/ Check-in [8b88b64b]
Login
SQLite training in Houston TX on 2019-11-05 (details)
Part of the 2019 Tcl Conference

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Call the authorizer callback the same number of times whether or not the query flattening occurs. (CVS 5338)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 8b88b64bb37df4e38cbfe31a14c219688b26e2af
User & Date: danielk1977 2008-07-02 13:13:52
Context
2008-07-02
16:10
Fix a memory leak that can occur following a malloc failure. (CVS 5339) check-in: cec4eba1 user: danielk1977 tags: trunk
13:13
Call the authorizer callback the same number of times whether or not the query flattening occurs. (CVS 5338) check-in: 8b88b64b user: danielk1977 tags: trunk
2008-07-01
18:26
Fix errors in in.test. Also add a few tests to selectB.test. (CVS 5337) check-in: 8f9d1abb user: danielk1977 tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/select.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains C code routines that are called by the parser
    13     13   ** to handle SELECT statements in SQLite.
    14     14   **
    15         -** $Id: select.c,v 1.445 2008/07/01 18:26:50 danielk1977 Exp $
           15  +** $Id: select.c,v 1.446 2008/07/02 13:13:52 danielk1977 Exp $
    16     16   */
    17     17   #include "sqliteInt.h"
    18     18   
    19     19   
    20     20   /*
    21     21   ** Delete all the content of a Select structure but do not deallocate
    22     22   ** the select structure itself.
................................................................................
  3081   3081   ** If flattening is not attempted, this routine is a no-op and returns 0.
  3082   3082   ** If flattening is attempted this routine returns 1.
  3083   3083   **
  3084   3084   ** All of the expression analysis must occur on both the outer query and
  3085   3085   ** the subquery before this routine runs.
  3086   3086   */
  3087   3087   static int flattenSubquery(
  3088         -  sqlite3 *db,         /* Database connection */
         3088  +  Parse *pParse,       /* Parsing context */
  3089   3089     Select *p,           /* The parent or outer SELECT statement */
  3090   3090     int iFrom,           /* Index in p->pSrc->a[] of the inner subquery */
  3091   3091     int isAgg,           /* True if outer SELECT uses aggregate functions */
  3092   3092     int subqueryIsAgg    /* True if the subquery uses aggregate functions */
  3093   3093   ){
         3094  +  const char *zSavedAuthContext = pParse->zAuthContext;
  3094   3095     Select *pParent;
  3095   3096     Select *pSub;       /* The inner query or "subquery" */
  3096   3097     Select *pSub1;      /* Pointer to the rightmost select in sub-query */
  3097   3098     SrcList *pSrc;      /* The FROM clause of the outer query */
  3098   3099     SrcList *pSubSrc;   /* The FROM clause of the subquery */
  3099   3100     ExprList *pList;    /* The result set of the outer query */
  3100   3101     int iParent;        /* VDBE cursor number of the pSub result set temp table */
  3101   3102     int i;              /* Loop counter */
  3102   3103     Expr *pWhere;                    /* The WHERE clause */
  3103   3104     struct SrcList_item *pSubitem;   /* The subquery */
         3105  +  sqlite3 *db = pParse->db;
  3104   3106   
  3105   3107     /* Check to see if flattening is permitted.  Return 0 if not.
  3106   3108     */
  3107   3109     if( p==0 ) return 0;
  3108   3110     pSrc = p->pSrc;
  3109   3111     assert( pSrc && iFrom>=0 && iFrom<pSrc->nSrc );
  3110   3112     pSubitem = &pSrc->a[iFrom];
................................................................................
  3181   3183         if( pSub1->isAgg || pSub1->isDistinct 
  3182   3184          || (pSub1->pPrior && pSub1->op!=TK_ALL) ){
  3183   3185           return 0;
  3184   3186         }
  3185   3187       }
  3186   3188     }
  3187   3189   
         3190  +  pParse->zAuthContext = pSubitem->zName;
         3191  +  sqlite3AuthCheck(pParse, SQLITE_SELECT, 0, 0, 0);
         3192  +  pParse->zAuthContext = zSavedAuthContext;
         3193  +
  3188   3194     /* If the sub-query is a compound SELECT statement, then it must be
  3189   3195     ** a UNION ALL and the parent query must be of the form:
  3190   3196     **
  3191   3197     **     SELECT <expr-list> FROM (<sub-query>) <where-clause> 
  3192   3198     **
  3193   3199     ** followed by any ORDER BY, LIMIT and/or OFFSET clauses. This block
  3194   3200     ** creates N copies of the parent query without any ORDER BY, LIMIT or 
................................................................................
  3783   3789     */
  3784   3790   #if !defined(SQLITE_OMIT_SUBQUERY) || !defined(SQLITE_OMIT_VIEW)
  3785   3791     for(i=0; !p->pPrior && i<pTabList->nSrc; i++){
  3786   3792       struct SrcList_item *pItem = &pTabList->a[i];
  3787   3793       SelectDest dest;
  3788   3794       Select *pSub = pItem->pSelect;
  3789   3795       int isAggSub;
         3796  +    char *zName = pItem->zName;
  3790   3797   
  3791   3798       if( pSub==0 || pItem->isPopulated ) continue;
  3792         -    if( pItem->zName!=0 ){   /* An sql view */
         3799  +    if( zName!=0 ){   /* An sql view */
  3793   3800         const char *zSavedAuthContext = pParse->zAuthContext;
  3794         -      pParse->zAuthContext = pItem->zName;
         3801  +      pParse->zAuthContext = zName;
  3795   3802         rc = sqlite3SelectResolve(pParse, pSub, 0);
  3796   3803         pParse->zAuthContext = zSavedAuthContext;
  3797   3804         if( rc ){
  3798   3805           goto select_end;
  3799   3806         }
  3800   3807       }
  3801   3808   
................................................................................
  3806   3813       ** more conservative than necessary, but much easier than enforcing
  3807   3814       ** an exact limit.
  3808   3815       */
  3809   3816       pParse->nHeight += sqlite3SelectExprHeight(p);
  3810   3817   
  3811   3818       /* Check to see if the subquery can be absorbed into the parent. */
  3812   3819       isAggSub = pSub->isAgg;
  3813         -    if( flattenSubquery(db, p, i, isAgg, isAggSub) ){
         3820  +    if( flattenSubquery(pParse, p, i, isAgg, isAggSub) ){
  3814   3821         if( isAggSub ){
  3815   3822           p->isAgg = isAgg = 1;
  3816   3823         }
  3817   3824         i = -1;
  3818   3825       }else{
  3819   3826         sqlite3SelectDestInit(&dest, SRT_EphemTab, pItem->iCursor);
  3820   3827         sqlite3Select(pParse, pSub, &dest, p, i, &isAgg, 0);
  3821   3828       }
  3822         -    if( db->mallocFailed ){
         3829  +    if( pParse->nErr || db->mallocFailed ){
  3823   3830         goto select_end;
  3824   3831       }
  3825   3832       pParse->nHeight -= sqlite3SelectExprHeight(p);
  3826   3833       pTabList = p->pSrc;
  3827   3834       if( !IgnorableOrderby(pDest) ){
  3828   3835         pOrderBy = p->pOrderBy;
  3829   3836       }

Changes to test/auth.test.

     8      8   #    May you share freely, never taking more than you give.
     9      9   #
    10     10   #***********************************************************************
    11     11   # This file implements regression tests for SQLite library.  The
    12     12   # focus of this script is testing the sqlite3_set_authorizer() API
    13     13   # and related functionality.
    14     14   #
    15         -# $Id: auth.test,v 1.42 2008/04/15 14:36:42 drh Exp $
           15  +# $Id: auth.test,v 1.43 2008/07/02 13:13:52 danielk1977 Exp $
    16     16   #
    17     17   
    18     18   set testdir [file dirname $argv0]
    19     19   source $testdir/tester.tcl
    20     20   
    21     21   # disable this test if the SQLITE_OMIT_AUTHORIZATION macro is
    22     22   # defined during compilation.
................................................................................
  2247   2247     SQLITE_UPDATE v1     x  main {} \
  2248   2248     SQLITE_INSERT v1chng {} main r2 \
  2249   2249     SQLITE_READ   v1     x  main r2 \
  2250   2250     SQLITE_READ   v1     x  main r2 \
  2251   2251     SQLITE_SELECT {}     {} {}   v1 \
  2252   2252     SQLITE_READ   t2     a  main v1 \
  2253   2253     SQLITE_READ   t2     b  main v1 \
  2254         -  SQLITE_SELECT {}     {} {}   v1 \
         2254  +  SQLITE_SELECT {}     {} {}   {} \
  2255   2255     SQLITE_READ   v1     x  main v1 \
  2256   2256   ]
  2257   2257   do_test auth-4.4 {
  2258   2258     execsql {
  2259   2259       CREATE TRIGGER r3 INSTEAD OF DELETE ON v1 BEGIN
  2260   2260         INSERT INTO v1chng VALUES(OLD.x,NULL);
  2261   2261       END;
................................................................................
  2271   2271   } [list \
  2272   2272     SQLITE_DELETE v1     {} main {} \
  2273   2273     SQLITE_INSERT v1chng {} main r3 \
  2274   2274     SQLITE_READ   v1     x  main r3 \
  2275   2275     SQLITE_SELECT {}     {} {}   v1 \
  2276   2276     SQLITE_READ   t2     a  main v1 \
  2277   2277     SQLITE_READ   t2     b  main v1 \
  2278         -  SQLITE_SELECT {}     {} {}   v1 \
         2278  +  SQLITE_SELECT {}     {} {}   {} \
  2279   2279     SQLITE_READ   v1     x  main v1 \
  2280   2280   ]
  2281   2281   
  2282   2282   } ;# ifcapable view && trigger
  2283   2283   
  2284   2284   # Ticket #1338:  Make sure authentication works in the presence of an AS
  2285   2285   # clause.

Changes to test/auth2.test.

     8      8   #    May you share freely, never taking more than you give.
     9      9   #
    10     10   #***********************************************************************
    11     11   # This file implements regression tests for SQLite library.  The
    12     12   # focus of this script is testing the sqlite3_set_authorizer() API
    13     13   # and related functionality.
    14     14   #
    15         -# $Id: auth2.test,v 1.2 2007/10/12 20:42:30 drh Exp $
           15  +# $Id: auth2.test,v 1.3 2008/07/02 13:13:53 danielk1977 Exp $
    16     16   #
    17     17   
    18     18   set testdir [file dirname $argv0]
    19     19   source $testdir/tester.tcl
    20     20   
    21     21   # disable this test if the SQLITE_OMIT_AUTHORIZATION macro is
    22     22   # defined during compilation.
................................................................................
   127    127     db eval {
   128    128       SELECT a, b FROM v2;
   129    129     }
   130    130     set ::authargs
   131    131   } {SQLITE_SELECT {} {} {} {}
   132    132   SQLITE_READ v2 a main {}
   133    133   SQLITE_READ v2 b main {}
   134         -SQLITE_SELECT {} {} {} v2
   135    134   SQLITE_READ t2 x main v2
   136    135   SQLITE_READ t2 y main v2
   137    136   SQLITE_READ t2 y main v2
   138    137   SQLITE_READ t2 z main v2
          138  +SQLITE_SELECT {} {} {} v2
   139    139   }
   140    140   do_test auth2-2.4 {
   141    141     db2 eval {
   142    142       CREATE TABLE t3(p,q,r);
   143    143     }
   144    144     set ::authargs {}
   145    145     db eval {
   146    146       SELECT b, a FROM v2;
   147    147     }
   148    148     set ::authargs
   149    149   } {SQLITE_SELECT {} {} {} {}
   150    150   SQLITE_READ v2 b main {}
   151    151   SQLITE_READ v2 a main {}
   152         -SQLITE_SELECT {} {} {} v2
   153    152   SQLITE_READ t2 x main v2
   154    153   SQLITE_READ t2 y main v2
   155    154   SQLITE_READ t2 y main v2
   156    155   SQLITE_READ t2 z main v2
          156  +SQLITE_SELECT {} {} {} v2
   157    157   SQLITE_SELECT {} {} {} {}
   158    158   SQLITE_READ v2 b main {}
   159    159   SQLITE_READ v2 a main {}
   160         -SQLITE_SELECT {} {} {} v2
   161    160   SQLITE_READ t2 x main v2
   162    161   SQLITE_READ t2 y main v2
   163    162   SQLITE_READ t2 y main v2
   164    163   SQLITE_READ t2 z main v2
          164  +SQLITE_SELECT {} {} {} v2
   165    165   }
   166    166   db2 close
   167    167   
   168    168   finish_test