OpenI
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
2804 Commits
197 Branches
392 MB
7946 Download
Tree: 247017d9ff
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '247017d9ff'
${ noResults }
aiforge/models/login.go

login.go 11 kB
Raw Normal View History

Add tar.gz download button and other mirror updates
11 years ago
fix code
11 years ago
add login.go
11 years ago
ldap support
11 years ago
Make gmail auth work
11 years ago
ldap support
11 years ago
basic authentications
11 years ago
add smtp authentication
11 years ago
merge all login methods
11 years ago
ldap support
11 years ago
add login.go
11 years ago
finish new edit auth UI
9 years ago
ldap support
11 years ago
basic authentications
11 years ago
fix code
11 years ago
ldap support
11 years ago
Add PAM authentication
10 years ago
bug fixed #193
11 years ago
ldap support
11 years ago
add login.go
11 years ago
Add tar.gz download button and other mirror updates
11 years ago
minor fix on #1581
9 years ago
basic authentications
11 years ago
Add tar.gz download button and other mirror updates
11 years ago
Add PAM authentication
10 years ago
minor fix on #1581
9 years ago
basic authentications
11 years ago
fix code
11 years ago
basic authentications
11 years ago
finish new add auth UI
9 years ago
Added LDAP simple auth support.
9 years ago
basic authentications
11 years ago
add login.go
11 years ago
Fix spelling errors in comments.
10 years ago
Fix edit auth page bug
11 years ago
Add PAM authentication
10 years ago
Fix edit auth page bug
11 years ago
add login.go
11 years ago
ldap support
11 years ago
add login.go
11 years ago
ldap support
11 years ago
add login.go
11 years ago
ldap support
11 years ago
add login.go
11 years ago
add smtp authentication
11 years ago
#1620 add allowed domains for SMTP auth
9 years ago
add smtp authentication
11 years ago
Add PAM authentication
10 years ago
add login.go
11 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Add tar.gz download button and other mirror updates
11 years ago
merge all login methods
11 years ago
Add tar.gz download button and other mirror updates
11 years ago
ldap support
11 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
minor fix on #1581
9 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
finish new edit auth UI
9 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
finish new add auth UI
9 years ago
basic authentications
11 years ago
finish new edit auth UI
9 years ago
basic authentications
11 years ago
add smtp authentication
11 years ago
Add PAM authentication
10 years ago
more minor fix on 1581
9 years ago
Add tar.gz download button and other mirror updates
11 years ago
Fix #165
11 years ago
Add tar.gz download button and other mirror updates
11 years ago
ldap support
11 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
ldap support
11 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
basic authentications
11 years ago
Fix #165
11 years ago
basic authentications
11 years ago
Add tar.gz download button and other mirror updates
11 years ago
basic authentications
11 years ago
add support for smtp authentication
11 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
ldap support
11 years ago
finish new edit auth UI
9 years ago
basic authentications
11 years ago
finish new edit auth UI
9 years ago
basic authentications
11 years ago
finish new edit auth UI
9 years ago
ldap support
11 years ago
add login.go
11 years ago
merge all login methods
11 years ago
Code convention
11 years ago
Added LDAP simple auth support.
9 years ago
merge all login methods
11 years ago
Added LDAP simple auth support.
9 years ago
merge all login methods
11 years ago
Added LDAP simple auth support.
9 years ago
merge all login methods
11 years ago
allow anonymous SSH clone
10 years ago
Added LDAP simple auth support.
9 years ago
merge all login methods
11 years ago
routers/repo/setting.go: fix LDAP cannot validate password #1006
10 years ago
Added LDAP simple auth support.
9 years ago
merge all login methods
11 years ago
Added LDAP simple auth support.
9 years ago
merge all login methods
11 years ago
Added LDAP simple auth support.
9 years ago
routers/repo/setting.go: fix LDAP cannot validate password #1006
10 years ago
merge all login methods
11 years ago
Added LDAP simple auth support.
9 years ago
routers/repo/setting.go: fix LDAP cannot validate password #1006
10 years ago
Added LDAP simple auth support.
9 years ago
minor fix on #1581
9 years ago
Added LDAP simple auth support.
9 years ago
routers/repo/setting.go: fix LDAP cannot validate password #1006
10 years ago
Added LDAP simple auth support.
9 years ago
Add PAM authentication
10 years ago
Added LDAP simple auth support.
9 years ago
merge all login methods
11 years ago
Added LDAP simple auth support.
9 years ago
routers/repo/setting.go: fix LDAP cannot validate password #1006
10 years ago
merge all login methods
11 years ago
Fix spelling errors in comments.
10 years ago
merge all login methods
11 years ago
work on #672
10 years ago
Added LDAP simple auth support.
9 years ago
merge all login methods
11 years ago
work on #672
10 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
merge all login methods
11 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
merge all login methods
11 years ago
New UI merge in progress
11 years ago
merge all login methods
11 years ago
work on #672
10 years ago
Significantly enhanced LDAP support in Gogs.
10 years ago
work on #672
10 years ago
New UI merge in progress
11 years ago
#1124 lower_name of LDAP user not assigned
10 years ago
work on #672
10 years ago
Get username, name, surname and e-mail from LDAP server
10 years ago
Added LDAP simple auth support.
9 years ago
merge all login methods
11 years ago
Set IsAdmin using LDAP The IsAdmin flag is set based on whether the admin filter returned any result. The admin filter is applied with the user dn as the search root. In the future, we should update IsAdmin as well on each login. Alternately, we can have a periodic sync operation.
9 years ago
work on #672
10 years ago
merge all login methods
11 years ago
work on #672
10 years ago
merge all login methods
11 years ago
add smtp authentication
11 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
add support for smtp authentication
11 years ago
add smtp authentication
11 years ago
finish new add auth UI
9 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
add smtp authentication
11 years ago
Make gmail auth work
11 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
smtp login bug fixed
11 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
smtp login bug fixed
11 years ago
Clean old LDAP code
11 years ago
add smtp authentication
11 years ago
Add tar.gz download button and other mirror updates
11 years ago
add smtp authentication
11 years ago
Fix spelling errors in comments.
10 years ago
add smtp authentication
11 years ago
New UI merge in progress
11 years ago
#1620 add allowed domains for SMTP auth
9 years ago
add smtp authentication
11 years ago
add support for smtp authentication
11 years ago
add smtp authentication
11 years ago
add support for smtp authentication
11 years ago
add smtp authentication
11 years ago
smtp login bug fixed
11 years ago
Make gmail auth work
11 years ago
add smtp authentication
11 years ago
#1542 A way to skip TLS verify for SMTP authentication
9 years ago
Make gmail auth work
11 years ago
#1620 add allowed domains for SMTP auth
9 years ago
Make gmail auth work
11 years ago
add smtp authentication
11 years ago
New UI merge in progress
11 years ago
add smtp authentication
11 years ago
smtp login bug fixed
11 years ago
add smtp authentication
11 years ago
New UI merge in progress
11 years ago
smtp login bug fixed
11 years ago
Add tar.gz download button and other mirror updates
11 years ago
add smtp authentication
11 years ago
New UI merge in progress
11 years ago
add smtp authentication
11 years ago
Add PAM authentication
10 years ago
allow anonymous SSH clone
10 years ago
Add PAM authentication
10 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"crypto/tls"

  9. 	"encoding/json"

  10. 	"errors"

  11. 	"fmt"

  12. 	"net/smtp"

  13. 	"strings"

  14. 	"time"

  15. 

  16. 	"github.com/Unknwon/com"

  17. 	"github.com/go-xorm/core"

  18. 	"github.com/go-xorm/xorm"

  19. 

  20. 	"github.com/gogits/gogs/modules/auth/ldap"

  21. 	"github.com/gogits/gogs/modules/auth/pam"

  22. 	"github.com/gogits/gogs/modules/log"

  23. )

  24. 

  25. type LoginType int

  26. 

  27. // Note: new type must be added at the end of list to maintain compatibility.

  28. const (

  29. 	NOTYPE LoginType = iota

  30. 	PLAIN

  31. 	LDAP

  32. 	SMTP

  33. 	PAM

  34. 	DLDAP

  35. )

  36. 

  37. var (

  38. 	ErrAuthenticationAlreadyExist = errors.New("Authentication already exist")

  39. 	ErrAuthenticationNotExist     = errors.New("Authentication does not exist")

  40. 	ErrAuthenticationUserUsed     = errors.New("Authentication has been used by some users")

  41. )

  42. 

  43. var LoginNames = map[LoginType]string{

  44. 	LDAP:  "LDAP (via BindDN)",

  45. 	DLDAP: "LDAP (simple auth)",

  46. 	SMTP:  "SMTP",

  47. 	PAM:   "PAM",

  48. }

  49. 

  50. // Ensure structs implemented interface.

  51. var (

  52. 	_ core.Conversion = &LDAPConfig{}

  53. 	_ core.Conversion = &SMTPConfig{}

  54. 	_ core.Conversion = &PAMConfig{}

  55. )

  56. 

  57. type LDAPConfig struct {

  58. 	ldap.Ldapsource

  59. }

  60. 

  61. func (cfg *LDAPConfig) FromDB(bs []byte) error {

  62. 	return json.Unmarshal(bs, &cfg.Ldapsource)

  63. }

  64. 

  65. func (cfg *LDAPConfig) ToDB() ([]byte, error) {

  66. 	return json.Marshal(cfg.Ldapsource)

  67. }

  68. 

  69. type SMTPConfig struct {

  70. 	Auth           string

  71. 	Host           string

  72. 	Port           int

  73. 	AllowedDomains string `xorm:"TEXT"`

  74. 	TLS            bool

  75. 	SkipVerify     bool

  76. }

  77. 

  78. func (cfg *SMTPConfig) FromDB(bs []byte) error {

  79. 	return json.Unmarshal(bs, cfg)

  80. }

  81. 

  82. func (cfg *SMTPConfig) ToDB() ([]byte, error) {

  83. 	return json.Marshal(cfg)

  84. }

  85. 

  86. type PAMConfig struct {

  87. 	ServiceName string // pam service (e.g. system-auth)

  88. }

  89. 

  90. func (cfg *PAMConfig) FromDB(bs []byte) error {

  91. 	return json.Unmarshal(bs, &cfg)

  92. }

  93. 

  94. func (cfg *PAMConfig) ToDB() ([]byte, error) {

  95. 	return json.Marshal(cfg)

  96. }

  97. 

  98. type LoginSource struct {

  99. 	ID                int64 `xorm:"pk autoincr"`

  100. 	Type              LoginType

  101. 	Name              string          `xorm:"UNIQUE"`

  102. 	IsActived         bool            `xorm:"NOT NULL DEFAULT false"`

  103. 	Cfg               core.Conversion `xorm:"TEXT"`

  104. 	AllowAutoRegister bool            `xorm:"NOT NULL DEFAULT false"`

  105. 	Created           time.Time       `xorm:"CREATED"`

  106. 	Updated           time.Time       `xorm:"UPDATED"`

  107. }

  108. 

  109. func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {

  110. 	switch colName {

  111. 	case "type":

  112. 		switch LoginType((*val).(int64)) {

  113. 		case LDAP, DLDAP:

  114. 			source.Cfg = new(LDAPConfig)

  115. 		case SMTP:

  116. 			source.Cfg = new(SMTPConfig)

  117. 		case PAM:

  118. 			source.Cfg = new(PAMConfig)

  119. 		default:

  120. 			panic("unrecognized login source type: " + com.ToStr(*val))

  121. 		}

  122. 	}

  123. }

  124. 

  125. func (source *LoginSource) TypeName() string {

  126. 	return LoginNames[source.Type]

  127. }

  128. 

  129. func (source *LoginSource) IsLDAP() bool {

  130. 	return source.Type == LDAP

  131. }

  132. 

  133. func (source *LoginSource) IsDLDAP() bool {

  134. 	return source.Type == DLDAP

  135. }

  136. 

  137. func (source *LoginSource) IsSMTP() bool {

  138. 	return source.Type == SMTP

  139. }

  140. 

  141. func (source *LoginSource) IsPAM() bool {

  142. 	return source.Type == PAM

  143. }

  144. 

  145. func (source *LoginSource) UseTLS() bool {

  146. 	switch source.Type {

  147. 	case LDAP, DLDAP:

  148. 		return source.LDAP().UseSSL

  149. 	case SMTP:

  150. 		return source.SMTP().TLS

  151. 	}

  152. 

  153. 	return false

  154. }

  155. 

  156. func (source *LoginSource) LDAP() *LDAPConfig {

  157. 	return source.Cfg.(*LDAPConfig)

  158. }

  159. 

  160. func (source *LoginSource) SMTP() *SMTPConfig {

  161. 	return source.Cfg.(*SMTPConfig)

  162. }

  163. 

  164. func (source *LoginSource) PAM() *PAMConfig {

  165. 	return source.Cfg.(*PAMConfig)

  166. }

  167. 

  168. // CountLoginSources returns number of login sources.

  169. func CountLoginSources() int64 {

  170. 	count, _ := x.Count(new(LoginSource))

  171. 	return count

  172. }

  173. 

  174. func CreateSource(source *LoginSource) error {

  175. 	_, err := x.Insert(source)

  176. 	return err

  177. }

  178. 

  179. func GetAuths() ([]*LoginSource, error) {

  180. 	auths := make([]*LoginSource, 0, 5)

  181. 	return auths, x.Find(&auths)

  182. }

  183. 

  184. func GetLoginSourceByID(id int64) (*LoginSource, error) {

  185. 	source := new(LoginSource)

  186. 	has, err := x.Id(id).Get(source)

  187. 	if err != nil {

  188. 		return nil, err

  189. 	} else if !has {

  190. 		return nil, ErrAuthenticationNotExist

  191. 	}

  192. 	return source, nil

  193. }

  194. 

  195. func UpdateSource(source *LoginSource) error {

  196. 	_, err := x.Id(source.ID).AllCols().Update(source)

  197. 	return err

  198. }

  199. 

  200. func DeleteSource(source *LoginSource) error {

  201. 	count, err := x.Count(&User{LoginSource: source.ID})

  202. 	if err != nil {

  203. 		return err

  204. 	} else if count > 0 {

  205. 		return ErrAuthenticationUserUsed

  206. 	}

  207. 	_, err = x.Id(source.ID).Delete(new(LoginSource))

  208. 	return err

  209. }

  210. 

  211. // UserSignIn validates user name and password.

  212. func UserSignIn(uname, passwd string) (*User, error) {

  213. 	var u *User

  214. 	if strings.Contains(uname, "@") {

  215. 		u = &User{Email: uname}

  216. 	} else {

  217. 		u = &User{LowerName: strings.ToLower(uname)}

  218. 	}

  219. 

  220. 	userExists, err := x.Get(u)

  221. 	if err != nil {

  222. 		return nil, err

  223. 	}

  224. 

  225. 	if userExists {

  226. 		switch u.LoginType {

  227. 		case NOTYPE:

  228. 			fallthrough

  229. 		case PLAIN:

  230. 			if u.ValidatePassword(passwd) {

  231. 				return u, nil

  232. 			}

  233. 

  234. 			return nil, ErrUserNotExist{u.Id, u.Name}

  235. 		default:

  236. 			var source LoginSource

  237. 			hasSource, err := x.Id(u.LoginSource).Get(&source)

  238. 			if err != nil {

  239. 				return nil, err

  240. 			} else if !hasSource {

  241. 				return nil, ErrLoginSourceNotExist

  242. 			}

  243. 

  244. 			return ExternalUserLogin(u, u.LoginName, passwd, &source, false)

  245. 		}

  246. 	}

  247. 

  248. 	var sources []LoginSource

  249. 	if err = x.UseBool().Find(&sources, &LoginSource{IsActived: true, AllowAutoRegister: true}); err != nil {

  250. 		return nil, err

  251. 	}

  252. 

  253. 	for _, source := range sources {

  254. 		u, err := ExternalUserLogin(nil, uname, passwd, &source, true)

  255. 		if err == nil {

  256. 			return u, nil

  257. 		}

  258. 

  259. 		log.Warn("Failed to login '%s' via '%s': %v", uname, source.Name, err)

  260. 	}

  261. 

  262. 	return nil, ErrUserNotExist{u.Id, u.Name}

  263. }

  264. 

  265. func ExternalUserLogin(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) {

  266. 	if !source.IsActived {

  267. 		return nil, ErrLoginSourceNotActived

  268. 	}

  269. 

  270. 	switch source.Type {

  271. 	case LDAP, DLDAP:

  272. 		return LoginUserLdapSource(u, name, passwd, source, autoRegister)

  273. 	case SMTP:

  274. 		return LoginUserSMTPSource(u, name, passwd, source.ID, source.Cfg.(*SMTPConfig), autoRegister)

  275. 	case PAM:

  276. 		return LoginUserPAMSource(u, name, passwd, source.ID, source.Cfg.(*PAMConfig), autoRegister)

  277. 	}

  278. 

  279. 	return nil, ErrUnsupportedLoginType

  280. }

  281. 

  282. // Query if name/passwd can login against the LDAP directory pool

  283. // Create a local user if success

  284. // Return the same LoginUserPlain semantic

  285. // FIXME: https://github.com/gogits/gogs/issues/672

  286. func LoginUserLdapSource(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) {

  287. 	cfg := source.Cfg.(*LDAPConfig)

  288. 	directBind := (source.Type == DLDAP)

  289. 	fn, sn, mail, admin, logged := cfg.Ldapsource.SearchEntry(name, passwd, directBind)

  290. 	if !logged {

  291. 		// User not in LDAP, do nothing

  292. 		return nil, ErrUserNotExist{0, name}

  293. 	}

  294. 

  295. 	if !autoRegister {

  296. 		return u, nil

  297. 	}

  298. 

  299. 	// Fallback.

  300. 	if len(mail) == 0 {

  301. 		mail = fmt.Sprintf("%s@localhost", name)

  302. 	}

  303. 

  304. 	u = &User{

  305. 		LowerName:   strings.ToLower(name),

  306. 		Name:        name,

  307. 		FullName:    fn + " " + sn,

  308. 		LoginType:   source.Type,

  309. 		LoginSource: source.ID,

  310. 		LoginName:   name,

  311. 		Passwd:      passwd,

  312. 		Email:       mail,

  313. 		IsAdmin:     admin,

  314. 		IsActive:    true,

  315. 	}

  316. 	return u, CreateUser(u)

  317. }

  318. 

  319. type loginAuth struct {

  320. 	username, password string

  321. }

  322. 

  323. func LoginAuth(username, password string) smtp.Auth {

  324. 	return &loginAuth{username, password}

  325. }

  326. 

  327. func (a *loginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {

  328. 	return "LOGIN", []byte(a.username), nil

  329. }

  330. 

  331. func (a *loginAuth) Next(fromServer []byte, more bool) ([]byte, error) {

  332. 	if more {

  333. 		switch string(fromServer) {

  334. 		case "Username:":

  335. 			return []byte(a.username), nil

  336. 		case "Password:":

  337. 			return []byte(a.password), nil

  338. 		}

  339. 	}

  340. 	return nil, nil

  341. }

  342. 

  343. const (

  344. 	SMTP_PLAIN = "PLAIN"

  345. 	SMTP_LOGIN = "LOGIN"

  346. )

  347. 

  348. var SMTPAuths = []string{SMTP_PLAIN, SMTP_LOGIN}

  349. 

  350. func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error {

  351. 	c, err := smtp.Dial(fmt.Sprintf("%s:%d", cfg.Host, cfg.Port))

  352. 	if err != nil {

  353. 		return err

  354. 	}

  355. 	defer c.Close()

  356. 

  357. 	if err = c.Hello("gogs"); err != nil {

  358. 		return err

  359. 	}

  360. 

  361. 	if cfg.TLS {

  362. 		if ok, _ := c.Extension("STARTTLS"); ok {

  363. 			if err = c.StartTLS(&tls.Config{

  364. 				InsecureSkipVerify: cfg.SkipVerify,

  365. 				ServerName:         cfg.Host,

  366. 			}); err != nil {

  367. 				return err

  368. 			}

  369. 		} else {

  370. 			return errors.New("SMTP server unsupports TLS")

  371. 		}

  372. 	}

  373. 

  374. 	if ok, _ := c.Extension("AUTH"); ok {

  375. 		if err = c.Auth(a); err != nil {

  376. 			return err

  377. 		}

  378. 		return nil

  379. 	}

  380. 	return ErrUnsupportedLoginType

  381. }

  382. 

  383. // Query if name/passwd can login against the LDAP directory pool

  384. // Create a local user if success

  385. // Return the same LoginUserPlain semantic

  386. func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {

  387. 	// Verify allowed domains.

  388. 	if len(cfg.AllowedDomains) > 0 {

  389. 		idx := strings.Index(name, "@")

  390. 		if idx == -1 {

  391. 			return nil, ErrUserNotExist{0, name}

  392. 		} else if !com.IsSliceContainsStr(strings.Split(cfg.AllowedDomains, ","), name[idx+1:]) {

  393. 			return nil, ErrUserNotExist{0, name}

  394. 		}

  395. 	}

  396. 

  397. 	var auth smtp.Auth

  398. 	if cfg.Auth == SMTP_PLAIN {

  399. 		auth = smtp.PlainAuth("", name, passwd, cfg.Host)

  400. 	} else if cfg.Auth == SMTP_LOGIN {

  401. 		auth = LoginAuth(name, passwd)

  402. 	} else {

  403. 		return nil, errors.New("Unsupported SMTP auth type")

  404. 	}

  405. 

  406. 	if err := SMTPAuth(auth, cfg); err != nil {

  407. 		if strings.Contains(err.Error(), "Username and Password not accepted") {

  408. 			return nil, ErrUserNotExist{0, name}

  409. 		}

  410. 		return nil, err

  411. 	}

  412. 

  413. 	if !autoRegister {

  414. 		return u, nil

  415. 	}

  416. 

  417. 	var loginName = name

  418. 	idx := strings.Index(name, "@")

  419. 	if idx > -1 {

  420. 		loginName = name[:idx]

  421. 	}

  422. 	// fake a local user creation

  423. 	u = &User{

  424. 		LowerName:   strings.ToLower(loginName),

  425. 		Name:        strings.ToLower(loginName),

  426. 		LoginType:   SMTP,

  427. 		LoginSource: sourceId,

  428. 		LoginName:   name,

  429. 		IsActive:    true,

  430. 		Passwd:      passwd,

  431. 		Email:       name,

  432. 	}

  433. 	err := CreateUser(u)

  434. 	return u, err

  435. }

  436. 

  437. // Query if name/passwd can login against PAM

  438. // Create a local user if success

  439. // Return the same LoginUserPlain semantic

  440. func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMConfig, autoRegister bool) (*User, error) {

  441. 	if err := pam.PAMAuth(cfg.ServiceName, name, passwd); err != nil {

  442. 		if strings.Contains(err.Error(), "Authentication failure") {

  443. 			return nil, ErrUserNotExist{u.Id, u.Name}

  444. 		}

  445. 		return nil, err

  446. 	}

  447. 

  448. 	if !autoRegister {

  449. 		return u, nil

  450. 	}

  451. 

  452. 	// fake a local user creation

  453. 	u = &User{

  454. 		LowerName:   strings.ToLower(name),

  455. 		Name:        strings.ToLower(name),

  456. 		LoginType:   PAM,

  457. 		LoginSource: sourceId,

  458. 		LoginName:   name,

  459. 		IsActive:    true,

  460. 		Passwd:      passwd,

  461. 		Email:       name,

  462. 	}

  463. 	err := CreateUser(u)

  464. 	return u, err

  465. }

No Description