#!/usr/bin/perl -w #------------------------------------------------------------------------------ # Copyright (c) Perforce Software, Inc., 2007-2014. All rights reserved # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # 1 Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS # FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL PERFORCE # SOFTWARE, INC. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON # ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR # TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF # THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH # DAMAGE. #------------------------------------------------------------------------------ # # Overview: This trigger script authenticates a Perforce userid against # against an AD sAMAccount name. It will handle multiple domains. # # This debug version of the script is meant to be used on the commandline. # AD_auth_debug.pl <username>" use strict; use Net::LDAP; $|=1; ######################## Set Variables #################################### # AD connect timeout my $timeout = 10; # Set AD server info. my $ad_port = "389"; # AD Port, should probably leave. my $ad_host = "AD IP"; # Put IP of your AD server here # AD read Account. # Full DN including user. You don't need to use an Administrator account # any account should do I suggest you change the below line to a standard user. my $ad_read_dn = 'CN=user,CN=Users,DC=test,DC=domain,DC=com'; my $ad_read_p = 'Password'; ########################################################################### open(STDERR, ">&STDOUT") or die "Can't dup stdout"; if (scalar(@ARGV != 1)) { die "\nUsage:\nAD_auth.pl \%username\%\n" } my $p4_user = shift; chomp $p4_user; print "\nIn this DEBUG script, the password will be shown for visual verification.\n"; print "Please enter your password: "; my $password = <STDIN>; $password =~ s/\r\n//; chomp $password; if ($password =~ /^$/) { die "Null passwords not allowed" } print "Proceeding with the following details:\n\n"; print " User set to: $p4_user\n"; print " Password set to: $password\n\n"; print " Connecting to IP: $ad_host\n"; print " Connecting to Port: $ad_port\n\n"; print " Using read DN: $ad_read_dn\n"; print " Using read DN p: $ad_read_p\n\n"; ##### Authenticate! ###################################################### my $ad = Net::LDAP->new($ad_host, port => $ad_port, timeout => $timeout ) || die "Unable to connect with read account"; my $mesg = $ad->bind ("$ad_read_dn", password => $ad_read_p, version => 3 ) || die "Unable to bind\n"; $mesg = $ad->search( base => '', filter => "(objectclass=*)", scope => 'base' ); my $ret = 1; my $tc = Net::LDAP->new($ad_host, port => $ad_port, timeout => $timeout ) || die "Unable to connect with read account"; my @entries = ($mesg->entries); print "Doing base query. Scanning for root domain naming context\n"; foreach my $entry (@entries) { my $root_dn = $entry->get_value('rootDomainNamingContext'); print " Got root db: $root_dn\n"; $mesg = $ad->search ( base => $root_dn, filter => "(samaccountname=$p4_user)", scope => 'sub', attrs => ['mail'] ) || next; my @users = ($mesg->entries); print "Checking if user exists here\n"; next if (! defined $users[0]); print "User is defined\n"; print "Attempting to bind ".$users[0]->dn()."with password $password\n"; $mesg = $tc->bind(dn => $users[0]->dn(), password => $password) || next; print "Got message back\n"; if (! $mesg->code) { $ret = 0; last } print "Seem to have gotten an error code skipped last exit.\nError Code: ".$mesg->error."\n"; } if ($ret) { print "Authentication Failed. Access Denied\n" } exit $ret;
# | Change | User | Description | Committed | |
---|---|---|---|---|---|
#4 | 16781 | Robert Cowham | Move some triggers to deprecated folder. | ||
#3 | 15856 | C. Thomas Tyler |
Replaced the big license comment block with a shortened form referencing the LICENSE file included with the SDP package, and also by the URL for the license file in The Workshop. |
||
#2 | 12104 | Russell C. Jackson (Rusty) | Updated date to 2015 | ||
#1 | 10148 | C. Thomas Tyler | Promoted the Perforce Server Deployment Package to The Workshop. |