aboutsummaryrefslogtreecommitdiff
path: root/sqlite3.go
diff options
context:
space:
mode:
authorGert-Jan Timmer <gjr.timmer@gmail.com>2018-06-05 13:45:32 +0200
committerGert-Jan Timmer <gjr.timmer@gmail.com>2018-06-05 13:45:32 +0200
commit7337e65c27313aec52f96e6da520acd2fe48c00f (patch)
tree61339d8f38ea7e11cc2614d37d12bc403729c820 /sqlite3.go
parentADD: sqlite_auth to goconvey test suite (diff)
downloadgolite-7337e65c27313aec52f96e6da520acd2fe48c00f.tar.gz
golite-7337e65c27313aec52f96e6da520acd2fe48c00f.tar.xz
ADD: User Authentication Password Encoders
Allow user to choose how to encode passwords with connection string overrides of embedded `sqlite_crypt` function.
Diffstat (limited to 'sqlite3.go')
-rw-r--r--sqlite3.go58
1 files changed, 58 insertions, 0 deletions
diff --git a/sqlite3.go b/sqlite3.go
index e6f8c55..979aedc 100644
--- a/sqlite3.go
+++ b/sqlite3.go
@@ -894,6 +894,8 @@ func (d *SQLiteDriver) Open(dsn string) (driver.Conn, error) {
authCreate := false
authUser := ""
authPass := ""
+ authCrypt := ""
+ authSalt := ""
mutex := C.int(C.SQLITE_OPEN_FULLMUTEX)
txlock := "BEGIN"
@@ -929,6 +931,12 @@ func (d *SQLiteDriver) Open(dsn string) (driver.Conn, error) {
if val := params.Get("_auth_pass"); val != "" {
authPass = val
}
+ if val := params.Get("_auth_crypt"); val != "" {
+ authCrypt = val
+ }
+ if val := params.Get("_auth_salt"); val != "" {
+ authSalt = val
+ }
// _loc
if val := params.Get("_loc"); val != "" {
@@ -1287,6 +1295,56 @@ func (d *SQLiteDriver) Open(dsn string) (driver.Conn, error) {
// Create connection to SQLite
conn := &SQLiteConn{db: db, loc: loc, txlock: txlock}
+ // Password Cipher has to be registerd before authentication
+ if len(authCrypt) > 0 {
+ switch strings.ToUpper(authCrypt) {
+ case "SHA1":
+ if err := conn.RegisterFunc("sqlite_crypt", CryptEncoderSHA1, true); err != nil {
+ return nil, fmt.Errorf("CryptEncoderSHA1: %s", err)
+ }
+ case "SSHA1":
+ if len(authSalt) == 0 {
+ return nil, fmt.Errorf("_auth_crypt=ssha1, requires _auth_salt")
+ }
+ if err := conn.RegisterFunc("sqlite_crypt", CryptEncoderSSHA1(authSalt), true); err != nil {
+ return nil, fmt.Errorf("CryptEncoderSSHA1: %s", err)
+ }
+ case "SHA256":
+ if err := conn.RegisterFunc("sqlite_crypt", CryptEncoderSHA256, true); err != nil {
+ return nil, fmt.Errorf("CryptEncoderSHA256: %s", err)
+ }
+ case "SSHA256":
+ if len(authSalt) == 0 {
+ return nil, fmt.Errorf("_auth_crypt=ssha256, requires _auth_salt")
+ }
+ if err := conn.RegisterFunc("sqlite_crypt", CryptEncoderSSHA256(authSalt), true); err != nil {
+ return nil, fmt.Errorf("CryptEncoderSSHA256: %s", err)
+ }
+ case "SHA384":
+ if err := conn.RegisterFunc("sqlite_crypt", CryptEncoderSHA384, true); err != nil {
+ return nil, fmt.Errorf("CryptEncoderSHA384: %s", err)
+ }
+ case "SSHA384":
+ if len(authSalt) == 0 {
+ return nil, fmt.Errorf("_auth_crypt=ssha384, requires _auth_salt")
+ }
+ if err := conn.RegisterFunc("sqlite_crypt", CryptEncoderSSHA384(authSalt), true); err != nil {
+ return nil, fmt.Errorf("CryptEncoderSSHA384: %s", err)
+ }
+ case "SHA512":
+ if err := conn.RegisterFunc("sqlite_crypt", CryptEncoderSHA512, true); err != nil {
+ return nil, fmt.Errorf("CryptEncoderSHA512: %s", err)
+ }
+ case "SSHA512":
+ if len(authSalt) == 0 {
+ return nil, fmt.Errorf("_auth_crypt=ssha512, requires _auth_salt")
+ }
+ if err := conn.RegisterFunc("sqlite_crypt", CryptEncoderSSHA512(authSalt), true); err != nil {
+ return nil, fmt.Errorf("CryptEncoderSSHA512: %s", err)
+ }
+ }
+ }
+
// Preform Authentication
if err := conn.Authenticate(authUser, authPass); err != nil {
return nil, err