Windows expiration

This commit is contained in:
Roland Gruber 2017-10-19 19:32:22 +02:00
parent fb08739441
commit a52f4f1e5d
4 changed files with 123 additions and 4 deletions

View File

@ -3373,6 +3373,28 @@ class windowsUser extends baseModule implements passwordService {
return $replacements; return $replacements;
} }
/**
* Returns if the given account is expired.
*
* @param array $attrs LDAP attributes
* @return bool expired
*/
public static function isAccountExpired($attrs) {
$attrs = array_change_key_case($attrs, CASE_LOWER);
if (empty($attrs['accountexpires'][0])) {
return false;
}
$value = $attrs['accountexpires'][0];
if ($value < 1) {
return false;
}
$seconds = substr($value, 0, -7);
$time = new DateTime('1601-01-01', new DateTimeZone('UTC'));
$time->add(new DateInterval('PT' . $seconds . 'S'));
$now = new DateTime(null, getTimeZone());
return ($time < $now);
}
} }
if (interface_exists('\LAM\JOB\Job', false)) { if (interface_exists('\LAM\JOB\Job', false)) {

View File

@ -359,6 +359,13 @@ class user extends baseType {
$expiredLabels[] = _('Shadow') . ': ' . _('Password expiration'); $expiredLabels[] = _('Shadow') . ': ' . _('Password expiration');
} }
} }
$windowsModule = $container->getAccountModule('windowsUser');
if ($windowsModule != null) {
$windowsAttrs = $windowsModule->getAttributes();
if (windowsUser::isAccountExpired($windowsAttrs)) {
$expiredLabels[] = _('Windows') . ': ' . _('Account expiration');
}
}
if (!empty($expiredLabels)) { if (!empty($expiredLabels)) {
$expiredTip = '<table border=0>'; $expiredTip = '<table border=0>';
foreach ($expiredLabels as $label) { foreach ($expiredLabels as $label) {
@ -927,6 +934,7 @@ class lamUserList extends lamList {
$attrs[] = 'shadowLastChange'; $attrs[] = 'shadowLastChange';
$attrs[] = 'shadowMax'; $attrs[] = 'shadowMax';
$attrs[] = 'shadowInactive'; $attrs[] = 'shadowInactive';
$attrs[] = 'accountExpires';
$attrs[] = 'objectClass'; $attrs[] = 'objectClass';
} }
return $attrs; return $attrs;
@ -961,7 +969,8 @@ class lamUserList extends lamList {
|| ($windowsAvailable && !$windowsLocked); || ($windowsAvailable && !$windowsLocked);
$shadowExpired = shadowAccount::isAccountExpired($this->entries[$i]); $shadowExpired = shadowAccount::isAccountExpired($this->entries[$i]);
$shadowPasswordExpired = shadowAccount::isPasswordExpired($this->entries[$i]); $shadowPasswordExpired = shadowAccount::isPasswordExpired($this->entries[$i]);
$expired = $shadowExpired || $shadowPasswordExpired; $windowsExpired = windowsUser::isAccountExpired($this->entries[$i]);
$expired = $shadowExpired || $shadowPasswordExpired || $windowsExpired;
$status = self::FILTER_UNLOCKED; $status = self::FILTER_UNLOCKED;
if ($expired) { if ($expired) {
$status = self::FILTER_EXPIRED; $status = self::FILTER_EXPIRED;
@ -1014,7 +1023,8 @@ class lamUserList extends lamList {
&& (!$windowsAvailable || $windowsLocked); && (!$windowsAvailable || $windowsLocked);
$shadowExpired = shadowAccount::isAccountExpired($attrs); $shadowExpired = shadowAccount::isAccountExpired($attrs);
$shadowPasswordExpired = shadowAccount::isPasswordExpired($attrs); $shadowPasswordExpired = shadowAccount::isPasswordExpired($attrs);
$expired = $shadowExpired || $shadowPasswordExpired; $windowsExpired = windowsUser::isAccountExpired($attrs);
$expired = $shadowExpired || $shadowPasswordExpired || $windowsExpired;
$icon = 'unlocked.png'; $icon = 'unlocked.png';
if ($expired) { if ($expired) {
$icon = 'expired.png'; $icon = 'expired.png';
@ -1066,6 +1076,9 @@ class lamUserList extends lamList {
$windowsIcon = 'lock.png'; $windowsIcon = 'lock.png';
} }
$tipContent .= '<tr><td>' . _('Windows') . '&nbsp;&nbsp;</td><td><img height=16 width=16 src=&quot;../../graphics/' . $windowsIcon . '&quot;></td></tr>'; $tipContent .= '<tr><td>' . _('Windows') . '&nbsp;&nbsp;</td><td><img height=16 width=16 src=&quot;../../graphics/' . $windowsIcon . '&quot;></td></tr>';
if ($windowsExpired) {
$tipContent .= '<tr><td>' . _('Windows') . ': ' . _('Account expiration') . '&nbsp;&nbsp;</td><td><img height=16 width=16 src=&quot;../../graphics/expired.png&quot;></td></tr>';
}
} }
if ($windowsAvailable && $windowsPasswordLocked) { if ($windowsAvailable && $windowsPasswordLocked) {
$tipContent .= '<tr><td>' . _('Locked till') . '&nbsp;&nbsp;</td><td>' . $windowsPasswordLockedTime->format('Y-m-d H:i:s') . '</td></tr>'; $tipContent .= '<tr><td>' . _('Locked till') . '&nbsp;&nbsp;</td><td>' . $windowsPasswordLockedTime->format('Y-m-d H:i:s') . '</td></tr>';

View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2016 Roland Gruber Copyright (C) 2016 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by

View File

@ -0,0 +1,84 @@
<?php
/*
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
include_once 'lam/lib/baseModule.inc';
include_once 'lam/lib/modules.inc';
include_once 'lam/lib/modules/windowsUser.inc';
/**
* Checks the windowsUser class.
*
* @author Roland Gruber
*/
class WindowsUserTest extends PHPUnit_Framework_TestCase {
public function test_isAccountExpired_noAttr() {
$attrs = array('objectClass' => array('user'));
$this->assertFalse(windowsUser::isAccountExpired($attrs));
}
public function test_isAccountExpired_notExpired() {
$expire = $this->getTimeStamp(14);
$attrs = array(
'objectClass' => array('user'),
'accounTExpIRes' => array(0 => $expire)
);
$this->assertFalse(windowsUser::isAccountExpired($attrs));
}
public function test_isAccountExpired_expired() {
$expire = $this->getTimeStamp(-14);
$attrs = array(
'objectClass' => array('user'),
'accounTExpIRes' => array(0 => $expire)
);
$this->assertTrue(windowsUser::isAccountExpired($attrs));
}
/**
* Returns the timestamp from now with given time difference.
*
* @param int $diff time difference in days
*/
private function getTimeStamp($diff) {
$timeBase = new DateTime('1601-01-01', getTimeZone());
$time = new DateTime(null, getTimeZone());
if ($diff > 0) {
$time->add(new DateInterval('P' . $diff . 'D'));
}
else {
$time->sub(new DateInterval('P' . abs($diff) . 'D'));
}
$timeDiff = $time->diff($timeBase);
$days = $timeDiff->format('%a');
$seconds = $days * 24 * 3600 - ($time->getOffset());
echo $seconds . ' ';
return $seconds . '0000000';
}
}
?>