From 968e5264a91d32528a00a32b81c823419ce6a489 Mon Sep 17 00:00:00 2001 From: Jamie Cameron Date: Tue, 14 Oct 2008 04:57:30 +0000 Subject: [PATCH] Check for expired or close to expired passwords, and tell user --- webmin/config | 1 + webmin/config.info | 1 + webmin/lang/en | 8 ++++ webmin/webmin-lib.pl | 87 ++++++++++++++++++++++++++++++++++++++++---- 4 files changed, 90 insertions(+), 7 deletions(-) diff --git a/webmin/config b/webmin/config index bc709eeaa..7b4a0d729 100644 --- a/webmin/config +++ b/webmin/config @@ -4,3 +4,4 @@ upshow=1 updays=1 cron_mode=0 osdn=1 +warn_days=7 diff --git a/webmin/config.info b/webmin/config.info index 652f6c40d..a29bd865b 100644 --- a/webmin/config.info +++ b/webmin/config.info @@ -2,3 +2,4 @@ standard_url=URL of standard modules list,3,On www.webmin.com third_url=URL of third party modules list,3,On www.webmin.com cron_mode=Show update times as,1,0-Simple interface,1-Cron time selector osdn=Fetch list of Webmin OSDN mirror sites?,1,1-Yes,0-No +warn_days=Days before password expiry to warn users,0,5 diff --git a/webmin/lang/en b/webmin/lang/en index 5090f9385..e46752ca8 100644 --- a/webmin/lang/en +++ b/webmin/lang/en @@ -836,3 +836,11 @@ debug_procs=Script types to debug debug_web=Web interface CGIs debug_cmd=Command line debug_cron=Background jobs + +notif_passexpired=Your Webmin password has expired! You will be forced to change it at the next login. +notif_passchange=Your Webmin password was last changed on $1, and must be changed in $2 days. +notif_passlock=Your Webmin password was last changed on $1, and your account will be locked in $2 days if it is not changed. +notif_changenow=You can change your password now in the Change Language and Theme module. +notif_unixwarn=Your Unix password was last changed on $1, and must be changed in $2 days. +notif_unixexpired=Your Unix password has expired! You will be forced to change it at the next login. + diff --git a/webmin/webmin-lib.pl b/webmin/webmin-lib.pl index db6ac7130..5504324cd 100644 --- a/webmin/webmin-lib.pl +++ b/webmin/webmin-lib.pl @@ -833,21 +833,94 @@ return %rv; # Print various notifications for the current user, if needed sub show_webmin_notifications { +local @notif = &get_webmin_notifications(); +if (@notifs) { + print "
\n",@notifs,"
\n"; + } +} + +# get_webmin_notifications() +# Returns a list of Webmin notification messages +sub get_webmin_notifications +{ +local @notifs; +local %miniserv; +&get_miniserv_config(\%miniserv); + # Need OS upgrade local %realos = &detect_operating_system(undef, 1); if (($realos{'os_version'} ne $gconfig{'os_version'} || $realos{'os_type'} ne $gconfig{'os_type'}) && &foreign_available("webmin")) { - print "
\n"; - print &ui_form_start("$gconfig{'webprefix'}/webmin/fix_os.cgi"); - print &text('os_incorrect', $realos{'real_os_type'}, - $realos{'real_os_version'}),"

\n"; - print &ui_form_end([ [ undef, $text{'os_fix'} ] ]); - print "

\n"; + push(@notifs, + &ui_form_start("$gconfig{'webprefix'}/webmin/fix_os.cgi"). + &text('os_incorrect', $realos{'real_os_type'}, + $realos{'real_os_version'})."

\n". + &ui_form_end([ [ undef, $text{'os_fix'} ] ]) + ); } # Password close to expiry -# XXX +local $warn_days = $config{'warn_days'}; +if (&foreign_check("acl")) { + # Get the Webmin user + &foreign_require("acl", "acl-lib.pl"); + local @users = &acl::list_users(); + local ($uinfo) = grep { $_->{'name'} eq $base_remote_user } @users; + if ($uinfo && $uinfo->{'pass'} eq 'x' && &foreign_check("useradmin")) { + # Unix auth .. check password in Users and Groups + &foreign_require("useradmin", "user-lib.pl"); + ($uinfo) = grep { $_->{'user'} eq $remote_user } + &useradmin::list_users(); + if ($uinfo && $uinfo->{'warn'} && $uinfo->{'change'} && + $uinfo->{'max'}) { + local $daysago = int(time()/(24*60*60)) - + $uinfo->{'change'}; + local $cdate = &make_date( + $uinfo->{'change'}*24*60*60, 1); + if ($daysago > $uinfo->{'max'}) { + # Passed expiry date + push(@notifs, &text('notif_unixexpired', + $cdate)); + } + elsif ($daysago > $uinfo->{'max'}-$uinfo->{'warn'}) { + # Passed warning date + push(@notifs, &text('notif_unixwarn', + $cdate, + $uinfo->{'max'}-$daysago)); + } + } + } + elsif ($uinfo && $uinfo->{'lastchange'}) { + # Webmin auth .. check password in Webmin + local $daysold = (time() - $uinfo->{'lastchange'})/(24*60*60); + local $link = &foreign_available("change-user") ? + &text('notif_changenow', + "$gconfig{'webprefix'}/change-user/")."

\n" : ""; + if ($miniserv{'pass_maxdays'} && + $daysold > $miniserv{'pass_maxdays'}) { + # Already expired + push(@notifs, &text('notif_passexpired')."

\n".$link); + } + elsif ($miniserv{'pass_maxdays'} && + $daysold > $miniserv{'pass_maxdays'} - $warn_days) { + # About to expire + push(@notifs, &text('notif_passchange', + &make_date($uinfo->{'lastchange'}, 1), + int($miniserv{'pass_maxdays'} - $daysold)). + "

\n".$link); + } + elsif ($miniserv{'pass_lockdays'} && + $daysold > $miniserv{'pass_lockdays'} - $warn_days) { + # About to lock out + push(@notifs, &text('notif_passlock', + &make_date($uinfo->{'lastchange'}, 1), + int($miniserv{'pass_maxdays'} - $daysold)). + "

\n".$link); + } + } + } +return @notifs; } # get_system_uptime()