Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | New requirements marks and documentation for the authorizer. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
3980ea0911b3ad3f86d7a7bdc6503f23 |
User & Date: | drh 2017-05-11 13:43:57.931 |
Context
2017-05-11
| ||
18:14 | Do not save the state of an fts5 merge operation mid-way through an input term, even if no previous entry for that term has caused any output. Doing so may corrupt the FTS index. (check-in: 9a2de4f05f user: dan tags: trunk) | |
15:20 | Negative N values in sqlite3_get_auxdata() and sqlite3_set_auxdata() can be used to access an auxiliary data cache over all functions in a single prepared statement. (check-in: ff5306752e user: drh tags: auxdata-cache) | |
13:43 | New requirements marks and documentation for the authorizer. (check-in: 3980ea0911 user: drh tags: trunk) | |
12:27 | Improvements to the sqlite3_set_authorizer() documentation. (check-in: 47629b1911 user: drh tags: trunk) | |
Changes
Changes to src/auth.c.
︙ | ︙ | |||
212 213 214 215 216 217 218 219 220 221 222 223 224 225 | if( db->init.busy || IN_DECLARE_VTAB ){ return SQLITE_OK; } if( db->xAuth==0 ){ return SQLITE_OK; } rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2, zArg3, pParse->zAuthContext #ifdef SQLITE_USER_AUTHENTICATION ,db->auth.zAuthUser #endif ); if( rc==SQLITE_DENY ){ sqlite3ErrorMsg(pParse, "not authorized"); | > > > > > > > > > > > > | 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 | if( db->init.busy || IN_DECLARE_VTAB ){ return SQLITE_OK; } if( db->xAuth==0 ){ return SQLITE_OK; } /* EVIDENCE-OF: R-43249-19882 The third through sixth parameters to the ** callback are either NULL pointers or zero-terminated strings that ** contain additional details about the action to be authorized. ** ** The following testcase() macros show that any of the 3rd through 6th ** parameters can be either NULL or a string. */ testcase( zArg1==0 ); testcase( zArg2==0 ); testcase( zArg3==0 ); testcase( pParse->zAuthContext==0 ); rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2, zArg3, pParse->zAuthContext #ifdef SQLITE_USER_AUTHENTICATION ,db->auth.zAuthUser #endif ); if( rc==SQLITE_DENY ){ sqlite3ErrorMsg(pParse, "not authorized"); |
︙ | ︙ |
Changes to src/delete.c.
︙ | ︙ | |||
346 347 348 349 350 351 352 | sqlite3VdbeAddOp2(v, OP_Integer, 0, memCnt); } #ifndef SQLITE_OMIT_TRUNCATE_OPTIMIZATION /* Special case: A DELETE without a WHERE clause deletes everything. ** It is easier just to erase the whole table. Prior to version 3.6.5, ** this optimization caused the row change count (the value returned by | | > > > > > > > | 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 | sqlite3VdbeAddOp2(v, OP_Integer, 0, memCnt); } #ifndef SQLITE_OMIT_TRUNCATE_OPTIMIZATION /* Special case: A DELETE without a WHERE clause deletes everything. ** It is easier just to erase the whole table. Prior to version 3.6.5, ** this optimization caused the row change count (the value returned by ** API function sqlite3_count_changes) to be set incorrectly. ** ** The "rcauth==SQLITE_OK" terms is the ** IMPLEMENATION-OF: R-17228-37124 If the action code is SQLITE_DELETE and ** the callback returns SQLITE_IGNORE then the DELETE operation proceeds but ** the truncate optimization is disabled and all rows are deleted ** individually. */ if( rcauth==SQLITE_OK && pWhere==0 && !bComplex && !IsVirtual(pTab) #ifdef SQLITE_ENABLE_PREUPDATE_HOOK && db->xPreUpdateCallback==0 #endif |
︙ | ︙ |
Changes to src/tclsqlite.c.
︙ | ︙ | |||
1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 | ,const char *zArg5 #endif ){ const char *zCode; Tcl_DString str; int rc; const char *zReply; SqliteDb *pDb = (SqliteDb*)pArg; if( pDb->disableAuth ) return SQLITE_OK; switch( code ){ case SQLITE_COPY : zCode="SQLITE_COPY"; break; case SQLITE_CREATE_INDEX : zCode="SQLITE_CREATE_INDEX"; break; case SQLITE_CREATE_TABLE : zCode="SQLITE_CREATE_TABLE"; break; case SQLITE_CREATE_TEMP_INDEX : zCode="SQLITE_CREATE_TEMP_INDEX"; break; case SQLITE_CREATE_TEMP_TABLE : zCode="SQLITE_CREATE_TEMP_TABLE"; break; case SQLITE_CREATE_TEMP_TRIGGER: zCode="SQLITE_CREATE_TEMP_TRIGGER"; break; | > > > > > > > | 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 | ,const char *zArg5 #endif ){ const char *zCode; Tcl_DString str; int rc; const char *zReply; /* EVIDENCE-OF: R-38590-62769 The first parameter to the authorizer ** callback is a copy of the third parameter to the ** sqlite3_set_authorizer() interface. */ SqliteDb *pDb = (SqliteDb*)pArg; if( pDb->disableAuth ) return SQLITE_OK; /* EVIDENCE-OF: R-56518-44310 The second parameter to the callback is an ** integer action code that specifies the particular action to be ** authorized. */ switch( code ){ case SQLITE_COPY : zCode="SQLITE_COPY"; break; case SQLITE_CREATE_INDEX : zCode="SQLITE_CREATE_INDEX"; break; case SQLITE_CREATE_TABLE : zCode="SQLITE_CREATE_TABLE"; break; case SQLITE_CREATE_TEMP_INDEX : zCode="SQLITE_CREATE_TEMP_INDEX"; break; case SQLITE_CREATE_TEMP_TABLE : zCode="SQLITE_CREATE_TEMP_TABLE"; break; case SQLITE_CREATE_TEMP_TRIGGER: zCode="SQLITE_CREATE_TEMP_TRIGGER"; break; |
︙ | ︙ |
Changes to test/auth.test.
︙ | ︙ | |||
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 | db authorizer ::auth } } do_test auth-1.1.1 { db close set ::DB [sqlite3 db test.db] proc auth {code arg1 arg2 arg3 arg4 args} { if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { return SQLITE_DENY } return SQLITE_OK } db authorizer ::auth catchsql {CREATE TABLE t1(a,b,c)} } {1 {not authorized}} do_test auth-1.1.2 { db errorcode } {23} do_test auth-1.1.3 { db authorizer } {::auth} do_test auth-1.1.4 { # Ticket #896. catchsql { SELECT x; } } {1 {no such column: x}} do_test auth-1.2 { execsql {SELECT name FROM sqlite_master} } {} do_test auth-1.3.1 { proc auth {code arg1 arg2 arg3 arg4 args} { if {$code=="SQLITE_CREATE_TABLE"} { set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK | > > > > > > > > > > > | 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 | db authorizer ::auth } } do_test auth-1.1.1 { db close set ::DB [sqlite3 db test.db] proc authx {code arg1 arg2 arg3 arg4 args} {return SQLITE_DENY} proc auth {code arg1 arg2 arg3 arg4 args} { if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { return SQLITE_DENY } return SQLITE_OK } db authorizer ::authx # EVIDENCE-OF: R-03993-24285 Only a single authorizer can be in place on # a database connection at a time. Each call to sqlite3_set_authorizer # overrides the previous call. # # The authx authorizer above is overridden by the auth authorizer below # authx is never invoked. db authorizer ::auth catchsql {CREATE TABLE t1(a,b,c)} } {1 {not authorized}} do_test auth-1.1.2 { db errorcode } {23} do_test auth-1.1.3 { db authorizer } {::auth} do_test auth-1.1.4 { # Ticket #896. catchsql { SELECT x; } } {1 {no such column: x}} do_test auth-1.2 { execsql {SELECT name FROM sqlite_master} } {} # EVIDENCE-OF: R-04452-49349 When the callback returns SQLITE_DENY, the # sqlite3_prepare_v2() or equivalent call that triggered the authorizer # will fail with an error message explaining that access is denied. do_test auth-1.3.1 { proc auth {code arg1 arg2 arg3 arg4 args} { if {$code=="SQLITE_CREATE_TABLE"} { set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK |
︙ | ︙ | |||
308 309 310 311 312 313 314 315 316 317 318 319 320 321 | ifcapable attach { do_test auth-1.35.2 { execsql {ATTACH DATABASE 'test.db' AS two} catchsql {SELECT * FROM two.t2} } {1 {access to two.t2.b is prohibited}} execsql {DETACH DATABASE two} } do_test auth-1.36 { proc auth {code arg1 arg2 arg3 arg4 args} { if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} { return SQLITE_IGNORE } return SQLITE_OK } | > > > > | 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 | ifcapable attach { do_test auth-1.35.2 { execsql {ATTACH DATABASE 'test.db' AS two} catchsql {SELECT * FROM two.t2} } {1 {access to two.t2.b is prohibited}} execsql {DETACH DATABASE two} } # EVIDENCE-OF: R-38392-49970 If the action code is SQLITE_READ and the # callback returns SQLITE_IGNORE then the prepared statement statement # is constructed to substitute a NULL value in place of the table column # that would have been read if SQLITE_OK had been returned. do_test auth-1.36 { proc auth {code arg1 arg2 arg3 arg4 args} { if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} { return SQLITE_IGNORE } return SQLITE_OK } |
︙ | ︙ | |||
1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 | do_test auth-1.247 { catchsql {END TRANSACTION} } {1 {not authorized}} do_test auth-1.248 { set ::authargs } {COMMIT {} {} {}} do_test auth-1.249 { db authorizer {} catchsql {ROLLBACK} } {0 {}} do_test auth-1.250 { execsql {SELECT * FROM t2} } {11 2 33 7 8 9} | > > | 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 | do_test auth-1.247 { catchsql {END TRANSACTION} } {1 {not authorized}} do_test auth-1.248 { set ::authargs } {COMMIT {} {} {}} do_test auth-1.249 { # EVIDENCE-OF: R-52112-44167 Disable the authorizer by installing a NULL # callback. db authorizer {} catchsql {ROLLBACK} } {0 {}} do_test auth-1.250 { execsql {SELECT * FROM t2} } {11 2 33 7 8 9} |
︙ | ︙ | |||
2477 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 | SQLITE_READ t7 a main {} \ SQLITE_READ t7 c main {} \ ] # If a table is referenced but no columns are read from the table, # that causes a single SQLITE_READ authorization with a NULL column # name. # set ::authargs [list] do_test auth-8.1 { execsql {SELECT count(*) FROM t7} set ::authargs } [list \ SQLITE_SELECT {} {} {} {} \ | > > > > > > | 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 2510 2511 2512 2513 | SQLITE_READ t7 a main {} \ SQLITE_READ t7 c main {} \ ] # If a table is referenced but no columns are read from the table, # that causes a single SQLITE_READ authorization with a NULL column # name. # # EVIDENCE-OF: R-31520-16302 When a table is referenced by a SELECT but # no column values are extracted from that table (for example in a query # like "SELECT count(*) FROM tab") then the SQLITE_READ authorizer # callback is invoked once for that table with a column name that is an # empty string. # set ::authargs [list] do_test auth-8.1 { execsql {SELECT count(*) FROM t7} set ::authargs } [list \ SQLITE_SELECT {} {} {} {} \ |
︙ | ︙ |
Changes to test/auth3.test.
︙ | ︙ | |||
49 50 51 52 53 54 55 56 57 58 59 60 61 62 | INSERT INTO t1 VALUES(4, 5, 6); } } {} do_test auth3.1.2 { set ::authcode SQLITE_DENY catchsql { DELETE FROM t1 } } {1 {not authorized}} do_test auth3.1.3 { set ::authcode SQLITE_INVALID catchsql { DELETE FROM t1 } } {1 {authorizer malfunction}} do_test auth3.1.4 { execsql { SELECT * FROM t1 } } {1 2 3 4 5 6} | > > > > | 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 | INSERT INTO t1 VALUES(4, 5, 6); } } {} do_test auth3.1.2 { set ::authcode SQLITE_DENY catchsql { DELETE FROM t1 } } {1 {not authorized}} # EVIDENCE-OF: R-64962-58611 If the authorizer callback returns any # value other than SQLITE_IGNORE, SQLITE_OK, or SQLITE_DENY then the # sqlite3_prepare_v2() or equivalent call that triggered the authorizer # will fail with an error message. do_test auth3.1.3 { set ::authcode SQLITE_INVALID catchsql { DELETE FROM t1 } } {1 {authorizer malfunction}} do_test auth3.1.4 { execsql { SELECT * FROM t1 } } {1 2 3 4 5 6} |
︙ | ︙ |