#!/bin/bash #============================================================================== # Copyright and license info is available in the LICENSE file included with # the Server Deployment Package (SDP), and also available online: # https://swarm.workshop.perforce.com/projects/perforce-software-sdp/view/main/LICENSE #------------------------------------------------------------------------------ #============================================================================== # Declarations and Environment export SDP_ENV=/p4/common/bin/p4_vars export SDP_INSTANCE=${SDP_INSTANCE:-Unset} declare -i SDP_ALWAYS_LOGIN=${SDP_ALWAYS_LOGIN:-0} declare -i LoginSuperUser=1 declare -i LoginServiceUser=0 declare -i LoginAutomationUsers=0 declare AutomationUsers=${SDP_AUTOMATION_USERS:-""} declare AuthID= declare AuthServerPort= declare Cmd= declare ServiceUser= declare TargetServerPort= declare TicketExpiration= declare Port=Unset declare Log=Unset declare CmdLine="$0 $*" declare -i ShowLog=${SDP_SHOW_LOG:-0} declare -i OverallExitCode=0 declare -i LoginCount=0 declare Version=4.0.11 #============================================================================== # Local Functions # Micro-functions, one-liners used to avoid external dependencies. function msg () { if [[ $Log != Unset ]]; then echo -e "$*" >> $Log; else echo -e "$*"; fi; } function cmd () { msg "Executing: $*" >> $Log; $* >> $Log 2>&1 ; return $?; } function bail () { msg "\nError: ${1:-Unknown Error}"; exit ${2:-1}; } #------------------------------------------------------------------------------ # Function: usage (required function) # # Input: # $1 - style, either -h (for short form) or -man (for man-page like format). # The default is -h. # # $2 - error message (optional). Specify this if usage() is called due to # user error, in which case the given message displayed first, followed by the # standard usage message (short or long depending on $1). If displaying an # errror, usually $1 should be -h so that the longer usage message doesn't # obsure the error message. # # Sample Usage: # usage # usage -man # usage -h "Incorrect command line usage." # # This last example generates a usage error message followed by the short # '-h' usage summary. #------------------------------------------------------------------------------ function usage { declare style=${1:--h} declare errorMessage=${2:-Unset} if [[ $errorMessage != Unset ]]; then echo -e "\n\nUsage Error:\n\n$errorMessage\n\n" >&2 fi echo "USAGE for p4login v$Version: p4login [<instance>] [-p <port> | -service] [-automation] [-all] or p4login -h|-man " if [[ $style == -man ]]; then echo -e "DESCRIPTION: In its simplest form, this script simply logs in P4USER to P4PORT using the defined password access mechanism. It generates a login ticket for the SDP super user, defined by P4USER when sourcing the SDP standard shell environment. It is called from cron scripts, and so does not normally generate any output. If run on a replica with the -service option, the serviceUser defined for the given replica is logged in. The \$SDP_AUTOMATION_USERS variable can be defined in /p4/common/config/p4_N.vars. If defined, this should contain a comma-delimited list of automation users to be logged in when the -automation option is used. A definition might look like: export SDP_AUTOMATION_USERS=builder,trigger-admin,p4review Login behaviour is affected by external factors: 1. P4AUTH, if defined, affects login behavior on replicas. 2. The auth.id setting, if defined, affects login behaviors (and generally simplifies them). 3. The \$SDP_ALWAYS_LOGIN variable. If set to 1, this causes p4login to always execute a 'p4 login' command to generate a login ticket, even if a 'p4 login -s' test indicates none is needed. By default, the login is skipped if a 'p4 login -s' test indicates a long-term ticket is available that expires 31+days in the future. Add \"export SDP_ALWYAYS_LOGIN=1\" to /p4/common/config/p4_N.vars to change the default for an instance, or to /p4/common/bin/p4_vars to change it globally. If unset, the default is 0. OPTIONS: <instance> Specify the SDP instances. If not specified, the SDP_INSTANCE environment variable is used instead. If the instance is not defined by a parameter and SDP_INSTANCE is not defined, p4login exists immediately with an error message. -service Specify -service when run on a replica or edge server to login the super user and the replication service user. This option is not compatible with '-p <port>'. -p <port> Specify a P4PORT value to login to, overriding the default defined by P4PORT setting in the environment. If operating on a host other than the master, and auth.id is set, this flag is ignored; the P4TARGET for the replica is used instead. This option is not compatible with '-service'. -automation Specify -automation to login external automation users defined by the \$SDP_AUTOMATION_USERS variable. -v Show ouptput of login attempts, which is suppressed by default. Setting SDP_SHOW_LOG=1 in the shell environment has the same effect as -v. -L <log> Specify the log file to use. The default is /p4/N/logs/p4login.log -D Set extreme debugging verbosity. HELP OPTIONS: -h Display short help message -man Display man-style help message EXAMPLES: 1. Typical usage for automation, with instance SDP_INSTANCE defined in the environment by sourcing p4_vars, and logging in only the super user P4USER to P4PORT: source /p4/common/bin/p4_vars abc p4login Login in only P4USER to the specified port, P4MASTERPORT in this example: p4login -p \$P4MASTERPORT Login the super user P4USER, and then login the replication serviceUser for the current ServerID: p4login -service Login external automation users (see SDP_AUTOMATION_USERS above): p4login -automation Login all users: p4login -all Or: p4login -service -automation LOGGING: This script generates no output by default. All (stdout and stderr) is logged to /p4/N/logs/p4login.log. The exception is usage errors, which result an error being sent to stderr followed usage info on stdout, followed by an immediate exit. If the '-v' flag is used, the contents of the log are displayed to stdout at the end of processing. EXIT CODES: An exit code of 0 indicates a valid login ticket exists, while a non-zero exit code indicates a failure to login. " fi exit 1 } #------------------------------------------------------------------------------ # Function: login_user ($user, $port) # Login specififed user into specified port. # Return 0 if successful, 1 if not. #------------------------------------------------------------------------------ function login_user () { declare user=$1 declare port=$2 declare userType= userType=$($P4BIN -ztag -F %Type% user -o $user) userType=${userType:-Unknown} if [[ $userType != Unknown ]]; then msg "Logging user $user (type=$userType) into port: $port." else msg "Logging user $user into port: $port." fi TicketExpiration=$($P4BIN -ztag -F %TicketExpiration% -p $port -u $user login -s 2>/dev/null) if [[ $TicketExpiration =~ [0-9]+ ]]; then # A 'long-term' ticket is one that expires more than a month (31 days + 1 second) from now. if [[ $TicketExpiration -ge 2678401 ]]; then msg "User $user logged into $P4PORT with a long-term ticket. Login not required." if [[ $SDP_ALWAYS_LOGIN -eq 1 ]]; then msg "Doing login anyway as SDP_ALWAYS_LOGIN is enabled." if [[ $user == $P4USER ]]; then LoginCount=$((LoginCount+1)) Cmd="$P4BIN -p $port -u $user -s login -a" msg Running: $Cmd $Cmd < /p4/common/config/.p4passwd.${P4SERVER}.admin >> $Log 2>&1 || return 1 else LoginCount=$((LoginCount+1)) if [[ $userType == service ]]; then Cmd="$P4BIN -p $port -u $P4USER -s login $user" else Cmd="$P4BIN -p $port -u $P4USER -s login -a $user" fi msg Running: $Cmd $Cmd >> $Log 2>&1 || return 1 fi fi return 0 else msg "Warning: User $user logged into $P4PORT with a short-term ticket. Attempting to extend." if [[ $user == $P4USER ]]; then LoginCount=$((LoginCount+1)) Cmd="$P4BIN -p $port -u $P4USER -s login -a" msg Running: $Cmd $Cmd < /p4/common/config/.p4passwd.${P4SERVER}.admin >> $Log 2>&1 || return 1 else LoginCount=$((LoginCount+1)) Cmd="$P4BIN -p $port -u $P4USER -s login -a $user" msg Running: $Cmd $Cmd >> $Log 2>&1 || return 1 fi fi else msg "User $user is not logged into $P4PORT. Attempting to login." if [[ $user == $P4USER ]]; then LoginCount=$((LoginCount+1)) Cmd="$P4BIN -p $port -u $P4USER -s login -a" msg Running: $Cmd $Cmd < /p4/common/config/.p4passwd.${P4SERVER}.admin >> $Log 2>&1 || return 1 else # We cannot use the '-a' flag to 'p4 login' for service accounts, so # drop it for service accounts. Otherwise, '-a' is preferred for # robustness, since certain network interface card (NIC) # configurations with multiple IPs need tickets not bound to one of # multiple possible IPs. See 'p4 help login' for more. LoginCount=$((LoginCount+1)) if [[ $userType == service ]]; then Cmd="$P4BIN -p $port -u $P4USER -s login $user" else Cmd="$P4BIN -p $port -u $P4USER -s login -a $user" fi msg Running: $Cmd $Cmd >> $Log 2>&1 || return 1 fi fi } #============================================================================== # Command Line Processing declare -i shiftArgs=0 set +u while [[ $# -gt 0 ]]; do case $1 in # Note: When If $LoginServiceUser is set to 1, the super user is # still logged in, but in a different block of code than the one # dedicated to logging, in only the super user, which applies # if LoginSuperUser=1. (-service) LoginSuperUser=0; LoginServiceUser=1;; (-automation) LoginSuperUser=0; LoginAutomationUsers=1;; (-all) LoginSuperUser=1; LoginServiceUser=1; LoginAutomationUsers=1;; (-h) usage -h;; (-man) usage -man;; (-p) Port=$2; shiftArgs=1;; (-v) ShowLog=1;; (-L) Log=$2; shiftArgs=1;; (-D) set -x;; # Debug; use 'set -x' mode. (-*) usage -h "Unknown command line option ($1).";; (*) export SDP_INSTANCE=$1;; esac # Shift (modify $#) the appropriate number of times. shift; while [[ $shiftArgs -gt 0 ]]; do [[ $# -eq 0 ]] && usage -h "Incorrect number of arguments." shiftArgs=$shiftArgs-1 shift done done set -u #============================================================================== # Command Line Verification [[ $SDP_INSTANCE == Unset ]] && \ bail "The \$SDP_INSTANCE setting is not defined. It must be defined by doing:\n\n\tsource /p4/common/bin/p4_vars <instance>\n\nor by passing in the instance name as a parameter to this script.\n" #============================================================================== # Main Program source $SDP_ENV $SDP_INSTANCE ||\ bail "Failed to load SDP environment for instance $SDP_INSTANCE." [[ $Log == Unset ]] && Log=$LOGS/p4login.$(date +'%Y%m%d-%H%M%S').log rm -f "$Log" msg "${0##*/} v$Version Checking login status at $(date +'%a %Y-%m-%d %H:%M:%S %Z').\nInitial command line:\n$CmdLine" [[ $Port == Unset ]] && Port=$P4PORT cmd $P4BIN set P4TICKETS AuthID=$($P4DBIN -cshow | grep "auth.id" | cut -d ' ' -f 4) if [[ $LoginSuperUser -eq 1 ]]; then if [[ -n "$SERVERID" && "$SERVERID" == "$P4MASTER_ID" ]]; then msg "Logging user $P4USER to port $Port." login_user "$P4USER" "$Port" || OverallExitCode=1 LoginCount=$((LoginCount+1)) else # If not on the master, login to the P4TARGET if auth.id is set, else # just login as indicated. This implies that '-p <port>' is ignored # if auth.id is set. if [[ -n "$AuthID" ]]; then TargetServerPort=$($P4DBIN -cshow | grep "${SERVERID}: P4TARGET" | cut -d ' ' -f 4) login_user "$P4USER" "$TargetServerPort" || OverallExitCode=1 LoginCount=$((LoginCount+1)) else login_user "$P4USER" "$Port" || OverallExitCode=1 LoginCount=$((LoginCount+1)) fi fi fi if [[ $LoginServiceUser -eq 1 ]]; then # If we are on a replica/edge, login the service user and super # user to the master server first, then to the local replica. if [[ -n "$SERVERID" && "$SERVERID" != "$P4MASTER_ID" ]]; then msg "\nDoing replica/edge logins." TargetServerPort=$($P4DBIN -cshow | grep "${SERVERID}: P4TARGET" | cut -d ' ' -f 4) ServiceUser=$($P4DBIN -cshow | grep "${SERVERID}: serviceUser" | cut -d ' ' -f 4) if [[ -n "$AuthID" ]]; then msg "The auth.id configurable is set ($AuthID). Logging in to master P4PORT only." # Login the $P4USER super user first, whose password must match that # in /p4/common/config/.p4passwd.${P4SERVER}.admin. if [[ -n "$TargetServerPort" && -n "$ServiceUser" ]]; then login_user "$P4USER" "$TargetServerPort" || OverallExitCode=1 login_user "$ServiceUser" "$TargetServerPort" || OverallExitCode=1 else msg "\nError: This is not the master (ServerID=$SERVERID), but could not determine P4TARGET and/or serviceUser for server $SERVERID." OverallExitCode=1 login_user "$P4USER" "$TargetServerPort" login_user "$ServiceUser" "$TargetServerPort" fi else msg "The auth.id configurable is not set. Logging in to both local and P4TARGET ports." if [[ -n "$TargetServerPort" && -n "$ServiceUser" ]]; then login_user "$P4USER" "$TargetServerPort" || OverallExitCode=1 login_user "$P4USER" "$P4PORT" || OverallExitCode=1 login_user "$ServiceUser" "$TargetServerPort" || OverallExitCode=1 else msg "\nError: This is not the master (ServerID=$SERVERID), but could not determine P4TARGET and/or serviceUser for server $SERVERID." OverallExitCode=1 login_user "$P4USER" "$P4PORT" fi # AuthServerPort is the P4AUTH server; it is not related to the # auth.id configurable. If a P4AUTH server is defined, we need to # login there, too. AuthServerPort=$($P4BIN -p $P4PORT configure show P4AUTH 2>/dev/null) if [[ -n "$AuthServerPort" ]]; then AuthServerPort=${AuthServerPort##*=} AuthServerPort=${AuthServerPort%% *} msg "Logging into P4AUTH server." login_user "$ServiceUser" "$AuthServerPort" || OverallExitCode=1 fi fi else msg "\nOperating on master/commit server, skipping replica/edge logins." fi # Login to P4BROKERPORT unless auth.id is set, in which case it's not # necessary. if [[ -n "$P4BROKERPORT" && "$P4BROKERPORT" != Unset && -z "$AuthID" ]]; then msg Logging $P4USER into broker. login_user "$P4USER" "$P4BROKERPORT" || OverallExitCode=1 fi fi if [[ $LoginAutomationUsers -eq 1 ]]; then # Login other automation users (which may or may not be super users) # using $P4USER's super powers to log them in without a password. if [[ -n "$AutomationUsers" ]]; then msg "\nLogging in special automation users defined by \$SDP_AUTOMATION_USERS in $P4CCFG/${P4SERVER}.vars." for user in ${AutomationUsers/,/ }; do msg "Logging in user $user." login_user "$user" "$P4PORT" || OverallExitCode=1 if [[ -z "$AuthID" ]]; then if [[ -n "$P4BROKERPORT" && "$P4BROKERPORT" != Unset ]]; then login_user "$user" "$P4BROKERPORT" || OverallExitCode=1 fi fi done else msg "\nError: The -automation flag was specified, but \$SDP_AUTOMATION_USERS is not defined in the environment. Check $P4CCFG/${P4SERVER}.vars." OverallExitCode=1 fi fi if [[ $OverallExitCode -eq 0 ]]; then if [[ $LoginCount -gt 0 ]]; then msg "\nSuccess: All logins were successful, $LoginCount login(s) were needed." else msg "\nSuccess: No logins were needed." fi else msg "\nError: Some logins were not successful; $LoginCount were attempted. Review the output above." fi [[ $ShowLog -eq 1 && -s $Log ]] && cat $Log # Overwrite p4login.log so it always has the contents of the last call # to p4login. if [[ "$Log" != "$LOGS/p4login.log" ]]; then cp -f "$Log" "$LOGS/p4login.log" fi exit $OverallExitCode
# | Change | User | Description | Committed | |
---|---|---|---|---|---|
#5 | 25113 | Robert Cowham | Merge latest changes from dev | ||
#4 | 23205 | Robert Cowham | Merged all changes from dev to test | ||
#3 | 22142 | Robert Cowham | Merge in latest changes from Dev | ||
#2 | 20726 | Robert Cowham | Catch up from dev | ||
#1 | 18586 | Robert Cowham | Branching using cowhamr.sdp.dev | ||
//guest/perforce_software/sdp/dev/Server/Unix/p4/common/bin/p4login | |||||
#7 | 18209 | Russell C. Jackson (Rusty) |
Added missing auto source of p4_vars to eliminate the need to use p4master_run. Missed in early changes to support that behavior. |
||
#6 | 16029 | C. Thomas Tyler |
Routine merge to dev from main using: p4 merge -b perforce_software-sdp-dev |
||
#5 | 15605 | C. Thomas Tyler |
Per review, Rusty noted a preference for the current behvaior, i.e. always doing a login if p4login is called. This version introduces SDP_ALWAYS_LOGIN, which defaults to 1 (enabled), which preserves the traditional 'always login each time the script is run' behavior, while allowing the new 'login only if a ticket is not available' behavior. (An advantage of the traditional behavior is that it fixes the case where a human admin does a 'p4 login' but forgets the '-a' on a server a network card configuration setup such that 'p4 login -a' is required). Customers desiring the 'login only if required' can set SDP_ALWAYS_LOGIN=0 in p4_vars. Also includes style improvements. #review-15606 |
||
#4 | 15559 | C. Thomas Tyler |
Enhancements to p4login: * Enhanced handling for the cose where p4login is run with no environment defined. * Now checks login status first, and only does a login if ticket expires in less than a month. * Enhanced auditability. * Added comments. #review-15560 |
||
#3 | 13906 | C. Thomas Tyler |
Normalized P4INSTANCE to SDP_INSTANCE to get Unix/Windows implementations in sync. Reasons: 1. Things that interact with SDP in both Unix and Windows environments shoudn't have to account for this obscure SDP difference between Unix and Windows. (I came across this doing CBD work). 2. The Windows and Unix scripts have different variable names for defining the same concept, the SDP instance. Unix uses P4INSTANCE, while Windows uses SDP_INSTANCE. 3. This instance tag, a data set identifier, is an SDP concept. I prefer the SDP_INSTANCE name over P4INSTANCE, so I prpose to normalize to SDP_INSTANCE. 4. The P4INSTANCE name makes it look like a setting that might be recognized by the p4d itself, which it is not. (There are other such things such as P4SERVER that could perhaps be renamed as a separate task; but I'm not sure we want to totally disallow the P4 prefix for variable names. It looks too right to be wrong in same cases, like P4BIN and P4DBIN. That's a discussion for another day, outside the scope of this task). Meanwhile: * Fixed a bug in the Windows 2013.3 upgrade script that was referencing undefined P4INSTANCE, as the Windows environment defined only SDP_INSTANCE. * Had P4INSTANCE been removed completely, this change would likely cause trouble for users doing updates for existing SDP installations. So, though it involves slight technical debt, I opted to keep a redundant definition of P4INSTANCE in p4_vars.template, with comments indicating SDP_INSTANCE should be used in favor of P4INSTANCE, with a warning that P4INSTANCE may go away in a future release. This should avoid unnecessary upgrade pain. * In mkdirs.sh, the varialbe name was INSTANCE rather than SDP_INSTANCE. I changed that as well. That required manual change rather than sub/replace to avoid corrupting other similar varialbe names (e.g. MASTERINSTANCE). This is a trivial change technically (a substitute/replace, plus tweaks in p4_vars.template), but impacts many files. |
||
#2 | 12169 | Russell C. Jackson (Rusty) |
Updated copyright date to 2015 Updated shell scripts to require an instance parameter to eliminate the need for calling p4master_run. Python and Perl still need it since you have to set the environment for them to run in. Incorporated comments from reviewers. Left the . instead of source as that seems more common in the field and has the same functionality. |
||
#1 | 10638 | C. Thomas Tyler | Populate perforce_software-sdp-dev. | ||
//guest/perforce_software/sdp/main/Server/Unix/p4/common/bin/p4login | |||||
#1 | 10148 | C. Thomas Tyler | Promoted the Perforce Server Deployment Package to The Workshop. |