SQLite

Check-in [805d01cdab]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Disable the authorizer callback when reparsing the schema. This avoids undesirable authorization failures following an ALTER TABLE.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 805d01cdabb48a69eb986a7f084e53eb25d76b7f
User & Date: drh 2016-07-28 18:38:13.187
Context
2016-07-28
18:55
Decorate all interfaces with calling convention macros. (check-in: fd784887e1 user: drh tags: trunk)
18:42
Merge recent trunk fixes. (check-in: 9765744586 user: drh tags: apple-osx)
18:38
Disable the authorizer callback when reparsing the schema. This avoids undesirable authorization failures following an ALTER TABLE. (check-in: 805d01cdab user: drh tags: trunk)
17:24
Improvements to the way the COMPILER compile-time option is set when compiling with Clang. (check-in: 81f9cf86c4 user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/auth.c.
107
108
109
110
111
112
113

114
115
116
117
118
119
120
  const char *zCol,               /* Column name */
  int iDb                         /* Index of containing database. */
){
  sqlite3 *db = pParse->db;       /* Database handle */
  char *zDb = db->aDb[iDb].zName; /* Name of attached database */
  int rc;                         /* Auth callback return code */


  rc = db->xAuth(db->pAuthArg, SQLITE_READ, zTab,zCol,zDb,pParse->zAuthContext
#ifdef SQLITE_USER_AUTHENTICATION
                 ,db->auth.zAuthUser
#endif
                );
  if( rc==SQLITE_DENY ){
    if( db->nDb>2 || iDb!=0 ){







>







107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
  const char *zCol,               /* Column name */
  int iDb                         /* Index of containing database. */
){
  sqlite3 *db = pParse->db;       /* Database handle */
  char *zDb = db->aDb[iDb].zName; /* Name of attached database */
  int rc;                         /* Auth callback return code */

  if( db->init.busy ) return SQLITE_OK;
  rc = db->xAuth(db->pAuthArg, SQLITE_READ, zTab,zCol,zDb,pParse->zAuthContext
#ifdef SQLITE_USER_AUTHENTICATION
                 ,db->auth.zAuthUser
#endif
                );
  if( rc==SQLITE_DENY ){
    if( db->nDb>2 || iDb!=0 ){
Changes to test/auth2.test.
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
SQLITE_CREATE_TABLE t2 {} main {}
SQLITE_UPDATE sqlite_master type main {}
SQLITE_UPDATE sqlite_master name main {}
SQLITE_UPDATE sqlite_master tbl_name main {}
SQLITE_UPDATE sqlite_master rootpage main {}
SQLITE_UPDATE sqlite_master sql main {}
SQLITE_READ sqlite_master ROWID main {}
SQLITE_READ sqlite_master name main {}
SQLITE_READ sqlite_master rootpage main {}
SQLITE_READ sqlite_master sql main {}
SQLITE_READ sqlite_master tbl_name main {}
SQLITE_READ sqlite_master type main {}
SQLITE_READ sqlite_master ROWID main {}
}
do_test auth2-2.2 {
  set ::authargs {}
  db eval {
    CREATE VIEW v2 AS SELECT x+y AS a, y+z AS b from t2;
  }
  set ::authargs
} {SQLITE_INSERT sqlite_master {} main {}
SQLITE_CREATE_VIEW v2 {} main {}
SQLITE_UPDATE sqlite_master type main {}
SQLITE_UPDATE sqlite_master name main {}
SQLITE_UPDATE sqlite_master tbl_name main {}
SQLITE_UPDATE sqlite_master rootpage main {}
SQLITE_UPDATE sqlite_master sql main {}
SQLITE_READ sqlite_master ROWID main {}
SQLITE_READ sqlite_master name main {}
SQLITE_READ sqlite_master rootpage main {}
SQLITE_READ sqlite_master sql main {}
SQLITE_READ sqlite_master tbl_name main {}
SQLITE_READ sqlite_master type main {}
SQLITE_READ sqlite_master ROWID main {}
}
do_test auth2-2.3 {
  set ::authargs {}
  db eval {
    SELECT a, b FROM v2;
  }







<
<
<
<
<
<














<
<
<
<
<
<







94
95
96
97
98
99
100






101
102
103
104
105
106
107
108
109
110
111
112
113
114






115
116
117
118
119
120
121
SQLITE_CREATE_TABLE t2 {} main {}
SQLITE_UPDATE sqlite_master type main {}
SQLITE_UPDATE sqlite_master name main {}
SQLITE_UPDATE sqlite_master tbl_name main {}
SQLITE_UPDATE sqlite_master rootpage main {}
SQLITE_UPDATE sqlite_master sql main {}
SQLITE_READ sqlite_master ROWID main {}






}
do_test auth2-2.2 {
  set ::authargs {}
  db eval {
    CREATE VIEW v2 AS SELECT x+y AS a, y+z AS b from t2;
  }
  set ::authargs
} {SQLITE_INSERT sqlite_master {} main {}
SQLITE_CREATE_VIEW v2 {} main {}
SQLITE_UPDATE sqlite_master type main {}
SQLITE_UPDATE sqlite_master name main {}
SQLITE_UPDATE sqlite_master tbl_name main {}
SQLITE_UPDATE sqlite_master rootpage main {}
SQLITE_UPDATE sqlite_master sql main {}






SQLITE_READ sqlite_master ROWID main {}
}
do_test auth2-2.3 {
  set ::authargs {}
  db eval {
    SELECT a, b FROM v2;
  }
Changes to test/auth3.test.
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#    May you share freely, never taking more than you give.
#
#***********************************************************************
#
# Test that the truncate optimization is disabled if the SQLITE_DELETE
# authorization callback returns SQLITE_IGNORE.
#
# $Id: auth3.test,v 1.2 2009/05/04 01:58:31 drh Exp $
#

set testdir [file dirname $argv0]
source $testdir/tester.tcl

# disable this test if the SQLITE_OMIT_AUTHORIZATION macro is
# defined during compilation.
if {[catch {db auth {}} msg]} {







|
<







8
9
10
11
12
13
14
15

16
17
18
19
20
21
22
#    May you share freely, never taking more than you give.
#
#***********************************************************************
#
# Test that the truncate optimization is disabled if the SQLITE_DELETE
# authorization callback returns SQLITE_IGNORE.
#
# Test that authorizer is disabled during schema parsing.


set testdir [file dirname $argv0]
source $testdir/tester.tcl

# disable this test if the SQLITE_OMIT_AUTHORIZATION macro is
# defined during compilation.
if {[catch {db auth {}} msg]} {
103
104
105
106
107
108
109
110


















111
  }
  set sqlite_search_count 0
  execsql {
    DELETE FROM t1;
  }
  set sqlite_search_count
} {1}



















finish_test








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
  }
  set sqlite_search_count 0
  execsql {
    DELETE FROM t1;
  }
  set sqlite_search_count
} {1}

# 2016-07-28.  A problem report from a private client complaining about
# an authorizer failure during an ALTER TABLE.  The solution (I think) is
# to disable the authorizer during schema parsing.
#
proc auth {code args} {
  if {$code=="SQLITE_READ" && [regexp {DoNotRead} $args]} {
    return SQLITE_DENY
  }
  return SQLITE_OK
}
do_execsql_test auth3-3.0 {
  CREATE TEMPORARY TABLE TempTable (
      key TEXT NOT NULL ON CONFLICT FAIL UNIQUE ON CONFLICT REPLACE,
      value TEXT NOT NULL ON CONFLICT FAIL);
  ALTER TABLE TempTable RENAME TO DoNotRead;
  SELECT name FROM sqlite_temp_master;
} {DoNotRead sqlite_autoindex_DoNotRead_1}

finish_test