- 1.4 | - 1.4 | ||||
- tip | - tip | ||||
sudo: false | |||||
before_install: | |||||
- sudo apt-get update -qq | |||||
- sudo apt-get install -y libpam-dev | |||||
script: go build -v | script: go build -v | ||||
notifications: | notifications: | ||||
email: | email: | ||||
- u@gogs.io | - u@gogs.io | ||||
slack: gophercn:o5pSanyTeNhnfYc3QnG0X7Wx | |||||
slack: gophercn:o5pSanyTeNhnfYc3QnG0X7Wx |
auths.smtphost = SMTP Host | auths.smtphost = SMTP Host | ||||
auths.smtpport = SMTP Port | auths.smtpport = SMTP Port | ||||
auths.enable_tls = Enable TLS Encryption | auths.enable_tls = Enable TLS Encryption | ||||
auths.pam_service_name = PAM Service Name | |||||
auths.enable_auto_register = Enable Auto Registration | auths.enable_auto_register = Enable Auto Registration | ||||
auths.tips = Tips | auths.tips = Tips | ||||
auths.edit = Edit Authorization Setting | auths.edit = Edit Authorization Setting |
"github.com/go-xorm/xorm" | "github.com/go-xorm/xorm" | ||||
"github.com/gogits/gogs/modules/auth/ldap" | "github.com/gogits/gogs/modules/auth/ldap" | ||||
"github.com/gogits/gogs/modules/auth/pam" | |||||
"github.com/gogits/gogs/modules/log" | "github.com/gogits/gogs/modules/log" | ||||
"github.com/gogits/gogs/modules/uuid" | "github.com/gogits/gogs/modules/uuid" | ||||
) | ) | ||||
PLAIN | PLAIN | ||||
LDAP | LDAP | ||||
SMTP | SMTP | ||||
PAM | |||||
) | ) | ||||
var ( | var ( | ||||
var LoginTypes = map[LoginType]string{ | var LoginTypes = map[LoginType]string{ | ||||
LDAP: "LDAP", | LDAP: "LDAP", | ||||
SMTP: "SMTP", | SMTP: "SMTP", | ||||
PAM: "PAM", | |||||
} | } | ||||
// Ensure structs implemented interface. | // Ensure structs implemented interface. | ||||
var ( | var ( | ||||
_ core.Conversion = &LDAPConfig{} | _ core.Conversion = &LDAPConfig{} | ||||
_ core.Conversion = &SMTPConfig{} | _ core.Conversion = &SMTPConfig{} | ||||
_ core.Conversion = &PAMConfig{} | |||||
) | ) | ||||
type LDAPConfig struct { | type LDAPConfig struct { | ||||
return json.Marshal(cfg) | return json.Marshal(cfg) | ||||
} | } | ||||
type PAMConfig struct { | |||||
ServiceName string // pam service (e.g. system-auth) | |||||
} | |||||
func (cfg *PAMConfig) FromDB(bs []byte) error { | |||||
return json.Unmarshal(bs, &cfg) | |||||
} | |||||
func (cfg *PAMConfig) ToDB() ([]byte, error) { | |||||
return json.Marshal(cfg) | |||||
} | |||||
type LoginSource struct { | type LoginSource struct { | ||||
Id int64 | Id int64 | ||||
Type LoginType | Type LoginType | ||||
return source.Cfg.(*SMTPConfig) | return source.Cfg.(*SMTPConfig) | ||||
} | } | ||||
func (source *LoginSource) PAM() *PAMConfig { | |||||
return source.Cfg.(*PAMConfig) | |||||
} | |||||
func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) { | func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) { | ||||
if colName == "type" { | if colName == "type" { | ||||
ty := (*val).(int64) | ty := (*val).(int64) | ||||
source.Cfg = new(LDAPConfig) | source.Cfg = new(LDAPConfig) | ||||
case SMTP: | case SMTP: | ||||
source.Cfg = new(SMTPConfig) | source.Cfg = new(SMTPConfig) | ||||
case PAM: | |||||
source.Cfg = new(PAMConfig) | |||||
} | } | ||||
} | } | ||||
} | } | ||||
return u, nil | return u, nil | ||||
} | } | ||||
log.Warn("Fail to login(%s) by SMTP(%s): %v", uname, source.Name, err) | log.Warn("Fail to login(%s) by SMTP(%s): %v", uname, source.Name, err) | ||||
} else if source.Type == PAM { | |||||
u, err := LoginUserPAMSource(nil, uname, passwd, | |||||
source.Id, source.Cfg.(*PAMConfig), true) | |||||
if err == nil { | |||||
return u, nil | |||||
} | |||||
log.Warn("Fail to login(%s) by PAM(%s): %v", uname, source.Name, err) | |||||
} | } | ||||
} | } | ||||
return LoginUserLdapSource(u, u.LoginName, passwd, source.Id, source.Cfg.(*LDAPConfig), false) | return LoginUserLdapSource(u, u.LoginName, passwd, source.Id, source.Cfg.(*LDAPConfig), false) | ||||
case SMTP: | case SMTP: | ||||
return LoginUserSMTPSource(u, u.LoginName, passwd, source.Id, source.Cfg.(*SMTPConfig), false) | return LoginUserSMTPSource(u, u.LoginName, passwd, source.Id, source.Cfg.(*SMTPConfig), false) | ||||
case PAM: | |||||
return LoginUserPAMSource(u, u.LoginName, passwd, source.Id, source.Cfg.(*PAMConfig), false) | |||||
} | } | ||||
return nil, ErrUnsupportedLoginType | return nil, ErrUnsupportedLoginType | ||||
} | } | ||||
err := CreateUser(u) | err := CreateUser(u) | ||||
return u, err | return u, err | ||||
} | } | ||||
// Query if name/passwd can login against PAM | |||||
// Create a local user if success | |||||
// Return the same LoginUserPlain semantic | |||||
func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMConfig, autoRegister bool) (*User, error) { | |||||
if err := pam.PAMAuth(cfg.ServiceName, name, passwd); err != nil { | |||||
if strings.Contains(err.Error(), "Authentication failure") { | |||||
return nil, ErrUserNotExist | |||||
} | |||||
return nil, err | |||||
} | |||||
if !autoRegister { | |||||
return u, nil | |||||
} | |||||
// fake a local user creation | |||||
u = &User{ | |||||
LowerName: strings.ToLower(name), | |||||
Name: strings.ToLower(name), | |||||
LoginType: PAM, | |||||
LoginSource: sourceId, | |||||
LoginName: name, | |||||
IsActive: true, | |||||
Passwd: passwd, | |||||
Email: name, | |||||
} | |||||
err := CreateUser(u) | |||||
return u, err | |||||
} |
SMTPPort int `form:"smtp_port"` | SMTPPort int `form:"smtp_port"` | ||||
TLS bool `form:"tls"` | TLS bool `form:"tls"` | ||||
AllowAutoRegister bool `form:"allowautoregister"` | AllowAutoRegister bool `form:"allowautoregister"` | ||||
PAMServiceName string | |||||
} | } | ||||
func (f *AuthenticationForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors { | func (f *AuthenticationForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors { |
// +build !windows | |||||
// Copyright 2014 The Gogs Authors. All rights reserved. | |||||
// Use of this source code is governed by a MIT-style | |||||
// license that can be found in the LICENSE file. | |||||
package pam | |||||
import ( | |||||
"errors" | |||||
"github.com/msteinert/pam" | |||||
) | |||||
func PAMAuth(serviceName, userName, passwd string) error { | |||||
t, err := pam.StartFunc(serviceName, userName, func(s pam.Style, msg string) (string, error) { | |||||
switch s { | |||||
case pam.PromptEchoOff: | |||||
return passwd, nil | |||||
case pam.PromptEchoOn, pam.ErrorMsg, pam.TextInfo: | |||||
return "", nil | |||||
} | |||||
return "", errors.New("Unrecognized PAM message style") | |||||
}) | |||||
if err != nil { | |||||
return err | |||||
} | |||||
if err = t.Authenticate(0); err != nil { | |||||
return err | |||||
} | |||||
return nil | |||||
} |
// +build windows | |||||
// Copyright 2014 The Gogs Authors. All rights reserved. | |||||
// Use of this source code is governed by a MIT-style | |||||
// license that can be found in the LICENSE file. | |||||
package pam | |||||
import ( | |||||
"errors" | |||||
) | |||||
func PAMAuth(serviceName, userName, passwd string) error { | |||||
return errors.New("PAM not supported") | |||||
} |
if (v == 2) { | if (v == 2) { | ||||
$('.ldap').toggleShow(); | $('.ldap').toggleShow(); | ||||
$('.smtp').toggleHide(); | $('.smtp').toggleHide(); | ||||
$('.pam').toggleHide(); | |||||
} | } | ||||
if (v == 3) { | if (v == 3) { | ||||
$('.smtp').toggleShow(); | $('.smtp').toggleShow(); | ||||
$('.ldap').toggleHide(); | $('.ldap').toggleHide(); | ||||
$('.pam').toggleHide(); | |||||
} | |||||
if (v == 4) { | |||||
$('.pam').toggleShow(); | |||||
$('.smtp').toggleHide(); | |||||
$('.ldap').toggleHide(); | |||||
} | } | ||||
}); | }); | ||||
Port: form.SMTPPort, | Port: form.SMTPPort, | ||||
TLS: form.TLS, | TLS: form.TLS, | ||||
} | } | ||||
case models.PAM: | |||||
u = &models.PAMConfig{ | |||||
ServiceName: form.PAMServiceName, | |||||
} | |||||
default: | default: | ||||
ctx.Error(400) | ctx.Error(400) | ||||
return | return | ||||
Port: form.SMTPPort, | Port: form.SMTPPort, | ||||
TLS: form.TLS, | TLS: form.TLS, | ||||
} | } | ||||
case models.PAM: | |||||
config = &models.PAMConfig{ | |||||
ServiceName: form.PAMServiceName, | |||||
} | |||||
default: | default: | ||||
ctx.Error(400) | ctx.Error(400) | ||||
return | return |
<label class="req" for="smtp_port">{{.i18n.Tr "admin.auths.smtpport"}}</label> | <label class="req" for="smtp_port">{{.i18n.Tr "admin.auths.smtpport"}}</label> | ||||
<input class="ipt ipt-large ipt-radius {{if .Err_SmtpPort}}ipt-error{{end}}" id="smtp_port" name="smtp_port" value="{{.Source.SMTP.Port}}" /> | <input class="ipt ipt-large ipt-radius {{if .Err_SmtpPort}}ipt-error{{end}}" id="smtp_port" name="smtp_port" value="{{.Source.SMTP.Port}}" /> | ||||
</div> | </div> | ||||
{{else if eq $type 4}} | |||||
<div class="field"> | |||||
<label class="req" for="pam_service_name">{{.i18n.Tr "admin.auths.pam_service_name"}}</label> | |||||
<input class="ipt ipt-large ipt-radius {{if .Err_PAMServiceName}}ipt-error{{end}}" id="pam_service_name" name="pam_service_name" value="{{.Source.PAM.ServiceName}}" /> | |||||
</div> | |||||
{{end}} | {{end}} | ||||
<div class="field"> | <div class="field"> |
<input class="ipt ipt-large ipt-radius {{if .Err_SmtpPort}}ipt-error{{end}}" id="smtp_port" name="smtp_port" value="{{.smtp_port}}" /> | <input class="ipt ipt-large ipt-radius {{if .Err_SmtpPort}}ipt-error{{end}}" id="smtp_port" name="smtp_port" value="{{.smtp_port}}" /> | ||||
</div> | </div> | ||||
</div> | </div> | ||||
<div class="pam hidden"> | |||||
<div class="field"> | |||||
<label class="req" for="pam_service_name">{{.i18n.Tr "admin.auths.pam_service_name"}}</label> | |||||
<input class="ipt ipt-large ipt-radius {{if .Err_PAMServiceName}}ipt-error{{end}}" id="pam_service_name" name="pam_service_name" value="{{.pam_service_name}}" /> | |||||
</div> | |||||
</div> | |||||
<div class="field"> | <div class="field"> | ||||
<div class="smtp hidden"> | <div class="smtp hidden"> | ||||
<label></label> | <label></label> |