File: | /home/mik/work/module/Tivoli/AccessManager/Admin/Context.pm |
Coverage: | 97.9% |
line | stmt | bran | cond | sub | pod | time | code |
---|---|---|---|---|---|---|---|
1 | package Tivoli::AccessManager::Admin::Context; | ||||||
2 | 15 15 15 | 156 62 225 | use strict; | ||||
3 | 15 15 15 | 204 55 232 | use warnings; | ||||
4 | 15 15 15 | 194 47 301 | use Carp; | ||||
5 | |||||||
6 | #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | ||||||
7 | # $Id: Context.pm 325 2006-11-20 18:57:48Z mik $ | ||||||
8 | #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | ||||||
9 | $Tivoli::AccessManager::Admin::Context::VERSION = '0.04'; | ||||||
10 | 15 | 204 | use Inline( C => 'DATA', | ||||
11 | INC => '-I/opt/PolicyDirector/include', | ||||||
12 | LIBS => '-lpthread -lpdadminapi -lstdc++', | ||||||
13 | CCFLAGS => '-Wall', | ||||||
14 | # VERSION => '0.04', | ||||||
15 | 15 15 | 217 57 | NAME => 'Tivoli::AccessManager::Admin::Context'); | ||||
16 | 15 15 15 | 234 54 286 | use Tivoli::AccessManager::Admin::Response; | ||||
17 | |||||||
18 | my %tod = ( 1 => 'sun', | ||||||
19 | 2 => 'mon', | ||||||
20 | 4 => 'tue', | ||||||
21 | 8 => 'wed', | ||||||
22 | 16 => 'thu', | ||||||
23 | 32 => 'fri', | ||||||
24 | 64 => 'sat', | ||||||
25 | ); | ||||||
26 | |||||||
27 | my %revtod = map { $tod{$_} => $_ } keys %tod; | ||||||
28 | |||||||
29 | sub _todtolist { | ||||||
30 | 4 | 16 | my $vector = shift; | ||||
31 | 4 | 11 | my @list; | ||||
32 | |||||||
33 | 4 | 29 | return qw/any/ unless $vector; | ||||
34 | |||||||
35 | 3 36 | 24 164 | for my $mask ( sort { $a <=> $b } keys %tod ) { | ||||
36 | 21 | 93 | push @list, $tod{$mask} if ( ($vector & $mask) == $mask ); | ||||
37 | } | ||||||
38 | 3 | 39 | return @list; | ||||
39 | } | ||||||
40 | |||||||
41 | sub _listtotod { | ||||||
42 | 2 | 11 | my $list = shift; | ||||
43 | 2 | 5 | my $vector = 0; | ||||
44 | |||||||
45 | 2 2 | 4 9 | for my $day ( @{$list} ) { | ||||
46 | 2 | 6 | $day = lc($day); | ||||
47 | 2 | 12 | if ( $day eq 'any' ) { | ||||
48 | 1 | 3 | $vector = 0; | ||||
49 | 1 | 4 | last; | ||||
50 | } | ||||||
51 | 1 | 7 | $vector += $revtod{$day}; | ||||
52 | } | ||||||
53 | 2 | 9 | return $vector; | ||||
54 | } | ||||||
55 | |||||||
56 | sub new { | ||||||
57 | 25 | 1 | 176 | my $class = shift; | |||
58 | 25 | 127 | my $self = {}; | ||||
59 | 25 | 399 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
60 | |||||||
61 | 25 | 219 | if ( @_ % 2 ) { | ||||
62 | 1 | 27 | warn "Invalid syntax -- you did not send a hash\n"; | ||||
63 | 1 | 9 | return undef; | ||||
64 | } | ||||||
65 | 24 | 232 | my %opts = @_; | ||||
66 | 24 | 211 | my @options = qw/codeset server port keyringfile keystashfile configfile/; | ||||
67 | 24 | 89 | my $hardway = 0; | ||||
68 | |||||||
69 | 24 | 332 | $opts{userid} = $opts{userid} || "sec_master"; | ||||
70 | 24 | 281 | $opts{domain} = $opts{domain} || ""; | ||||
71 | |||||||
72 | 24 | 175 | unless ( defined($opts{local}) ) { | ||||
73 | 22 | 344 | unless ( defined($opts{password}) and $opts{password} ) { | ||||
74 | 2 | 107 | warn "You must include the password\n"; | ||||
75 | 2 | 20 | return undef; | ||||
76 | } | ||||||
77 | } | ||||||
78 | |||||||
79 | 22 | 132 | for ( @options ) { | ||||
80 | 132 | 591 | $hardway++ if defined $opts{$_}; | ||||
81 | } | ||||||
82 | |||||||
83 | 22 | 238 | if ( defined($opts{local}) ) { | ||||
84 | 2 | 637 | $self = context_createlocal($class, $opts{codeset} || '', $resp); | ||||
85 | } | ||||||
86 | elsif ( $hardway ) { | ||||||
87 | 2 | 19 | unless ( $hardway == @options ) { | ||||
88 | 1 | 37 | warn "If any one of " . join(", ", @options ) . " is defined, they must all be defined\n"; | ||||
89 | 1 | 10 | return undef; | ||||
90 | } | ||||||
91 | 1 | 228430 | $self = context_create3( $class, | ||||
92 | @opts{qw/userid password domain/}, | ||||||
93 | @opts{@options}, | ||||||
94 | $resp | ||||||
95 | ); | ||||||
96 | |||||||
97 | } | ||||||
98 | else { | ||||||
99 | 18 | 7388377 | $self = context_createdefault2( $class, | ||||
100 | $opts{userid}, | ||||||
101 | $opts{password}, | ||||||
102 | $opts{domain}, $resp ); | ||||||
103 | } | ||||||
104 | |||||||
105 | 21 | 521 | unless ( $resp->isok ) { | ||||
106 | 1 | 12 | warn $resp->messages(), "\n"; | ||||
107 | 1 | 12 | return undef; | ||||
108 | } | ||||||
109 | |||||||
110 | 20 | 178 | return $self; | ||||
111 | |||||||
112 | } | ||||||
113 | |||||||
114 | sub accexpdate { | ||||||
115 | 9 | 1 | 47 | my $self = shift; | |||
116 | 9 | 30 | my $lifetime = 0; | ||||
117 | 9 | 95 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
118 | |||||||
119 | 9 | 29 | my ($seconds,$unlimited,$unset,$rc); | ||||
120 | 9 | 71 | if ( @_ == 1 ) { | ||||
121 | 4 | 15 | $lifetime = shift; | ||||
122 | } | ||||||
123 | elsif ( @_ % 2 ) { | ||||||
124 | 1 | 15 | $resp->set_message("Invalid syntax"); | ||||
125 | 1 | 12 | $resp->set_isok(0); | ||||
126 | 1 | 9 | return $resp; | ||||
127 | } | ||||||
128 | elsif ( @_ ) { | ||||||
129 | 2 | 12 | my %opts = @_; | ||||
130 | 2 | 18 | $lifetime = $opts{lifetime} || ''; | ||||
131 | } | ||||||
132 | else { | ||||||
133 | 2 | 11 | $lifetime = ''; | ||||
134 | } | ||||||
135 | |||||||
136 | |||||||
137 | 8 | 35 | if ( $lifetime ) { | ||||
138 | 5 | 50 | if ( $lifetime =~ /^\d+$/ ) { | ||||
139 | 1 | 9 | $unlimited = 0; | ||||
140 | 1 | 5 | $unset = 0; | ||||
141 | } | ||||||
142 | elsif ( $lifetime eq 'unlimited' ) { | ||||||
143 | 1 | 5 | ($unlimited,$unset,$lifetime) = (1,0,0); | ||||
144 | } | ||||||
145 | elsif ( $lifetime eq 'unset' ) { | ||||||
146 | 2 | 7 | ($unlimited,$unset,$lifetime) = (0,1,0); | ||||
147 | } | ||||||
148 | else { | ||||||
149 | 1 | 9 | $resp->set_message("The parameter must either be an integer, 'unset' or 'unlimited'"); | ||||
150 | 1 | 9 | $resp->set_isok(0); | ||||
151 | 1 | 7 | return $resp; | ||||
152 | } | ||||||
153 | 4 | 225569 | $rc = $self->context_setaccexpdate( $resp, | ||||
154 | $lifetime, | ||||||
155 | $unlimited, | ||||||
156 | $unset ); | ||||||
157 | } | ||||||
158 | 7 | 90 | if ( $resp->isok ) { | ||||
159 | 7 | 328197 | ($seconds,$unlimited,$unset) = $self->context_getaccexpdate( $resp ); | ||||
160 | 7 | 180 | $resp->set_value( $unlimited ? "unlimited" : $unset ? "unset" : $seconds); | ||||
161 | } | ||||||
162 | |||||||
163 | 7 | 63 | return $resp; | ||||
164 | } | ||||||
165 | |||||||
166 | sub disabletimeint { | ||||||
167 | 8 | 1 | 53 | my $self = shift; | |||
168 | 8 | 108 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
169 | 8 | 37 | my ($seconds,$disable,$unset,$rc); | ||||
170 | |||||||
171 | 8 | 72 | if ( @_ == 1 ) { | ||||
172 | 4 | 16 | $seconds = shift; | ||||
173 | } | ||||||
174 | elsif ( @_ % 2 ) { | ||||||
175 | 1 | 10 | $resp->set_message("Invalid syntax"); | ||||
176 | 1 | 12 | $resp->set_isok(0); | ||||
177 | 1 | 9 | return $resp; | ||||
178 | } | ||||||
179 | elsif ( @_ ) { | ||||||
180 | 2 | 19 | my %opts = @_; | ||||
181 | 2 | 26 | $seconds = $opts{seconds} || ''; | ||||
182 | } | ||||||
183 | else { | ||||||
184 | 1 | 4 | $seconds = ''; | ||||
185 | } | ||||||
186 | |||||||
187 | 7 | 47 | if ( $seconds ) { | ||||
188 | 5 | 82 | if ( $seconds =~ /^\d+$/ ) { | ||||
189 | 2 | 13 | $disable = 0; | ||||
190 | 2 | 9 | $unset = 0; | ||||
191 | } | ||||||
192 | elsif ($seconds eq 'disable') { | ||||||
193 | 1 | 5 | ($disable,$unset,$seconds) = (1,0,0); | ||||
194 | } | ||||||
195 | elsif ($seconds eq 'unset') { | ||||||
196 | 1 | 4 | ($disable,$unset,$seconds) = (0,1,0); | ||||
197 | } | ||||||
198 | else { | ||||||
199 | 1 | 19 | $resp->set_message("The parameter must either be an integer, 'disable' or 'unset'"); | ||||
200 | 1 | 18 | $resp->set_isok(0); | ||||
201 | 1 | 16 | return $resp; | ||||
202 | } | ||||||
203 | |||||||
204 | 4 | 235052 | $rc = $self->context_setdisabletimeint( $resp, | ||||
205 | $seconds, | ||||||
206 | $disable, | ||||||
207 | $unset); | ||||||
208 | } | ||||||
209 | 6 | 150 | if ( $resp->isok ) { | ||||
210 | 6 | 286989 | ($seconds,$disable,$unset) = $self->context_getdisabletimeint( $resp ); | ||||
211 | 6 | 215 | $resp->set_value( $disable ? "disabled" : $unset ? "unset" : $seconds ); | ||||
212 | } | ||||||
213 | |||||||
214 | 6 | 83 | return $resp; | ||||
215 | } | ||||||
216 | |||||||
217 | sub maxlgnfails { | ||||||
218 | 7 | 1 | 57 | my $self = shift; | |||
219 | 7 | 99 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
220 | 7 | 36 | my ($failures,$unset,$rc); | ||||
221 | |||||||
222 | |||||||
223 | 7 | 96 | if ( @_ == 1 ) { | ||||
224 | 3 | 11 | $failures = shift; | ||||
225 | } | ||||||
226 | elsif ( @_ % 2 ) { | ||||||
227 | 1 | 9 | $resp->set_message("Invalid syntax"); | ||||
228 | 1 | 11 | $resp->set_isok(0); | ||||
229 | 1 | 9 | return $resp; | ||||
230 | } | ||||||
231 | elsif ( @_ ) { | ||||||
232 | 2 | 19 | my %opts = @_; | ||||
233 | 2 | 36 | $failures = $opts{failures} || ''; | ||||
234 | } | ||||||
235 | else { | ||||||
236 | 1 | 10 | $failures = ''; | ||||
237 | } | ||||||
238 | |||||||
239 | 6 | 50 | if ( $failures ) { | ||||
240 | 4 | 57 | if ( $failures =~ /^\d+$/ ) { | ||||
241 | 2 | 11 | $unset = 0; | ||||
242 | } | ||||||
243 | elsif ($failures eq 'unset') { | ||||||
244 | 1 | 7 | $failures = 0; | ||||
245 | 1 | 3 | $unset = 1; | ||||
246 | } | ||||||
247 | else { | ||||||
248 | 1 | 11 | $resp->set_message("The parameter must either be an integer or 'unset'"); | ||||
249 | 1 | 11 | $resp->set_isok(0); | ||||
250 | 1 | 9 | return $resp; | ||||
251 | } | ||||||
252 | |||||||
253 | 3 | 193556 | $rc = $self->context_setmaxlgnfails( $resp, | ||||
254 | $failures, | ||||||
255 | $unset | ||||||
256 | ); | ||||||
257 | } | ||||||
258 | 5 | 102 | if ( $resp->isok ) { | ||||
259 | 5 | 243907 | ($failures,$unset) = $self->context_getmaxlgnfails( $resp ); | ||||
260 | 5 | 171 | $resp->set_value($unset ? "unset" : $failures); | ||||
261 | } | ||||||
262 | |||||||
263 | 5 | 58 | return $resp; | ||||
264 | } | ||||||
265 | |||||||
266 | sub maxpwdage { | ||||||
267 | 7 | 1 | 59 | my $self = shift; | |||
268 | 7 | 111 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
269 | 7 | 35 | my ($seconds,$unset,$rc); | ||||
270 | |||||||
271 | 7 | 73 | if ( @_ == 1 ) { | ||||
272 | 3 | 12 | $seconds = shift; | ||||
273 | } | ||||||
274 | elsif ( @_ % 2 ) { | ||||||
275 | 1 | 10 | $resp->set_message("Invalid syntax"); | ||||
276 | 1 | 10 | $resp->set_isok(0); | ||||
277 | 1 | 10 | return $resp; | ||||
278 | } | ||||||
279 | elsif ( @_ ) { | ||||||
280 | 2 | 20 | my %opts = @_; | ||||
281 | 2 | 31 | $seconds = $opts{seconds} || ''; | ||||
282 | } | ||||||
283 | else { | ||||||
284 | 1 | 4 | $seconds = ''; | ||||
285 | } | ||||||
286 | |||||||
287 | 6 | 45 | if ( $seconds ) { | ||||
288 | 4 | 46 | if ( $seconds =~ /^\d+$/ ) { | ||||
289 | 1 | 8 | $unset = 0; | ||||
290 | } | ||||||
291 | elsif ($seconds eq 'unset') { | ||||||
292 | 2 | 13 | $seconds = 0; | ||||
293 | 2 | 10 | $unset = 1; | ||||
294 | } | ||||||
295 | else { | ||||||
296 | 1 | 12 | $resp->set_message("The parameter must either be an integer or 'unset'"); | ||||
297 | 1 | 10 | $resp->set_isok(0); | ||||
298 | 1 | 9 | return $resp; | ||||
299 | } | ||||||
300 | |||||||
301 | 3 | 176916 | $rc = $self->context_setmaxpwdage( $resp, | ||||
302 | $seconds, | ||||||
303 | $unset ); | ||||||
304 | 3 | 87 | $resp->set_value( $rc ); | ||||
305 | } | ||||||
306 | 5 | 50 | if ( $resp->isok ) { | ||||
307 | 5 | 241084 | ($seconds,$unset) = $self->context_getmaxpwdage( $resp ); | ||||
308 | 5 | 193 | $resp->set_value($unset ? "unset" : $seconds); | ||||
309 | } | ||||||
310 | |||||||
311 | 5 | 73 | return $resp; | ||||
312 | } | ||||||
313 | |||||||
314 | sub maxpwdrepchars { | ||||||
315 | 7 | 1 | 62 | my $self = shift; | |||
316 | 7 | 103 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
317 | 7 | 38 | my ($chars,$unset,$rc); | ||||
318 | |||||||
319 | 7 | 72 | if ( @_ == 1 ) { | ||||
320 | 3 | 10 | $chars = shift; | ||||
321 | } | ||||||
322 | elsif ( @_ % 2 ) { | ||||||
323 | 1 | 10 | $resp->set_message("Invalid syntax"); | ||||
324 | 1 | 10 | $resp->set_isok(0); | ||||
325 | 1 | 8 | return $resp; | ||||
326 | } | ||||||
327 | elsif ( @_ ) { | ||||||
328 | 2 | 18 | my %opts = @_; | ||||
329 | 2 | 33 | $chars = $opts{chars} || ''; | ||||
330 | } | ||||||
331 | else { | ||||||
332 | 1 | 3 | $chars = ''; | ||||
333 | } | ||||||
334 | |||||||
335 | 6 | 42 | if ( $chars ) { | ||||
336 | 4 | 53 | if ( $chars =~ /^\d+$/ ) { | ||||
337 | 1 | 8 | $unset = 0; | ||||
338 | } | ||||||
339 | elsif ($chars eq 'unset') { | ||||||
340 | 2 | 10 | $chars = 0; | ||||
341 | 2 | 8 | $unset = 1; | ||||
342 | } | ||||||
343 | else { | ||||||
344 | 1 | 11 | $resp->set_message("The parameter must either be an integer or 'unset'"); | ||||
345 | 1 | 10 | $resp->set_isok(0); | ||||
346 | 1 | 11 | return $resp; | ||||
347 | } | ||||||
348 | 3 | 190404 | $rc = $self->context_setmaxpwdrepchars( $resp, | ||||
349 | $chars, | ||||||
350 | $unset ); | ||||||
351 | } | ||||||
352 | 5 | 99 | if ( $resp->isok ) { | ||||
353 | 5 | 238111 | ($chars,$unset) = $self->context_getmaxpwdrepchars( $resp ); | ||||
354 | 5 | 185 | $resp->set_value($unset ? "unset" : $chars); | ||||
355 | } | ||||||
356 | |||||||
357 | 5 | 68 | return $resp; | ||||
358 | } | ||||||
359 | |||||||
360 | sub minpwdalphas { | ||||||
361 | 7 | 1 | 56 | my $self = shift; | |||
362 | 7 | 114 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
363 | 7 | 35 | my ($chars,$unset,$rc); | ||||
364 | |||||||
365 | 7 | 84 | if ( @_ == 1 ) { | ||||
366 | 3 | 24 | $chars = shift; | ||||
367 | } | ||||||
368 | elsif ( @_ % 2 ) { | ||||||
369 | 1 | 11 | $resp->set_message("Invalid syntax"); | ||||
370 | 1 | 9 | $resp->set_isok(0); | ||||
371 | 1 | 9 | return $resp; | ||||
372 | } | ||||||
373 | elsif ( @_ ) { | ||||||
374 | 2 | 21 | my %opts = @_; | ||||
375 | 2 | 37 | $chars = $opts{chars} || ''; | ||||
376 | } | ||||||
377 | else { | ||||||
378 | 1 | 8 | $chars = ''; | ||||
379 | } | ||||||
380 | |||||||
381 | 6 | 71 | if ( $chars ) { | ||||
382 | 4 | 61 | if ( $chars =~ /^\d+$/ ) { | ||||
383 | 2 | 15 | $unset = 0; | ||||
384 | } | ||||||
385 | elsif ($chars eq 'unset') { | ||||||
386 | 1 | 6 | $chars = 0; | ||||
387 | 1 | 3 | $unset = 1; | ||||
388 | } | ||||||
389 | else { | ||||||
390 | 1 | 20 | $resp->set_message("The parameter must either be an integer or 'unset'"); | ||||
391 | 1 | 226 | $resp->set_isok(0); | ||||
392 | 1 | 17 | return $resp; | ||||
393 | } | ||||||
394 | 3 | 193473 | $rc = $self->context_setminpwdalphas( $resp, | ||||
395 | $chars, | ||||||
396 | $unset ); | ||||||
397 | 3 | 104 | $resp->set_value($rc); | ||||
398 | } | ||||||
399 | 5 | 66 | if ( $resp->isok ) { | ||||
400 | 5 | 265524 | ($chars,$unset) = $self->context_getminpwdalphas( $resp ); | ||||
401 | 5 | 202 | $resp->set_value( $unset ? "unset" : $chars ); | ||||
402 | } | ||||||
403 | |||||||
404 | 5 | 73 | return $resp; | ||||
405 | } | ||||||
406 | |||||||
407 | sub minpwdnonalphas { | ||||||
408 | 7 | 1 | 58 | my $self = shift; | |||
409 | 7 | 116 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
410 | 7 | 41 | my ($chars,$unset,$rc); | ||||
411 | |||||||
412 | 7 | 86 | if ( @_ == 1 ) { | ||||
413 | 3 | 24 | $chars = shift; | ||||
414 | } | ||||||
415 | elsif ( @_ % 2 ) { | ||||||
416 | 1 | 11 | $resp->set_message("Invalid syntax"); | ||||
417 | 1 | 10 | $resp->set_isok(0); | ||||
418 | 1 | 9 | return $resp; | ||||
419 | } | ||||||
420 | elsif ( @_ ) { | ||||||
421 | 2 | 30 | my %opts = @_; | ||||
422 | 2 | 33 | $chars = $opts{chars} || ''; | ||||
423 | } | ||||||
424 | else { | ||||||
425 | 1 | 9 | $chars = ''; | ||||
426 | } | ||||||
427 | |||||||
428 | 6 | 57 | if ( $chars ) { | ||||
429 | 4 | 135 | if ( $chars =~ /^\d+$/ ) { | ||||
430 | 2 | 11 | $unset = 0; | ||||
431 | } | ||||||
432 | elsif ($chars eq 'unset') { | ||||||
433 | 1 | 8 | $chars = 0; | ||||
434 | 1 | 8 | $unset = 1; | ||||
435 | } | ||||||
436 | else { | ||||||
437 | 1 | 18 | $resp->set_message("The parameter must either be an integer or 'unset'"); | ||||
438 | 1 | 19 | $resp->set_isok(0); | ||||
439 | 1 | 12 | return $resp; | ||||
440 | } | ||||||
441 | 3 | 348852 | $rc = $self->context_setminpwdnonalphas( $resp, | ||||
442 | $chars, | ||||||
443 | $unset ); | ||||||
444 | 3 | 104 | $resp->set_value($rc); | ||||
445 | |||||||
446 | } | ||||||
447 | 5 | 71 | if ( $resp->isok ) { | ||||
448 | 5 | 257965 | ($chars,$unset) = $self->context_getminpwdnonalphas( $resp ); | ||||
449 | 5 | 201 | $resp->set_value($unset ? "unset" : $chars); | ||||
450 | } | ||||||
451 | |||||||
452 | 5 | 77 | return $resp; | ||||
453 | } | ||||||
454 | |||||||
455 | sub minpwdlen { | ||||||
456 | 7 | 1 | 43 | my $self = shift; | |||
457 | 7 | 89 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
458 | 7 | 28 | my ($chars,$unset,$rc); | ||||
459 | |||||||
460 | 7 | 72 | if ( @_ == 1 ) { | ||||
461 | 3 | 16 | $chars = shift; | ||||
462 | } | ||||||
463 | elsif ( @_ % 2 ) { | ||||||
464 | 1 | 10 | $resp->set_message("Invalid syntax"); | ||||
465 | 1 | 14 | $resp->set_isok(0); | ||||
466 | 1 | 9 | return $resp; | ||||
467 | } | ||||||
468 | elsif ( @_ ) { | ||||||
469 | 2 | 18 | my %opts = @_; | ||||
470 | 2 | 25 | $chars = $opts{chars} || ''; | ||||
471 | } | ||||||
472 | else { | ||||||
473 | 1 | 9 | $chars = ''; | ||||
474 | } | ||||||
475 | |||||||
476 | 6 | 49 | if ( $chars ) { | ||||
477 | 4 | 55 | if ( $chars =~ /^\d+$/ ) { | ||||
478 | 2 | 8 | $unset = 0; | ||||
479 | } | ||||||
480 | elsif ($chars eq 'unset') { | ||||||
481 | 1 | 9 | $chars = 8; | ||||
482 | 1 | 5 | $unset = 1; | ||||
483 | } | ||||||
484 | else { | ||||||
485 | 1 | 11 | $resp->set_message("The parameter must either be an integer or 'unset'"); | ||||
486 | 1 | 9 | $resp->set_isok(0); | ||||
487 | 1 | 8 | return $resp; | ||||
488 | } | ||||||
489 | 3 | 163123 | $rc = $self->context_setminpwdlen( $resp, | ||||
490 | $chars, | ||||||
491 | $unset ); | ||||||
492 | 3 | 61 | $resp->set_value( $rc ); | ||||
493 | } | ||||||
494 | 5 | 48 | if ( $resp->isok ) { | ||||
495 | 5 | 235460 | ($chars,$unset) = $self->context_getminpwdlen( $resp ); | ||||
496 | 5 | 144 | $resp->set_value($unset ? "unset" : $chars); | ||||
497 | } | ||||||
498 | |||||||
499 | 5 | 59 | return $resp; | ||||
500 | } | ||||||
501 | |||||||
502 | sub max_concur_session { | ||||||
503 | 9 | 1 | 48 | my $self = shift; | |||
504 | 9 | 96 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
505 | 9 | 32 | my ($session,$unset,$unlimited,$displace,$rc); | ||||
506 | |||||||
507 | 9 | 67 | if ( @_ == 1 ) { | ||||
508 | 5 | 19 | $session = shift; | ||||
509 | } | ||||||
510 | elsif ( @_ % 2 ) { | ||||||
511 | 1 | 12 | $resp->set_message("Invalid syntax"); | ||||
512 | 1 | 12 | $resp->set_isok(0); | ||||
513 | 1 | 11 | return $resp; | ||||
514 | } | ||||||
515 | elsif ( @_ ) { | ||||||
516 | 2 | 12 | my %opts = @_; | ||||
517 | 2 | 20 | $session = $opts{session} || ''; | ||||
518 | } | ||||||
519 | else { | ||||||
520 | 1 | 5 | $session = ''; | ||||
521 | } | ||||||
522 | |||||||
523 | 8 | 38 | if ( $session ) { | ||||
524 | 6 | 66 | if ( $session =~ /^\d+$/ ) { | ||||
525 | 1 | 4 | ($unset,$unlimited,$displace) = (0,0,0); | ||||
526 | } | ||||||
527 | elsif ($session eq 'displace') { | ||||||
528 | 2 | 8 | ($session,$unset,$unlimited,$displace) = (0,0,0,1); | ||||
529 | } | ||||||
530 | elsif ($session eq 'unlimited') { | ||||||
531 | 1 | 7 | ($session,$unset,$unlimited,$displace) = (0,0,1,0); | ||||
532 | } | ||||||
533 | elsif ($session eq 'unset') { | ||||||
534 | 1 | 5 | ($session,$unset,$unlimited,$displace) = (0,1,0,0); | ||||
535 | } | ||||||
536 | else { | ||||||
537 | 1 | 8 | $resp->set_message("The parameter must be either an integers, 'displace', 'unlimited' or 'unset'"); | ||||
538 | 1 | 6 | $resp->set_isok(0); | ||||
539 | 1 | 6 | return $resp; | ||||
540 | } | ||||||
541 | |||||||
542 | 5 | 250025 | $rc = $self->context_setmaxconcurwebsess( $resp, | ||||
543 | $session, | ||||||
544 | $displace, | ||||||
545 | $unlimited, | ||||||
546 | $unset, | ||||||
547 | ); | ||||||
548 | 5 | 89 | $resp->set_value($rc); | ||||
549 | |||||||
550 | } | ||||||
551 | 7 | 48 | if ( $resp->isok ) { | ||||
552 | 7 | 17 | my $retval; | ||||
553 | 7 | 325206 | ($session,$displace,$unlimited,$unset) = $self->context_getmaxconcurwebsess( $resp ); | ||||
554 | |||||||
555 | 7 | 91 | if ($unset) { | ||||
556 | 1 | 8 | $retval = 'unset'; | ||||
557 | } | ||||||
558 | elsif ($displace) { | ||||||
559 | 4 | 21 | $retval = 'displace'; | ||||
560 | } | ||||||
561 | elsif ($unlimited) { | ||||||
562 | 1 | 7 | $retval = 'unlimited'; | ||||
563 | } | ||||||
564 | else { | ||||||
565 | 1 | 8 | $retval = $session; | ||||
566 | } | ||||||
567 | 7 | 90 | $resp->set_value($retval); | ||||
568 | } | ||||||
569 | |||||||
570 | 7 | 53 | return $resp; | ||||
571 | } | ||||||
572 | |||||||
573 | sub pwdspaces { | ||||||
574 | 8 | 1 | 51 | my $self = shift; | |||
575 | 8 | 252 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
576 | 8 | 36 | my ($allowed,$unset,$rc); | ||||
577 | |||||||
578 | 8 | 82 | if ( @_ == 1 ) { | ||||
579 | 3 | 13 | $allowed = shift; | ||||
580 | } | ||||||
581 | elsif ( @_ % 2 ) { | ||||||
582 | 1 | 17 | $resp->set_message("Invalid syntax"); | ||||
583 | 1 | 18 | $resp->set_isok(0); | ||||
584 | 1 | 11 | return $resp; | ||||
585 | } | ||||||
586 | elsif ( @_ ) { | ||||||
587 | 2 | 17 | my %opts = @_; | ||||
588 | 2 | 29 | $allowed = $opts{allowed} || ''; | ||||
589 | } | ||||||
590 | else { | ||||||
591 | 2 | 14 | $allowed = ''; | ||||
592 | } | ||||||
593 | |||||||
594 | 7 | 49 | if ( $allowed ) { | ||||
595 | 4 | 61 | if ( $allowed =~ /^\d+$/ ) { | ||||
596 | 2 | 8 | $unset = 0; | ||||
597 | } | ||||||
598 | elsif ( $allowed eq 'unset' ) { | ||||||
599 | 1 | 6 | $allowed = 0; | ||||
600 | 1 | 4 | $unset = 1; | ||||
601 | } | ||||||
602 | else { | ||||||
603 | 1 | 11 | $resp->set_message("The parameter must either be an integer or 'unset'"); | ||||
604 | 1 | 10 | $resp->set_isok(0); | ||||
605 | 1 | 25 | return $resp; | ||||
606 | } | ||||||
607 | |||||||
608 | 3 | 220061 | $rc = $self->context_setpwdspaces( $resp, | ||||
609 | $allowed, | ||||||
610 | $unset ); | ||||||
611 | 3 | 61 | $resp->set_value($rc); | ||||
612 | } | ||||||
613 | 6 | 56 | if ( $resp->isok ) { | ||||
614 | 6 | 321856 | ($allowed,$unset) = $self->context_getpwdspaces( $resp ); | ||||
615 | 6 | 160 | $resp->set_value($unset ? "unset" : $allowed ); | ||||
616 | } | ||||||
617 | |||||||
618 | 6 | 59 | return $resp; | ||||
619 | } | ||||||
620 | |||||||
621 | sub _miltomin { | ||||||
622 | 8 | 34 | my $miltime = shift || 0; | ||||
623 | 8 | 37 | return ( $miltime - $miltime % 100 ) * .6 + $miltime % 100; | ||||
624 | } | ||||||
625 | |||||||
626 | sub _mintomil { | ||||||
627 | 8 | 20 | my $mins = shift; | ||||
628 | |||||||
629 | 8 | 55 | return ($mins - $mins % 60)/.6 + $mins % 60; | ||||
630 | } | ||||||
631 | |||||||
632 | sub tod { | ||||||
633 | 9 | 1 | 39 | my $self = shift; | |||
634 | 9 | 93 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
635 | 9 | 32 | my ( $days, $start, $end, $reference, $unset, $rc ); | ||||
636 | 9 | 21 | my (@list, %rc ); | ||||
637 | |||||||
638 | 9 | 42 | if ( @_ % 2 ) { | ||||
639 | 1 | 11 | $resp->set_message("Invalid syntax"); | ||||
640 | 1 | 10 | $resp->set_isok(0); | ||||
641 | 1 | 10 | return $resp; | ||||
642 | } | ||||||
643 | 8 | 45 | my %opts = @_; | ||||
644 | |||||||
645 | 8 | 51 | $reference = $opts{reference} || ''; | ||||
646 | |||||||
647 | 8 | 42 | if ( $opts{days} ) { | ||||
648 | 7 | 21 | $reference = $reference eq 'UTC'; | ||||
649 | |||||||
650 | 7 | 43 | if ( $opts{days} ne 'unset' ) { | ||||
651 | 5 | 19 | if ( ref($opts{days}) ) { | ||||
652 | 2 | 9 | $days = _listtotod( $opts{days} ) | ||||
653 | } | ||||||
654 | else { | ||||||
655 | 3 | 15 | if ( $opts{days} > 127 ) { | ||||
656 | 1 | 7 | $resp->set_message( "error -- days bitmask > 127"); | ||||
657 | 1 | 7 | $resp->set_isok(0); | ||||
658 | 1 | 7 | return $resp; | ||||
659 | } | ||||||
660 | 2 | 7 | $days = $opts{days}; | ||||
661 | } | ||||||
662 | 4 | 20 | $start = _miltomin( $opts{start} ); | ||||
663 | 4 | 16 | $end = _miltomin( $opts{end} ); | ||||
664 | 4 | 9 | $unset = 0; | ||||
665 | } | ||||||
666 | else { | ||||||
667 | 2 | 7 | $days = $start = $end = 0; | ||||
668 | 2 | 5 | $unset = 1; | ||||
669 | } | ||||||
670 | |||||||
671 | 6 | 292983 | $self->context_settodaccess( $resp, | ||||
672 | $days, | ||||||
673 | $start, | ||||||
674 | $end, | ||||||
675 | $reference, | ||||||
676 | $unset ); | ||||||
677 | } | ||||||
678 | 7 | 106 | if ( $resp->isok ) { | ||||
679 | 7 | 322952 | @list = $self->context_gettodaccess( $resp ); | ||||
680 | 7 | 94 | if ( $list[-1] ) { | ||||
681 | 3 | 31 | $rc{days} = 0; | ||||
682 | 3 | 12 | $rc{start} = 0; | ||||
683 | 3 | 14 | $rc{end} = 0; | ||||
684 | 3 | 22 | $rc{reference} = 'local'; | ||||
685 | 3 | 13 | $rc{unset} = 1; | ||||
686 | } | ||||||
687 | else { | ||||||
688 | 4 | 37 | $rc{days} = [ _todtolist( $list[0] ) ]; | ||||
689 | 4 | 27 | $rc{start} = _mintomil( $list[1] ); | ||||
690 | 4 | 19 | $rc{end} = _mintomil( $list[2] ); | ||||
691 | 4 | 26 | $rc{reference} = $list[3] ? 'UTC' : 'local'; | ||||
692 | } | ||||||
693 | |||||||
694 | 7 | 95 | $resp->set_value( \%rc ); | ||||
695 | } | ||||||
696 | |||||||
697 | 7 | 84 | return $resp; | ||||
698 | } | ||||||
699 | |||||||
700 | sub userreg { | ||||||
701 | 1 | 1 | 10 | my $self = shift; | |||
702 | 1 | 50 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
703 | |||||||
704 | 1 | 46740 | $resp->set_value( $self->context_getuserreg( $resp ) ? "LDAP" : "DCE"); | ||||
705 | |||||||
706 | 1 | 13 | return $resp; | ||||
707 | } | ||||||
708 | |||||||
709 | sub codeset { | ||||||
710 | 1 | 1 | 9 | my $self = shift; | |||
711 | 1 | 14 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
712 | |||||||
713 | 1 | 79 | $resp->set_value( $self->context_getcodeset() ? "LOCAL" : "UTF8" ); | ||||
714 | |||||||
715 | 1 | 8 | return $resp; | ||||
716 | } | ||||||
717 | |||||||
718 | 1; | ||||||
719 | |||||||
720 - 1131 | =head1 NAME Tivoli::AccessManager::Admin::Context =head1 SYNOPSIS use Tivoli::AccessManager::Admin::Context; $pdadmin = Tivoli::AccessManager::Admin::Context->new( password => 'foobar' ); $resp->iserror() and die "Couldn't establish context\n"; =head1 Description B<Tivoli::AccessManager::Admin::Context> handles the context related functions in the TAM API. For the most part, it is used solely for establishing the context. There are, however, some global parameters that are set using this module. As with all the other modules in this collection, you must have the Authentication ADK installed to use this modules. =head1 CONSTRUCTOR =head2 new ( OPTIONS ) Logs into the policy server's domain, In TAM speak, it creates a new context. There are two different ways to call this function. At the bare minimum, you can simply provide a password. This will then rely upon the configuration of the PDRTE to figure out the rest of the information. This is the same base effect as saying "pdadmin -a sec_master -p <password>". You can also specify the userid and the domain with this method. Alternately, you can specify all of the parameters below and log into any domain with out changing the configuration of your RTE. If anyone of the parameters other than password, userid or domain are set, all must be set. =head3 Parameters =over 4 =item password =E<gt> PASSWORD The password to be used when binding to the policy server. This is the only mandatory parameter. =item userid =E<gt> USERID The ID to use when binding to the policy server. (Default:sec_master) =item domain =E<gt> DOMAIN The domain into which to bind. (Default: uhh.. Default ) =item codeset =E<gt> [UTF|LOCAL] The codeset to be used to encode the character data. It can be either UTF or LOCAL. =item server =E<gt> SERVER The name of the policy server. This can be either a hostname or an IP address. =item port =E<gt> PORT The port on which the policy server listens. =item keyringfile =E<gt> PATH The fully qualified path name ( FQPN ) to the keydatabase for the policy domain. =item keystashfile =E<gt> PATH The FQPN to the stashed password for the keyring =item configfile =E<gt> PATH The FQPN to the pd.conf file =back =head3 Returns A fully blessed L<Tivoli::AccessManager::Admin::Context> object, or it will die on error. If you cannot establish a context, nothing else will work. =head1 METHODS Most of the methods available on a B<Tivoli::AccessManager::Admin::Context> object follow the same rules. The L<Tivoli::AccessManager::Admin::Response> object will always contain the results of a 'get'. If any of the optional parameters are sent, a 'set' will be performed. =head2 accexpdate( SECONDS | 'unset' | 'unlimited' ) Returns the currently configured global account expiration date. =head3 Parameters =over 4 =item SECONDS | 'unset' | 'unlimited' The date when all passwords will expire. The date is expressed as seconds since the beginning of the Epoch. =back =head3 Returns "unlimited", "unset" or the date in seconds since the Epoch when the passwords will expire. =head2 disabletimeint (SECONDS | 'disable' | 'unset' ) Returns the currently configured global account disable timeout. =head3 Parameters =over 4 =item SECONDS | 'disable' | 'unset' The number of seconds an account will be disabled due to failed logins =back =head3 Returns "disabled", "unset" or the time in seconds an account will be disabled =head2 maxlgnfails ( N | 'unset' ) Returns the currently configured global maximum number of failed login attempts. =head3 Parameters =over 4 =item N | 'unset' The number of failed login attempts before the account is disabled. =back =head3 Returns "unset" or the number of allowed failed login attempts allowed. =head2 maxpwdage ( SECONDS | 'unset') Returns the currently configured global maximum password age. =head3 Parameters =over 4 =item SECONDS | 'unset' The maximum age of a password expressed in seconds. =back =head3 Returns "unset" or the maximum age of passwords in seconds. =head2 maxpwdrepchars ( CHARS | 'unset' ) Returns the maximum repeated characters allowed in a password =head3 Parameters =over 4 =item CHARS | 'unset' The maximum number of repeated characters in a password =back =head3 Returns "unset" or the maximum repeated characters allowed in a password. =head2 minpwdalphas ( CHARS | 'unset' ) Returns the minimum alphabetic characters in a password =head3 Parameters =over 4 =item CHARS | 'unset' The minimum number of alphabetic characters in a password =back =head3 Returns "unset" or the minimum alphabetic characters allowed in a password. =head2 minpwdnonalphas ( CHARS | 'unset' ) Returns the minimum non-alphabetic characters in a password =head3 Parameters =over 4 =item CHARS | 'unset' The minimum number of non-alphabetic characters in a password =back =head3 Returns "unset" or the minimum non-alphabetic characters allowed in a password. =head2 minpwdlen ( CHARS | 'unset' ) Returns the minimum password length =head3 Parameters =over 4 =item CHARS | 'unset' The minimum number length of a password =back =head3 Returns "unset" or the minimum length of a password. =head2 pwdspaces ( 0 | 1 | 'unset' ) Returns the current policy on spaces in passwords =head3 Parameters =over 4 =item 0 | 1 | 'unset' Whether or not to allows spaces in passwords. =back =head3 Returns "unset" or 'allowed'. =head2 max_concur_session(['displace'|'unlimited'|'unset'|NUM]) Returns or sets the current maximum concurrent web sessions allowed. =head3 Parameters =over 4 =item 'displace'|'unlimited'|'unset'|NUM 'unlimited' or 'unset' will disable the policy; NUM will set the maximum allowed sessions; and 'displace' will cause the new session to replace the old. =back =head3 Returns The current setting. =head2 tod( days =E<gt> 'unset' ) =head2 tod ( days =E<gt> [array], start =E<gt> N, end =E<gt> N, reference =E<gt> local | UTC ) Returns the current time of day access policy =head3 Parameters =over 4 =item days 'unset' will cause the the time of day access policy to be unset. Otherwise, B<days> should be a reference to an array containing some combination of: mon, tue, wed, thu, fri, sat, sun or any. If the word 'any' is found anywhere in the array, it will over ride all the others. =item start The beginning of the allowed access time, expressed in 24-hour format. Since perl will try to interpret any number starting with a 0 as an octal number ( leading to annoying problems with 09xx ), you need to either drop the preceding 0 ( eg, 900 ) or specify it as a string ( '0900' ). =item end The end of the allowed access time. See the previous item for the caveats. =item UTC|local Under the covers, start and end are calculated as minutes past midnight. TAM needs to know if you are referencing midnight UTC or midnight local time. The default is 'local'. =back =head3 Returns A L<Tivoli::AccessManager::Admin::Response> object, the value of which is a hash with the key/value pairs: =over 4 =item days An array reference to the days for which the policy is enforced. If the TOD policy is unset, this refers to an empty array. =item start The time of day when access is allowed, expressed in 24-hour format. If the TOD policy is unset, this will be zero. =item end The time of day when access is denied, expressed in 24-hour format. If the TOD policy is unset, this will be zero. =item reference UTC or local. If the policy is unset, this will be local. =back The following methods are all read-only. I will not bother to say that again, nor will you see any of the usual 'Parameter' or 'Returns' headings - the description tells you the return value. =head2 userreg Returns the user registry that TAM is configured against. =head2 isauthenticated Returns true if the current context is authenticated =head2 codeset Returns the codeset currently associated with the context - "UTF8" or "LOCAL" =head2 domainid Returns the name of the domain associated with the context =head2 mgmtdomain Returns the management domain associated with the context. =head2 mgmtsvrhost Returns the hostname of the Policy Server =head2 mgmtsvrport Returns the port of the Policy Server =head2 userid Returns the user id user to create the context. =head1 SEE ALSO L<Tivoli::AccessManager::Admin::Response>, =head1 ACKNOWLEDGEMENTS Please read L<Tivoli::AccessManager::Admin> for the full list of acks. I stand upon the shoulders of giants. =head1 BUGS None at the moment. =head1 AUTHOR Mik Firestone E<lt>mikfire@gmail.comE<gt> =head1 COPYRIGHT Copyright (c) 2004-2011 Mik Firestone. All rights reserved. This program is free software; you can redistibute it and/or modify it under the same terms as Perl itself. All references to TAM, Tivoli Access Manager, etc are copyrighted by IBM. =cut | ||||||
1132 |