Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Disable the authorizer callback when reparsing the schema. This avoids undesirable authorization failures following an ALTER TABLE. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
805d01cdabb48a69eb986a7f084e53eb |
| User & Date: | drh 2016-07-28 18:38:13.187 |
Context
|
2016-07-28
| ||
| 18:55 | Decorate all interfaces with calling convention macros. (check-in: fd784887e1 user: drh tags: trunk) | |
| 18:42 | Merge recent trunk fixes. (check-in: 9765744586 user: drh tags: apple-osx) | |
| 18:38 | Disable the authorizer callback when reparsing the schema. This avoids undesirable authorization failures following an ALTER TABLE. (check-in: 805d01cdab user: drh tags: trunk) | |
| 17:24 | Improvements to the way the COMPILER compile-time option is set when compiling with Clang. (check-in: 81f9cf86c4 user: drh tags: trunk) | |
Changes
Changes to src/auth.c.
| ︙ | ︙ | |||
107 108 109 110 111 112 113 114 115 116 117 118 119 120 |
const char *zCol, /* Column name */
int iDb /* Index of containing database. */
){
sqlite3 *db = pParse->db; /* Database handle */
char *zDb = db->aDb[iDb].zName; /* Name of attached database */
int rc; /* Auth callback return code */
rc = db->xAuth(db->pAuthArg, SQLITE_READ, zTab,zCol,zDb,pParse->zAuthContext
#ifdef SQLITE_USER_AUTHENTICATION
,db->auth.zAuthUser
#endif
);
if( rc==SQLITE_DENY ){
if( db->nDb>2 || iDb!=0 ){
| > | 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
const char *zCol, /* Column name */
int iDb /* Index of containing database. */
){
sqlite3 *db = pParse->db; /* Database handle */
char *zDb = db->aDb[iDb].zName; /* Name of attached database */
int rc; /* Auth callback return code */
if( db->init.busy ) return SQLITE_OK;
rc = db->xAuth(db->pAuthArg, SQLITE_READ, zTab,zCol,zDb,pParse->zAuthContext
#ifdef SQLITE_USER_AUTHENTICATION
,db->auth.zAuthUser
#endif
);
if( rc==SQLITE_DENY ){
if( db->nDb>2 || iDb!=0 ){
|
| ︙ | ︙ |
Changes to test/auth2.test.
| ︙ | ︙ | |||
94 95 96 97 98 99 100 |
SQLITE_CREATE_TABLE t2 {} main {}
SQLITE_UPDATE sqlite_master type main {}
SQLITE_UPDATE sqlite_master name main {}
SQLITE_UPDATE sqlite_master tbl_name main {}
SQLITE_UPDATE sqlite_master rootpage main {}
SQLITE_UPDATE sqlite_master sql main {}
SQLITE_READ sqlite_master ROWID main {}
| < < < < < < < < < < < < | 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
SQLITE_CREATE_TABLE t2 {} main {}
SQLITE_UPDATE sqlite_master type main {}
SQLITE_UPDATE sqlite_master name main {}
SQLITE_UPDATE sqlite_master tbl_name main {}
SQLITE_UPDATE sqlite_master rootpage main {}
SQLITE_UPDATE sqlite_master sql main {}
SQLITE_READ sqlite_master ROWID main {}
}
do_test auth2-2.2 {
set ::authargs {}
db eval {
CREATE VIEW v2 AS SELECT x+y AS a, y+z AS b from t2;
}
set ::authargs
} {SQLITE_INSERT sqlite_master {} main {}
SQLITE_CREATE_VIEW v2 {} main {}
SQLITE_UPDATE sqlite_master type main {}
SQLITE_UPDATE sqlite_master name main {}
SQLITE_UPDATE sqlite_master tbl_name main {}
SQLITE_UPDATE sqlite_master rootpage main {}
SQLITE_UPDATE sqlite_master sql main {}
SQLITE_READ sqlite_master ROWID main {}
}
do_test auth2-2.3 {
set ::authargs {}
db eval {
SELECT a, b FROM v2;
}
|
| ︙ | ︙ |
Changes to test/auth3.test.
| ︙ | ︙ | |||
8 9 10 11 12 13 14 | # May you share freely, never taking more than you give. # #*********************************************************************** # # Test that the truncate optimization is disabled if the SQLITE_DELETE # authorization callback returns SQLITE_IGNORE. # | | < | 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
# May you share freely, never taking more than you give.
#
#***********************************************************************
#
# Test that the truncate optimization is disabled if the SQLITE_DELETE
# authorization callback returns SQLITE_IGNORE.
#
# Test that authorizer is disabled during schema parsing.
set testdir [file dirname $argv0]
source $testdir/tester.tcl
# disable this test if the SQLITE_OMIT_AUTHORIZATION macro is
# defined during compilation.
if {[catch {db auth {}} msg]} {
|
| ︙ | ︙ | |||
103 104 105 106 107 108 109 110 111 |
}
set sqlite_search_count 0
execsql {
DELETE FROM t1;
}
set sqlite_search_count
} {1}
finish_test
| > > > > > > > > > > > > > > > > > > | 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 |
}
set sqlite_search_count 0
execsql {
DELETE FROM t1;
}
set sqlite_search_count
} {1}
# 2016-07-28. A problem report from a private client complaining about
# an authorizer failure during an ALTER TABLE. The solution (I think) is
# to disable the authorizer during schema parsing.
#
proc auth {code args} {
if {$code=="SQLITE_READ" && [regexp {DoNotRead} $args]} {
return SQLITE_DENY
}
return SQLITE_OK
}
do_execsql_test auth3-3.0 {
CREATE TEMPORARY TABLE TempTable (
key TEXT NOT NULL ON CONFLICT FAIL UNIQUE ON CONFLICT REPLACE,
value TEXT NOT NULL ON CONFLICT FAIL);
ALTER TABLE TempTable RENAME TO DoNotRead;
SELECT name FROM sqlite_temp_master;
} {DoNotRead sqlite_autoindex_DoNotRead_1}
finish_test
|