mirror of
https://github.com/documize/community.git
synced 2025-07-19 13:19:43 +02:00
81 lines
3.2 KiB
Go
81 lines
3.2 KiB
Go
package mssql
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
|
|
"github.com/microsoft/go-mssqldb/msdsn"
|
|
)
|
|
|
|
// Federated authentication library affects the login data structure and message sequence.
|
|
const (
|
|
// FedAuthLibraryLiveIDCompactToken specifies the Microsoft Live ID Compact Token authentication scheme
|
|
FedAuthLibraryLiveIDCompactToken = 0x00
|
|
|
|
// FedAuthLibrarySecurityToken specifies a token-based authentication where the token is available
|
|
// without additional information provided during the login sequence.
|
|
FedAuthLibrarySecurityToken = 0x01
|
|
|
|
// FedAuthLibraryADAL specifies a token-based authentication where a token is obtained during the
|
|
// login sequence using the server SPN and STS URL provided by the server during login.
|
|
FedAuthLibraryADAL = 0x02
|
|
|
|
// FedAuthLibraryReserved is used to indicate that no federated authentication scheme applies.
|
|
FedAuthLibraryReserved = 0x7F
|
|
)
|
|
|
|
// Federated authentication ADAL workflow affects the mechanism used to authenticate.
|
|
const (
|
|
// FedAuthADALWorkflowPassword uses a username/password to obtain a token from Active Directory
|
|
FedAuthADALWorkflowPassword = 0x01
|
|
|
|
// fedAuthADALWorkflowPassword uses the Windows identity to obtain a token from Active Directory
|
|
FedAuthADALWorkflowIntegrated = 0x02
|
|
|
|
// FedAuthADALWorkflowMSI uses the managed identity service to obtain a token
|
|
FedAuthADALWorkflowMSI = 0x03
|
|
|
|
// FedAuthADALWorkflowNone does not need to obtain token
|
|
FedAuthADALWorkflowNone = 0x04
|
|
)
|
|
|
|
// newSecurityTokenConnector creates a new connector from a Config and a token provider.
|
|
// When invoked, token provider implementations should contact the security token
|
|
// service specified and obtain the appropriate token, or return an error
|
|
// to indicate why a token is not available.
|
|
// The returned connector may be used with sql.OpenDB.
|
|
func NewSecurityTokenConnector(config msdsn.Config, tokenProvider func(ctx context.Context) (string, error)) (*Connector, error) {
|
|
if tokenProvider == nil {
|
|
return nil, errors.New("mssql: tokenProvider cannot be nil")
|
|
}
|
|
|
|
conn := NewConnectorConfig(config)
|
|
conn.fedAuthRequired = true
|
|
conn.fedAuthLibrary = FedAuthLibrarySecurityToken
|
|
conn.securityTokenProvider = tokenProvider
|
|
|
|
return conn, nil
|
|
}
|
|
|
|
// newADALTokenConnector creates a new connector from a Config and a Active Directory token provider.
|
|
// Token provider implementations are called during federated
|
|
// authentication login sequences where the server provides a service
|
|
// principal name and security token service endpoint that should be used
|
|
// to obtain the token. Implementations should contact the security token
|
|
// service specified and obtain the appropriate token, or return an error
|
|
// to indicate why a token is not available.
|
|
//
|
|
// The returned connector may be used with sql.OpenDB.
|
|
func NewActiveDirectoryTokenConnector(config msdsn.Config, adalWorkflow byte, tokenProvider func(ctx context.Context, serverSPN, stsURL string) (string, error)) (*Connector, error) {
|
|
if tokenProvider == nil {
|
|
return nil, errors.New("mssql: tokenProvider cannot be nil")
|
|
}
|
|
|
|
conn := NewConnectorConfig(config)
|
|
conn.fedAuthRequired = true
|
|
conn.fedAuthLibrary = FedAuthLibraryADAL
|
|
conn.fedAuthADALWorkflow = adalWorkflow
|
|
conn.adalTokenProvider = tokenProvider
|
|
|
|
return conn, nil
|
|
}
|