diff options
Diffstat (limited to 'modules/auth/pam')
-rw-r--r-- | modules/auth/pam/pam.go | 43 | ||||
-rw-r--r-- | modules/auth/pam/pam_stub.go | 22 | ||||
-rw-r--r-- | modules/auth/pam/pam_test.go | 20 |
3 files changed, 85 insertions, 0 deletions
diff --git a/modules/auth/pam/pam.go b/modules/auth/pam/pam.go new file mode 100644 index 0000000..cca1482 --- /dev/null +++ b/modules/auth/pam/pam.go @@ -0,0 +1,43 @@ +// Copyright 2014 The Gogs Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +//go:build pam + +package pam + +import ( + "errors" + + "github.com/msteinert/pam" +) + +// Supported is true when built with PAM +var Supported = true + +// Auth pam auth service +func Auth(serviceName, userName, passwd string) (string, error) { + t, err := pam.StartFunc(serviceName, userName, func(s pam.Style, msg string) (string, error) { + switch s { + case pam.PromptEchoOff: + return passwd, nil + case pam.PromptEchoOn, pam.ErrorMsg, pam.TextInfo: + return "", nil + } + return "", errors.New("Unrecognized PAM message style") + }) + if err != nil { + return "", err + } + + if err = t.Authenticate(0); err != nil { + return "", err + } + + if err = t.AcctMgmt(0); err != nil { + return "", err + } + + // PAM login names might suffer transformations in the PAM stack. + // We should take whatever the PAM stack returns for it. + return t.GetItem(pam.User) +} diff --git a/modules/auth/pam/pam_stub.go b/modules/auth/pam/pam_stub.go new file mode 100644 index 0000000..3631eee --- /dev/null +++ b/modules/auth/pam/pam_stub.go @@ -0,0 +1,22 @@ +// Copyright 2014 The Gogs Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +//go:build !pam + +package pam + +import ( + "errors" +) + +// Supported is false when built without PAM +var Supported = false + +// Auth not supported lack of pam tag +func Auth(serviceName, userName, passwd string) (string, error) { + // bypass the lint on callers: SA4023: this comparison is always true (staticcheck) + if !Supported { + return "", errors.New("PAM not supported") + } + return "", nil +} diff --git a/modules/auth/pam/pam_test.go b/modules/auth/pam/pam_test.go new file mode 100644 index 0000000..e9b844e --- /dev/null +++ b/modules/auth/pam/pam_test.go @@ -0,0 +1,20 @@ +//go:build pam + +// Copyright 2021 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package pam + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestPamAuth(t *testing.T) { + result, err := Auth("gitea", "user1", "false-pwd") + require.Error(t, err) + assert.EqualError(t, err, "Authentication failure") + assert.Len(t, result, 0) +} |