[p4] Python Review Daemon Script and Passwords

Weintraub, David david.weintraub at bofasecurities.com
Tue Jun 6 05:04:50 PDT 2006 

I'm sorry I didn't reply to this before.

An even better way is to create a "live forever" ticket by making sure
that the user who runs the review daemon is in a group that whose
"Timeout" field is set to "99999999" (eight 9s. More than eight nines
leads to trouble), and then logging in as that user with a "p4 login -a"
command. This way, your script doesn't contain any information that will
allow another user the ability to login as the user who is running the
review daemon.

Even better, set the P4TICKETS environment variable in your script, and
point to a different ticket file just for the review daemon. That way,
you don't accidentally destroy the ticket if you login or out as that
user elsewhere. Just make sure that this ticket file is readable only by
the review daemon user. Otherwise, another user could use this ticket
and run P4 commands as the review daemon user.

I also recommend that you "test" your ticket with the "p4 login -s"
command. The output of this command will be zero if your ticket is still
good, and non-zero if the ticket has expired. That way, you can email
yourself if your review daemon can't run because of an expired ticket.

This is a bit more complex than putting the P4PASSWD in your script, but
it is much more secure since someone looking at the script won't get the
information needed to log into Perforce as that user.


-----Original Message-----
From: perforce-user-bounces at perforce.com
[mailto:perforce-user-bounces at perforce.com] On Behalf Of Mullis,
Keri-Lyn
Sent: Monday, June 05, 2006 3:39 PM
To: Jason Dillon; Stephen Vance
Cc: perforce-user at perforce.com
Subject: Re: [p4] Python Review Daemon Script and Passwords

In case I didn't say it before, you guys rock!  Thanks so much - I put
in the password variable and it works just fine now.

 

KLM

 

________________________________

From: Jason Dillon [mailto:jason.dillon at paybytouch.com]
Sent: Wednesday, May 31, 2006 7:33 PM
To: Stephen Vance
Cc: Simon Timms; Mullis, Keri-Lyn; perforce-user at perforce.com
Subject: Re: [p4] Re: Python Review Daemon Script and Passwords

 

Yup, this is when you need to issue a `p4 login` before.

 

--jason

 

 

On May 31, 2006, at 1:54 PM, Stephen Vance wrote:





Don't expect this to work if you have the security level set to 3.

The canonical review daemon only requires 'review' but some review
daemons need more depending on what they do.

Steve

Simon Timms wrote:
> If you open up the script there are two lines
>
> os.environ['P4PORT'] = 'perforce:1999'
> os.environ['P4USER'] = 'review_daemon'
>
> Try adding to that a third line
>
> os.environ['P4PASSWD'] = 'your password'
>
> Obviously warning should abound about how you should not allow users
to
> read the script containing the password.  Perhaps somebody will
correct
> me if I'm wrong, but it was my impression that the only permission 
> needed for a user to run a review daemon is 'review'.  You might want
to
> create a user just for running the review daemon and only give that
user
> the review permission. 
>
> -----Original Message-----
> From: perforce-user-bounces at perforce.com
> [mailto:perforce-user-bounces at perforce.com] On Behalf Of Mullis, 
> Keri-Lyn
> Sent: Wednesday, May 31, 2006 12:04 PM
> To: perforce-user at perforce.com
> Subject: [p4] Python Review Daemon Script and Passwords
>
> Hello
>
> 
>
> I get an error from the Review Daemon when I try to make the superuser

> responsible for running the daemon to have a password.  I take away
the
> password and it works fine. 
>
> 
>
> We are trying to lock down all the superusers so developers can't find
a
> "workaround" to get somewhere they aren't supposed to. 
>
> 
>
> Is there a way to put password in the python script?
>
> 
>
> Any help would be greatly appreciated.
>
> 
>
> Thanks
>
> Keri-Lyn
>
> 
>
> This is the email I get when this user has a password set:
>
> 
>
> Review daemon problem:
>
> 
>
> Traceback (most recent call last):
>
>   File "c:\temp\p4review.py", line 445, in loop_body
>
>     if notify_jobs: review_jobs(mailport,limit_emails)
>
>   File "c:\temp\p4review.py", line 353, in review_jobs
>
>     start_time = int(os.popen(p4 + ' counter jobreview').read())
>
> ValueError: invalid literal for int():
>
> 
>
> 
>
> Keri-Lyn Mullis
>
> Release Engineer/IT Production Control
>
> First Marblehead
>
> kmullis at firstmarblehead.com
>
> 
>
> 
>
> *This e-mail and any attachments may contain content protected under 
> federal law and is also confidential and proprietary in nature.
> If you received this message in error, please notify the sender 
> immediately and delete the original and destroy all copies of the 
> message and any attachments. Any other use of this e-mail by you 
> including retaining, using, copying, distributing, or otherwise 
> disclosing this information in any manner is prohibited.
>
> _______________________________________________
> perforce-user mailing list  -  perforce-user at perforce.com 
> http://maillist.perforce.com/mailman/listinfo/perforce-user
>
> _______________________________________________
> perforce-user mailing list  -  perforce-user at perforce.com 
> http://maillist.perforce.com/mailman/listinfo/perforce-user
>
>  
_______________________________________________
perforce-user mailing list  -  perforce-user at perforce.com
http://maillist.perforce.com/mailman/listinfo/perforce-user

 


 


________________________________



This email and any attachment(s) thereto, are intended for the use of
the addressee(s) named herein and may contain legally privileged and or
confidential information under applicable law. If you are not the
intended recipient of this e-mail, you are hereby notified any
dissemination, distribution or copying of this email, and any
attachment(s) thereto, is strictly prohibited. If you have received this
communication in error, please notify the sender at 415-281-2200 or via
return e-mail at postmaster at paybytouch.com and permanently delete the
original copy and any copy of any e-mail, and any printout thereof.
Thank you for your cooperation. 


________________________________



 

*This e-mail and any attachments may contain content protected under
federal law and is also confidential and proprietary in nature. 
If you received this message in error, please notify the sender
immediately and delete the original and destroy all copies of the
message and any attachments. Any other use of this e-mail by you
including retaining, using, copying, distributing, or otherwise
disclosing this information in any manner is prohibited.

_______________________________________________
perforce-user mailing list  -  perforce-user at perforce.com
http://maillist.perforce.com/mailman/listinfo/perforce-user

More information about the perforce-user mailing list