sqlite3_opt_userauth.go (5087B)
1 // Copyright (C) 2018 G.J.R. Timmer <gjr.timmer@gmail.com>. 2 // 3 // Use of this source code is governed by an MIT-style 4 // license that can be found in the LICENSE file. 5 6 //go:build sqlite_userauth 7 // +build sqlite_userauth 8 9 package sqlite3 10 11 /* 12 #cgo CFLAGS: -DSQLITE_USER_AUTHENTICATION 13 #cgo LDFLAGS: -lm 14 #ifndef USE_LIBSQLITE3 15 #include "sqlite3-binding.h" 16 #else 17 #include <sqlite3.h> 18 #endif 19 */ 20 import "C" 21 import ( 22 "errors" 23 ) 24 25 const ( 26 SQLITE_AUTH = C.SQLITE_AUTH 27 ) 28 29 var ( 30 ErrUnauthorized = errors.New("SQLITE_AUTH: Unauthorized") 31 ErrAdminRequired = errors.New("SQLITE_AUTH: Unauthorized; Admin Privileges Required") 32 errUserAuthNoLongerSupported = errors.New("sqlite3: the sqlite_userauth tag is no longer supported as the userauth extension is no longer supported by the SQLite authors, see https://github.com/mattn/go-sqlite3/issues/1341") 33 ) 34 35 // Authenticate will perform an authentication of the provided username 36 // and password against the database. 37 // 38 // If a database contains the SQLITE_USER table, then the 39 // call to Authenticate must be invoked with an 40 // appropriate username and password prior to enable read and write 41 // access to the database. 42 // 43 // Return SQLITE_OK on success or SQLITE_ERROR if the username/password 44 // combination is incorrect or unknown. 45 // 46 // If the SQLITE_USER table is not present in the database file, then 47 // this interface is a harmless no-op returning SQLITE_OK. 48 func (c *SQLiteConn) Authenticate(username, password string) error { 49 return errUserAuthNoLongerSupported 50 } 51 52 // authenticate provides the actual authentication to SQLite. 53 // This is not exported for usage in Go. 54 // It is however exported for usage within SQL by the user. 55 // 56 // Returns: 57 // 58 // C.SQLITE_OK (0) 59 // C.SQLITE_ERROR (1) 60 // C.SQLITE_AUTH (23) 61 func (c *SQLiteConn) authenticate(username, password string) int { 62 return 1 63 } 64 65 // AuthUserAdd can be used (by an admin user only) 66 // to create a new user. When called on a no-authentication-required 67 // database, this routine converts the database into an authentication- 68 // required database, automatically makes the added user an 69 // administrator, and logs in the current connection as that user. 70 // The AuthUserAdd only works for the "main" database, not 71 // for any ATTACH-ed databases. Any call to AuthUserAdd by a 72 // non-admin user results in an error. 73 func (c *SQLiteConn) AuthUserAdd(username, password string, admin bool) error { 74 return errUserAuthNoLongerSupported 75 } 76 77 // authUserAdd enables the User Authentication if not enabled. 78 // Otherwise it will add a user. 79 // 80 // When user authentication is already enabled then this function 81 // can only be called by an admin. 82 // 83 // This is not exported for usage in Go. 84 // It is however exported for usage within SQL by the user. 85 // 86 // Returns: 87 // 88 // C.SQLITE_OK (0) 89 // C.SQLITE_ERROR (1) 90 // C.SQLITE_AUTH (23) 91 func (c *SQLiteConn) authUserAdd(username, password string, admin int) int { 92 return 1 93 } 94 95 // AuthUserChange can be used to change a users 96 // login credentials or admin privilege. Any user can change their own 97 // login credentials. Only an admin user can change another users login 98 // credentials or admin privilege setting. No user may change their own 99 // admin privilege setting. 100 func (c *SQLiteConn) AuthUserChange(username, password string, admin bool) error { 101 return errUserAuthNoLongerSupported 102 } 103 104 // authUserChange allows to modify a user. 105 // Users can change their own password. 106 // 107 // Only admins can change passwords for other users 108 // and modify the admin flag. 109 // 110 // The admin flag of the current logged in user cannot be changed. 111 // THis ensures that their is always an admin. 112 // 113 // This is not exported for usage in Go. 114 // It is however exported for usage within SQL by the user. 115 // 116 // Returns: 117 // 118 // C.SQLITE_OK (0) 119 // C.SQLITE_ERROR (1) 120 // C.SQLITE_AUTH (23) 121 func (c *SQLiteConn) authUserChange(username, password string, admin int) int { 122 return 1 123 } 124 125 // AuthUserDelete can be used (by an admin user only) 126 // to delete a user. The currently logged-in user cannot be deleted, 127 // which guarantees that there is always an admin user and hence that 128 // the database cannot be converted into a no-authentication-required 129 // database. 130 func (c *SQLiteConn) AuthUserDelete(username string) error { 131 return errUserAuthNoLongerSupported 132 } 133 134 // authUserDelete can be used to delete a user. 135 // 136 // This function can only be executed by an admin. 137 // 138 // This is not exported for usage in Go. 139 // It is however exported for usage within SQL by the user. 140 // 141 // Returns: 142 // 143 // C.SQLITE_OK (0) 144 // C.SQLITE_ERROR (1) 145 // C.SQLITE_AUTH (23) 146 func (c *SQLiteConn) authUserDelete(username string) int { 147 return 1 148 } 149 150 // AuthEnabled checks if the database is protected by user authentication 151 func (c *SQLiteConn) AuthEnabled() (exists bool) { 152 return false 153 } 154 155 // authEnabled perform the actual check for user authentication. 156 // 157 // This is not exported for usage in Go. 158 // It is however exported for usage within SQL by the user. 159 // 160 // Returns: 161 // 162 // 0 - Disabled 163 // 1 - Enabled 164 func (c *SQLiteConn) authEnabled() int { 165 return 0 166 } 167 168 // EOF