File Coverage

File:/home/mik/work/module/Tivoli/AccessManager/Admin/Context.pm
Coverage:97.9%

linestmtbrancondsubpodtimecode
1package Tivoli::AccessManager::Admin::Context;
2
15
15
15
156
62
225
use strict;
3
15
15
15
204
55
232
use warnings;
4
15
15
15
194
47
301
use Carp;
5
6#-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7# $Id: Context.pm 325 2006-11-20 18:57:48Z mik $
8#-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
9$Tivoli::AccessManager::Admin::Context::VERSION = '0.04';
10
15
204
use Inline( C => 'DATA',
11                INC => '-I/opt/PolicyDirector/include',
12                LIBS => '-lpthread -lpdadminapi -lstdc++',
13                CCFLAGS => '-Wall',
14# VERSION => '0.04',
15
15
15
217
57
                NAME => 'Tivoli::AccessManager::Admin::Context');
16
15
15
15
234
54
286
use Tivoli::AccessManager::Admin::Response;
17
18my %tod = ( 1 => 'sun',
19            2 => 'mon',
20            4 => 'tue',
21            8 => 'wed',
22           16 => 'thu',
23           32 => 'fri',
24           64 => 'sat',
25     );
26
27my %revtod = map { $tod{$_} => $_ } keys %tod;
28
29sub _todtolist {
30
4
16
    my $vector = shift;
31
4
11
    my @list;
32
33
4
29
    return qw/any/ unless $vector;
34
35
3
36
24
164
    for my $mask ( sort { $a <=> $b } keys %tod ) {
36
21
93
        push @list, $tod{$mask} if ( ($vector & $mask) == $mask );
37    }
38
3
39
    return @list;
39}
40
41sub _listtotod {
42
2
11
    my $list = shift;
43
2
5
    my $vector = 0;
44
45
2
2
4
9
    for my $day ( @{$list} ) {
46
2
6
        $day = lc($day);
47
2
12
        if ( $day eq 'any' ) {
48
1
3
            $vector = 0;
49
1
4
            last;
50        }
51
1
7
        $vector += $revtod{$day};
52    }
53
2
9
    return $vector;
54}
55
56sub new {
57
25
1
176
    my $class = shift;
58
25
127
    my $self = {};
59
25
399
    my $resp = Tivoli::AccessManager::Admin::Response->new();
60
61
25
219
    if ( @_ % 2 ) {
62
1
27
        warn "Invalid syntax -- you did not send a hash\n";
63
1
9
        return undef;
64    }
65
24
232
    my %opts = @_;
66
24
211
    my @options = qw/codeset server port keyringfile keystashfile configfile/;
67
24
89
    my $hardway = 0;
68
69
24
332
    $opts{userid} = $opts{userid} || "sec_master";
70
24
281
    $opts{domain} = $opts{domain} || "";
71
72
24
175
    unless ( defined($opts{local}) ) {
73
22
344
        unless ( defined($opts{password}) and $opts{password} ) {
74
2
107
            warn "You must include the password\n";
75
2
20
            return undef;
76        }
77    }
78
79
22
132
    for ( @options ) {
80
132
591
        $hardway++ if defined $opts{$_};
81    }
82
83
22
238
    if ( defined($opts{local}) ) {
84
2
637
        $self = context_createlocal($class, $opts{codeset} || '', $resp);
85    }
86    elsif ( $hardway ) {
87
2
19
        unless ( $hardway == @options ) {
88
1
37
            warn "If any one of " . join(", ", @options ) . " is defined, they must all be defined\n";
89
1
10
            return undef;
90        }
91
1
228430
        $self = context_create3( $class,
92                                 @opts{qw/userid password domain/},
93                                 @opts{@options},
94                                 $resp
95                               );
96
97    }
98    else {
99
18
7388377
        $self = context_createdefault2( $class,
100                                        $opts{userid},
101                                        $opts{password},
102                                        $opts{domain}, $resp );
103    }
104
105
21
521
    unless ( $resp->isok ) {
106
1
12
        warn $resp->messages(), "\n";
107
1
12
        return undef;
108    }
109
110
20
178
    return $self;
111
112}
113
114sub accexpdate {
115
9
1
47
    my $self = shift;
116
9
30
    my $lifetime = 0;
117
9
95
    my $resp = Tivoli::AccessManager::Admin::Response->new();
118
119
9
29
    my ($seconds,$unlimited,$unset,$rc);
120
9
71
    if ( @_ == 1 ) {
121
4
15
        $lifetime = shift;
122    }
123    elsif ( @_ % 2 ) {
124
1
15
        $resp->set_message("Invalid syntax");
125
1
12
        $resp->set_isok(0);
126
1
9
        return $resp;
127    }
128    elsif ( @_ ) {
129
2
12
        my %opts = @_;
130
2
18
        $lifetime = $opts{lifetime} || '';
131    }
132    else {
133
2
11
        $lifetime = '';
134    }
135
136
137
8
35
    if ( $lifetime ) {
138
5
50
        if ( $lifetime =~ /^\d+$/ ) {
139
1
9
            $unlimited = 0;
140
1
5
            $unset = 0;
141        }
142        elsif ( $lifetime eq 'unlimited' ) {
143
1
5
            ($unlimited,$unset,$lifetime) = (1,0,0);
144        }
145        elsif ( $lifetime eq 'unset' ) {
146
2
7
            ($unlimited,$unset,$lifetime) = (0,1,0);
147        }
148        else {
149
1
9
            $resp->set_message("The parameter must either be an integer, 'unset' or 'unlimited'");
150
1
9
            $resp->set_isok(0);
151
1
7
            return $resp;
152        }
153
4
225569
        $rc = $self->context_setaccexpdate( $resp,
154                                            $lifetime,
155                                            $unlimited,
156                                            $unset );
157    }
158
7
90
    if ( $resp->isok ) {
159
7
328197
        ($seconds,$unlimited,$unset) = $self->context_getaccexpdate( $resp );
160
7
180
        $resp->set_value( $unlimited ? "unlimited" : $unset ? "unset" : $seconds);
161    }
162
163
7
63
    return $resp;
164}
165
166sub disabletimeint {
167
8
1
53
    my $self = shift;
168
8
108
    my $resp = Tivoli::AccessManager::Admin::Response->new();
169
8
37
    my ($seconds,$disable,$unset,$rc);
170
171
8
72
    if ( @_ == 1 ) {
172
4
16
        $seconds = shift;
173    }
174    elsif ( @_ % 2 ) {
175
1
10
        $resp->set_message("Invalid syntax");
176
1
12
        $resp->set_isok(0);
177
1
9
        return $resp;
178    }
179    elsif ( @_ ) {
180
2
19
        my %opts = @_;
181
2
26
        $seconds = $opts{seconds} || '';
182    }
183    else {
184
1
4
        $seconds = '';
185    }
186
187
7
47
    if ( $seconds ) {
188
5
82
        if ( $seconds =~ /^\d+$/ ) {
189
2
13
            $disable = 0;
190
2
9
            $unset = 0;
191        }
192        elsif ($seconds eq 'disable') {
193
1
5
            ($disable,$unset,$seconds) = (1,0,0);
194        }
195        elsif ($seconds eq 'unset') {
196
1
4
            ($disable,$unset,$seconds) = (0,1,0);
197        }
198        else {
199
1
19
            $resp->set_message("The parameter must either be an integer, 'disable' or 'unset'");
200
1
18
            $resp->set_isok(0);
201
1
16
            return $resp;
202        }
203
204
4
235052
        $rc = $self->context_setdisabletimeint( $resp,
205                                                $seconds,
206                                                $disable,
207                                                $unset);
208    }
209
6
150
    if ( $resp->isok ) {
210
6
286989
        ($seconds,$disable,$unset) = $self->context_getdisabletimeint( $resp );
211
6
215
        $resp->set_value( $disable ? "disabled" : $unset ? "unset" : $seconds );
212    }
213
214
6
83
    return $resp;
215}
216
217sub maxlgnfails {
218
7
1
57
    my $self = shift;
219
7
99
    my $resp = Tivoli::AccessManager::Admin::Response->new();
220
7
36
    my ($failures,$unset,$rc);
221
222
223
7
96
    if ( @_ == 1 ) {
224
3
11
        $failures = shift;
225    }
226    elsif ( @_ % 2 ) {
227
1
9
        $resp->set_message("Invalid syntax");
228
1
11
        $resp->set_isok(0);
229
1
9
        return $resp;
230    }
231    elsif ( @_ ) {
232
2
19
        my %opts = @_;
233
2
36
        $failures = $opts{failures} || '';
234    }
235    else {
236
1
10
        $failures = '';
237    }
238
239
6
50
    if ( $failures ) {
240
4
57
        if ( $failures =~ /^\d+$/ ) {
241
2
11
            $unset = 0;
242        }
243        elsif ($failures eq 'unset') {
244
1
7
            $failures = 0;
245
1
3
            $unset = 1;
246        }
247        else {
248
1
11
            $resp->set_message("The parameter must either be an integer or 'unset'");
249
1
11
            $resp->set_isok(0);
250
1
9
            return $resp;
251        }
252
253
3
193556
        $rc = $self->context_setmaxlgnfails( $resp,
254                                             $failures,
255                                             $unset
256                                           );
257    }
258
5
102
    if ( $resp->isok ) {
259
5
243907
        ($failures,$unset) = $self->context_getmaxlgnfails( $resp );
260
5
171
        $resp->set_value($unset ? "unset" : $failures);
261    }
262
263
5
58
    return $resp;
264}
265
266sub maxpwdage {
267
7
1
59
    my $self = shift;
268
7
111
    my $resp = Tivoli::AccessManager::Admin::Response->new();
269
7
35
    my ($seconds,$unset,$rc);
270
271
7
73
    if ( @_ == 1 ) {
272
3
12
        $seconds = shift;
273    }
274    elsif ( @_ % 2 ) {
275
1
10
        $resp->set_message("Invalid syntax");
276
1
10
        $resp->set_isok(0);
277
1
10
        return $resp;
278    }
279    elsif ( @_ ) {
280
2
20
        my %opts = @_;
281
2
31
        $seconds = $opts{seconds} || '';
282    }
283    else {
284
1
4
        $seconds = '';
285    }
286
287
6
45
    if ( $seconds ) {
288
4
46
        if ( $seconds =~ /^\d+$/ ) {
289
1
8
            $unset = 0;
290        }
291        elsif ($seconds eq 'unset') {
292
2
13
            $seconds = 0;
293
2
10
            $unset = 1;
294        }
295        else {
296
1
12
            $resp->set_message("The parameter must either be an integer or 'unset'");
297
1
10
            $resp->set_isok(0);
298
1
9
            return $resp;
299        }
300
301
3
176916
        $rc = $self->context_setmaxpwdage( $resp,
302                                         $seconds,
303                                         $unset );
304
3
87
        $resp->set_value( $rc );
305    }
306
5
50
    if ( $resp->isok ) {
307
5
241084
        ($seconds,$unset) = $self->context_getmaxpwdage( $resp );
308
5
193
        $resp->set_value($unset ? "unset" : $seconds);
309    }
310
311
5
73
    return $resp;
312}
313
314sub maxpwdrepchars {
315
7
1
62
    my $self = shift;
316
7
103
    my $resp = Tivoli::AccessManager::Admin::Response->new();
317
7
38
    my ($chars,$unset,$rc);
318
319
7
72
    if ( @_ == 1 ) {
320
3
10
        $chars = shift;
321    }
322    elsif ( @_ % 2 ) {
323
1
10
        $resp->set_message("Invalid syntax");
324
1
10
        $resp->set_isok(0);
325
1
8
        return $resp;
326    }
327    elsif ( @_ ) {
328
2
18
        my %opts = @_;
329
2
33
        $chars = $opts{chars} || '';
330    }
331    else {
332
1
3
        $chars = '';
333    }
334
335
6
42
    if ( $chars ) {
336
4
53
        if ( $chars =~ /^\d+$/ ) {
337
1
8
            $unset = 0;
338        }
339        elsif ($chars eq 'unset') {
340
2
10
            $chars = 0;
341
2
8
            $unset = 1;
342        }
343        else {
344
1
11
            $resp->set_message("The parameter must either be an integer or 'unset'");
345
1
10
            $resp->set_isok(0);
346
1
11
            return $resp;
347        }
348
3
190404
        $rc = $self->context_setmaxpwdrepchars( $resp,
349                                                $chars,
350                                                $unset );
351    }
352
5
99
    if ( $resp->isok ) {
353
5
238111
        ($chars,$unset) = $self->context_getmaxpwdrepchars( $resp );
354
5
185
        $resp->set_value($unset ? "unset" : $chars);
355    }
356
357
5
68
    return $resp;
358}
359
360sub minpwdalphas {
361
7
1
56
    my $self = shift;
362
7
114
    my $resp = Tivoli::AccessManager::Admin::Response->new();
363
7
35
    my ($chars,$unset,$rc);
364
365
7
84
    if ( @_ == 1 ) {
366
3
24
        $chars = shift;
367    }
368    elsif ( @_ % 2 ) {
369
1
11
        $resp->set_message("Invalid syntax");
370
1
9
        $resp->set_isok(0);
371
1
9
        return $resp;
372    }
373    elsif ( @_ ) {
374
2
21
        my %opts = @_;
375
2
37
        $chars = $opts{chars} || '';
376    }
377    else {
378
1
8
        $chars = '';
379    }
380
381
6
71
    if ( $chars ) {
382
4
61
        if ( $chars =~ /^\d+$/ ) {
383
2
15
            $unset = 0;
384        }
385        elsif ($chars eq 'unset') {
386
1
6
            $chars = 0;
387
1
3
            $unset = 1;
388        }
389        else {
390
1
20
            $resp->set_message("The parameter must either be an integer or 'unset'");
391
1
226
            $resp->set_isok(0);
392
1
17
            return $resp;
393        }
394
3
193473
        $rc = $self->context_setminpwdalphas( $resp,
395                                              $chars,
396                                              $unset );
397
3
104
        $resp->set_value($rc);
398    }
399
5
66
    if ( $resp->isok ) {
400
5
265524
        ($chars,$unset) = $self->context_getminpwdalphas( $resp );
401
5
202
        $resp->set_value( $unset ? "unset" : $chars );
402    }
403
404
5
73
    return $resp;
405}
406
407sub minpwdnonalphas {
408
7
1
58
    my $self = shift;
409
7
116
    my $resp = Tivoli::AccessManager::Admin::Response->new();
410
7
41
    my ($chars,$unset,$rc);
411
412
7
86
    if ( @_ == 1 ) {
413
3
24
        $chars = shift;
414    }
415    elsif ( @_ % 2 ) {
416
1
11
        $resp->set_message("Invalid syntax");
417
1
10
        $resp->set_isok(0);
418
1
9
        return $resp;
419    }
420    elsif ( @_ ) {
421
2
30
        my %opts = @_;
422
2
33
        $chars = $opts{chars} || '';
423    }
424    else {
425
1
9
        $chars = '';
426    }
427
428
6
57
    if ( $chars ) {
429
4
135
        if ( $chars =~ /^\d+$/ ) {
430
2
11
            $unset = 0;
431        }
432        elsif ($chars eq 'unset') {
433
1
8
            $chars = 0;
434
1
8
            $unset = 1;
435        }
436        else {
437
1
18
            $resp->set_message("The parameter must either be an integer or 'unset'");
438
1
19
            $resp->set_isok(0);
439
1
12
            return $resp;
440        }
441
3
348852
        $rc = $self->context_setminpwdnonalphas( $resp,
442                                                 $chars,
443                                                 $unset );
444
3
104
        $resp->set_value($rc);
445
446    }
447
5
71
    if ( $resp->isok ) {
448
5
257965
        ($chars,$unset) = $self->context_getminpwdnonalphas( $resp );
449
5
201
        $resp->set_value($unset ? "unset" : $chars);
450    }
451
452
5
77
    return $resp;
453}
454
455sub minpwdlen {
456
7
1
43
    my $self = shift;
457
7
89
    my $resp = Tivoli::AccessManager::Admin::Response->new();
458
7
28
    my ($chars,$unset,$rc);
459
460
7
72
    if ( @_ == 1 ) {
461
3
16
        $chars = shift;
462    }
463    elsif ( @_ % 2 ) {
464
1
10
        $resp->set_message("Invalid syntax");
465
1
14
        $resp->set_isok(0);
466
1
9
        return $resp;
467    }
468    elsif ( @_ ) {
469
2
18
        my %opts = @_;
470
2
25
        $chars = $opts{chars} || '';
471    }
472    else {
473
1
9
        $chars = '';
474    }
475
476
6
49
    if ( $chars ) {
477
4
55
        if ( $chars =~ /^\d+$/ ) {
478
2
8
            $unset = 0;
479        }
480        elsif ($chars eq 'unset') {
481
1
9
            $chars = 8;
482
1
5
            $unset = 1;
483        }
484        else {
485
1
11
            $resp->set_message("The parameter must either be an integer or 'unset'");
486
1
9
            $resp->set_isok(0);
487
1
8
            return $resp;
488        }
489
3
163123
        $rc = $self->context_setminpwdlen( $resp,
490                                           $chars,
491                                           $unset );
492
3
61
        $resp->set_value( $rc );
493    }
494
5
48
    if ( $resp->isok ) {
495
5
235460
        ($chars,$unset) = $self->context_getminpwdlen( $resp );
496
5
144
        $resp->set_value($unset ? "unset" : $chars);
497    }
498
499
5
59
    return $resp;
500}
501
502sub max_concur_session {
503
9
1
48
    my $self = shift;
504
9
96
    my $resp = Tivoli::AccessManager::Admin::Response->new();
505
9
32
    my ($session,$unset,$unlimited,$displace,$rc);
506
507
9
67
    if ( @_ == 1 ) {
508
5
19
        $session = shift;
509    }
510    elsif ( @_ % 2 ) {
511
1
12
        $resp->set_message("Invalid syntax");
512
1
12
        $resp->set_isok(0);
513
1
11
        return $resp;
514    }
515    elsif ( @_ ) {
516
2
12
        my %opts = @_;
517
2
20
        $session = $opts{session} || '';
518    }
519    else {
520
1
5
        $session = '';
521    }
522
523
8
38
    if ( $session ) {
524
6
66
        if ( $session =~ /^\d+$/ ) {
525
1
4
            ($unset,$unlimited,$displace) = (0,0,0);
526        }
527        elsif ($session eq 'displace') {
528
2
8
            ($session,$unset,$unlimited,$displace) = (0,0,0,1);
529        }
530        elsif ($session eq 'unlimited') {
531
1
7
            ($session,$unset,$unlimited,$displace) = (0,0,1,0);
532        }
533        elsif ($session eq 'unset') {
534
1
5
            ($session,$unset,$unlimited,$displace) = (0,1,0,0);
535        }
536        else {
537
1
8
            $resp->set_message("The parameter must be either an integers, 'displace', 'unlimited' or 'unset'");
538
1
6
            $resp->set_isok(0);
539
1
6
            return $resp;
540        }
541
542
5
250025
        $rc = $self->context_setmaxconcurwebsess( $resp,
543                                                  $session,
544                                                  $displace,
545                                                  $unlimited,
546                                                  $unset,
547                                                 );
548
5
89
        $resp->set_value($rc);
549
550    }
551
7
48
    if ( $resp->isok ) {
552
7
17
        my $retval;
553
7
325206
        ($session,$displace,$unlimited,$unset) = $self->context_getmaxconcurwebsess( $resp );
554
555
7
91
        if ($unset) {
556
1
8
            $retval = 'unset';
557        }
558        elsif ($displace) {
559
4
21
            $retval = 'displace';
560        }
561        elsif ($unlimited) {
562
1
7
            $retval = 'unlimited';
563        }
564        else {
565
1
8
            $retval = $session;
566        }
567
7
90
        $resp->set_value($retval);
568    }
569
570
7
53
    return $resp;
571}
572
573sub pwdspaces {
574
8
1
51
    my $self = shift;
575
8
252
    my $resp = Tivoli::AccessManager::Admin::Response->new();
576
8
36
    my ($allowed,$unset,$rc);
577
578
8
82
    if ( @_ == 1 ) {
579
3
13
        $allowed = shift;
580    }
581    elsif ( @_ % 2 ) {
582
1
17
        $resp->set_message("Invalid syntax");
583
1
18
        $resp->set_isok(0);
584
1
11
        return $resp;
585    }
586    elsif ( @_ ) {
587
2
17
        my %opts = @_;
588
2
29
        $allowed = $opts{allowed} || '';
589    }
590    else {
591
2
14
        $allowed = '';
592    }
593
594
7
49
    if ( $allowed ) {
595
4
61
        if ( $allowed =~ /^\d+$/ ) {
596
2
8
            $unset = 0;
597        }
598        elsif ( $allowed eq 'unset' ) {
599
1
6
            $allowed = 0;
600
1
4
            $unset = 1;
601        }
602        else {
603
1
11
            $resp->set_message("The parameter must either be an integer or 'unset'");
604
1
10
            $resp->set_isok(0);
605
1
25
            return $resp;
606        }
607
608
3
220061
        $rc = $self->context_setpwdspaces( $resp,
609                                           $allowed,
610                                          $unset );
611
3
61
        $resp->set_value($rc);
612    }
613
6
56
    if ( $resp->isok ) {
614
6
321856
        ($allowed,$unset) = $self->context_getpwdspaces( $resp );
615
6
160
        $resp->set_value($unset ? "unset" : $allowed );
616    }
617
618
6
59
    return $resp;
619}
620
621sub _miltomin {
622
8
34
    my $miltime = shift || 0;
623
8
37
    return ( $miltime - $miltime % 100 ) * .6 + $miltime % 100;
624}
625
626sub _mintomil {
627
8
20
    my $mins = shift;
628
629
8
55
    return ($mins - $mins % 60)/.6 + $mins % 60;
630}
631
632sub tod {
633
9
1
39
    my $self = shift;
634
9
93
    my $resp = Tivoli::AccessManager::Admin::Response->new();
635
9
32
    my ( $days, $start, $end, $reference, $unset, $rc );
636
9
21
    my (@list, %rc );
637
638
9
42
    if ( @_ % 2 ) {
639
1
11
        $resp->set_message("Invalid syntax");
640
1
10
        $resp->set_isok(0);
641
1
10
        return $resp;
642    }
643
8
45
    my %opts = @_;
644
645
8
51
    $reference = $opts{reference} || '';
646
647
8
42
    if ( $opts{days} ) {
648
7
21
        $reference = $reference eq 'UTC';
649
650
7
43
        if ( $opts{days} ne 'unset' ) {
651
5
19
            if ( ref($opts{days}) ) {
652
2
9
                $days = _listtotod( $opts{days} )
653            }
654            else {
655
3
15
                if ( $opts{days} > 127 ) {
656
1
7
                    $resp->set_message( "error -- days bitmask > 127");
657
1
7
                    $resp->set_isok(0);
658
1
7
                    return $resp;
659                }
660
2
7
                $days = $opts{days};
661            }
662
4
20
            $start = _miltomin( $opts{start} );
663
4
16
            $end = _miltomin( $opts{end} );
664
4
9
            $unset = 0;
665        }
666        else {
667
2
7
            $days = $start = $end = 0;
668
2
5
            $unset = 1;
669        }
670
671
6
292983
        $self->context_settodaccess( $resp,
672                                     $days,
673                                     $start,
674                                     $end,
675                                     $reference,
676                                     $unset );
677    }
678
7
106
    if ( $resp->isok ) {
679
7
322952
        @list = $self->context_gettodaccess( $resp );
680
7
94
        if ( $list[-1] ) {
681
3
31
            $rc{days} = 0;
682
3
12
            $rc{start} = 0;
683
3
14
            $rc{end} = 0;
684
3
22
            $rc{reference} = 'local';
685
3
13
            $rc{unset} = 1;
686        }
687        else {
688
4
37
            $rc{days} = [ _todtolist( $list[0] ) ];
689
4
27
            $rc{start} = _mintomil( $list[1] );
690
4
19
            $rc{end} = _mintomil( $list[2] );
691
4
26
            $rc{reference} = $list[3] ? 'UTC' : 'local';
692        }
693
694
7
95
        $resp->set_value( \%rc );
695    }
696
697
7
84
    return $resp;
698}
699
700sub userreg {
701
1
1
10
    my $self = shift;
702
1
50
    my $resp = Tivoli::AccessManager::Admin::Response->new();
703
704
1
46740
    $resp->set_value( $self->context_getuserreg( $resp ) ? "LDAP" : "DCE");
705
706
1
13
    return $resp;
707}
708
709sub codeset {
710
1
1
9
    my $self = shift;
711
1
14
    my $resp = Tivoli::AccessManager::Admin::Response->new();
712
713
1
79
    $resp->set_value( $self->context_getcodeset() ? "LOCAL" : "UTF8" );
714
715
1
8
    return $resp;
716}
717
7181;
719
720 - 1131
=head1 NAME

Tivoli::AccessManager::Admin::Context

=head1 SYNOPSIS

  use Tivoli::AccessManager::Admin::Context;

  $pdadmin = Tivoli::AccessManager::Admin::Context->new( password => 'foobar' );

  $resp->iserror() and die "Couldn't establish context\n";

=head1 Description

B<Tivoli::AccessManager::Admin::Context> handles the context related functions in the TAM API.
For the most part, it is used solely for establishing the context.  There are,
however, some global parameters that are set using this module.

As with all the other modules in this collection, you must have the
Authentication ADK installed to use this modules.

=head1 CONSTRUCTOR

=head2 new ( OPTIONS )

Logs into the policy server's domain,  In TAM speak, it creates a new context.
There are two different ways to call this function.  At the bare minimum, you
can simply provide a password.  This will then rely upon the configuration of
the PDRTE to figure out the rest of the information.  This is the same base
effect as saying "pdadmin -a sec_master -p <password>".  You can also specify
the userid and the domain with this method.

Alternately, you can specify all of the parameters below and log into any
domain with out changing the configuration of your RTE.  If anyone of the
parameters other than password, userid or domain are set, all must be set.

=head3 Parameters

=over 4

=item password =E<gt> PASSWORD

The password to be used when binding to the policy server.  This is the only
mandatory parameter.

=item userid =E<gt> USERID

The ID to use when binding to the policy server.
(Default:sec_master)

=item domain =E<gt> DOMAIN

The domain into which to bind.  
(Default: uhh.. Default )

=item codeset =E<gt> [UTF|LOCAL]

The codeset to be used to encode the character data.  It can be either UTF or
LOCAL.  

=item server =E<gt> SERVER

The name of the policy server.  This can be either a hostname or an IP
address.

=item port =E<gt> PORT

The port on which the policy server listens.

=item keyringfile =E<gt> PATH

The fully qualified path name ( FQPN ) to the keydatabase for the policy
domain.

=item keystashfile =E<gt> PATH

The FQPN to the stashed password for the keyring

=item configfile =E<gt> PATH

The FQPN to the pd.conf file

=back

=head3 Returns

A fully blessed L<Tivoli::AccessManager::Admin::Context> object, or it will die on error.
If you cannot establish a context, nothing else will work.

=head1 METHODS

Most of the methods available on a B<Tivoli::AccessManager::Admin::Context> object follow the
same rules.  The L<Tivoli::AccessManager::Admin::Response> object will always contain the
results of a 'get'.  If any of the optional parameters are sent, a 'set' will
be performed.

=head2 accexpdate( SECONDS | 'unset' | 'unlimited' )

Returns the currently configured global account expiration date.

=head3 Parameters

=over 4

=item SECONDS | 'unset' | 'unlimited' 

The date when all passwords will expire.  The date is expressed as seconds
since the beginning of the Epoch.

=back

=head3 Returns

"unlimited", "unset" or the date in seconds since the Epoch when the passwords
will expire.

=head2 disabletimeint (SECONDS | 'disable' | 'unset' )

Returns the currently configured global account disable timeout.

=head3 Parameters

=over 4

=item SECONDS | 'disable' | 'unset'

The number of seconds an account will be disabled due to failed logins

=back

=head3 Returns

"disabled", "unset" or the time in seconds an account will be disabled

=head2 maxlgnfails ( N | 'unset' )

Returns the currently configured global maximum number of failed login
attempts.  

=head3 Parameters

=over 4

=item N | 'unset'

The number of failed login attempts before the account is disabled.

=back

=head3 Returns

"unset" or the number of allowed failed login attempts allowed.

=head2 maxpwdage ( SECONDS | 'unset')

Returns the currently configured global maximum password age.

=head3 Parameters

=over 4

=item SECONDS | 'unset'

The maximum age of a password expressed in seconds.

=back

=head3 Returns

"unset" or the maximum age of passwords in seconds.

=head2 maxpwdrepchars ( CHARS | 'unset' )

Returns the maximum repeated characters allowed in a password

=head3 Parameters

=over 4

=item CHARS | 'unset'

The maximum number of repeated characters in a password

=back

=head3 Returns

"unset" or the maximum repeated characters allowed in a password.

=head2 minpwdalphas ( CHARS | 'unset' )

Returns the minimum alphabetic characters in a password

=head3 Parameters

=over 4

=item CHARS | 'unset'

The minimum number of alphabetic characters in a password

=back

=head3 Returns

"unset" or the minimum alphabetic characters allowed in a password.

=head2 minpwdnonalphas ( CHARS | 'unset' )

Returns the minimum non-alphabetic characters in a password

=head3 Parameters

=over 4

=item CHARS | 'unset'

The minimum number of non-alphabetic characters in a password

=back

=head3 Returns

"unset" or the minimum non-alphabetic characters allowed in a password.

=head2 minpwdlen ( CHARS | 'unset' )

Returns the minimum password length

=head3 Parameters

=over 4

=item CHARS | 'unset'

The minimum number length of a password

=back

=head3 Returns

"unset" or the minimum length of a password.

=head2 pwdspaces ( 0 | 1 | 'unset' )

Returns the current policy on spaces in passwords

=head3 Parameters

=over 4

=item 0 | 1 | 'unset'

Whether or not to allows spaces in passwords.

=back

=head3 Returns

"unset" or 'allowed'.

=head2 max_concur_session(['displace'|'unlimited'|'unset'|NUM])

Returns or sets the current maximum concurrent web sessions allowed.

=head3 Parameters

=over 4

=item 'displace'|'unlimited'|'unset'|NUM

'unlimited' or 'unset' will disable the policy; NUM will set the maximum
allowed sessions; and 'displace' will cause the new session to replace the
old.

=back

=head3 Returns

The current setting.

=head2 tod( days =E<gt> 'unset' ) 

=head2 tod ( days =E<gt> [array], start =E<gt> N, end =E<gt> N, reference =E<gt> local | UTC )

Returns the current time of day access policy

=head3 Parameters

=over 4

=item days 

'unset' will cause the the time of day access policy to be unset.  Otherwise,
B<days> should be a reference to an array containing some combination of:
  mon, tue, wed, thu, fri, sat, sun or any.

If the word 'any' is found anywhere in the array, it will over ride all the
others.

=item start

The beginning of the allowed access time, expressed in 24-hour format.  Since
perl will try to interpret any number starting with a 0 as an octal number (
leading to annoying problems with 09xx ), you need to either drop the
preceding 0 ( eg, 900 ) or specify it as a string ( '0900' ).

=item end

The end of the allowed access time.  See the previous item for the caveats.

=item UTC|local

Under the covers, start and end are calculated as minutes past midnight.  TAM
needs to know if you are referencing midnight UTC or midnight local time.  The
default is 'local'.

=back

=head3 Returns

A L<Tivoli::AccessManager::Admin::Response> object, the value of which is a hash with the
key/value pairs:

=over 4

=item days

An array reference to the days for which the policy is enforced.  If the TOD
policy is unset, this refers to an empty array.

=item start

The time of day when access is allowed, expressed in 24-hour format. If the TOD
policy is unset, this will be zero.


=item end

The time of day when access is denied, expressed in 24-hour format. If the TOD
policy is unset, this will be zero.

=item reference

UTC or local.  If the policy is unset, this will be local.

=back 



The following methods are all read-only.  I will not bother to say that again,
nor will you see any of the usual 'Parameter' or 'Returns' headings - the
description tells you the return value.

=head2 userreg

Returns the user registry that TAM is configured against.

=head2 isauthenticated

Returns true if the current context is authenticated

=head2 codeset

Returns the codeset currently associated with the context - "UTF8" or "LOCAL"

=head2 domainid

Returns the name of the domain associated with the context

=head2 mgmtdomain

Returns the management domain associated with the context.

=head2 mgmtsvrhost

Returns the hostname of the Policy Server 

=head2 mgmtsvrport

Returns the port of the Policy Server

=head2 userid

Returns the user id user to create the context.

=head1 SEE ALSO

L<Tivoli::AccessManager::Admin::Response>,

=head1 ACKNOWLEDGEMENTS

Please read L<Tivoli::AccessManager::Admin> for the full list of acks.  I stand upon the
shoulders of giants.

=head1 BUGS

None at the moment.

=head1 AUTHOR

Mik Firestone E<lt>mikfire@gmail.comE<gt>

=head1 COPYRIGHT

Copyright (c) 2004-2011 Mik Firestone.  All rights reserved.  This program is
free software; you can redistibute it and/or modify it under the same terms as
Perl itself.

All references to TAM, Tivoli Access Manager, etc are copyrighted by IBM.

=cut
1132