Allow plugins to implement authentication backends

Design decisions:

* Config option specifies which of the registered backends is used
* Name conflicts (including with builtins) make the backend registration
  fail
* Builtin backends are not moved to plugins to avoid breaking existing
  setups confusion in general
* Builtin backends are exposed to plugins (and have been for some time);
  Important information and internal methods are hidden to prevent
  interference from malicious plugins

See doc/auth_backends.md and the related interface and function
documentation for details.

Closes #127.

1 files changed, 11 insertions, 5 deletions

diff --git a/run.go b/run.go
index 703e830..edd0856 100644
--- a/run.go
+++ b/run.go
@@ -20,11 +20,11 @@ func Run() {
 
 func runFunc() {
 	if !Conf().NoPlugins {
-		loadPlugins()
+		LoadPlugins()
 	}
 
-	var err error
-	switch Conf().AuthBackend {
+	authBackendName := Conf().AuthBackend
+	switch authBackendName {
 	case "files":
 		setAuthBackend(AuthFiles{})
 	case "mtsqlite3":
@@ -41,8 +41,14 @@ func runFunc() {
 		}
 
 		setAuthBackend(ab)
-	default:
+	case "":
 		log.Fatal("invalid auth backend")
+	default:
+		if ab, ok := authBackends[authBackendName]; ok {
+			setAuthBackend(ab)
+		} else {
+			log.Fatal("invalid auth backend")
+		}
 	}
 
 	addr, err := net.ResolveUDPAddr("udp", Conf().BindAddr)
@@ -124,7 +130,7 @@ func runFunc() {
 			}
 
 			srvName, srv := conf.DefaultServerInfo()
-			lastSrv, err := authIface.LastSrv(cc.Name())
+			lastSrv, err := DefaultAuth().LastSrv(cc.Name())
 			if err == nil && !conf.ForceDefaultSrv && lastSrv != srvName {
 				choice, ok := conf.RandomGroupServer(lastSrv)
 				if !ok {