From e60aaf1a77312661d99d8d0184d77d2e6c9fd10e Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Mon, 16 Oct 2017 19:51:27 +0200 Subject: [PATCH] show expiration status --- lam/graphics/expired.png | Bin 0 -> 3648 bytes lam/lib/modules/shadowAccount.inc | 4 +- lam/lib/types/user.inc | 44 ++++++++++++++++++-- lam/tests/lib/modules/shadowAccountTest.php | 43 +++++++++++++++++-- 4 files changed, 83 insertions(+), 8 deletions(-) create mode 100644 lam/graphics/expired.png diff --git a/lam/graphics/expired.png b/lam/graphics/expired.png new file mode 100644 index 0000000000000000000000000000000000000000..f6cbf8914bbbc48d5c01accfbbf94f41d81313d8 GIT binary patch literal 3648 zcmV-G4!`kKLZ*U+IBfRsybQWXdwQbLP>6pAqfylh#{fb6;Z(vMMVS~$e@S=j*ftg6;Uhf59&ghTmgWD0l;*T zI709Y^p6lP1rIRMx#05C~cW=H_Aw*bJ-5DT&Z2n+x)QHX^p z00esgV8|mQcmRZ%02D^@S3L16t`O%c004NIvOKvYIYoh62rY33S640`D9%Y2D-rV&neh&#Q1i z007~1e$oCcFS8neI|hJl{-P!B1ZZ9hpmq0)X0i`JwE&>$+E?>%_LC6RbVIkUx0b+_+BaR3cnT7Zv!AJxW zizFb)h!jyGOOZ85F;a?DAXP{m@;!0_IfqH8(HlgRxt7s3}k3K`kFu>>-2Q$QMFfPW!La{h336o>X zu_CMttHv6zR;&ZNiS=X8v3CR#fknUxHUxJ0uoBa_M6WNWeqIg~6QE69c9o#eyhGvpiOA@W-aonk<7r1(?fC{oI5N*U!4 zfg=2N-7=cNnjjOr{yriy6mMFgG#l znCF=fnQv8CDz++o6_Lscl}eQ+l^ZHARH>?_s@|##Rr6KLRFA1%Q+=*RRWnoLsR`7U zt5vFIcfW3@?wFpwUVxrVZ>QdQz32KIeJ}k~{cZZE^+ya? z2D1z#2HOnI7(B%_ac?{wFUQ;QQA1tBKtrWrm0_3Rgps+?Jfqb{jYbcQX~taRB;#$y zZN{S}1|}gUOHJxc?wV3fxuz+mJ4`!F$IZ;mqRrNsHJd##*D~ju=bP7?-?v~|cv>vB zsJ6IeNwVZxrdjT`yl#bBIa#GxRa#xMMy;K#CDyyGyQdMSxlWT#tDe?p!?5wT$+oGt z8L;Kp2HUQ-ZMJ=3XJQv;x5ci*?vuTfeY$;({XGW_huIFR9a(?@3)XSs8O^N5RyOM=TTmp(3=8^+zpz2r)C z^>JO{deZfso3oq3?Wo(Y?l$ge?uXo;%ru`Vo>?<<(8I_>;8Eq#KMS9gFl*neeosSB zfoHYnBQIkwkyowPu(zdms`p{<7e4kra-ZWq<2*OsGTvEV%s0Td$hXT+!*8Bnh2KMe zBmZRodjHV?r+_5^X9J0WL4jKW`}lf%A-|44I@@LTvf1rHjG(ze6+w@Jt%Bvjts!X0 z?2xS?_ve_-kiKB_KiJlZ$9G`c^=E@oNG)mWWaNo-3TIW8)$Hg0Ub-~8?KhvJ>$ z3*&nim@mj(aCxE5!t{lw7O5^0EIO7zOo&c6l<+|iDySBWCGrz@C5{St!X3hAA}`T4 z(TLbXTq+(;@<=L8dXnssyft|w#WSTW<++3>sgS%(4NTpeI-VAqb|7ssJvzNHgOZVu zaYCvgO_R1~>SyL=cFU|~g|hy|Zi}}s9+d~lYqOB71z9Z$wnC=pR9Yz4DhIM>Wmjgu z&56o6maCpC&F##y%G;1PobR9i?GnNg;gYtchD%p19a!eQtZF&3JaKv33gZ<8D~47E ztUS1iwkmDaPpj=$m#%)jCVEY4fnLGNg2A-`YwHVD3gv};>)hAvT~AmqS>Lr``i7kw zJ{5_It`yrBmlc25DBO7E8;5VoznR>Ww5hAaxn$2~(q`%A-YuS64wkBy=9dm`4cXeX z4c}I@?e+FW+b@^RDBHV(wnMq2zdX3SWv9u`%{xC-q*U}&`cyXV(%rRT*Z6MH?i+i& z_B8C(+grT%{XWUQ+f@NoP1R=AW&26{v-dx)iK^-Nmiuj8txj!m?Z*Ss1N{dh4z}01 z)YTo*JycSU)+_5r4#yw9{+;i4Ee$peRgIj+;v;ZGdF1K$3E%e~4LaI(jC-u%2h$&R z9cLXcYC@Xwnns&bn)_Q~Te?roKGD|d-g^8;+aC{{G(1^(O7m37Y1-+6)01cN&y1aw zoqc{T`P^XJqPBbIW6s}d4{z_f5Om?vMgNQEJG?v2T=KYd^0M3I6IZxbny)%vZR&LD zJpPl@Psh8QyPB@KTx+@RdcC!KX7}kEo;S|j^u2lU7XQ}Oo;f|;z4Ll+_r>@1-xl3| zawq-H%e&ckC+@AhPrP6BKT#_XdT7&;F71j}Joy zkC~6lh7E@6o;W@^IpRNZ{ptLtL(gQ-CY~4mqW;US7Zxvm_|@yz&e53Bp_lTPlfP|z zrTyx_>lv@x#=^!PzR7qqF<$gm`|ZJZ+;<)Cqu&ot2z=00004XF*Lt006O$eEU(80000WV@Og>004R=004l4008;_004mL004C` z008P>0026e000+nl3&F}000A9Nkl9yB_INN11Jkm&x3-p^-d>J8)b=Cr7BIgPIN&(W&(JnL+~@UT zmuyyJF|N%qw+ft`7#lnG=hzsh&pgA#sE_%% zITXMsGkB`!X{2ovTv)(&`7)1pJ;wA^KYvV2JPe#w9Y?(xxr&AyVT7`>AzaP8gF!1%a*tYY6x)_cgUXCoGIFi^(3{}(EvMd4)WEB<5 zFj%xDE0#q<=tS2yC=~KUBN2kP!Ux3i@*N|QNzv5Q$lUxKC0*buT8!L|(s1rw5}7m? zR#&*IWFsw;uT+)#C%d^h9UvB4R)uX@If?2T7#tv-&m)#^Q&m;P+S~6i?)UTkz#u8x zK}l|*WV56ko2gGerJ<>bqG?*fDp}*rjg6;jYpR)?nqniqfxDuTq2GVw=U;z81B5D2 zGFb}JX7AlqbhNiqxyyrTnv+`hvEy4_@BZgh$0n6Xl1Qgmi*FG6Cqx+(Q-Glvhg(AIGj%Pzek@`e0(GLal=Y;Has--si0of|jjDOwgFkrITe;?f13k335I zkv8%ro9*qyh;A5HgrZ2ZXchXy(Nt^Svu7W?9ta>EhwaTR^l}4GC>Bi)wY1Q2w1ZSS zO?-PZ==D^-Dy5SZp-_mjva+S&;Y%+~PyhAJoBjQDPn $now); + return ($time < $now); } } diff --git a/lam/lib/types/user.inc b/lam/lib/types/user.inc index 9ca5c3c3..ede0a5d8 100644 --- a/lam/lib/types/user.inc +++ b/lam/lib/types/user.inc @@ -346,7 +346,25 @@ class user extends baseType { if ($isEditable) { $onClick = 'onclick="showConfirmationDialog(\'' . _('Change account status') . '\', \'' . _('Ok') . '\', \'' . _('Cancel') . '\', \'lam_accountStatusDialog\', \'inputForm\', \'lam_accountStatusResult\');"'; } - return $dialogDiv . 'status   '; + $dialogDiv .= 'status   '; + // expiration status + $expiredLabels = array(); + $shadowModule = $container->getAccountModule('shadowAccount'); + if ($shadowModule != null) { + $shadowAttrs = $shadowModule->getAttributes(); + if (shadowAccount::isAccountExpired($shadowAttrs)) { + $expiredLabels[] = _('Shadow'); + } + } + if (!empty($expiredLabels)) { + $expiredTip = ''; + foreach ($expiredLabels as $label) { + $expiredTip .= ''; + } + $expiredTip .= '
' . $label . '
'; + $dialogDiv .= 'expired   '; + } + return $dialogDiv; } /** @@ -899,6 +917,7 @@ class lamUserList extends lamList { $attrs[] = 'lockoutTime'; $attrs[] = 'nsAccountLock'; $attrs[] = 'accountUnlockTime'; + $attrs[] = 'shadowExpire'; $attrs[] = 'objectClass'; } return $attrs; @@ -978,16 +997,25 @@ class lamUserList extends lamList { && (!$sambaAvailable || $sambaLocked) && (!$ppolicyAvailable || $ppolicyLocked) && (!$windowsAvailable || $windowsLocked); + $shadowExpired = shadowAccount::isAccountExpired($attrs); + $expired = $shadowExpired; $icon = 'unlocked.png'; - if ($fullyLocked) { + if ($expired) { + $icon = 'expired.png'; + } + elseif ($fullyLocked) { $icon = 'lock.png'; } elseif ($partiallyLocked) { $icon = 'partiallyLocked.png'; } // print icon and detail tooltips - if ($unixAvailable || $sambaAvailable || $ppolicyAvailable || $windowsAvailable || $is389dsDeactivated) { + if ($unixAvailable || $sambaAvailable || $ppolicyAvailable || $windowsAvailable || $is389dsDeactivated || $expired) { $tipContent = ''; + // Shadow expired + if ($shadowExpired) { + $tipContent .= ''; + } // Unix if ($unixAvailable) { $unixIcon = 'unlocked.png'; @@ -1049,6 +1077,16 @@ class lamUserList extends lamList { return (isset($attrs['objectclass']) && in_array_ignore_case('posixAccount', $attrs['objectclass']) && isset($attrs['userpassword'][0])); } + /** + * Returns if the Shadow part exists. + * + * @param array $attrs LDAP attributes + * @return boolean Shadow part exists + */ + public static function isShadowAvailable(&$attrs) { + return (isset($attrs['objectclass']) && in_array_ignore_case('shadowAccount', $attrs['objectclass'])); + } + /** * Returns if the Unix part is locked. * diff --git a/lam/tests/lib/modules/shadowAccountTest.php b/lam/tests/lib/modules/shadowAccountTest.php index bfcacd30..f46a0f3c 100644 --- a/lam/tests/lib/modules/shadowAccountTest.php +++ b/lam/tests/lib/modules/shadowAccountTest.php @@ -21,13 +21,50 @@ */ -if (is_readable('lam/lib/passwordExpirationJob.inc')) { - include_once 'lam/lib/baseModule.inc'; include_once 'lam/lib/modules.inc'; - include_once 'lam/lib/passwordExpirationJob.inc'; + if (is_readable('lam/lib/passwordExpirationJob.inc')) { + include_once 'lam/lib/passwordExpirationJob.inc'; + } include_once 'lam/lib/modules/shadowAccount.inc'; + /** + * Checks the shadowAccount class. + * + * @author Roland Gruber + */ + class ShadowAccountTest extends PHPUnit_Framework_TestCase { + + public function test_isAccountExpired_noAttr() { + $attrs = array('objectClass' => array('shadowAccount')); + + $this->assertFalse(shadowAccount::isAccountExpired($attrs)); + } + + public function test_isAccountExpired_notExpired() { + $expire = intval(time() / (24*3600)) + 10000; + $attrs = array( + 'objectClass' => array('shadowAccount'), + 'sHadoweXpirE' => array(0 => $expire) + ); + + $this->assertFalse(shadowAccount::isAccountExpired($attrs)); + } + + public function test_isAccountExpired_expired() { + $expire = intval(time() / (24*3600)) - 10000; + $attrs = array( + 'objectClass' => array('shadowAccount'), + 'sHadoweXpirE' => array(0 => $expire) + ); + + $this->assertTrue(shadowAccount::isAccountExpired($attrs)); + } + + } + +if (is_readable('lam/lib/passwordExpirationJob.inc')) { + /** * Checks the shadow expire job. *
' . _('Shadow') . '