Paolo Borelli
Ignacio Casal Quinteiro
10 years ago
10 changed files with 144 additions and 2 deletions
Split View
Diff Options
-
+4 -2.travis.yml
-
+1 -0conf/locale/locale_en-US.ini
-
+61 -0models/login.go
-
+1 -0modules/auth/auth_form.go
-
+35 -0modules/auth/pam/pam.go
-
+15 -0modules/auth/pam/pam_stub.go
-
+7 -0public/ng/js/gogs.js
-
+8 -0routers/admin/auths.go
-
+6 -0templates/admin/auth/edit.tmpl
-
+6 -0templates/admin/auth/new.tmpl
+ 4
- 2
.travis.yml
View File
| @@ -6,11 +6,13 @@ go: | |||
| - 1.4 | |||
| - tip | |||
| sudo: false | |||
| before_install: | |||
| - sudo apt-get update -qq | |||
| - sudo apt-get install -y libpam-dev | |||
| script: go build -v | |||
| notifications: | |||
| email: | |||
| - u@gogs.io | |||
| slack: gophercn:o5pSanyTeNhnfYc3QnG0X7Wx | |||
| slack: gophercn:o5pSanyTeNhnfYc3QnG0X7Wx | |||
+ 1
- 0
conf/locale/locale_en-US.ini
View File
| @@ -619,6 +619,7 @@ auths.smtp_auth = SMTP Authorization Type | |||
| auths.smtphost = SMTP Host | |||
| auths.smtpport = SMTP Port | |||
| auths.enable_tls = Enable TLS Encryption | |||
| auths.pam_service_name = PAM Service Name | |||
| auths.enable_auto_register = Enable Auto Registration | |||
| auths.tips = Tips | |||
| auths.edit = Edit Authorization Setting | |||
+ 61
- 0
models/login.go
View File
| @@ -17,6 +17,7 @@ import ( | |||
| "github.com/go-xorm/xorm" | |||
| "github.com/gogits/gogs/modules/auth/ldap" | |||
| "github.com/gogits/gogs/modules/auth/pam" | |||
| "github.com/gogits/gogs/modules/log" | |||
| "github.com/gogits/gogs/modules/uuid" | |||
| ) | |||
| @@ -28,6 +29,7 @@ const ( | |||
| PLAIN | |||
| LDAP | |||
| SMTP | |||
| PAM | |||
| ) | |||
| var ( | |||
| @@ -39,12 +41,14 @@ var ( | |||
| var LoginTypes = map[LoginType]string{ | |||
| LDAP: "LDAP", | |||
| SMTP: "SMTP", | |||
| PAM: "PAM", | |||
| } | |||
| // Ensure structs implemented interface. | |||
| var ( | |||
| _ core.Conversion = &LDAPConfig{} | |||
| _ core.Conversion = &SMTPConfig{} | |||
| _ core.Conversion = &PAMConfig{} | |||
| ) | |||
| type LDAPConfig struct { | |||
| @@ -74,6 +78,18 @@ func (cfg *SMTPConfig) ToDB() ([]byte, error) { | |||
| return json.Marshal(cfg) | |||
| } | |||
| type PAMConfig struct { | |||
| ServiceName string // pam service (e.g. system-auth) | |||
| } | |||
| func (cfg *PAMConfig) FromDB(bs []byte) error { | |||
| return json.Unmarshal(bs, &cfg) | |||
| } | |||
| func (cfg *PAMConfig) ToDB() ([]byte, error) { | |||
| return json.Marshal(cfg) | |||
| } | |||
| type LoginSource struct { | |||
| Id int64 | |||
| Type LoginType | |||
| @@ -97,6 +113,10 @@ func (source *LoginSource) SMTP() *SMTPConfig { | |||
| return source.Cfg.(*SMTPConfig) | |||
| } | |||
| func (source *LoginSource) PAM() *PAMConfig { | |||
| return source.Cfg.(*PAMConfig) | |||
| } | |||
| func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) { | |||
| if colName == "type" { | |||
| ty := (*val).(int64) | |||
| @@ -105,6 +125,8 @@ func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) { | |||
| source.Cfg = new(LDAPConfig) | |||
| case SMTP: | |||
| source.Cfg = new(SMTPConfig) | |||
| case PAM: | |||
| source.Cfg = new(PAMConfig) | |||
| } | |||
| } | |||
| } | |||
| @@ -197,6 +219,13 @@ func UserSignIn(uname, passwd string) (*User, error) { | |||
| return u, nil | |||
| } | |||
| log.Warn("Fail to login(%s) by SMTP(%s): %v", uname, source.Name, err) | |||
| } else if source.Type == PAM { | |||
| u, err := LoginUserPAMSource(nil, uname, passwd, | |||
| source.Id, source.Cfg.(*PAMConfig), true) | |||
| if err == nil { | |||
| return u, nil | |||
| } | |||
| log.Warn("Fail to login(%s) by PAM(%s): %v", uname, source.Name, err) | |||
| } | |||
| } | |||
| @@ -218,6 +247,8 @@ func UserSignIn(uname, passwd string) (*User, error) { | |||
| return LoginUserLdapSource(u, u.LoginName, passwd, source.Id, source.Cfg.(*LDAPConfig), false) | |||
| case SMTP: | |||
| return LoginUserSMTPSource(u, u.LoginName, passwd, source.Id, source.Cfg.(*SMTPConfig), false) | |||
| case PAM: | |||
| return LoginUserPAMSource(u, u.LoginName, passwd, source.Id, source.Cfg.(*PAMConfig), false) | |||
| } | |||
| return nil, ErrUnsupportedLoginType | |||
| } | |||
| @@ -359,3 +390,33 @@ func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTP | |||
| err := CreateUser(u) | |||
| return u, err | |||
| } | |||
| // Query if name/passwd can login against PAM | |||
| // Create a local user if success | |||
| // Return the same LoginUserPlain semantic | |||
| func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMConfig, autoRegister bool) (*User, error) { | |||
| if err := pam.PAMAuth(cfg.ServiceName, name, passwd); err != nil { | |||
| if strings.Contains(err.Error(), "Authentication failure") { | |||
| return nil, ErrUserNotExist | |||
| } | |||
| return nil, err | |||
| } | |||
| if !autoRegister { | |||
| return u, nil | |||
| } | |||
| // fake a local user creation | |||
| u = &User{ | |||
| LowerName: strings.ToLower(name), | |||
| Name: strings.ToLower(name), | |||
| LoginType: PAM, | |||
| LoginSource: sourceId, | |||
| LoginName: name, | |||
| IsActive: true, | |||
| Passwd: passwd, | |||
| Email: name, | |||
| } | |||
| err := CreateUser(u) | |||
| return u, err | |||
| } | |||
+ 1
- 0
modules/auth/auth_form.go
View File
| @@ -30,6 +30,7 @@ type AuthenticationForm struct { | |||
| SMTPPort int `form:"smtp_port"` | |||
| TLS bool `form:"tls"` | |||
| AllowAutoRegister bool `form:"allowautoregister"` | |||
| PAMServiceName string | |||
| } | |||
| func (f *AuthenticationForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors { | |||
+ 35
- 0
modules/auth/pam/pam.go
View File
| @@ -0,0 +1,35 @@ | |||
| // +build !windows | |||
| // Copyright 2014 The Gogs Authors. All rights reserved. | |||
| // Use of this source code is governed by a MIT-style | |||
| // license that can be found in the LICENSE file. | |||
| package pam | |||
| import ( | |||
| "errors" | |||
| "github.com/msteinert/pam" | |||
| ) | |||
| func PAMAuth(serviceName, userName, passwd string) error { | |||
| t, err := pam.StartFunc(serviceName, userName, func(s pam.Style, msg string) (string, error) { | |||
| switch s { | |||
| case pam.PromptEchoOff: | |||
| return passwd, nil | |||
| case pam.PromptEchoOn, pam.ErrorMsg, pam.TextInfo: | |||
| return "", nil | |||
| } | |||
| return "", errors.New("Unrecognized PAM message style") | |||
| }) | |||
| if err != nil { | |||
| return err | |||
| } | |||
| if err = t.Authenticate(0); err != nil { | |||
| return err | |||
| } | |||
| return nil | |||
| } | |||
+ 15
- 0
modules/auth/pam/pam_stub.go
View File
| @@ -0,0 +1,15 @@ | |||
| // +build windows | |||
| // Copyright 2014 The Gogs Authors. All rights reserved. | |||
| // Use of this source code is governed by a MIT-style | |||
| // license that can be found in the LICENSE file. | |||
| package pam | |||
| import ( | |||
| "errors" | |||
| ) | |||
| func PAMAuth(serviceName, userName, passwd string) error { | |||
| return errors.New("PAM not supported") | |||
| } | |||
+ 7
- 0
public/ng/js/gogs.js
View File
| @@ -753,10 +753,17 @@ function initAdmin() { | |||
| if (v == 2) { | |||
| $('.ldap').toggleShow(); | |||
| $('.smtp').toggleHide(); | |||
| $('.pam').toggleHide(); | |||
| } | |||
| if (v == 3) { | |||
| $('.smtp').toggleShow(); | |||
| $('.ldap').toggleHide(); | |||
| $('.pam').toggleHide(); | |||
| } | |||
| if (v == 4) { | |||
| $('.pam').toggleShow(); | |||
| $('.smtp').toggleHide(); | |||
| $('.ldap').toggleHide(); | |||
| } | |||
| }); | |||
+ 8
- 0
routers/admin/auths.go
View File
| @@ -84,6 +84,10 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) { | |||
| Port: form.SMTPPort, | |||
| TLS: form.TLS, | |||
| } | |||
| case models.PAM: | |||
| u = &models.PAMConfig{ | |||
| ServiceName: form.PAMServiceName, | |||
| } | |||
| default: | |||
| ctx.Error(400) | |||
| return | |||
| @@ -166,6 +170,10 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) { | |||
| Port: form.SMTPPort, | |||
| TLS: form.TLS, | |||
| } | |||
| case models.PAM: | |||
| config = &models.PAMConfig{ | |||
| ServiceName: form.PAMServiceName, | |||
| } | |||
| default: | |||
| ctx.Error(400) | |||
| return | |||
+ 6
- 0
templates/admin/auth/edit.tmpl
View File
| @@ -91,6 +91,12 @@ | |||
| <label class="req" for="smtp_port">{{.i18n.Tr "admin.auths.smtpport"}}</label> | |||
| <input class="ipt ipt-large ipt-radius {{if .Err_SmtpPort}}ipt-error{{end}}" id="smtp_port" name="smtp_port" value="{{.Source.SMTP.Port}}" /> | |||
| </div> | |||
| {{else if eq $type 4}} | |||
| <div class="field"> | |||
| <label class="req" for="pam_service_name">{{.i18n.Tr "admin.auths.pam_service_name"}}</label> | |||
| <input class="ipt ipt-large ipt-radius {{if .Err_PAMServiceName}}ipt-error{{end}}" id="pam_service_name" name="pam_service_name" value="{{.Source.PAM.ServiceName}}" /> | |||
| </div> | |||
| {{end}} | |||
| <div class="field"> | |||
+ 6
- 0
templates/admin/auth/new.tmpl
View File
| @@ -86,6 +86,12 @@ | |||
| <input class="ipt ipt-large ipt-radius {{if .Err_SmtpPort}}ipt-error{{end}}" id="smtp_port" name="smtp_port" value="{{.smtp_port}}" /> | |||
| </div> | |||
| </div> | |||
| <div class="pam hidden"> | |||
| <div class="field"> | |||
| <label class="req" for="pam_service_name">{{.i18n.Tr "admin.auths.pam_service_name"}}</label> | |||
| <input class="ipt ipt-large ipt-radius {{if .Err_PAMServiceName}}ipt-error{{end}}" id="pam_service_name" name="pam_service_name" value="{{.pam_service_name}}" /> | |||
| </div> | |||
| </div> | |||
| <div class="field"> | |||
| <div class="smtp hidden"> | |||
| <label></label> | |||