Add auth_perdomain and auth_domains directives

sql.go

@@ -27,7 +27,9 @@ type SQLStorage struct {
 	instName string
 	Log      log.Logger
 
-	perDomain bool
+	storagePerDomain bool
+	authPerDomain    bool
+	authDomains      []string
 }
 
 type Literal struct {
@@ -64,7 +66,9 @@ func (sqlm *SQLStorage) Init(cfg *config.Map) error {
 	cfg.String("dsn", false, true, "", &dsn)
 	cfg.Int64("appendlimit", false, false, 32*1024*1024, &appendlimitVal)
 	cfg.Bool("debug", true, &sqlm.Log.Debug)
-	cfg.Bool("storage_perdomain", true, &sqlm.perDomain)
+	cfg.Bool("storage_perdomain", true, &sqlm.storagePerDomain)
+	cfg.Bool("auth_perdomain", true, &sqlm.authPerDomain)
+	cfg.StringList("auth_domains", true, false, nil, &sqlm.authDomains)
 	cfg.Int("sqlite3_cache_size", false, false, 0, &opts.CacheSize)
 	cfg.Int("sqlite3_busy_timeout", false, false, 0, &opts.BusyTimeout)
 	cfg.Bool("sqlite3_exclusive_lock", false, &opts.ExclusiveLock)
@@ -89,6 +93,10 @@ func (sqlm *SQLStorage) Init(cfg *config.Map) error {
 		return err
 	}
 
+	if sqlm.authPerDomain && sqlm.authDomains == nil {
+		return errors.New("sql: auth_domains must be set if auth_perdomain is used")
+	}
+
 	if fsstoreLocation != "" {
 		if !filepath.IsAbs(fsstoreLocation) {
 			fsstoreLocation = filepath.Join(StateDirectory(cfg.Globals), fsstoreLocation)
@@ -130,12 +138,17 @@ func (sqlm *SQLStorage) EnableChildrenExt() bool {
 }
 
 func (sqlm *SQLStorage) CheckPlain(username, password string) bool {
-	return sqlm.back.CheckPlain(username, password)
+	accountName, ok := checkDomainAuth(username, sqlm.authPerDomain, sqlm.authDomains)
+	if !ok {
+		return false
+	}
+
+	return sqlm.back.CheckPlain(accountName, password)
 }
 
 func (sqlm *SQLStorage) GetOrCreateUser(username string) (backend.User, error) {
 	var accountName string
-	if sqlm.perDomain {
+	if sqlm.storagePerDomain {
 		if !strings.Contains(username, "@") {
 			return nil, errors.New("GetOrCreateUser: username@domain required")
 		}