ACL option to allow user to always edit his own password, in addition to other grants

passwd/acl_security.pl

@@ -24,12 +24,15 @@ print &ui_table_row($text{'acl_users'},
 	    " ".&group_chooser_button("groups", 1)."<br>\n".
 	    &ui_checkbox("sec", 1, $text{'acl_sec'}, $o->{'sec'})."<br>\n".
 	    $text{'acl_notusers'}." ".
-	    &ui_textbox("notusers", $o->{'notusers'}, 30)." ".
+	    &ui_textbox("notusers", $o->{'notusers'}, 20)." ".
 	    &user_chooser_button("notusers", 1) ],
 	  [ 6, $text{'acl_mode6'},
 	    &ui_textbox("match", $o->{'mode'} == 6 ? $o->{'users'} : "", 20) ],
 	]), 3);
 
+print &ui_table_row($text{'acl_self'},
+	&ui_yesno_radio("self", $o->{'self'}), 3);
+
 print &ui_table_row($text{'acl_repeat'},
 	&ui_yesno_radio("repeat", $o->{'repeat'}), 3);
 
@@ -63,6 +66,7 @@ $o->{'notusers'} = $in{'mode'} == 5 ? $in{'notusers'} : undef;
 $o->{'low'} = $in{'low'};
 $o->{'high'} = $in{'high'};
 $o->{'repeat'} = $in{'repeat'};
+$o->{'self'} = $in{'self'};
 $o->{'old'} = $in{'old'};
 $o->{'others'} = $in{'others'};
 $o->{'expire'} = $in{'expire'};

passwd/defaultacl

@@ -6,3 +6,4 @@ others=2
 noconfig=0
 expire=1
 sec=0
+self=0

passwd/lang/en

@@ -28,6 +28,7 @@ passwd_ok2=The password for user $1 has been changed successfully.
 log_passwd=Changed password for user $1
 
 acl_repeat=Must enter new password again?
+acl_self=Always allow own password to be changed?
 acl_old=Must enter old password?
 acl_old_this=Only for other users
 acl_others=Change password in other modules?

passwd/passwd-lib.pl

@@ -24,6 +24,10 @@ by useradmin::list_users.
 =cut
 sub can_edit_passwd
 {
+if ($access{'self'} && $_[0]->[0] eq $remote_user) {
+	# Self-editing override is enabled
+	return 1;
+	}
 if ($access{'mode'} == 0) {
 	# Can change any
 	return 1;