From 1a4cbdaa793b874a0779f79093659c40cd544c35 Mon Sep 17 00:00:00 2001
From: Ludovic Poitou <ludovic.poitou@forgerock.com>
Date: Tue, 28 Jan 2014 09:34:41 +0000
Subject: [PATCH] Fix for OPENDJ-1294. Add code to read password from stdin when detecting option '-w -'

---
 opends/src/server/org/opends/server/tools/LDAPPasswordModify.java |   29 +++++++++++++++++++++++++++--
 1 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/opends/src/server/org/opends/server/tools/LDAPPasswordModify.java b/opends/src/server/org/opends/server/tools/LDAPPasswordModify.java
index 1756ac0..a65d2f8 100644
--- a/opends/src/server/org/opends/server/tools/LDAPPasswordModify.java
+++ b/opends/src/server/org/opends/server/tools/LDAPPasswordModify.java
@@ -22,7 +22,7 @@
  *
  *
  *      Copyright 2006-2010 Sun Microsystems, Inc.
- *      Portions Copyright 2013 ForgeRock AS
+ *      Portions Copyright 2013-2014 ForgeRock AS
  */
 package org.opends.server.tools;
 
@@ -46,6 +46,7 @@
 import org.opends.server.protocols.ldap.UnbindRequestProtocolOp;
 import org.opends.server.types.*;
 import org.opends.server.util.EmbeddedUtils;
+import org.opends.server.util.PasswordReader;
 import org.opends.server.util.args.ArgumentException;
 import org.opends.server.util.args.ArgumentParser;
 import org.opends.server.util.args.BooleanArgument;
@@ -149,7 +150,7 @@
     BooleanArgument   useSSL;
     BooleanArgument   useStartTLS;
     FileBasedArgument bindPWFile;
-    StringArgument    certNickname           = null;
+    StringArgument    certNickname;
     FileBasedArgument currentPWFile;
     FileBasedArgument newPWFile;
     FileBasedArgument sslKeyStorePINFile;
@@ -642,6 +643,30 @@
     {
       dn = bindDN.getValue();
       pw = bindPW.getValue();
+      if(pw != null && pw.equals("-"))
+      {
+        // read the password from the stdin.
+        try
+        {
+          out.print(INFO_LDAPAUTH_PASSWORD_PROMPT.get(dn));
+          char[] pwChars = PasswordReader.readPassword();
+          //As per rfc 4513(section-5.1.2) a client should avoid sending
+          //an empty password to the server.
+          while(pwChars.length==0)
+          {
+            err.println(wrapText(
+                INFO_LDAPAUTH_NON_EMPTY_PASSWORD.get(),
+                MAX_LINE_WIDTH));
+            out.print(INFO_LDAPAUTH_PASSWORD_PROMPT.get(dn));
+            pwChars = PasswordReader.readPassword();
+          }
+          pw = new String(pwChars);
+        } catch(Exception ex)
+        {
+          err.println(wrapText(ex.getMessage(), MAX_LINE_WIDTH));
+          return CLIENT_SIDE_PARAM_ERROR;
+        }
+      }
     }
     else if (bindPWFile.isPresent())
     {

--
Gitblit v1.10.0