Allow users to be opted out of password expiry

WiWaG · Feb 13, 2008 · 21fbbd2 · 21fbbd2
1 parent 295014d
commit 21fbbd2
Show file tree

Hide file tree

Showing 7 changed files with 20 additions and 3 deletions.
diff --git a/acl/CHANGELOG b/acl/CHANGELOG
@@ -44,3 +44,4 @@ Added back the ability to edit the global ACL for groups.
 Updated the user interface to use the Webmin UI library.
 ---- Changes since 1.400 ----
 Fixed the display of modules granted to groups.
+Added a per-user option to opt out of forced password changes after a certain number of days.
diff --git a/acl/acl-lib.pl b/acl/acl-lib.pl
@@ -42,6 +42,7 @@ sub list_users
 		$user{'lastchange'} = $user[6];
 		$user{'olds'} = [ split(/\s+/, $user[7]) ];
 		$user{'minsize'} = $user[8];
+		$user{'nochange'} = int($user[9]);
 		$user{'modules'} = $acl{$user[0]};
 		$user{'lang'} = $gconfig{"lang_$user[0]"};
 		$user{'notabs'} = $gconfig{"notabs_$user[0]"};
@@ -133,7 +134,8 @@ sub create_user
 	join(" ", @times),":",
 	$user{'lastchange'},":",
 	join(" ", @{$user{'olds'}}),":",
-	$user{'minsize'},
+	$user{'minsize'},":",
+	$user{'nochange'},
 	"\n");
 &close_tempfile(PWFILE);
 &unlock_file($miniserv{'userfile'});
@@ -235,7 +237,8 @@ sub modify_user
 			join(" ", @times),":",
 			$user{'lastchange'},":",
 			join(" ", @{$user{'olds'}}),":",
-			$user{'minsize'},
+			$user{'minsize'},":",
+			$user{'nochange'},
 			"\n");
 		}
 	else {

diff --git a/acl/defaultacl b/acl/defaultacl
@@ -22,3 +22,4 @@ rbacenable=1
 logouttime=1
 times=1
 minsize=1
+nochange=1
diff --git a/acl/edit_user.cgi b/acl/edit_user.cgi
@@ -216,6 +216,13 @@ if ($access{'minsize'}) {
 		      		$text{'default'})." ".$text{'edit_chars'});
 	}
 
+if ($access{'nochange'} && $miniserv{'pass_maxdays'}) {
+	# Opt out of forced password change, for this user
+	print &ui_table_row($text{'edit_nochange'},
+		&ui_radio("nochange", $user{'nochange'}, [ [ 0, $text{'yes'} ],
+							   [ 1, $text{'no'} ] ]));
+	}
+
 if ($access{'ips'}) {
 	# Allowed IP addresses
 	print &ui_table_row(&hlink("<b>$text{'edit_ips'}</b>", "ips"),

diff --git a/acl/lang/en b/acl/lang/en
@@ -52,6 +52,7 @@ edit_logout=Inactivity logout time
 edit_mins=minutes
 edit_chars=letters
 edit_minsize=Minimum password length
+edit_nochange=Enforce password change days?
 edit_cert=SSL certificate name
 edit_none=None
 edit_ips=IP access control

diff --git a/acl/save_user.cgi b/acl/save_user.cgi
@@ -192,6 +192,8 @@ $user{'logouttime'} = !$access{'logouttime'} ? $old->{'logouttime'} :
 			$in{'logouttime_def'} ? undef : $in{'logouttime'};
 $user{'minsize'} = !$access{'minsize'} ? $old->{'minsize'} :
 			$in{'minsize_def'} ? undef : $in{'minsize'};
+$user{'nochange'} = !$access{'nochange'} || !defined($in{'nochange'}) ?
+			$old->{'nochange'} : $in{'nochange'};
 $user{'lastchange'} = $old->{'lastchange'};
 $user{'olds'} = $old->{'olds'};
 $user{'real'} = $in{'real'} =~ /\S/ ? $in{'real'} : undef;

diff --git a/miniserv.pl b/miniserv.pl
@@ -2935,7 +2935,7 @@ sub validate_user
 	if ($users{$webminuser} eq &unix_crypt($pass, $users{$webminuser})) {
 		# Password is valid .. but check for expiry
 		local $lc = $lastchanges{$user};
-		if ($config{'pass_maxdays'} && $lc) {
+		if ($config{'pass_maxdays'} && $lc && !$nochange{$user}) {
 			local $daysold = (time() - $lc)/(24*60*60);
 			print DEBUG "maxdays=$config{'pass_maxdays'} daysold=$daysold\n";
 			if ($config{'pass_lockdays'} &&
@@ -3896,6 +3896,7 @@ sub read_users_file
 undef(%allowdays);
 undef(%allowhours);
 undef(%lastchanges);
+undef(%nochange);
 if ($config{'userfile'}) {
 	open(USERS, $config{'userfile'});
 	while(<USERS>) {
@@ -3920,6 +3921,7 @@ sub read_users_file
 			$allowhours{$user[0]} = [ $1*60+$2, $3*60+$4 ];
 			}
 		$lastchanges{$user[0]} = $user[6];
+		$nochange{$user[0]} = $user[9];
 		}
 	close(USERS);
 	}