/ Check-in [f04bd432]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix the authorizer so that it correctly interprets attempts to read the OLD and NEW pseudo-tables of a trigger. (CVS 911)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: f04bd43254b3ba3fccc842214115d4c298e28138
User & Date: drh 2003-04-16 20:24:52
Context
2003-04-16
21:03
Rollback if a commit hook fails. (CVS 912) check-in: 5cea7554 user: drh tags: trunk
20:24
Fix the authorizer so that it correctly interprets attempts to read the OLD and NEW pseudo-tables of a trigger. (CVS 911) check-in: f04bd432 user: drh tags: trunk
02:17
Simplify the number processing code. Fix for ticket #281. (CVS 910) check-in: 4326b52a user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/auth.c.

10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
..
87
88
89
90
91
92
93
94
95


96
97
98


99









100
101
102
103
104
105
106
**
*************************************************************************
** This file contains code used to implement the sqlite_set_authorizer()
** API.  This facility is an optional feature of the library.  Embedded
** systems that do not need this facility may omit it by recompiling
** the library with -DSQLITE_OMIT_AUTHORIZATION=1
**
** $Id: auth.c,v 1.4 2003/01/31 17:21:50 drh Exp $
*/
#include "sqliteInt.h"

/*
** All of the code in this file may be omitted by defining a single
** macro.
*/
................................................................................
  Parse *pParse,        /* The parser context */
  Expr *pExpr,          /* The expression to check authorization on */
  SrcList *pTabList,    /* All table that pExpr might refer to */
  int base              /* Offset of pTabList relative to pExpr */
){
  sqlite *db = pParse->db;
  int rc;
  Table *pTab;
  const char *zCol;


  if( db->xAuth==0 ) return;
  assert( pExpr->op==TK_COLUMN );
  assert( pExpr->iTable>=base && pExpr->iTable<base+pTabList->nSrc );


  pTab = pTabList->a[pExpr->iTable-base].pTab;









  if( pTab==0 ) return;
  if( pExpr->iColumn>=0 ){
    assert( pExpr->iColumn<pTab->nCol );
    zCol = pTab->aCol[pExpr->iColumn].zName;
  }else if( pTab->iPKey>=0 ){
    assert( pTab->iPKey<pTab->nCol );
    zCol = pTab->aCol[pTab->iPKey].zName;







|







 







|
|
>
>


<
>
>
|
>
>
>
>
>
>
>
>
>







10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
..
87
88
89
90
91
92
93
94
95
96
97
98
99

100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
**
*************************************************************************
** This file contains code used to implement the sqlite_set_authorizer()
** API.  This facility is an optional feature of the library.  Embedded
** systems that do not need this facility may omit it by recompiling
** the library with -DSQLITE_OMIT_AUTHORIZATION=1
**
** $Id: auth.c,v 1.5 2003/04/16 20:24:52 drh Exp $
*/
#include "sqliteInt.h"

/*
** All of the code in this file may be omitted by defining a single
** macro.
*/
................................................................................
  Parse *pParse,        /* The parser context */
  Expr *pExpr,          /* The expression to check authorization on */
  SrcList *pTabList,    /* All table that pExpr might refer to */
  int base              /* Offset of pTabList relative to pExpr */
){
  sqlite *db = pParse->db;
  int rc;
  Table *pTab;          /* The table being read */
  const char *zCol;     /* Name of the column of the table */
  int iSrc;             /* Index in pTabList->a[] of table being read */

  if( db->xAuth==0 ) return;
  assert( pExpr->op==TK_COLUMN );

  iSrc = pExpr->iTable - base;
  if( iSrc>=0 && iSrc<pTabList->nSrc ){
    pTab = pTabList->a[iSrc].pTab;
  }else{
    /* This must be an attempt to read the NEW or OLD pseudo-tables
    ** of a trigger.
    */
    TriggerStack *pStack = pParse->trigStack;
    assert( pStack!=0 );
    assert( pExpr->iTable==pStack->newIdx || pExpr->iTable==pStack->oldIdx );
    pTab = pStack->pTab;
  }
  if( pTab==0 ) return;
  if( pExpr->iColumn>=0 ){
    assert( pExpr->iColumn<pTab->nCol );
    zCol = pTab->aCol[pExpr->iColumn].zName;
  }else if( pTab->iPKey>=0 ){
    assert( pTab->iPKey<pTab->nCol );
    zCol = pTab->aCol[pTab->iPKey].zName;

Changes to src/main.c.

10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
....
1030
1031
1032
1033
1034
1035
1036




1037
1038
1039
1040
1041
1042
1043
**
*************************************************************************
** Main file for the SQLite library.  The routines in this file
** implement the programmer interface to the library.  Routines in
** other files are for internal use by SQLite and should not be
** accessed by users of the library.
**
** $Id: main.c,v 1.124 2003/04/16 01:28:16 drh Exp $
*/
#include "sqliteInt.h"
#include "os.h"
#include <ctype.h>

/*
** A pointer to this structure is used to communicate information
................................................................................
#endif
}

/*
** Register functions to be invoked when a transaction is started or when
** a transaction commits.  If either function returns non-zero, then the
** corresponding operation aborts with a constraint error.




*/
void *sqlite_begin_hook(
  sqlite *db,
  int (*xCallback)(void*),
  void *pArg
){
  void *pOld = db->pBeginArg;







|







 







>
>
>
>







10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
....
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
**
*************************************************************************
** Main file for the SQLite library.  The routines in this file
** implement the programmer interface to the library.  Routines in
** other files are for internal use by SQLite and should not be
** accessed by users of the library.
**
** $Id: main.c,v 1.125 2003/04/16 20:24:52 drh Exp $
*/
#include "sqliteInt.h"
#include "os.h"
#include <ctype.h>

/*
** A pointer to this structure is used to communicate information
................................................................................
#endif
}

/*
** Register functions to be invoked when a transaction is started or when
** a transaction commits.  If either function returns non-zero, then the
** corresponding operation aborts with a constraint error.
**
** EXPERIMENTAL.  This API is under evaluation and is not yet an
** official part of the SQLite interface.  This means it could change
** or be deleted in future releases.
*/
void *sqlite_begin_hook(
  sqlite *db,
  int (*xCallback)(void*),
  void *pArg
){
  void *pOld = db->pBeginArg;

Changes to test/auth.test.

8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
....
1654
1655
1656
1657
1658
1659
1660





























1661
1662
1663
1664
#    May you share freely, never taking more than you give.
#
#***********************************************************************
# This file implements regression tests for SQLite library.  The
# focus of this script is testing the ATTACH and DETACH commands
# and related functionality.
#
# $Id: auth.test,v 1.6 2003/04/05 03:42:27 drh Exp $
#

set testdir [file dirname $argv0]
source $testdir/tester.tcl

if {[info command sqlite_set_authorizer]!=""} {

................................................................................
    if {$code=="SQLITE_READ" && $arg2=="x"} {
      return SQLITE_IGNORE
    }
    return SQLITE_OK
  }
  catchsql {SELECT * FROM t2, t3}
} {0 {11 2 33 {} 55 66 7 8 9 {} 55 66}}






























} ;# End of the "if( db command exists )"

finish_test







|







 







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>




8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
....
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
#    May you share freely, never taking more than you give.
#
#***********************************************************************
# This file implements regression tests for SQLite library.  The
# focus of this script is testing the ATTACH and DETACH commands
# and related functionality.
#
# $Id: auth.test,v 1.7 2003/04/16 20:24:52 drh Exp $
#

set testdir [file dirname $argv0]
source $testdir/tester.tcl

if {[info command sqlite_set_authorizer]!=""} {

................................................................................
    if {$code=="SQLITE_READ" && $arg2=="x"} {
      return SQLITE_IGNORE
    }
    return SQLITE_OK
  }
  catchsql {SELECT * FROM t2, t3}
} {0 {11 2 33 {} 55 66 7 8 9 {} 55 66}}

# Make sure the OLD and NEW pseudo-tables of a trigger get authorized.
#
do_test auth-3.1 {
  proc auth {code arg1 arg2} {
    return SQLITE_OK
  }
  execsql {
    CREATE TABLE tx(a1,a2,b1,b2,c1,c2);
    CREATE TRIGGER r1 AFTER UPDATE ON t2 FOR EACH ROW BEGIN
      INSERT INTO tx VALUES(OLD.a,NEW.a,OLD.b,NEW.b,OLD.c,NEW.c);
    END;
    UPDATE t2 SET a=a+1;
    SELECT * FROM tx;
  }
} {11 12 2 2 33 33 7 8 8 8 9 9}
do_test auth-3.2 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="c"} {
      return SQLITE_IGNORE
    }
    return SQLITE_OK
  }
  execsql {
    DELETE FROM tx;
    UPDATE t2 SET a=a+100;
    SELECT * FROM tx;
  }
} {12 112 2 2 {} {} 8 108 8 8 {} {}}

} ;# End of the "if( db command exists )"

finish_test