unlocked.png';
if ($expired) {
$icon = 'expired.png';
@@ -1066,6 +1076,9 @@ class lamUserList extends lamList {
$windowsIcon = 'lock.png';
}
$tipContent .= '' . _('Windows') . ' | |
';
+ if ($windowsExpired) {
+ $tipContent .= '' . _('Windows') . ': ' . _('Account expiration') . ' | |
';
+ }
}
if ($windowsAvailable && $windowsPasswordLocked) {
$tipContent .= '' . _('Locked till') . ' | ' . $windowsPasswordLockedTime->format('Y-m-d H:i:s') . ' |
';
diff --git a/lam/tests/lib/modules/shadowAccountTest.php b/lam/tests/lib/modules/shadowAccountTest.php
index 43b9c458..bb3f9f80 100644
--- a/lam/tests/lib/modules/shadowAccountTest.php
+++ b/lam/tests/lib/modules/shadowAccountTest.php
@@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
- Copyright (C) 2016 Roland Gruber
+ Copyright (C) 2016 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -254,4 +254,4 @@ if (is_readable('lam/lib/passwordExpirationJob.inc')) {
}
-?>
\ No newline at end of file
+?>
diff --git a/lam/tests/lib/modules/windowsUserTest.php b/lam/tests/lib/modules/windowsUserTest.php
new file mode 100644
index 00000000..9c443adb
--- /dev/null
+++ b/lam/tests/lib/modules/windowsUserTest.php
@@ -0,0 +1,84 @@
+ array('user'));
+
+ $this->assertFalse(windowsUser::isAccountExpired($attrs));
+ }
+
+ public function test_isAccountExpired_notExpired() {
+ $expire = $this->getTimeStamp(14);
+ $attrs = array(
+ 'objectClass' => array('user'),
+ 'accounTExpIRes' => array(0 => $expire)
+ );
+
+ $this->assertFalse(windowsUser::isAccountExpired($attrs));
+ }
+
+ public function test_isAccountExpired_expired() {
+ $expire = $this->getTimeStamp(-14);
+ $attrs = array(
+ 'objectClass' => array('user'),
+ 'accounTExpIRes' => array(0 => $expire)
+ );
+
+ $this->assertTrue(windowsUser::isAccountExpired($attrs));
+ }
+
+ /**
+ * Returns the timestamp from now with given time difference.
+ *
+ * @param int $diff time difference in days
+ */
+ private function getTimeStamp($diff) {
+ $timeBase = new DateTime('1601-01-01', getTimeZone());
+ $time = new DateTime(null, getTimeZone());
+ if ($diff > 0) {
+ $time->add(new DateInterval('P' . $diff . 'D'));
+ }
+ else {
+ $time->sub(new DateInterval('P' . abs($diff) . 'D'));
+ }
+ $timeDiff = $time->diff($timeBase);
+ $days = $timeDiff->format('%a');
+ $seconds = $days * 24 * 3600 - ($time->getOffset());
+ echo $seconds . ' ';
+ return $seconds . '0000000';
+ }
+
+ }
+
+?>