/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
*
* Copyright 2006-2009 Sun Microsystems, Inc.
* Portions Copyright 2011-2013 ForgeRock AS
*/
/**
* This class provides a tool that can be used to perform various kinds of
* account management using the password policy state extended operation.
*/
public class ManageAccount
{
/**
* The fully-qualified name of this class.
*/
private static final String CLASS_NAME =
"org.opends.server.tools.ManageAccount";
/**
* The name of the subcommand that will be used to get all password policy
* state information for the user.
*/
/**
* The name of the subcommand that will be used to get the DN of the password
* policy for a given user.
*/
private static final String SC_GET_PASSWORD_POLICY_DN =
"get-password-policy-dn";
/**
* The name of the subcommand that will be used to get the disabled state for
* a user.
*/
private static final String SC_GET_ACCOUNT_DISABLED_STATE =
"get-account-is-disabled";
/**
* The name of the subcommand that will be used to set the disabled state for
* a user.
*/
private static final String SC_SET_ACCOUNT_DISABLED_STATE =
"set-account-is-disabled";
/**
* The name of the subcommand that will be used to clear the disabled state
* for a user.
*/
private static final String SC_CLEAR_ACCOUNT_DISABLED_STATE =
"clear-account-is-disabled";
/**
* The name of the subcommand that will be used to get the account expiration
* time.
*/
private static final String SC_GET_ACCOUNT_EXPIRATION_TIME =
"get-account-expiration-time";
/**
* The name of the subcommand that will be used to set the account expiration
* time.
*/
private static final String SC_SET_ACCOUNT_EXPIRATION_TIME =
"set-account-expiration-time";
/**
* The name of the subcommand that will be used to clear the account
* expiration time.
*/
private static final String SC_CLEAR_ACCOUNT_EXPIRATION_TIME =
"clear-account-expiration-time";
/**
* The name of the subcommand that will be used to get the length of time
* before the account expires.
*/
private static final String SC_GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION =
"get-seconds-until-account-expiration";
/**
* The name of the subcommand that will be used to get the time the password
* was last changed.
*/
private static final String SC_GET_PASSWORD_CHANGED_TIME =
"get-password-changed-time";
/**
* The name of the subcommand that will be used to set the time the password
* was last changed.
*/
private static final String SC_SET_PASSWORD_CHANGED_TIME =
"set-password-changed-time";
/**
* The name of the subcommand that will be used to clear the time the password
* was last changed.
*/
private static final String SC_CLEAR_PASSWORD_CHANGED_TIME =
"clear-password-changed-time";
/**
* The name of the subcommand that will be used to get the time the user was
* first warned about an upcoming password expiration.
*/
private static final String SC_GET_PASSWORD_EXP_WARNED_TIME =
"get-password-expiration-warned-time";
/**
* The name of the subcommand that will be used to set the time the user was
* first warned about an upcoming password expiration.
*/
private static final String SC_SET_PASSWORD_EXP_WARNED_TIME =
"set-password-expiration-warned-time";
/**
* The name of the subcommand that will be used to clear the time the user was
* first warned about an upcoming password expiration.
*/
private static final String SC_CLEAR_PASSWORD_EXP_WARNED_TIME =
"clear-password-expiration-warned-time";
/**
* The name of the subcommand that will be used to get the length of time
* before the password expires.
*/
private static final String SC_GET_SECONDS_UNTIL_PASSWORD_EXPIRATION =
"get-seconds-until-password-expiration";
/**
* The name of the subcommand that will be used to get the length of time
* before the user is first warned about an upcoming password expiration.
*/
private static final String SC_GET_SECONDS_UNTIL_PASSWORD_EXPIRATION_WARNING =
"get-seconds-until-password-expiration-warning";
/**
* The name of the subcommand that will be used to get the authentication
* failure times for the user.
*/
private static final String SC_GET_AUTHENTICATION_FAILURE_TIMES =
"get-authentication-failure-times";
/**
* The name of the subcommand that will be used to add an authentication
* failure time for the user.
*/
private static final String SC_ADD_AUTHENTICATION_FAILURE_TIME =
"add-authentication-failure-time";
/**
* The name of the subcommand that will be used to set the authentication
* failure times for the user.
*/
private static final String SC_SET_AUTHENTICATION_FAILURE_TIMES =
"set-authentication-failure-times";
/**
* The name of the subcommand that will be used to clear the authentication
* failure times for the user.
*/
private static final String SC_CLEAR_AUTHENTICATION_FAILURE_TIMES =
"clear-authentication-failure-times";
/**
* The name of the subcommand that will be used to get the length of time
* before the user's account is unlocked.
*/
private static final String
"get-seconds-until-authentication-failure-unlock";
/**
* The name of the subcommand that will be used to get the number of remaining
* authentication failures for the user.
*/
private static final String SC_GET_REMAINING_AUTHENTICATION_FAILURE_COUNT =
"get-remaining-authentication-failure-count";
/**
* The name of the subcommand that will be used to get the last login time for
* the user.
*/
private static final String SC_GET_LAST_LOGIN_TIME =
"get-last-login-time";
/**
* The name of the subcommand that will be used to set the last login time for
* the user.
*/
private static final String SC_SET_LAST_LOGIN_TIME =
"set-last-login-time";
/**
* The name of the subcommand that will be used to clear the last login time
* for the user.
*/
private static final String SC_CLEAR_LAST_LOGIN_TIME =
"clear-last-login-time";
/**
* The name of the subcommand that will be used to get the length of time
* before the account is idle locked.
*/
private static final String SC_GET_SECONDS_UNTIL_IDLE_LOCKOUT =
"get-seconds-until-idle-lockout";
/**
* The name of the subcommand that will be used to get the password reset
* state for a user.
*/
private static final String SC_GET_PASSWORD_RESET_STATE =
"get-password-is-reset";
/**
* The name of the subcommand that will be used to set the password reset
* state for a user.
*/
private static final String SC_SET_PASSWORD_RESET_STATE =
"set-password-is-reset";
/**
* The name of the subcommand that will be used to clear the password reset
* state for a user.
*/
private static final String SC_CLEAR_PASSWORD_RESET_STATE =
"clear-password-is-reset";
/**
* The name of the subcommand that will be used to get the length of time
* before the password reset lockout occurs.
*/
private static final String SC_GET_SECONDS_UNTIL_PASSWORD_RESET_LOCKOUT =
"get-seconds-until-password-reset-lockout";
/**
* The name of the subcommand that will be used to get the grace login use
* times for the user.
*/
private static final String SC_GET_GRACE_LOGIN_USE_TIMES =
"get-grace-login-use-times";
/**
* The name of the subcommand that will be used to add a grace login use time
* for the user.
*/
private static final String SC_ADD_GRACE_LOGIN_USE_TIME =
"add-grace-login-use-time";
/**
* The name of the subcommand that will be used to set the grace login use
* times for the user.
*/
private static final String SC_SET_GRACE_LOGIN_USE_TIMES =
"set-grace-login-use-times";
/**
* The name of the subcommand that will be used to clear the grace login use
* times for the user.
*/
private static final String SC_CLEAR_GRACE_LOGIN_USE_TIMES =
"clear-grace-login-use-times";
/**
* The name of the subcommand that will be used to get number of remaining
* grace logins for the user.
*/
private static final String SC_GET_REMAINING_GRACE_LOGIN_COUNT =
"get-remaining-grace-login-count";
/**
* The name of the subcommand that will be used to get the password changed by
* required time for the user.
*/
private static final String SC_GET_PASSWORD_CHANGED_BY_REQUIRED_TIME =
"get-password-changed-by-required-time";
/**
* The name of the subcommand that will be used to set the password changed by
* required time for the user.
*/
private static final String SC_SET_PASSWORD_CHANGED_BY_REQUIRED_TIME =
"set-password-changed-by-required-time";
/**
* The name of the subcommand that will be used to clear the password changed
* by required time for the user.
*/
private static final String SC_CLEAR_PASSWORD_CHANGED_BY_REQUIRED_TIME =
"clear-password-changed-by-required-time";
/**
* The name of the subcommand that will be used to get the length of time
* change time.
*/
private static final String SC_GET_SECONDS_UNTIL_REQUIRED_CHANGE_TIME =
"get-seconds-until-required-change-time";
/**
* The name of the subcommand that will be used to get the password history
* state values.
*/
/**
* The name of the subcommand that will be used to clear the password history
* state values.
*/
private static final String SC_CLEAR_PASSWORD_HISTORY =
"clear-password-history";
/**
* The name of the argument that will be used for holding the value(s) to use
* for the target operation.
*/
/**
* The value that will be used when encoding a password policy state operation
* that should not have any values.
*/
// The LDAP reader used to read responses from the server.
private static LDAPReader ldapReader;
// The LDAP writer used to send requests to the server.
private static LDAPWriter ldapWriter;
// The counter that will be used for LDAP message IDs.
private static AtomicInteger nextMessageID;
// The connection to the server.
private static LDAPConnection connection;
// The print stream to use when writing messages to standard error.
private static PrintStream err;
// The print stream to use when writing messages to standard output.
private static PrintStream out;
// The DN of the user to target with the operation.
private static String targetDNString;
// The argument parser for this tool.
private static SubCommandArgumentParser argParser;
/**
* Parses the command-line arguments, connects to the server, and performs the
* appropriate processing.
*
* @param args The command-line arguments provided to this program.
*/
{
if (returnCode != 0)
{
}
}
/**
* Parses the command-line arguments, connects to the server, and performs the
* appropriate processing.
*
* @param args The command-line arguments provided to this program.
* @param initServer Indicates whether to initialize the server.
* @param outStream The output stream to use for standard output, or
* {@code null} if standard output is not needed.
* @param errStream The output stream to use for standard error, or
* {@code null} if standard error is not needed.
*
* @return A result code indicating whether the processing was successful.
*/
{
// Parse the command-line arguments provided to the program.
if (result < 0)
{
// This should only happen if we're only displaying usage information or
// doing something else other than actually running the tool.
return LDAPResultCode.SUCCESS;
}
{
return result;
}
try
{
try
{
// Use the subcommand provided to figure out how to encode the request.
{
return result;
}
}
catch(Exception e)
{
// TODO: Better message
}
builder.toByteString());
try
{
}
catch (Exception e)
{
getExceptionMessage(e));
}
// Read the response from the server.
try
{
if (responseMessage == null)
{
}
{
return resultCode;
}
// Skip the target user DN element
while(reader.hasNextElement())
{
// Get the response value and parse its individual elements.
int opType;
try
{
if (reader.hasNextElement())
{
while(reader.hasNextElement())
{
}
}
}
catch (Exception e)
{
getExceptionMessage(e));
continue;
}
switch (opType)
{
break;
break;
break;
message =
break;
break;
message =
break;
message =
break;
message =
.get();
break;
break;
message =
break;
break;
case OP_GET_LAST_LOGIN_TIME:
break;
break;
break;
message =
.get();
break;
break;
break;
message =
break;
message =
.get();
break;
case OP_GET_PASSWORD_HISTORY:
break;
default:
break;
}
}
}
catch (Exception e)
{
getExceptionMessage(e));
}
// If we've gotten here, then everything completed successfully.
return 0;
}
finally
{
// Close the connection to the server if it's active.
if (connection != null)
{
}
}
}
/**
* Initializes the argument parser for this tool, parses the provided
* arguments, and establishes a connection to the server.
*
* @param args Command arguments to parse.
* @param initServer Indicates whether to initialize the server.
* @return A result code that indicates the result of the processing. A
* value of zero indicates that all processing completed
* successfully. A value of -1 indicates that only the usage
* information was displayed and no further action is required.
*/
{
false);
try
{
OPTION_LONG_HOST, false, false, true,
port = new IntegerArgument(
"port", OPTION_SHORT_PORT,
OPTION_LONG_PORT, false, false, true,
null, true, 1,
OPTION_LONG_BINDDN, false, false, true,
OPTION_LONG_BINDPWD, false, false,
true,
bindPWFile = new FileBasedArgument(
"bindpwfile",
false, false,
null,
saslOption = new StringArgument(
"sasloption", OPTION_SHORT_SASLOPTION,
OPTION_LONG_SASLOPTION, false,
true, true,
false, false, true,
false, false, true,
OPTION_LONG_KEYSTORE_PWD_FILE, false, false,
null,
certNickname = new StringArgument(
"certnickname", 'N', "certNickname",
trustStoreFile = new StringArgument(
"truststorefile",
false, false, true,
trustStorePW = new StringArgument(
"truststorepw", 'T',
false, false,
false, false,
showUsage = new BooleanArgument(
"showusage", OPTION_SHORT_HELP,
msg);
"operationValue", true, false, true,
booleanValues, false,
false, false, true, INFO_TIME_PLACEHOLDER.get(),
msg =
.get();
new SubCommand(argParser,
msg);
false, false, true, INFO_TIME_PLACEHOLDER.get(),
.get();
.get();
false, false, true, INFO_TIME_PLACEHOLDER.get(),
.get();
msg);
.get();
new SubCommand(argParser,
msg);
false, true, true, INFO_TIME_PLACEHOLDER.get(),
msg);
false, true, true, INFO_TIME_PLACEHOLDER.get(),
msg);
.get();
new SubCommand(argParser,
msg);
msg =
msg);
false, false, true, INFO_TIME_PLACEHOLDER.get(),
"operationValue", true, false, true,
booleanValues, false,
msg);
false, true, true, INFO_TIME_PLACEHOLDER.get(),
false, true, true, INFO_TIME_PLACEHOLDER.get(),
msg);
msg);
msg);
false, false, true, INFO_TIME_PLACEHOLDER.get(),
msg =
msg);
msg =
.get();
msg);
}
catch (ArgumentException ae)
{
}
try
{
}
catch (ArgumentException ae)
{
}
// If we should just display usage or version information,
// then exit because it will have already been done.
if (argParser.usageOrVersionDisplayed())
{
return -1;
}
// Get the target DN as a string for later use.
// Bootstrap and initialize directory data structures.
if (initServer)
{
}
// Create the LDAP connection options object, which will be used to
// customize the way that we connect to the server and specify a set of
// basic defaults.
// If both a bind password and bind password file were provided, then
// return an error.
{
}
// If both a key store password and key store password file were provided,
// then return an error.
{
}
// If both a trust store password and trust store password file were
// provided, then return an error.
{
}
// If we should blindly trust any certificate, then install the appropriate
// SSL connection factory.
try {
if (certNickname.isPresent()) {
} else {
clientAlias = null;
}
trustStorePW.getValue());
} catch (SSLConnectionException sce) {
sce.getMessage());
}
// If one or more SASL options were provided, then make sure that one of
// them was "mech" and specified a valid SASL mechanism.
if (saslOption.isPresent())
{
{
if (equalPos <= 0)
{
}
else
{
{
mechanism = s;
}
else
{
}
}
}
{
}
{
}
}
// Attempt to connect and authenticate to the Directory Server.
try
{
}
catch (ArgumentException ae)
{
ae.getMessage());
}
catch (LDAPConnectionException lce)
{
} else {
lce.getMessage());
}
}
return LDAPResultCode.SUCCESS;
}
/**
* Processes the subcommand from the provided argument parser and writes the
* appropriate operation elements to the given writer.
*
* @param writer The ASN.1 writer used to write the operation elements.
*
* @return A result code indicating the results of the processing.
*/
{
if (subCommand == null)
{
}
{
// The list should stay empty for this one.
}
{
}
{
}
{
{
if (isTrueValue(valueStr))
{
}
else if (isFalseValue(valueStr))
{
}
else
{
}
}
else
{
}
}
{
}
{
}
{
{
}
else
{
}
}
{
}
{
}
{
}
{
{
}
else
{
}
}
{
}
{
}
{
{
a.getValue());
}
else
{
NO_VALUE);
}
}
{
NO_VALUE);
}
{
NO_VALUE);
}
else if(subCommandName.equals(
{
NO_VALUE);
}
{
}
{
{
a.getValue());
}
else
{
}
}
{
{
}
else
{
}
}
{
}
else if(subCommandName.equals(
{
NO_VALUE);
}
else if(subCommandName.equals(
{
NO_VALUE);
}
{
}
{
{
}
else
{
}
}
{
}
{
}
{
}
{
{
if (isTrueValue(valueStr))
{
}
else if (isFalseValue(valueStr))
{
}
else
{
}
}
else
{
}
}
{
}
{
NO_VALUE);
}
{
}
{
{
}
else
{
}
}
{
{
}
else
{
}
}
{
}
{
}
{
NO_VALUE);
}
{
{
a.getValue());
}
else
{
NO_VALUE);
}
}
{
NO_VALUE);
}
{
NO_VALUE);
}
{
}
{
}
else
{
}
return LDAPResultCode.SUCCESS;
}
/**
* Prints information about a password policy state variable to standard
* output.
*
* @param msg The message ID for the message to use as the label.
* @param values The set of values for the associated state variable.
*/
{
{
}
else
{
{
}
}
}
{
}
{
value);
}
}