diff --git a/.travis.yml b/.travis.yml
index 4149e173166..113773d6977 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -6,11 +6,13 @@ go:
- 1.4
- tip
-sudo: false
+before_install:
+ - sudo apt-get update -qq
+ - sudo apt-get install -y libpam-dev
script: go build -v
notifications:
email:
- u@gogs.io
- slack: gophercn:o5pSanyTeNhnfYc3QnG0X7Wx
\ No newline at end of file
+ slack: gophercn:o5pSanyTeNhnfYc3QnG0X7Wx
diff --git a/cmd/serve.go b/cmd/serve.go
index 484060c4c32..c291c5e3411 100644
--- a/cmd/serve.go
+++ b/cmd/serve.go
@@ -102,7 +102,7 @@ func runServ(c *cli.Context) {
cmd := os.Getenv("SSH_ORIGINAL_COMMAND")
if cmd == "" {
- println("Hi", user.Name, "! You've successfully authenticated, but Gogs does not provide shell access.")
+ fmt.Printf("Hi, %s! You've successfully authenticated, but Gogs does not provide shell access.\n", user.Name)
if user.IsAdmin {
println("If this is unexpected, please log in with password and setup Gogs under another user.")
}
diff --git a/conf/locale/locale_en-US.ini b/conf/locale/locale_en-US.ini
index 59c806a072f..e59520a215b 100644
--- a/conf/locale/locale_en-US.ini
+++ b/conf/locale/locale_en-US.ini
@@ -619,6 +619,7 @@ auths.smtp_auth = SMTP Authorization Type
auths.smtphost = SMTP Host
auths.smtpport = SMTP Port
auths.enable_tls = Enable TLS Encryption
+auths.pam_service_name = PAM Service Name
auths.enable_auto_register = Enable Auto Registration
auths.tips = Tips
auths.edit = Edit Authorization Setting
diff --git a/models/login.go b/models/login.go
index 916e27310cc..10f782beec6 100644
--- a/models/login.go
+++ b/models/login.go
@@ -17,6 +17,7 @@ import (
"github.com/go-xorm/xorm"
"github.com/gogits/gogs/modules/auth/ldap"
+ "github.com/gogits/gogs/modules/auth/pam"
"github.com/gogits/gogs/modules/log"
"github.com/gogits/gogs/modules/uuid"
)
@@ -28,6 +29,7 @@ const (
PLAIN
LDAP
SMTP
+ PAM
)
var (
@@ -39,12 +41,14 @@ var (
var LoginTypes = map[LoginType]string{
LDAP: "LDAP",
SMTP: "SMTP",
+ PAM: "PAM",
}
// Ensure structs implemented interface.
var (
_ core.Conversion = &LDAPConfig{}
_ core.Conversion = &SMTPConfig{}
+ _ core.Conversion = &PAMConfig{}
)
type LDAPConfig struct {
@@ -74,6 +78,18 @@ func (cfg *SMTPConfig) ToDB() ([]byte, error) {
return json.Marshal(cfg)
}
+type PAMConfig struct {
+ ServiceName string // pam service (e.g. system-auth)
+}
+
+func (cfg *PAMConfig) FromDB(bs []byte) error {
+ return json.Unmarshal(bs, &cfg)
+}
+
+func (cfg *PAMConfig) ToDB() ([]byte, error) {
+ return json.Marshal(cfg)
+}
+
type LoginSource struct {
Id int64
Type LoginType
@@ -97,6 +113,10 @@ func (source *LoginSource) SMTP() *SMTPConfig {
return source.Cfg.(*SMTPConfig)
}
+func (source *LoginSource) PAM() *PAMConfig {
+ return source.Cfg.(*PAMConfig)
+}
+
func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {
if colName == "type" {
ty := (*val).(int64)
@@ -105,6 +125,8 @@ func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {
source.Cfg = new(LDAPConfig)
case SMTP:
source.Cfg = new(SMTPConfig)
+ case PAM:
+ source.Cfg = new(PAMConfig)
}
}
}
@@ -169,7 +191,7 @@ func UserSignIn(uname, passwd string) (*User, error) {
// For plain login, user must exist to reach this line.
// Now verify password.
if u.LoginType == PLAIN {
- if !u.ValidtePassword(passwd) {
+ if !u.ValidatePassword(passwd) {
return nil, ErrUserNotExist
}
return u, nil
@@ -197,6 +219,13 @@ func UserSignIn(uname, passwd string) (*User, error) {
return u, nil
}
log.Warn("Fail to login(%s) by SMTP(%s): %v", uname, source.Name, err)
+ } else if source.Type == PAM {
+ u, err := LoginUserPAMSource(nil, uname, passwd,
+ source.Id, source.Cfg.(*PAMConfig), true)
+ if err == nil {
+ return u, nil
+ }
+ log.Warn("Fail to login(%s) by PAM(%s): %v", uname, source.Name, err)
}
}
@@ -218,6 +247,8 @@ func UserSignIn(uname, passwd string) (*User, error) {
return LoginUserLdapSource(u, u.LoginName, passwd, source.Id, source.Cfg.(*LDAPConfig), false)
case SMTP:
return LoginUserSMTPSource(u, u.LoginName, passwd, source.Id, source.Cfg.(*SMTPConfig), false)
+ case PAM:
+ return LoginUserPAMSource(u, u.LoginName, passwd, source.Id, source.Cfg.(*PAMConfig), false)
}
return nil, ErrUnsupportedLoginType
}
@@ -359,3 +390,33 @@ func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTP
err := CreateUser(u)
return u, err
}
+
+// Query if name/passwd can login against PAM
+// Create a local user if success
+// Return the same LoginUserPlain semantic
+func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMConfig, autoRegister bool) (*User, error) {
+ if err := pam.PAMAuth(cfg.ServiceName, name, passwd); err != nil {
+ if strings.Contains(err.Error(), "Authentication failure") {
+ return nil, ErrUserNotExist
+ }
+ return nil, err
+ }
+
+ if !autoRegister {
+ return u, nil
+ }
+
+ // fake a local user creation
+ u = &User{
+ LowerName: strings.ToLower(name),
+ Name: strings.ToLower(name),
+ LoginType: PAM,
+ LoginSource: sourceId,
+ LoginName: name,
+ IsActive: true,
+ Passwd: passwd,
+ Email: name,
+ }
+ err := CreateUser(u)
+ return u, err
+}
diff --git a/models/repo.go b/models/repo.go
index 7b47c20b1ea..f144be5a3fd 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -40,6 +40,7 @@ var (
ErrRepoFileNotLoaded = errors.New("Repository file not loaded")
ErrMirrorNotExist = errors.New("Mirror does not exist")
ErrInvalidReference = errors.New("Invalid reference specified")
+ ErrNameEmpty = errors.New("Name is empty")
)
var (
@@ -242,10 +243,11 @@ func (repo *Repository) CloneLink() (cl CloneLink, err error) {
if err = repo.GetOwner(); err != nil {
return cl, err
}
+
if setting.SSHPort != 22 {
- cl.SSH = fmt.Sprintf("ssh://%s@%s:%d/%s/%s.git", setting.RunUser, setting.Domain, setting.SSHPort, repo.Owner.LowerName, repo.LowerName)
+ cl.SSH = fmt.Sprintf("ssh://%s@%s:%d/%s/%s.git", setting.RunUser, setting.SSHDomain, setting.SSHPort, repo.Owner.LowerName, repo.LowerName)
} else {
- cl.SSH = fmt.Sprintf("%s@%s:%s/%s.git", setting.RunUser, setting.Domain, repo.Owner.LowerName, repo.LowerName)
+ cl.SSH = fmt.Sprintf("%s@%s:%s/%s.git", setting.RunUser, setting.SSHDomain, repo.Owner.LowerName, repo.LowerName)
}
cl.HTTPS = fmt.Sprintf("%s%s/%s.git", setting.AppUrl, repo.Owner.LowerName, repo.LowerName)
return cl, nil
@@ -258,7 +260,11 @@ var (
// IsUsableName checks if name is reserved or pattern of name is not allowed.
func IsUsableName(name string) error {
- name = strings.ToLower(name)
+ name = strings.TrimSpace(strings.ToLower(name))
+ if utf8.RuneCountInString(name) == 0 {
+ return ErrNameEmpty
+ }
+
for i := range reservedNames {
if name == reservedNames[i] {
return ErrNameReserved{name}
diff --git a/models/user.go b/models/user.go
index bf69f97a1b2..e239ea174df 100644
--- a/models/user.go
+++ b/models/user.go
@@ -143,8 +143,8 @@ func (u *User) EncodePasswd() {
u.Passwd = fmt.Sprintf("%x", newPasswd)
}
-// ValidtePassword checks if given password matches the one belongs to the user.
-func (u *User) ValidtePassword(passwd string) bool {
+// ValidatePassword checks if given password matches the one belongs to the user.
+func (u *User) ValidatePassword(passwd string) bool {
newUser := &User{Passwd: passwd, Salt: u.Salt}
newUser.EncodePasswd()
return u.Passwd == newUser.Passwd
diff --git a/modules/auth/auth_form.go b/modules/auth/auth_form.go
index 7d459999140..1102dc3492a 100644
--- a/modules/auth/auth_form.go
+++ b/modules/auth/auth_form.go
@@ -30,6 +30,7 @@ type AuthenticationForm struct {
SMTPPort int `form:"smtp_port"`
TLS bool `form:"tls"`
AllowAutoRegister bool `form:"allowautoregister"`
+ PAMServiceName string
}
func (f *AuthenticationForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
diff --git a/modules/auth/pam/pam.go b/modules/auth/pam/pam.go
new file mode 100644
index 00000000000..7d150b1c0b1
--- /dev/null
+++ b/modules/auth/pam/pam.go
@@ -0,0 +1,35 @@
+// +build !windows
+
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package pam
+
+import (
+ "errors"
+
+ "github.com/msteinert/pam"
+)
+
+func PAMAuth(serviceName, userName, passwd string) error {
+ t, err := pam.StartFunc(serviceName, userName, func(s pam.Style, msg string) (string, error) {
+ switch s {
+ case pam.PromptEchoOff:
+ return passwd, nil
+ case pam.PromptEchoOn, pam.ErrorMsg, pam.TextInfo:
+ return "", nil
+ }
+ return "", errors.New("Unrecognized PAM message style")
+ })
+
+ if err != nil {
+ return err
+ }
+
+ if err = t.Authenticate(0); err != nil {
+ return err
+ }
+
+ return nil
+}
diff --git a/modules/auth/pam/pam_stub.go b/modules/auth/pam/pam_stub.go
new file mode 100644
index 00000000000..2f210bf6e7c
--- /dev/null
+++ b/modules/auth/pam/pam_stub.go
@@ -0,0 +1,15 @@
+// +build windows
+
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package pam
+
+import (
+ "errors"
+)
+
+func PAMAuth(serviceName, userName, passwd string) error {
+ return errors.New("PAM not supported")
+}
diff --git a/modules/middleware/context.go b/modules/middleware/context.go
index b580de50381..200a74cb3ac 100644
--- a/modules/middleware/context.go
+++ b/modules/middleware/context.go
@@ -139,6 +139,13 @@ func (ctx *Context) Handle(status int, title string, err error) {
ctx.HTML(status, base.TplName(fmt.Sprintf("status/%d", status)))
}
+func (ctx *Context) HandleText(status int, title string) {
+ if (status / 100 == 4) || (status / 100 == 5) {
+ log.Error(4, "%s", title)
+ }
+ ctx.RenderData(status, []byte(title))
+}
+
func (ctx *Context) HandleAPI(status int, obj interface{}) {
var message string
if err, ok := obj.(error); ok {
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index aefc3520f92..3ce27b2e3b5 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -53,6 +53,7 @@ var (
HttpAddr, HttpPort string
DisableSSH bool
SSHPort int
+ SSHDomain string
OfflineMode bool
DisableRouterLog bool
CertFile, KeyFile string
@@ -232,6 +233,7 @@ func NewConfigContext() {
HttpAddr = sec.Key("HTTP_ADDR").MustString("0.0.0.0")
HttpPort = sec.Key("HTTP_PORT").MustString("3000")
DisableSSH = sec.Key("DISABLE_SSH").MustBool()
+ SSHDomain = sec.Key("SSH_DOMAIN").MustString(Domain)
SSHPort = sec.Key("SSH_PORT").MustInt(22)
OfflineMode = sec.Key("OFFLINE_MODE").MustBool()
DisableRouterLog = sec.Key("DISABLE_ROUTER_LOG").MustBool()
diff --git a/public/ng/js/gogs.js b/public/ng/js/gogs.js
index c5fd719c32d..7ffef8af8be 100644
--- a/public/ng/js/gogs.js
+++ b/public/ng/js/gogs.js
@@ -753,10 +753,17 @@ function initAdmin() {
if (v == 2) {
$('.ldap').toggleShow();
$('.smtp').toggleHide();
+ $('.pam').toggleHide();
}
if (v == 3) {
$('.smtp').toggleShow();
$('.ldap').toggleHide();
+ $('.pam').toggleHide();
+ }
+ if (v == 4) {
+ $('.pam').toggleShow();
+ $('.smtp').toggleHide();
+ $('.ldap').toggleHide();
}
});
diff --git a/public/ng/less/gogs/sign.less b/public/ng/less/gogs/sign.less
index 55a9ffbbd90..3950be032ae 100644
--- a/public/ng/less/gogs/sign.less
+++ b/public/ng/less/gogs/sign.less
@@ -25,6 +25,11 @@ The register and sign-in page style
.form-label {
width: 160px;
}
+ .chk-label {
+ width: auto;
+ text-align: left;
+ margin-left: 176px;
+ }
.alert{
margin:0 30px 24px 30px;
}
@@ -60,4 +65,4 @@ The register and sign-in page style
background-color: #FFF;
margin-left: -15px;
}
-}
\ No newline at end of file
+}
diff --git a/routers/admin/auths.go b/routers/admin/auths.go
index b13b0bd134f..2bec7da46cf 100644
--- a/routers/admin/auths.go
+++ b/routers/admin/auths.go
@@ -84,6 +84,10 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
Port: form.SMTPPort,
TLS: form.TLS,
}
+ case models.PAM:
+ u = &models.PAMConfig{
+ ServiceName: form.PAMServiceName,
+ }
default:
ctx.Error(400)
return
@@ -166,6 +170,10 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
Port: form.SMTPPort,
TLS: form.TLS,
}
+ case models.PAM:
+ config = &models.PAMConfig{
+ ServiceName: form.PAMServiceName,
+ }
default:
ctx.Error(400)
return
diff --git a/routers/api/v1/repo.go b/routers/api/v1/repo.go
index 170c2e90ba9..7da5f81731b 100644
--- a/routers/api/v1/repo.go
+++ b/routers/api/v1/repo.go
@@ -164,7 +164,7 @@ func MigrateRepo(ctx *middleware.Context, form auth.MigrateRepoForm) {
}
return
}
- if !u.ValidtePassword(ctx.Query("password")) {
+ if !u.ValidatePassword(ctx.Query("password")) {
ctx.HandleAPI(422, "Username or password is not correct.")
return
}
diff --git a/routers/repo/http.go b/routers/repo/http.go
index 9165128a36f..8395d1c0413 100644
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -96,12 +96,12 @@ func Http(ctx *middleware.Context) {
// FIXME: middlewares/context.go did basic auth check already,
// maybe could use that one.
if len(auths) != 2 || auths[0] != "Basic" {
- ctx.Handle(401, "no basic auth and digit auth", nil)
+ ctx.HandleText(401, "no basic auth and digit auth")
return
}
authUsername, authPasswd, err = base.BasicAuthDecode(auths[1])
if err != nil {
- ctx.Handle(401, "no basic auth and digit auth", nil)
+ ctx.HandleText(401, "no basic auth and digit auth")
return
}
@@ -116,7 +116,7 @@ func Http(ctx *middleware.Context) {
token, err := models.GetAccessTokenBySha(authUsername)
if err != nil {
if err == models.ErrAccessTokenNotExist {
- ctx.Handle(401, "invalid token", nil)
+ ctx.HandleText(401, "invalid token")
} else {
ctx.Handle(500, "GetAccessTokenBySha", err)
}
@@ -138,23 +138,23 @@ func Http(ctx *middleware.Context) {
has, err := models.HasAccess(authUser, repo, tp)
if err != nil {
- ctx.Handle(401, "no basic auth and digit auth", nil)
+ ctx.HandleText(401, "no basic auth and digit auth")
return
} else if !has {
if tp == models.ACCESS_MODE_READ {
has, err = models.HasAccess(authUser, repo, models.ACCESS_MODE_WRITE)
if err != nil || !has {
- ctx.Handle(401, "no basic auth and digit auth", nil)
+ ctx.HandleText(401, "no basic auth and digit auth")
return
}
} else {
- ctx.Handle(401, "no basic auth and digit auth", nil)
+ ctx.HandleText(401, "no basic auth and digit auth")
return
}
}
if !isPull && repo.IsMirror {
- ctx.Handle(401, "can't push to mirror", nil)
+ ctx.HandleText(401, "can't push to mirror")
return
}
}
diff --git a/scripts/init/centos/gogs b/scripts/init/centos/gogs
index 1a92ff20703..5ff6de537fb 100644
--- a/scripts/init/centos/gogs
+++ b/scripts/init/centos/gogs
@@ -33,7 +33,7 @@ LOGFILE=${GOGS_HOME}/log/gogs.log
RETVAL=0
# Read configuration from /etc/sysconfig/gogs to override defaults
-[ -r /etc/sysconfig/$NAME ] && ./etc/sysconfig/$NAME
+[ -r /etc/sysconfig/$NAME ] && . /etc/sysconfig/$NAME
# Don't do anything if nothing is installed
[ -x ${GOGS_PATH} ] || exit 0
diff --git a/templates/admin/auth/edit.tmpl b/templates/admin/auth/edit.tmpl
index a178b717565..12d1d1f8f20 100644
--- a/templates/admin/auth/edit.tmpl
+++ b/templates/admin/auth/edit.tmpl
@@ -91,6 +91,12 @@
+
+ {{else if eq $type 4}}
+
+
+
+
{{end}}
diff --git a/templates/admin/auth/new.tmpl b/templates/admin/auth/new.tmpl
index 0d1f2ab4173..36b90cfb48d 100644
--- a/templates/admin/auth/new.tmpl
+++ b/templates/admin/auth/new.tmpl
@@ -86,6 +86,12 @@
+
+
+
+
+
+
diff --git a/templates/explore/repos.tmpl b/templates/explore/repos.tmpl
index 954d0b06ec2..1e0143f56ab 100644
--- a/templates/explore/repos.tmpl
+++ b/templates/explore/repos.tmpl
@@ -2,24 +2,26 @@
{{template "ng/base/header" .}}
- {{template "explore/nav" .}}
+ {{template "explore/nav" .}}
-
- {{range .Repos}}
-
-
- - {{.NumStars}}
- - {{.NumForks}}
-
-
-
{{.Description}}
-
{{$.i18n.Tr "org.repo_updated"}} {{TimeSince .Updated $.i18n.Lang}}
-
- {{end}}
-
-
+
+ {{range .Repos}}
+
+
+ - {{.NumStars}}
+ - {{.NumForks}}
+
+
+
{{.Description}}
+
{{$.i18n.Tr "org.repo_updated"}} {{TimeSince .Updated $.i18n.Lang}}
+
+ {{end}}
+
+
-{{template "ng/base/footer" .}}
\ No newline at end of file
+{{template "ng/base/footer" .}}
diff --git a/templates/user/auth/signin.tmpl b/templates/user/auth/signin.tmpl
index 455df63ac82..bc0b0f2d31e 100644
--- a/templates/user/auth/signin.tmpl
+++ b/templates/user/auth/signin.tmpl
@@ -17,8 +17,9 @@
{{if not .IsSocialLogin}}
-
- {{.i18n.Tr "auth.remember_me"}}
+
{{end}}
@@ -41,4 +42,4 @@
-{{template "ng/base/footer" .}}
\ No newline at end of file
+{{template "ng/base/footer" .}}