--- /root/save_user.cgi.original 2004-08-10 15:06:07.000000000 +1000 +++ ldap-useradmin/save_user.cgi 2004-08-13 11:56:29.000000000 +1000 @@ -3,6 +3,8 @@ # Create, update or delete an LDAP user require './ldap-useradmin-lib.pl'; +require 'timelocal.pl'; +&error_setup($text{'usave_err'}); &ReadParse(); $ldap = &ldap_connect(); $schema = $ldap->schema(); @@ -141,6 +143,31 @@ $lastname = $in{'lastname'}; $real = $in{'real'}; $shell = $in{'shell'} eq '*' ? $in{'othersh'} : $in{'shell'}; + # Validate shadow-password inputs + $in{'min'} =~ /^[0-9]*$/ || + &error(&text('usave_emin', $in{'min'})); + $in{'max'} =~ /^[0-9]*$/ || + &error(&text('usave_emax', $in{'max'})); + $min = $in{'min'}; + $max = $in{'max'}; + if ($in{'expired'} ne "" && $in{'expirem'} ne "" + && $in{'expirey'} ne "") { + eval { $expire = timelocal(0, 0, 12, + $in{'expired'}, + $in{'expirem'}-1, + $in{'expirey'}-1900); }; + if ($@) { &error($text{'usave_eexpire'}); } + $expire = int($expire / (60*60*24)); + } + else { $expire = ''; } + $in{'warn'} =~ /^[0-9]*$/ || + &error(&text('usave_ewarn', $in{'warn'})); + $in{'inactive'} =~ /^[0-9]*$/ || + &error(&text('usave_einactive', $in{'inactive'})); + $warn = $in{'warn'}; + $inactive = $in{'inactive'}; + if ($in{'home_base'}) { $home = &useradmin::auto_home_dir($uconfig{'home_base'}, $user); } @@ -162,6 +189,15 @@ elsif ($in{'passmode'} == 3) { $pass = $pfx.&encrypt_password($in{'pass'}); } + $change = $in{'change'}; + $daynow = int(time() / (60*60*24)); + $force = $max ? $daynow - $max + 1 : 0; + $change = $in{'forcechange'} ? $force : + !%ouser ? $daynow : + $in{'passmode'} == 3 ? $daynow : + $in{'passmode'} == 2 && + $pass ne $ouser{'pass'} ? $daynow : + $change; + $gid = getgrnam($in{'gid'}); defined($gid) || &error(&text('usave_egid', $in{'gid'})); @@ -261,6 +297,15 @@ push(@classes, split(' ',$config{'other_class'})); push(@classes, $samba_class) if ($in{'samba'}); push(@classes, $cyrus_class) if ($in{'cyrus'}); + + push(@props, "shadowLastChange", $change) if ($change >= 0); + push(@props, "shadowMin", $min) if ($min); + push(@props, "shadowMax", $max) if ($max); + push(@props, "shadowExpire", $expire) if ($expire); + push(@props, "shadowWarning", $warn) if ($warn); + push(@props, "shadowInactive", $inactive) if ($inactive); + $base = &get_user_base(); $newdn = "uid=$user,$base"; &name_fields(); @@ -463,6 +508,53 @@ else { @classes = grep { $_ ne $cyrus_class } @classes; } + + if ($change >= 0) { + push(@props, "shadowLastChange", $change); + } + + if ($min) { + push(@props, "shadowMin", $min); + } + else { + push(@rprops, "shadowMin"); + } + + if ($max) { + push(@props, "shadowMax", $max); + } + else { + push(@rprops, "shadowMax"); + } + + if ($expire) { + push(@props, "shadowExpire", $expire); + } + else { + push(@rprops, "shadowExpire"); + } + + if ($warn) { + push(@props, "shadowWarning", $warn); + } + else { + push(@rprops, "shadowWarning"); + } + + if ($inactive) { + push(@props, "shadowInactive", $inactive); + } + else { + push(@rprops, "shadowInactive"); + } + @rprops = grep { defined($uinfo->get_value($_)) } @rprops; $newdn = $in{'dn'}; &name_fields(); @@ -776,7 +868,13 @@ 'real' => $_[0]->get_value("cn"), 'home' => $_[0]->get_value("homeDirectory"), 'shell' => $_[0]->get_value("loginShell"), - 'pass' => $_[0]->get_value("userPassword") ); + 'pass' => $_[0]->get_value("userPassword"), + 'shadowExpire' => $_[0]->get_value("shadowExpire"), + 'shadowMin' => $_[0]->get_value("shadowMin"), + 'shadowMax' => $_[0]->get_value("shadowMax"), + 'shadowWarning' => $_[0]->get_value("shadowWarning"), + 'shadowInactive' => $_[0]->get_value("shadowInactive"), $user{'pass'} =~ s/^{[a-z0-9]+}//i; return %user; }