mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-27 09:45:45 +03:00
792b4dba2c
* update github.com/blevesearch/bleve v2.0.2 -> v2.0.3 * github.com/denisenkom/go-mssqldb v0.9.0 -> v0.10.0 * github.com/editorconfig/editorconfig-core-go v2.4.1 -> v2.4.2 * github.com/go-chi/cors v1.1.1 -> v1.2.0 * github.com/go-git/go-billy v5.0.0 -> v5.1.0 * github.com/go-git/go-git v5.2.0 -> v5.3.0 * github.com/go-ldap/ldap v3.2.4 -> v3.3.0 * github.com/go-redis/redis v8.6.0 -> v8.8.2 * github.com/go-sql-driver/mysql v1.5.0 -> v1.6.0 * github.com/go-swagger/go-swagger v0.26.1 -> v0.27.0 * github.com/lib/pq v1.9.0 -> v1.10.1 * github.com/mattn/go-sqlite3 v1.14.6 -> v1.14.7 * github.com/go-testfixtures/testfixtures v3.5.0 -> v3.6.0 * github.com/issue9/identicon v1.0.1 -> v1.2.0 * github.com/klauspost/compress v1.11.8 -> v1.12.1 * github.com/mgechev/revive v1.0.3 -> v1.0.6 * github.com/microcosm-cc/bluemonday v1.0.7 -> v1.0.8 * github.com/niklasfasching/go-org v1.4.0 -> v1.5.0 * github.com/olivere/elastic v7.0.22 -> v7.0.24 * github.com/pelletier/go-toml v1.8.1 -> v1.9.0 * github.com/prometheus/client_golang v1.9.0 -> v1.10.0 * github.com/xanzy/go-gitlab v0.44.0 -> v0.48.0 * github.com/yuin/goldmark v1.3.3 -> v1.3.5 * github.com/6543/go-version v1.2.4 -> v1.3.1 * do github.com/lib/pq v1.10.0 -> v1.10.1 again ...
82 lines
3.1 KiB
Go
Vendored
82 lines
3.1 KiB
Go
Vendored
package mssql
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
)
|
|
|
|
// Federated authentication library affects the login data structure and message sequence.
|
|
const (
|
|
// fedAuthLibraryLiveIDCompactToken specifies the Microsoft Live ID Compact Token authentication scheme
|
|
fedAuthLibraryLiveIDCompactToken = 0x00
|
|
|
|
// fedAuthLibrarySecurityToken specifies a token-based authentication where the token is available
|
|
// without additional information provided during the login sequence.
|
|
fedAuthLibrarySecurityToken = 0x01
|
|
|
|
// fedAuthLibraryADAL specifies a token-based authentication where a token is obtained during the
|
|
// login sequence using the server SPN and STS URL provided by the server during login.
|
|
fedAuthLibraryADAL = 0x02
|
|
|
|
// fedAuthLibraryReserved is used to indicate that no federated authentication scheme applies.
|
|
fedAuthLibraryReserved = 0x7F
|
|
)
|
|
|
|
// Federated authentication ADAL workflow affects the mechanism used to authenticate.
|
|
const (
|
|
// fedAuthADALWorkflowPassword uses a username/password to obtain a token from Active Directory
|
|
fedAuthADALWorkflowPassword = 0x01
|
|
|
|
// fedAuthADALWorkflowPassword uses the Windows identity to obtain a token from Active Directory
|
|
fedAuthADALWorkflowIntegrated = 0x02
|
|
|
|
// fedAuthADALWorkflowMSI uses the managed identity service to obtain a token
|
|
fedAuthADALWorkflowMSI = 0x03
|
|
)
|
|
|
|
// newSecurityTokenConnector creates a new connector from a DSN and a token provider.
|
|
// When invoked, token provider implementations should contact the security token
|
|
// service specified and obtain the appropriate token, or return an error
|
|
// to indicate why a token is not available.
|
|
// The returned connector may be used with sql.OpenDB.
|
|
func newSecurityTokenConnector(dsn string, tokenProvider func(ctx context.Context) (string, error)) (*Connector, error) {
|
|
if tokenProvider == nil {
|
|
return nil, errors.New("mssql: tokenProvider cannot be nil")
|
|
}
|
|
|
|
conn, err := NewConnector(dsn)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
conn.params.fedAuthLibrary = fedAuthLibrarySecurityToken
|
|
conn.securityTokenProvider = tokenProvider
|
|
|
|
return conn, nil
|
|
}
|
|
|
|
// newADALTokenConnector creates a new connector from a DSN and a Active Directory token provider.
|
|
// Token provider implementations are called during federated
|
|
// authentication login sequences where the server provides a service
|
|
// principal name and security token service endpoint that should be used
|
|
// to obtain the token. Implementations should contact the security token
|
|
// service specified and obtain the appropriate token, or return an error
|
|
// to indicate why a token is not available.
|
|
//
|
|
// The returned connector may be used with sql.OpenDB.
|
|
func newActiveDirectoryTokenConnector(dsn string, adalWorkflow byte, tokenProvider func(ctx context.Context, serverSPN, stsURL string) (string, error)) (*Connector, error) {
|
|
if tokenProvider == nil {
|
|
return nil, errors.New("mssql: tokenProvider cannot be nil")
|
|
}
|
|
|
|
conn, err := NewConnector(dsn)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
conn.params.fedAuthLibrary = fedAuthLibraryADAL
|
|
conn.params.fedAuthADALWorkflow = adalWorkflow
|
|
conn.adalTokenProvider = tokenProvider
|
|
|
|
return conn, nil
|
|
}
|