| | |
|---|
| | | import org.slf4j.LoggerFactory;
|
|---|
| | |
|
|---|
| | | import com.gitblit.Constants.AccountType;
|
|---|
| | | import com.gitblit.manager.IRuntimeManager;
|
|---|
| | | import com.gitblit.models.UserModel;
|
|---|
| | | import com.gitblit.utils.ArrayUtils;
|
|---|
| | | import com.gitblit.utils.StringUtils;
|
|---|
| | |
|
|---|
| | | /**
|
|---|
| | | * Implementation of a PAM user service for Linux/Unix/MacOSX.
|
|---|
| | | * |
|---|
| | | *
|
|---|
| | | * @author James Moger
|
|---|
| | | */
|
|---|
| | | public class PAMUserService extends GitblitUserService {
|
|---|
| | |
|---|
| | | private final Logger logger = LoggerFactory.getLogger(PAMUserService.class);
|
|---|
| | |
|
|---|
| | | private IStoredSettings settings;
|
|---|
| | | |
|---|
| | |
|
|---|
| | | public PAMUserService() {
|
|---|
| | | super();
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | @Override
|
|---|
| | | public void setup(IStoredSettings settings) {
|
|---|
| | | this.settings = settings;
|
|---|
| | | public void setup(IRuntimeManager runtimeManager) {
|
|---|
| | | this.settings = runtimeManager.getSettings();
|
|---|
| | |
|
|---|
| | | String file = settings.getString(Keys.realm.pam.backingUserService, "${baseFolder}/users.conf");
|
|---|
| | | File realmFile = GitBlit.getFileOrFolder(file);
|
|---|
| | | File realmFile = runtimeManager.getFileOrFolder(file);
|
|---|
| | |
|
|---|
| | | serviceImpl = createUserService(realmFile);
|
|---|
| | | logger.info("PAM User Service backed by " + serviceImpl.toString());
|
|---|
| | | |
|---|
| | |
|
|---|
| | | // Try to identify the passwd database
|
|---|
| | | String [] files = { "/etc/shadow", "/etc/master.passwd" };
|
|---|
| | | File passwdFile = null;
|
|---|
| | |
|---|
| | | logger.error("PAM User Service can not read passwd database {}! PAM authentications may fail!", passwdFile);
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | |
|---|
| | |
|
|---|
| | | @Override
|
|---|
| | | public boolean supportsCredentialChanges() {
|
|---|
| | | return false;
|
|---|
| | |
|---|
| | | public boolean supportsTeamMembershipChanges() {
|
|---|
| | | return true;
|
|---|
| | | }
|
|---|
| | | |
|---|
| | |
|
|---|
| | | @Override
|
|---|
| | | protected AccountType getAccountType() {
|
|---|
| | | public AccountType getAccountType() {
|
|---|
| | | return AccountType.PAM;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | |
|---|
| | | // local account, bypass PAM authentication
|
|---|
| | | return super.authenticate(username, password);
|
|---|
| | | }
|
|---|
| | | |
|---|
| | |
|
|---|
| | | if (CLibrary.libc.getpwnam(username) == null) {
|
|---|
| | | logger.warn("Can not get PAM passwd for " + username);
|
|---|
| | | return null;
|
|---|
| | |
|---|
| | |
|
|---|
| | | // push the changes to the backing user service
|
|---|
| | | super.updateUserModel(user);
|
|---|
| | | |
|---|
| | |
|
|---|
| | | return user;
|
|---|
| | | }
|
|---|
| | | }
|
|---|
