Jump to content


Windows registry password for P4 API


  • Please log in to reply
3 replies to this topic

#1 Matt Albrecht

Matt Albrecht

    Member

  • Members
  • PipPip
  • 18 posts

Posted 22 May 2018 - 04:02 PM

I'm using the Java P4 API, and to help out my users, I'm reading the environment values from the Windows registry.  However, the password is encoded (the "p4 set" documents say it's a MD5 hash), and passing that in the login(password) call fails with an invalid password.

Is there some other way to use this hash directly for login?

#2 Sambwise

Sambwise

    Advanced Member

  • Members
  • PipPipPip
  • 569 posts

Posted 22 May 2018 - 09:04 PM

You shouldn't have to do anything special to read current login information from the environment (disclaimer: I haven't used the Java API, maybe I'm giving it too much credit, but I can't imagine that it'd be implemented in such a way as to make you rewrite part of the client auth logic yourself).  If the user has already logged in (or set their password in the environment) then it should work automatically.

Setting the password in the registry is generally considered deprecated (and has been for something like fifteen years at this point) so there are a lot of reasons that the hash you happened to find in the registry might not work for authentication.  I'd focus on getting ticket-based auth to work -- if the user has a valid ticket then your app should already work automatically, and if they don't, run the "p4 login" command and prompt them for the password rather than hunting around on their machine for something that might be a password (and you definitely don't want to encourage them to store the plaintext password on their machine anyway).

#3 Matt Albrecht

Matt Albrecht

    Member

  • Members
  • PipPip
  • 18 posts

Posted 24 May 2018 - 09:40 PM

The Java API doesn't inspect the windows registry (nor the OSX preferences).  Additionally, telling the user to not do something that works with the p4 plugin and P4V isn't much of an option for me.

I've started looking through the C API to see if that will give me some pointers.  It appears that there's additional password encryption and mangling than what the Java API does, but I'll need to dig deeper to see where the differences lie.

#4 Sambwise

Sambwise

    Advanced Member

  • Members
  • PipPipPip
  • 569 posts

Posted 24 May 2018 - 09:55 PM

The C++ and Java APIs follow the same client-server protocol (the Java client API is basically a reverse-engineered Java implementation of the C++ client API library, it doesn't have its own special endpoints or anything) so the actual authentication exchange should be the same.  Are you positive that the Java API doesn't look at the registry?  That'd break compatibility for all variables set via "p4 set", not just P4PASSWD.

If you set your "security" counter to 3, that'll force everyone onto ticket authentication and then you won't need to worry about any complaints that your Java tool behaves differently from anything else...  :lol:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users