rpetti · December 27, 2015 12:19
diff --git a/auth-set.pl b/auth-set.pl
 #!/usr/bin/perl
 
 # p4 trigger: updateLocalPw auth-set auth "%serverroot%/triggers/auth-set.pl %user% %serverroot%/triggers/ldap-check-auth.pl"
 
 $login = shift(ARGV);
 $authCmd = shift(ARGV);
 
 open(LCL_PASSWD_FILE,"</etc/p4shadow") or die "Can't open local shadow password file.";
 @PASSWD = <LCL_PASSWD_FILE>;
 close(LCL_PASSWD_FILE);
 
 chomp(@PASSWD);
 
 @PASSWD = grep(!/^$login\:\:/, @PASSWD);
 
 chomp(my @passwd = <STDIN>);
 s/\r$// for(@passwd);
 
 open(AUTH, "| $authCmd $login") or die "Can't authenticate password.";
 print AUTH "$passwd[0]\n";
 close(AUTH);
 die "Authentication failed." if $?;
 
 my @salt = ( '.', '/', 0 .. 9, 'A' .. 'Z', 'a' .. 'z' );
 
 # this takes password as argument: good for simple example, bad for
 # security (perldoc -q password)
 
 my $encrypted;
 
 # generate traditional (weak!) DES password, and more modern md5
 $encrypted = crypt( $passwd[1], gensalt(2) );
 
 push(@PASSWD,"$login\:\:$encrypted");
 
 open(LCL_PASSWD_FILE,">/etc/p4shadow");
 foreach (@PASSWD) {
 	print LCL_PASSWD_FILE "$_\n";
 }
 close(LCL_PASSWD_FILE);
 
 # uses global @salt to construct salt string of requested length
 sub gensalt {
  my $count = shift;
 
  my $salt;
  for (1..$count) {
    $salt .= (@salt)[rand @salt];
  }
 
  return $salt;
 }
diff --git a/ldap-check-auth.pl b/ldap-check-auth.pl
 #!/usr/bin/perl
 #
 # Script called by the perforce via the auth-check trigger
 # p4 trigger: 'ldap auth-check auth "%serverroot%/triggers/ldap-check-auth.pl %user%"'

 use Net::LDAP;

 # Read in login name and password
 my $login = shift(ARGV);
 my $ldapServer = "ldap-hostname";
 my $ldapServerBackup = "ldap-hostname-2";

 open(STDERR, ">&STDOUT") or die "Can't dup stdout";
 ##
 ## read the password from <stdin< and truncate the newline
 ##
 chomp (my $passwd = <STDIN>);
 $passwd =~ s/\r$//;

 #
 # Check /etc/p4shadow to see if the login account this there.  If it is, do authentication there.
 #
 open(LCL_PASSWD_FILE,"</etc/p4shadow") or die "Can't open local shadow password file.";
 while (<LCL_PASSWD_FILE>) {
 #  next if ( /^\#/ );
  if ( /^$login\:\:/ ) {
    chomp;
    ($testpasswd = $_) =~ s/^$login\:\://;
    if ( crypt($passwd, $testpasswd) ne $testpasswd ) {
        open("DEBUGFILE", '>>/tmp/debugP4Login');
        $mesg =  "Local Authentication of $login failed with bad shadow password - " . `date` ."";
        print DEBUGFILE $mesg;
        close DEBUGFILE;
        sendError("relops", "LocalShadowAuth", $mesg);
        exit 1;
    }
    # Was able to authenticate via local p4passwd file, exist success
    exit 0;
  }
 }
 close LCL_PASSWD_FILE;

 #
 # Check /etc/p4passwd to see if the login account this there.  If it is, do authentication there.
 #
 open(LCL_PASSWD_FILE,"</etc/p4passwd") or die "Can't open local password file.";
 while (<LCL_PASSWD_FILE>) {
 #  next if ( /^\#/ );
  if ( /^$login\:\:/ ) {
    chomp;
    ($testpasswd = $_) =~ s/^$login\:\://;
    if ( $testpasswd ne $passwd ) {
        open("DEBUGFILE", '>>/tmp/debugP4Login');
        $mesg =  "Local Authentication of $login failed with bad password - " . `date` ."";
        print DEBUGFILE $mesg;
        close DEBUGFILE;
        sendError("relops", "LocalAuth", $mesg);
        exit 1;
    }
    # Was able to authenticate via local p4passwd file, exist success
    exit 0;
  }
 }
 close LCL_PASSWD_FILE;


 $ldap = Net::LDAP->new ( $ldapServer ) or sendError("relops", "Connection", "");
 $mesg = $ldap->bind ( version => 3 ); # use for searches

 $mesg = $ldap->bind ( "$login\@somedomain.com",
 password => "$passwd",
 version => 3 );

 #
 # It applears that "52e" means bad password and 525 is invalid login
 #
 if ( $mesg->code ) {
 	open("DEBUGFILE", '>>/tmp/debugP4Login');
 	print DEBUGFILE $mesg->error;
 	print DEBUGFILE " - $login " . `date` . "";
 	#print DEBUGFILE "LDAP Authentication Error.\n";
 	if ( $mesg->error =~ /52e/ )
 	{
 		$ldapErrorMsg="LDAP returned data 52e which means bad password Full LDAP message\n";
 	}
 	elsif ( $mesg->error =~ /525/ )
 	{
 		$ldapErrorMsg="LDAP returned data 525 which means unknown login Full LDAP message\n";
 	}

 	$ldapErrorMsg = $ldapErrorMsg . $mesg->error;
 	$ldapErrorMsg=~s/[^0-9a-zA-Z ]//g;
 	sendError("relops", "LDAP", $ldapErrorMsg);
 	exit $mesg->code;
 }
 exit 0;


 sub sendError
 {
 	my ($emailUser, $error, $msg) = @_;

 	$msg = `date` . $msg;	
 	$msg=~s/[:,]//g;

 	if ($error=~/Connection/)
 	{ 
 		`echo "$login is having Connection Problem on $ldapServer" | mail -s "IMPORTANT: Respond immediately!! ldap connection problem on $ldapServer" $emailUser\@somedomain.com`;
 		`echo "Perforce is having problem communicating with LDAP Server $ldapServer. Please let releng know ASAP." | mail -s "Perforce LDAP communication problem" -c relops\@interwoven.com $login\@somedomain.com`;
 		die "LDAP failed";
 		exit 1;
 	}
 	if ($error=~/LDAP/)
 	{ 
 		`echo "$msg" | mail -s "LDAP authentication failed for $login on $ldapServer" $emailUser\@somedomain.com`;
 	}
 	if ($error=~/LocalAuth/)
 	{ 
 		`echo "$msg" | mail -s "Local authentication failed for $login" $emailUser\@somedomain.com`;
 	}
 }
	#!/usr/bin/perl

	# p4 trigger: updateLocalPw auth-set auth "%serverroot%/triggers/auth-set.pl %user% %serverroot%/triggers/ldap-check-auth.pl"

	$login = shift(ARGV);
	$authCmd = shift(ARGV);

	open(LCL_PASSWD_FILE,"</etc/p4shadow") or die "Can't open local shadow password file.";
	@PASSWD = <LCL_PASSWD_FILE>;
	close(LCL_PASSWD_FILE);

	chomp(@PASSWD);

	@PASSWD = grep(!/^$login\:\:/, @PASSWD);

	chomp(my @passwd = <STDIN>);
	s/\r$// for(@passwd);

	open(AUTH, "\| $authCmd $login") or die "Can't authenticate password.";
	print AUTH "$passwd[0]\n";
	close(AUTH);
	die "Authentication failed." if $?;

	my @salt = ( '.', '/', 0 .. 9, 'A' .. 'Z', 'a' .. 'z' );

	# this takes password as argument: good for simple example, bad for
	# security (perldoc -q password)

	my $encrypted;

	# generate traditional (weak!) DES password, and more modern md5
	$encrypted = crypt( $passwd[1], gensalt(2) );

	push(@PASSWD,"$login\:\:$encrypted");

	open(LCL_PASSWD_FILE,">/etc/p4shadow");
	foreach (@PASSWD) {
	print LCL_PASSWD_FILE "$_\n";
	}
	close(LCL_PASSWD_FILE);

	# uses global @salt to construct salt string of requested length
	sub gensalt {
	my $count = shift;

	my $salt;
	for (1..$count) {
	$salt .= (@salt)[rand @salt];
	}

	return $salt;
	}
	#!/usr/bin/perl
	#
	# Script called by the perforce via the auth-check trigger
	# p4 trigger: 'ldap auth-check auth "%serverroot%/triggers/ldap-check-auth.pl %user%"'

	use Net::LDAP;

	# Read in login name and password
	my $login = shift(ARGV);
	my $ldapServer = "ldap-hostname";
	my $ldapServerBackup = "ldap-hostname-2";

	open(STDERR, ">&STDOUT") or die "Can't dup stdout";
	##
	## read the password from <stdin< and truncate the newline
	##
	chomp (my $passwd = <STDIN>);
	$passwd =~ s/\r$//;

	#
	# Check /etc/p4shadow to see if the login account this there. If it is, do authentication there.
	#
	open(LCL_PASSWD_FILE,"</etc/p4shadow") or die "Can't open local shadow password file.";
	while (<LCL_PASSWD_FILE>) {
	# next if ( /^\#/ );
	if ( /^$login\:\:/ ) {
	chomp;
	($testpasswd = $_) =~ s/^$login\:\://;
	if ( crypt($passwd, $testpasswd) ne $testpasswd ) {
	open("DEBUGFILE", '>>/tmp/debugP4Login');
	$mesg = "Local Authentication of $login failed with bad shadow password - " . `date` ."";
	print DEBUGFILE $mesg;
	close DEBUGFILE;
	sendError("relops", "LocalShadowAuth", $mesg);
	exit 1;
	}
	# Was able to authenticate via local p4passwd file, exist success
	exit 0;
	}
	}
	close LCL_PASSWD_FILE;

	#
	# Check /etc/p4passwd to see if the login account this there. If it is, do authentication there.
	#
	open(LCL_PASSWD_FILE,"</etc/p4passwd") or die "Can't open local password file.";
	while (<LCL_PASSWD_FILE>) {
	# next if ( /^\#/ );
	if ( /^$login\:\:/ ) {
	chomp;
	($testpasswd = $_) =~ s/^$login\:\://;
	if ( $testpasswd ne $passwd ) {
	open("DEBUGFILE", '>>/tmp/debugP4Login');
	$mesg = "Local Authentication of $login failed with bad password - " . `date` ."";
	print DEBUGFILE $mesg;
	close DEBUGFILE;
	sendError("relops", "LocalAuth", $mesg);
	exit 1;
	}
	# Was able to authenticate via local p4passwd file, exist success
	exit 0;
	}
	}
	close LCL_PASSWD_FILE;


	$ldap = Net::LDAP->new ( $ldapServer ) or sendError("relops", "Connection", "");
	$mesg = $ldap->bind ( version => 3 ); # use for searches

	$mesg = $ldap->bind ( "$login\@somedomain.com",
	password => "$passwd",
	version => 3 );

	#
	# It applears that "52e" means bad password and 525 is invalid login
	#
	if ( $mesg->code ) {
	open("DEBUGFILE", '>>/tmp/debugP4Login');
	print DEBUGFILE $mesg->error;
	print DEBUGFILE " - $login " . `date` . "";
	#print DEBUGFILE "LDAP Authentication Error.\n";
	if ( $mesg->error =~ /52e/ )
	{
	$ldapErrorMsg="LDAP returned data 52e which means bad password Full LDAP message\n";
	}
	elsif ( $mesg->error =~ /525/ )
	{
	$ldapErrorMsg="LDAP returned data 525 which means unknown login Full LDAP message\n";
	}

	$ldapErrorMsg = $ldapErrorMsg . $mesg->error;
	$ldapErrorMsg=~s/[^0-9a-zA-Z ]//g;
	sendError("relops", "LDAP", $ldapErrorMsg);
	exit $mesg->code;
	}
	exit 0;


	sub sendError
	{
	my ($emailUser, $error, $msg) = @_;

	$msg = `date` . $msg;
	$msg=~s/[:,]//g;

	if ($error=~/Connection/)
	{
	`echo "$login is having Connection Problem on $ldapServer" \| mail -s "IMPORTANT: Respond immediately!! ldap connection problem on $ldapServer" $emailUser\@somedomain.com`;
	`echo "Perforce is having problem communicating with LDAP Server $ldapServer. Please let releng know ASAP." \| mail -s "Perforce LDAP communication problem" -c relops\@interwoven.com $login\@somedomain.com`;
	die "LDAP failed";
	exit 1;
	}
	if ($error=~/LDAP/)
	{
	`echo "$msg" \| mail -s "LDAP authentication failed for $login on $ldapServer" $emailUser\@somedomain.com`;
	}
	if ($error=~/LocalAuth/)
	{
	`echo "$msg" \| mail -s "Local authentication failed for $login" $emailUser\@somedomain.com`;
	}
	}