|
|
@ -26,12 +26,12 @@ type LoginType int |
|
|
|
|
|
|
|
|
|
|
|
// Note: new type must be added at the end of list to maintain compatibility.
|
|
|
|
// Note: new type must be added at the end of list to maintain compatibility.
|
|
|
|
const ( |
|
|
|
const ( |
|
|
|
NOTYPE LoginType = iota |
|
|
|
LOGIN_NOTYPE LoginType = iota |
|
|
|
PLAIN |
|
|
|
LOGIN_PLAIN |
|
|
|
LDAP |
|
|
|
LOGIN_LDAP |
|
|
|
SMTP |
|
|
|
LOGIN_SMTP |
|
|
|
PAM |
|
|
|
LOGIN_PAM |
|
|
|
DLDAP |
|
|
|
LOGIN_DLDAP |
|
|
|
) |
|
|
|
) |
|
|
|
|
|
|
|
|
|
|
|
var ( |
|
|
|
var ( |
|
|
@ -40,10 +40,10 @@ var ( |
|
|
|
) |
|
|
|
) |
|
|
|
|
|
|
|
|
|
|
|
var LoginNames = map[LoginType]string{ |
|
|
|
var LoginNames = map[LoginType]string{ |
|
|
|
LDAP: "LDAP (via BindDN)", |
|
|
|
LOGIN_LDAP: "LDAP (via BindDN)", |
|
|
|
DLDAP: "LDAP (simple auth)", |
|
|
|
LOGIN_DLDAP: "LDAP (simple auth)", |
|
|
|
SMTP: "SMTP", |
|
|
|
LOGIN_SMTP: "SMTP", |
|
|
|
PAM: "PAM", |
|
|
|
LOGIN_PAM: "PAM", |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Ensure structs implemented interface.
|
|
|
|
// Ensure structs implemented interface.
|
|
|
@ -108,11 +108,11 @@ func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) { |
|
|
|
switch colName { |
|
|
|
switch colName { |
|
|
|
case "type": |
|
|
|
case "type": |
|
|
|
switch LoginType((*val).(int64)) { |
|
|
|
switch LoginType((*val).(int64)) { |
|
|
|
case LDAP, DLDAP: |
|
|
|
case LOGIN_LDAP, LOGIN_DLDAP: |
|
|
|
source.Cfg = new(LDAPConfig) |
|
|
|
source.Cfg = new(LDAPConfig) |
|
|
|
case SMTP: |
|
|
|
case LOGIN_SMTP: |
|
|
|
source.Cfg = new(SMTPConfig) |
|
|
|
source.Cfg = new(SMTPConfig) |
|
|
|
case PAM: |
|
|
|
case LOGIN_PAM: |
|
|
|
source.Cfg = new(PAMConfig) |
|
|
|
source.Cfg = new(PAMConfig) |
|
|
|
default: |
|
|
|
default: |
|
|
|
panic("unrecognized login source type: " + com.ToStr(*val)) |
|
|
|
panic("unrecognized login source type: " + com.ToStr(*val)) |
|
|
@ -125,26 +125,26 @@ func (source *LoginSource) TypeName() string { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (source *LoginSource) IsLDAP() bool { |
|
|
|
func (source *LoginSource) IsLDAP() bool { |
|
|
|
return source.Type == LDAP |
|
|
|
return source.Type == LOGIN_LDAP |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (source *LoginSource) IsDLDAP() bool { |
|
|
|
func (source *LoginSource) IsDLDAP() bool { |
|
|
|
return source.Type == DLDAP |
|
|
|
return source.Type == LOGIN_DLDAP |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (source *LoginSource) IsSMTP() bool { |
|
|
|
func (source *LoginSource) IsSMTP() bool { |
|
|
|
return source.Type == SMTP |
|
|
|
return source.Type == LOGIN_SMTP |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (source *LoginSource) IsPAM() bool { |
|
|
|
func (source *LoginSource) IsPAM() bool { |
|
|
|
return source.Type == PAM |
|
|
|
return source.Type == LOGIN_PAM |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (source *LoginSource) UseTLS() bool { |
|
|
|
func (source *LoginSource) UseTLS() bool { |
|
|
|
switch source.Type { |
|
|
|
switch source.Type { |
|
|
|
case LDAP, DLDAP: |
|
|
|
case LOGIN_LDAP, LOGIN_DLDAP: |
|
|
|
return source.LDAP().UseSSL |
|
|
|
return source.LDAP().UseSSL |
|
|
|
case SMTP: |
|
|
|
case LOGIN_SMTP: |
|
|
|
return source.SMTP().TLS |
|
|
|
return source.SMTP().TLS |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
@ -153,9 +153,9 @@ func (source *LoginSource) UseTLS() bool { |
|
|
|
|
|
|
|
|
|
|
|
func (source *LoginSource) SkipVerify() bool { |
|
|
|
func (source *LoginSource) SkipVerify() bool { |
|
|
|
switch source.Type { |
|
|
|
switch source.Type { |
|
|
|
case LDAP, DLDAP: |
|
|
|
case LOGIN_LDAP, LOGIN_DLDAP: |
|
|
|
return source.LDAP().SkipVerify |
|
|
|
return source.LDAP().SkipVerify |
|
|
|
case SMTP: |
|
|
|
case LOGIN_SMTP: |
|
|
|
return source.SMTP().SkipVerify |
|
|
|
return source.SMTP().SkipVerify |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
@ -230,7 +230,7 @@ func DeleteSource(source *LoginSource) error { |
|
|
|
// It returns the same LoginUserPlain semantic.
|
|
|
|
// It returns the same LoginUserPlain semantic.
|
|
|
|
func LoginUserLDAPSource(u *User, loginName, passwd string, source *LoginSource, autoRegister bool) (*User, error) { |
|
|
|
func LoginUserLDAPSource(u *User, loginName, passwd string, source *LoginSource, autoRegister bool) (*User, error) { |
|
|
|
cfg := source.Cfg.(*LDAPConfig) |
|
|
|
cfg := source.Cfg.(*LDAPConfig) |
|
|
|
directBind := (source.Type == DLDAP) |
|
|
|
directBind := (source.Type == LOGIN_DLDAP) |
|
|
|
name, fn, sn, mail, admin, logged := cfg.SearchEntry(loginName, passwd, directBind) |
|
|
|
name, fn, sn, mail, admin, logged := cfg.SearchEntry(loginName, passwd, directBind) |
|
|
|
if !logged { |
|
|
|
if !logged { |
|
|
|
// User not in LDAP, do nothing
|
|
|
|
// User not in LDAP, do nothing
|
|
|
@ -350,7 +350,7 @@ func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error { |
|
|
|
// Query if name/passwd can login against the LDAP directory pool
|
|
|
|
// Query if name/passwd can login against the LDAP directory pool
|
|
|
|
// Create a local user if success
|
|
|
|
// Create a local user if success
|
|
|
|
// Return the same LoginUserPlain semantic
|
|
|
|
// Return the same LoginUserPlain semantic
|
|
|
|
func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTPConfig, autoRegister bool) (*User, error) { |
|
|
|
func LoginUserSMTPSource(u *User, name, passwd string, sourceID int64, cfg *SMTPConfig, autoRegister bool) (*User, error) { |
|
|
|
// Verify allowed domains.
|
|
|
|
// Verify allowed domains.
|
|
|
|
if len(cfg.AllowedDomains) > 0 { |
|
|
|
if len(cfg.AllowedDomains) > 0 { |
|
|
|
idx := strings.Index(name, "@") |
|
|
|
idx := strings.Index(name, "@") |
|
|
@ -390,8 +390,8 @@ func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTP |
|
|
|
u = &User{ |
|
|
|
u = &User{ |
|
|
|
LowerName: strings.ToLower(loginName), |
|
|
|
LowerName: strings.ToLower(loginName), |
|
|
|
Name: strings.ToLower(loginName), |
|
|
|
Name: strings.ToLower(loginName), |
|
|
|
LoginType: SMTP, |
|
|
|
LoginType: LOGIN_SMTP, |
|
|
|
LoginSource: sourceId, |
|
|
|
LoginSource: sourceID, |
|
|
|
LoginName: name, |
|
|
|
LoginName: name, |
|
|
|
IsActive: true, |
|
|
|
IsActive: true, |
|
|
|
Passwd: passwd, |
|
|
|
Passwd: passwd, |
|
|
@ -411,7 +411,7 @@ func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTP |
|
|
|
// Query if name/passwd can login against PAM
|
|
|
|
// Query if name/passwd can login against PAM
|
|
|
|
// Create a local user if success
|
|
|
|
// Create a local user if success
|
|
|
|
// Return the same LoginUserPlain semantic
|
|
|
|
// Return the same LoginUserPlain semantic
|
|
|
|
func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMConfig, autoRegister bool) (*User, error) { |
|
|
|
func LoginUserPAMSource(u *User, name, passwd string, sourceID int64, cfg *PAMConfig, autoRegister bool) (*User, error) { |
|
|
|
if err := pam.PAMAuth(cfg.ServiceName, name, passwd); err != nil { |
|
|
|
if err := pam.PAMAuth(cfg.ServiceName, name, passwd); err != nil { |
|
|
|
if strings.Contains(err.Error(), "Authentication failure") { |
|
|
|
if strings.Contains(err.Error(), "Authentication failure") { |
|
|
|
return nil, ErrUserNotExist{0, name} |
|
|
|
return nil, ErrUserNotExist{0, name} |
|
|
@ -427,8 +427,8 @@ func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMCo |
|
|
|
u = &User{ |
|
|
|
u = &User{ |
|
|
|
LowerName: strings.ToLower(name), |
|
|
|
LowerName: strings.ToLower(name), |
|
|
|
Name: name, |
|
|
|
Name: name, |
|
|
|
LoginType: PAM, |
|
|
|
LoginType: LOGIN_PAM, |
|
|
|
LoginSource: sourceId, |
|
|
|
LoginSource: sourceID, |
|
|
|
LoginName: name, |
|
|
|
LoginName: name, |
|
|
|
IsActive: true, |
|
|
|
IsActive: true, |
|
|
|
Passwd: passwd, |
|
|
|
Passwd: passwd, |
|
|
@ -443,11 +443,11 @@ func ExternalUserLogin(u *User, name, passwd string, source *LoginSource, autoRe |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
switch source.Type { |
|
|
|
switch source.Type { |
|
|
|
case LDAP, DLDAP: |
|
|
|
case LOGIN_LDAP, LOGIN_DLDAP: |
|
|
|
return LoginUserLDAPSource(u, name, passwd, source, autoRegister) |
|
|
|
return LoginUserLDAPSource(u, name, passwd, source, autoRegister) |
|
|
|
case SMTP: |
|
|
|
case LOGIN_SMTP: |
|
|
|
return LoginUserSMTPSource(u, name, passwd, source.ID, source.Cfg.(*SMTPConfig), autoRegister) |
|
|
|
return LoginUserSMTPSource(u, name, passwd, source.ID, source.Cfg.(*SMTPConfig), autoRegister) |
|
|
|
case PAM: |
|
|
|
case LOGIN_PAM: |
|
|
|
return LoginUserPAMSource(u, name, passwd, source.ID, source.Cfg.(*PAMConfig), autoRegister) |
|
|
|
return LoginUserPAMSource(u, name, passwd, source.ID, source.Cfg.(*PAMConfig), autoRegister) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
@ -470,7 +470,7 @@ func UserSignIn(uname, passwd string) (*User, error) { |
|
|
|
|
|
|
|
|
|
|
|
if userExists { |
|
|
|
if userExists { |
|
|
|
switch u.LoginType { |
|
|
|
switch u.LoginType { |
|
|
|
case NOTYPE, PLAIN: |
|
|
|
case LOGIN_NOTYPE, LOGIN_PLAIN: |
|
|
|
if u.ValidatePassword(passwd) { |
|
|
|
if u.ValidatePassword(passwd) { |
|
|
|
return u, nil |
|
|
|
return u, nil |
|
|
|
} |
|
|
|
} |
|
|
|