|
|
|
|
@ -461,7 +461,7 @@ var ( |
|
|
|
|
|
|
|
|
|
// LoginViaLDAP queries if login/password is valid against the LDAP directory pool,
|
|
|
|
|
// and create a local user if success when enabled.
|
|
|
|
|
func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) { |
|
|
|
|
func LoginViaLDAP(user *User, login, password string, source *LoginSource) (*User, error) { |
|
|
|
|
sr := source.Cfg.(*LDAPConfig).SearchEntry(login, password, source.Type == LoginDLDAP) |
|
|
|
|
if sr == nil { |
|
|
|
|
// User not in LDAP, do nothing
|
|
|
|
|
@ -491,7 +491,7 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if !autoRegister { |
|
|
|
|
if user != nil { |
|
|
|
|
if isAttributeSSHPublicKeySet && synchronizeLdapSSHPublicKeys(user, source, sr.SSHPublicKey) { |
|
|
|
|
return user, RewriteAllPublicKeys() |
|
|
|
|
} |
|
|
|
|
@ -602,7 +602,7 @@ func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error { |
|
|
|
|
|
|
|
|
|
// LoginViaSMTP queries if login/password is valid against the SMTP,
|
|
|
|
|
// and create a local user if success when enabled.
|
|
|
|
|
func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPConfig, autoRegister bool) (*User, error) { |
|
|
|
|
func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPConfig) (*User, error) { |
|
|
|
|
// Verify allowed domains.
|
|
|
|
|
if len(cfg.AllowedDomains) > 0 { |
|
|
|
|
idx := strings.Index(login, "@") |
|
|
|
|
@ -633,7 +633,7 @@ func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPC |
|
|
|
|
return nil, err |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if !autoRegister { |
|
|
|
|
if user != nil { |
|
|
|
|
return user, nil |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -665,7 +665,7 @@ func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPC |
|
|
|
|
|
|
|
|
|
// LoginViaPAM queries if login/password is valid against the PAM,
|
|
|
|
|
// and create a local user if success when enabled.
|
|
|
|
|
func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMConfig, autoRegister bool) (*User, error) { |
|
|
|
|
func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMConfig) (*User, error) { |
|
|
|
|
if err := pam.Auth(cfg.ServiceName, login, password); err != nil { |
|
|
|
|
if strings.Contains(err.Error(), "Authentication failure") { |
|
|
|
|
return nil, ErrUserNotExist{0, login, 0} |
|
|
|
|
@ -673,7 +673,7 @@ func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMCon |
|
|
|
|
return nil, err |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if !autoRegister { |
|
|
|
|
if user != nil { |
|
|
|
|
return user, nil |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -691,7 +691,7 @@ func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMCon |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// ExternalUserLogin attempts a login using external source types.
|
|
|
|
|
func ExternalUserLogin(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) { |
|
|
|
|
func ExternalUserLogin(user *User, login, password string, source *LoginSource) (*User, error) { |
|
|
|
|
if !source.IsActived { |
|
|
|
|
return nil, ErrLoginSourceNotActived |
|
|
|
|
} |
|
|
|
|
@ -699,11 +699,11 @@ func ExternalUserLogin(user *User, login, password string, source *LoginSource, |
|
|
|
|
var err error |
|
|
|
|
switch source.Type { |
|
|
|
|
case LoginLDAP, LoginDLDAP: |
|
|
|
|
user, err = LoginViaLDAP(user, login, password, source, autoRegister) |
|
|
|
|
user, err = LoginViaLDAP(user, login, password, source) |
|
|
|
|
case LoginSMTP: |
|
|
|
|
user, err = LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig), autoRegister) |
|
|
|
|
user, err = LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig)) |
|
|
|
|
case LoginPAM: |
|
|
|
|
user, err = LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig), autoRegister) |
|
|
|
|
user, err = LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig)) |
|
|
|
|
default: |
|
|
|
|
return nil, ErrUnsupportedLoginType |
|
|
|
|
} |
|
|
|
|
@ -783,7 +783,7 @@ func UserSignIn(username, password string) (*User, error) { |
|
|
|
|
return nil, ErrLoginSourceNotExist{user.LoginSource} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
return ExternalUserLogin(user, user.LoginName, password, &source, false) |
|
|
|
|
return ExternalUserLogin(user, user.LoginName, password, &source) |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -797,7 +797,7 @@ func UserSignIn(username, password string) (*User, error) { |
|
|
|
|
// don't try to authenticate against OAuth2 and SSPI sources here
|
|
|
|
|
continue |
|
|
|
|
} |
|
|
|
|
authUser, err := ExternalUserLogin(nil, username, password, source, true) |
|
|
|
|
authUser, err := ExternalUserLogin(nil, username, password, source) |
|
|
|
|
if err == nil { |
|
|
|
|
return authUser, nil |
|
|
|
|
} |
|
|
|
|
|
zeripath
5 years ago
committed by
GitHub