From 93a06b38293659efd7902d2e1a7cd818a9aec48c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come@opensides.be>
Date: Wed, 19 Jun 2019 13:35:20 +0200
Subject: [PATCH] :sparkles: feat(ppolicy) Warn about ppolicy expiration if
 pwdExpireWarning is filled

issue #6001
---
 include/class_userinfo.inc              | 22 ++++++++++++++++++++++
 plugins/personal/generic/class_user.inc |  2 +-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/include/class_userinfo.inc b/include/class_userinfo.inc
index f6f92859d..e8d37e1fa 100644
--- a/include/class_userinfo.inc
+++ b/include/class_userinfo.inc
@@ -912,6 +912,28 @@ class userinfo
       if (!$ldap->success()) {
         return PPOLICY_ACCOUNT_EXPIRED;
       }
+
+      try {
+        list($policy, $attrs) = user::fetchPpolicy($this->dn);
+        if (
+          isset($policy['pwdExpireWarning'][0]) &&
+          isset($policy['pwdMaxAge'][0]) &&
+          isset($attrs['pwdChangedTime'][0])
+        ) {
+          $now                      = new DateTime('now', timezone::utc());
+          $pwdExpireWarningSeconds  = intval($policy['pwdExpireWarning'][0]);
+          $maxAge                   = $policy['pwdMaxAge'][0];
+          /* Build expiration date from pwdChangedTime and max age */
+          $expDate = LdapGeneralizedTime::fromString($attrs['pwdChangedTime'][0]);
+          $expDate->setTimezone(timezone::utc());
+          $expDate->add(new DateInterval('PT'.$maxAge.'S'));
+          if ($expDate->getTimeStamp() < ($now->getTimeStamp() + $pwdExpireWarningSeconds)) {
+            return POSIX_WARN_ABOUT_EXPIRATION;
+          }
+        }
+      } catch (NonExistingLdapNodeException $e) {
+        /* ppolicy not found in the LDAP */
+      }
     }
 
     if ($config->get_cfg_value('handleExpiredAccounts') != 'TRUE') {
diff --git a/plugins/personal/generic/class_user.inc b/plugins/personal/generic/class_user.inc
index b751ed397..39317d3d7 100644
--- a/plugins/personal/generic/class_user.inc
+++ b/plugins/personal/generic/class_user.inc
@@ -416,7 +416,7 @@ class user extends simplePlugin
 
     $policy = NULL;
     if (!empty($ppolicydn)) {
-      $ldap->cat($ppolicydn, ['pwdAllowUserChange', 'pwdMinLength', 'pwdMinAge', 'pwdSafeModify']);
+      $ldap->cat($ppolicydn, ['pwdAllowUserChange', 'pwdMinLength', 'pwdMinAge', 'pwdSafeModify', 'pwdExpireWarning', 'pwdMaxAge']);
       $policy = $ldap->fetch();
       if (!$policy) {
         throw new NonExistingLdapNodeException(sprintf(_('Ppolicy "%s" could not be found in the LDAP!'), $ppolicydn));
-- 
GitLab