/*
|
* CDDL HEADER START
|
*
|
* The contents of this file are subject to the terms of the
|
* Common Development and Distribution License, Version 1.0 only
|
* (the "License"). You may not use this file except in compliance
|
* with the License.
|
*
|
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
|
* or http://forgerock.org/license/CDDLv1.0.html.
|
* See the License for the specific language governing permissions
|
* and limitations under the License.
|
*
|
* When distributing Covered Code, include this CDDL HEADER in each
|
* file and include the License file at legal-notices/CDDLv1_0.txt.
|
* If applicable, add the following below this CDDL HEADER, with the
|
* fields enclosed by brackets "[]" replaced with your own identifying
|
* information:
|
* Portions Copyright [yyyy] [name of copyright owner]
|
*
|
* CDDL HEADER END
|
*
|
*
|
* Copyright 2008-2010 Sun Microsystems, Inc.
|
* Portions Copyright 2014-2015 ForgeRock AS
|
*/
|
|
package org.opends.guitools.controlpanel.task;
|
|
import static org.opends.messages.AdminToolMessages.*;
|
|
import java.util.ArrayList;
|
import java.util.Collection;
|
import java.util.HashSet;
|
import java.util.Set;
|
import java.util.TreeSet;
|
|
import javax.naming.Context;
|
import javax.naming.NamingEnumeration;
|
import javax.naming.directory.SearchControls;
|
import javax.naming.directory.SearchResult;
|
import javax.naming.ldap.InitialLdapContext;
|
|
import org.opends.admin.ads.util.ConnectionUtils;
|
import org.opends.guitools.controlpanel.browser.BrowserController;
|
import org.opends.guitools.controlpanel.datamodel.BackendDescriptor;
|
import org.opends.guitools.controlpanel.datamodel.BaseDNDescriptor;
|
import org.opends.guitools.controlpanel.datamodel.ControlPanelInfo;
|
import org.opends.guitools.controlpanel.ui.ProgressDialog;
|
import org.opends.guitools.controlpanel.ui.nodes.BasicNode;
|
import org.opends.guitools.controlpanel.util.Utilities;
|
import org.forgerock.i18n.LocalizableMessage;
|
import org.opends.server.config.ConfigConstants;
|
import org.opends.server.tools.LDAPPasswordModify;
|
import org.opends.server.types.DN;
|
import org.opends.server.types.OpenDsException;
|
|
/**
|
* The task called when we want to reset the password of the user.
|
*
|
*/
|
public class ResetUserPasswordTask extends Task
|
{
|
private Set<String> backendSet;
|
private BasicNode node;
|
private char[] currentPassword;
|
private char[] newPassword;
|
private DN dn;
|
private boolean useAdminCtx;
|
|
/**
|
* Constructor of the task.
|
* @param info the control panel information.
|
* @param dlg the progress dialog where the task progress will be displayed.
|
* @param node the node corresponding to the entry whose password is going
|
* to be reset.
|
* @param controller the BrowserController.
|
* @param pwd the new password.
|
*/
|
public ResetUserPasswordTask(ControlPanelInfo info, ProgressDialog dlg,
|
BasicNode node, BrowserController controller, char[] pwd)
|
{
|
super(info, dlg);
|
backendSet = new HashSet<>();
|
this.node = node;
|
this.newPassword = pwd;
|
try
|
{
|
dn = DN.valueOf(node.getDN());
|
for (BackendDescriptor backend : info.getServerDescriptor().getBackends())
|
{
|
for (BaseDNDescriptor baseDN : backend.getBaseDns())
|
{
|
if (dn.isDescendantOf(baseDN.getDn()))
|
{
|
backendSet.add(backend.getBackendID());
|
}
|
}
|
}
|
}
|
catch (OpenDsException ode)
|
{
|
throw new RuntimeException("Could not parse DN: "+node.getDN(), ode);
|
}
|
try
|
{
|
InitialLdapContext ctx =
|
controller.findConnectionForDisplayedEntry(node);
|
if (ctx != null && isBoundAs(dn, ctx))
|
{
|
currentPassword = ConnectionUtils.getBindPassword(ctx).toCharArray();
|
}
|
}
|
catch (Throwable t)
|
{
|
}
|
useAdminCtx = controller.isConfigurationNode(node);
|
}
|
|
/** {@inheritDoc} */
|
public Type getType()
|
{
|
return Type.MODIFY_ENTRY;
|
}
|
|
/** {@inheritDoc} */
|
public Set<String> getBackends()
|
{
|
return backendSet;
|
}
|
|
/** {@inheritDoc} */
|
public LocalizableMessage getTaskDescription()
|
{
|
return INFO_CTRL_PANEL_RESET_USER_PASSWORD_TASK_DESCRIPTION.get(
|
node.getDN());
|
}
|
|
/** {@inheritDoc} */
|
public boolean regenerateDescriptor()
|
{
|
return false;
|
}
|
|
/** {@inheritDoc} */
|
protected String getCommandLinePath()
|
{
|
return getCommandLinePath("ldappasswordmodify");
|
}
|
|
/** {@inheritDoc} */
|
protected ArrayList<String> getCommandLineArguments()
|
{
|
ArrayList<String> args = new ArrayList<>();
|
if (currentPassword == null)
|
{
|
args.add("--authzID");
|
args.add("dn:"+dn);
|
}
|
else
|
{
|
args.add("--currentPassword");
|
args.add(String.valueOf(currentPassword));
|
}
|
args.add("--newPassword");
|
args.add(String.valueOf(newPassword));
|
args.addAll(getConnectionCommandLineArguments(useAdminCtx, true));
|
args.add(getNoPropertiesFileArgument());
|
return args;
|
}
|
|
/** {@inheritDoc} */
|
public boolean canLaunch(Task taskToBeLaunched,
|
Collection<LocalizableMessage> incompatibilityReasons)
|
{
|
if (!isServerRunning()
|
&& state == State.RUNNING
|
&& runningOnSameServer(taskToBeLaunched))
|
{
|
// All the operations are incompatible if they apply to this
|
// backend for safety. This is a short operation so the limitation
|
// has not a lot of impact.
|
Set<String> backends = new TreeSet<>(taskToBeLaunched.getBackends());
|
backends.retainAll(getBackends());
|
if (!backends.isEmpty())
|
{
|
incompatibilityReasons.add(getIncompatibilityMessage(this, taskToBeLaunched));
|
return false;
|
}
|
}
|
return true;
|
}
|
|
/** {@inheritDoc} */
|
public void runTask()
|
{
|
state = State.RUNNING;
|
lastException = null;
|
try
|
{
|
ArrayList<String> arguments = getCommandLineArguments();
|
String[] args = new String[arguments.size()];
|
arguments.toArray(args);
|
|
returnCode = LDAPPasswordModify.mainPasswordModify(args, false,
|
outPrintStream, errorPrintStream);
|
|
if (returnCode != 0)
|
{
|
state = State.FINISHED_WITH_ERROR;
|
}
|
else
|
{
|
if (lastException == null && currentPassword != null)
|
{
|
// The connections must be updated, just update the environment, which
|
// is what we use to clone connections and to launch scripts.
|
// The environment will also be used if we want to reconnect.
|
getInfo().getDirContext().addToEnvironment(
|
Context.SECURITY_CREDENTIALS,
|
String.valueOf(newPassword));
|
if (getInfo().getUserDataDirContext() != null)
|
{
|
getInfo().getUserDataDirContext().addToEnvironment(
|
Context.SECURITY_CREDENTIALS,
|
String.valueOf(newPassword));
|
}
|
}
|
state = State.FINISHED_SUCCESSFULLY;
|
}
|
}
|
catch (Throwable t)
|
{
|
lastException = t;
|
state = State.FINISHED_WITH_ERROR;
|
}
|
}
|
|
/**
|
* Returns <CODE>true</CODE> if we are bound using the provided entry. In
|
* the case of root entries this is not necessarily the same as using that
|
* particular DN (we might be binding using a value specified in
|
* ds-cfg-alternate-bind-dn).
|
* @param dn the DN.
|
* @param ctx the connection that we are using to modify the password.
|
* @return <CODE>true</CODE> if we are bound using the provided entry.
|
*/
|
private boolean isBoundAs(DN dn, InitialLdapContext ctx)
|
{
|
boolean isBoundAs = false;
|
DN bindDN = DN.rootDN();
|
try
|
{
|
String b = ConnectionUtils.getBindDN(ctx);
|
bindDN = DN.valueOf(b);
|
isBoundAs = dn.equals(bindDN);
|
}
|
catch (Throwable t)
|
{
|
// Ignore
|
}
|
if (!isBoundAs)
|
{
|
try
|
{
|
SearchControls ctls = new SearchControls();
|
ctls.setSearchScope(SearchControls.OBJECT_SCOPE);
|
String filter =
|
"(|(objectClass=*)(objectclass=ldapsubentry))";
|
String attrName = ConfigConstants.ATTR_ROOTDN_ALTERNATE_BIND_DN;
|
ctls.setReturningAttributes(new String[] {attrName});
|
NamingEnumeration<SearchResult> entries =
|
ctx.search(Utilities.getJNDIName(dn.toString()), filter, ctls);
|
|
try
|
{
|
while (entries.hasMore())
|
{
|
SearchResult sr = entries.next();
|
Set<String> dns = ConnectionUtils.getValues(sr, attrName);
|
for (String sDn : dns)
|
{
|
if (bindDN.equals(DN.valueOf(sDn)))
|
{
|
isBoundAs = true;
|
break;
|
}
|
}
|
}
|
}
|
finally
|
{
|
entries.close();
|
}
|
}
|
catch (Throwable t)
|
{
|
}
|
}
|
return isBoundAs;
|
}
|
}
|
