1 // Copyright (C) 2018 G.J.R. Timmer <gjr.timmer@gmail.com>.
2 //
3 // Use of this source code is governed by an MIT-style
4 // license that can be found in the LICENSE file.
5 6 //go:build sqlite_userauth
7 // +build sqlite_userauth
8 9 package sqlite3
10 11 /*
12 #cgo CFLAGS: -DSQLITE_USER_AUTHENTICATION
13 #cgo LDFLAGS: -lm
14 #ifndef USE_LIBSQLITE3
15 #include "sqlite3-binding.h"
16 #else
17 #include <sqlite3.h>
18 #endif
19 */
20 import "C"
21 import (
22 "errors"
23 )
24 25 const (
26 SQLITE_AUTH = C.SQLITE_AUTH
27 )
28 29 var (
30 ErrUnauthorized = errors.New("SQLITE_AUTH: Unauthorized")
31 ErrAdminRequired = errors.New("SQLITE_AUTH: Unauthorized; Admin Privileges Required")
32 errUserAuthNoLongerSupported = errors.New("sqlite3: the sqlite_userauth tag is no longer supported as the userauth extension is no longer supported by the SQLite authors, see https://github.com/mattn/go-sqlite3/issues/1341")
33 )
34 35 // Authenticate will perform an authentication of the provided username
36 // and password against the database.
37 //
38 // If a database contains the SQLITE_USER table, then the
39 // call to Authenticate must be invoked with an
40 // appropriate username and password prior to enable read and write
41 // access to the database.
42 //
43 // Return SQLITE_OK on success or SQLITE_ERROR if the username/password
44 // combination is incorrect or unknown.
45 //
46 // If the SQLITE_USER table is not present in the database file, then
47 // this interface is a harmless no-op returning SQLITE_OK.
48 func (c *SQLiteConn) Authenticate(username, password string) error {
49 return errUserAuthNoLongerSupported
50 }
51 52 // authenticate provides the actual authentication to SQLite.
53 // This is not exported for usage in Go.
54 // It is however exported for usage within SQL by the user.
55 //
56 // Returns:
57 //
58 // C.SQLITE_OK (0)
59 // C.SQLITE_ERROR (1)
60 // C.SQLITE_AUTH (23)
61 func (c *SQLiteConn) authenticate(username, password string) int {
62 return 1
63 }
64 65 // AuthUserAdd can be used (by an admin user only)
66 // to create a new user. When called on a no-authentication-required
67 // database, this routine converts the database into an authentication-
68 // required database, automatically makes the added user an
69 // administrator, and logs in the current connection as that user.
70 // The AuthUserAdd only works for the "main" database, not
71 // for any ATTACH-ed databases. Any call to AuthUserAdd by a
72 // non-admin user results in an error.
73 func (c *SQLiteConn) AuthUserAdd(username, password string, admin bool) error {
74 return errUserAuthNoLongerSupported
75 }
76 77 // authUserAdd enables the User Authentication if not enabled.
78 // Otherwise it will add a user.
79 //
80 // When user authentication is already enabled then this function
81 // can only be called by an admin.
82 //
83 // This is not exported for usage in Go.
84 // It is however exported for usage within SQL by the user.
85 //
86 // Returns:
87 //
88 // C.SQLITE_OK (0)
89 // C.SQLITE_ERROR (1)
90 // C.SQLITE_AUTH (23)
91 func (c *SQLiteConn) authUserAdd(username, password string, admin int) int {
92 return 1
93 }
94 95 // AuthUserChange can be used to change a users
96 // login credentials or admin privilege. Any user can change their own
97 // login credentials. Only an admin user can change another users login
98 // credentials or admin privilege setting. No user may change their own
99 // admin privilege setting.
100 func (c *SQLiteConn) AuthUserChange(username, password string, admin bool) error {
101 return errUserAuthNoLongerSupported
102 }
103 104 // authUserChange allows to modify a user.
105 // Users can change their own password.
106 //
107 // Only admins can change passwords for other users
108 // and modify the admin flag.
109 //
110 // The admin flag of the current logged in user cannot be changed.
111 // THis ensures that their is always an admin.
112 //
113 // This is not exported for usage in Go.
114 // It is however exported for usage within SQL by the user.
115 //
116 // Returns:
117 //
118 // C.SQLITE_OK (0)
119 // C.SQLITE_ERROR (1)
120 // C.SQLITE_AUTH (23)
121 func (c *SQLiteConn) authUserChange(username, password string, admin int) int {
122 return 1
123 }
124 125 // AuthUserDelete can be used (by an admin user only)
126 // to delete a user. The currently logged-in user cannot be deleted,
127 // which guarantees that there is always an admin user and hence that
128 // the database cannot be converted into a no-authentication-required
129 // database.
130 func (c *SQLiteConn) AuthUserDelete(username string) error {
131 return errUserAuthNoLongerSupported
132 }
133 134 // authUserDelete can be used to delete a user.
135 //
136 // This function can only be executed by an admin.
137 //
138 // This is not exported for usage in Go.
139 // It is however exported for usage within SQL by the user.
140 //
141 // Returns:
142 //
143 // C.SQLITE_OK (0)
144 // C.SQLITE_ERROR (1)
145 // C.SQLITE_AUTH (23)
146 func (c *SQLiteConn) authUserDelete(username string) int {
147 return 1
148 }
149 150 // AuthEnabled checks if the database is protected by user authentication
151 func (c *SQLiteConn) AuthEnabled() (exists bool) {
152 return false
153 }
154 155 // authEnabled perform the actual check for user authentication.
156 //
157 // This is not exported for usage in Go.
158 // It is however exported for usage within SQL by the user.
159 //
160 // Returns:
161 //
162 // 0 - Disabled
163 // 1 - Enabled
164 func (c *SQLiteConn) authEnabled() int {
165 return 0
166 }
167 168 // EOF
169