Add SkipLocal2FA option to pam and smtp sources (#17078)

* Add SkipLocal2FA option to other pam and smtp sources

Extend #16954 to allow setting skip local 2fa on pam and SMTP authentication sources

Signed-off-by: Andrew Thornton <art27@cantab.net>

* make SkipLocal2FA omitempty

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>

2 files changed, 8 insertions, 2 deletions

diff --git a/services/auth/source/pam/source.go b/services/auth/source/pam/source.go
index 0bfa7cdb06..73850cd9a2 100644
--- a/services/auth/source/pam/source.go
+++ b/services/auth/source/pam/source.go
@@ -19,8 +19,9 @@ import (
 
 // Source holds configuration for the PAM login source.
 type Source struct {
-	ServiceName string // pam service (e.g. system-auth)
-	EmailDomain string
+	ServiceName    string // pam service (e.g. system-auth)
+	EmailDomain    string
+	SkipLocalTwoFA bool `json:",omitempty"` // Skip Local 2fa for users authenticated with this source
 
 	// reference to the loginSource
 	loginSource *login.Source
diff --git a/services/auth/source/pam/source_authenticate.go b/services/auth/source/pam/source_authenticate.go
index ad6fbb5cce..cb5ffc2861 100644
--- a/services/auth/source/pam/source_authenticate.go
+++ b/services/auth/source/pam/source_authenticate.go
@@ -69,3 +69,8 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
 
 	return user, nil
 }
+
+// IsSkipLocalTwoFA returns if this source should skip local 2fa for password authentication
+func (source *Source) IsSkipLocalTwoFA() bool {
+	return source.SkipLocalTwoFA
+}