Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Disable the authorizer callback when reparsing the schema. This avoids undesirable authorization failures following an ALTER TABLE. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
805d01cdabb48a69eb986a7f084e53eb |
User & Date: | drh 2016-07-28 18:38:13.187 |
Context
2016-07-28
| ||
18:55 | Decorate all interfaces with calling convention macros. (check-in: fd784887e1 user: drh tags: trunk) | |
18:42 | Merge recent trunk fixes. (check-in: 9765744586 user: drh tags: apple-osx) | |
18:38 | Disable the authorizer callback when reparsing the schema. This avoids undesirable authorization failures following an ALTER TABLE. (check-in: 805d01cdab user: drh tags: trunk) | |
17:24 | Improvements to the way the COMPILER compile-time option is set when compiling with Clang. (check-in: 81f9cf86c4 user: drh tags: trunk) | |
Changes
Changes to src/auth.c.
︙ | ︙ | |||
107 108 109 110 111 112 113 114 115 116 117 118 119 120 | const char *zCol, /* Column name */ int iDb /* Index of containing database. */ ){ sqlite3 *db = pParse->db; /* Database handle */ char *zDb = db->aDb[iDb].zName; /* Name of attached database */ int rc; /* Auth callback return code */ rc = db->xAuth(db->pAuthArg, SQLITE_READ, zTab,zCol,zDb,pParse->zAuthContext #ifdef SQLITE_USER_AUTHENTICATION ,db->auth.zAuthUser #endif ); if( rc==SQLITE_DENY ){ if( db->nDb>2 || iDb!=0 ){ | > | 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 | const char *zCol, /* Column name */ int iDb /* Index of containing database. */ ){ sqlite3 *db = pParse->db; /* Database handle */ char *zDb = db->aDb[iDb].zName; /* Name of attached database */ int rc; /* Auth callback return code */ if( db->init.busy ) return SQLITE_OK; rc = db->xAuth(db->pAuthArg, SQLITE_READ, zTab,zCol,zDb,pParse->zAuthContext #ifdef SQLITE_USER_AUTHENTICATION ,db->auth.zAuthUser #endif ); if( rc==SQLITE_DENY ){ if( db->nDb>2 || iDb!=0 ){ |
︙ | ︙ |
Changes to test/auth2.test.
︙ | ︙ | |||
94 95 96 97 98 99 100 | SQLITE_CREATE_TABLE t2 {} main {} SQLITE_UPDATE sqlite_master type main {} SQLITE_UPDATE sqlite_master name main {} SQLITE_UPDATE sqlite_master tbl_name main {} SQLITE_UPDATE sqlite_master rootpage main {} SQLITE_UPDATE sqlite_master sql main {} SQLITE_READ sqlite_master ROWID main {} | < < < < < < < < < < < < | 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 | SQLITE_CREATE_TABLE t2 {} main {} SQLITE_UPDATE sqlite_master type main {} SQLITE_UPDATE sqlite_master name main {} SQLITE_UPDATE sqlite_master tbl_name main {} SQLITE_UPDATE sqlite_master rootpage main {} SQLITE_UPDATE sqlite_master sql main {} SQLITE_READ sqlite_master ROWID main {} } do_test auth2-2.2 { set ::authargs {} db eval { CREATE VIEW v2 AS SELECT x+y AS a, y+z AS b from t2; } set ::authargs } {SQLITE_INSERT sqlite_master {} main {} SQLITE_CREATE_VIEW v2 {} main {} SQLITE_UPDATE sqlite_master type main {} SQLITE_UPDATE sqlite_master name main {} SQLITE_UPDATE sqlite_master tbl_name main {} SQLITE_UPDATE sqlite_master rootpage main {} SQLITE_UPDATE sqlite_master sql main {} SQLITE_READ sqlite_master ROWID main {} } do_test auth2-2.3 { set ::authargs {} db eval { SELECT a, b FROM v2; } |
︙ | ︙ |
Changes to test/auth3.test.
︙ | ︙ | |||
8 9 10 11 12 13 14 | # May you share freely, never taking more than you give. # #*********************************************************************** # # Test that the truncate optimization is disabled if the SQLITE_DELETE # authorization callback returns SQLITE_IGNORE. # | | < | 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | # May you share freely, never taking more than you give. # #*********************************************************************** # # Test that the truncate optimization is disabled if the SQLITE_DELETE # authorization callback returns SQLITE_IGNORE. # # Test that authorizer is disabled during schema parsing. set testdir [file dirname $argv0] source $testdir/tester.tcl # disable this test if the SQLITE_OMIT_AUTHORIZATION macro is # defined during compilation. if {[catch {db auth {}} msg]} { |
︙ | ︙ | |||
103 104 105 106 107 108 109 110 111 | } set sqlite_search_count 0 execsql { DELETE FROM t1; } set sqlite_search_count } {1} finish_test | > > > > > > > > > > > > > > > > > > | 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 | } set sqlite_search_count 0 execsql { DELETE FROM t1; } set sqlite_search_count } {1} # 2016-07-28. A problem report from a private client complaining about # an authorizer failure during an ALTER TABLE. The solution (I think) is # to disable the authorizer during schema parsing. # proc auth {code args} { if {$code=="SQLITE_READ" && [regexp {DoNotRead} $args]} { return SQLITE_DENY } return SQLITE_OK } do_execsql_test auth3-3.0 { CREATE TEMPORARY TABLE TempTable ( key TEXT NOT NULL ON CONFLICT FAIL UNIQUE ON CONFLICT REPLACE, value TEXT NOT NULL ON CONFLICT FAIL); ALTER TABLE TempTable RENAME TO DoNotRead; SELECT name FROM sqlite_temp_master; } {DoNotRead sqlite_autoindex_DoNotRead_1} finish_test |