Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Documentation updates for the new SQLITE_FUNCTION authorization. (CVS 3366) |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
e029637e54e190c89206725a99e1ee7d |
| User & Date: | drh 2006-08-24 15:18:25 |
Context
|
2006-08-25
| ||
| 19:20 | Fix gcc gripe about parens in a ||/&& in mergePosList(). Drop unused pBlob/nBlob in index_insert_term(). Fix NULL deref in an assertion in docListUpdate() delete case. Minor code tightening in docListUpdate(). (CVS 3367) check-in: a6fcf910 user: shess tags: trunk | |
|
2006-08-24
| ||
| 15:18 | Documentation updates for the new SQLITE_FUNCTION authorization. (CVS 3366) check-in: e029637e user: drh tags: trunk | |
| 14:59 | Enhance the sqlite3_set_authorizer() callback so that it provides callbacks on each SQL function that is invoked. (CVS 3365) check-in: 4547c81f user: drh tags: trunk | |
Changes
Changes to src/expr.c.
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
....
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
|
** May you find forgiveness for yourself and forgive others. ** May you share freely, never taking more than you give. ** ************************************************************************* ** This file contains routines used for analyzing expressions and ** for generating VDBE code that evaluates expressions in SQLite. ** ** $Id: expr.c,v 1.267 2006/08/24 14:59:46 drh Exp $ */ #include "sqliteInt.h" #include <ctype.h> /* ** Return the 'affinity' of the expression pExpr if any. ** ................................................................................ no_such_func = 1; }else{ wrong_num_args = 1; } }else{ is_agg = pDef->xFunc==0; } if( pDef ){ auth = sqlite3AuthCheck(pParse, SQLITE_FUNCTION, 0, pDef->zName, 0); if( auth!=SQLITE_OK ){ if( auth==SQLITE_DENY ){ sqlite3ErrorMsg(pParse, "not authorized to use function: %s", pDef->zName); pNC->nErr++; } pExpr->op = TK_NULL; return 1; } } if( is_agg && !pNC->allowAgg ){ sqlite3ErrorMsg(pParse, "misuse of aggregate function %.*s()", nId,zId); pNC->nErr++; is_agg = 0; }else if( no_such_func ){ sqlite3ErrorMsg(pParse, "no such function: %.*s", nId, zId); pNC->nErr++; |
|
>
>
|
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
....
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
|
** May you find forgiveness for yourself and forgive others. ** May you share freely, never taking more than you give. ** ************************************************************************* ** This file contains routines used for analyzing expressions and ** for generating VDBE code that evaluates expressions in SQLite. ** ** $Id: expr.c,v 1.268 2006/08/24 15:18:25 drh Exp $ */ #include "sqliteInt.h" #include <ctype.h> /* ** Return the 'affinity' of the expression pExpr if any. ** ................................................................................ no_such_func = 1; }else{ wrong_num_args = 1; } }else{ is_agg = pDef->xFunc==0; } #ifndef SQLITE_OMIT_AUTHORIZER if( pDef ){ auth = sqlite3AuthCheck(pParse, SQLITE_FUNCTION, 0, pDef->zName, 0); if( auth!=SQLITE_OK ){ if( auth==SQLITE_DENY ){ sqlite3ErrorMsg(pParse, "not authorized to use function: %s", pDef->zName); pNC->nErr++; } pExpr->op = TK_NULL; return 1; } } #endif if( is_agg && !pNC->allowAgg ){ sqlite3ErrorMsg(pParse, "misuse of aggregate function %.*s()", nId,zId); pNC->nErr++; is_agg = 0; }else if( no_such_func ){ sqlite3ErrorMsg(pParse, "no such function: %.*s", nId, zId); pNC->nErr++; |
Changes to www/capi3ref.tcl.
1
2
3
4
5
6
7
8
....
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
|
set rcsid {$Id: capi3ref.tcl,v 1.42 2006/08/12 14:38:47 drh Exp $}
source common.tcl
header {C/C++ Interface For SQLite Version 3}
puts {
<h2>C/C++ Interface For SQLite Version 3</h2>
}
proc api {name prototype desc {notused x}} {
................................................................................
#define SQLITE_TRANSACTION 22 /* NULL NULL */
#define SQLITE_UPDATE 23 /* Table Name Column Name */
#define SQLITE_ATTACH 24 /* Filename NULL */
#define SQLITE_DETACH 25 /* Database Name NULL */
#define SQLITE_ALTER_TABLE 26 /* Database Name Table Name */
#define SQLITE_REINDEX 27 /* Index Name NULL */
#define SQLITE_ANALYZE 28 /* Table Name NULL */
#define SQLITE_DENY 1 /* Abort the SQL statement with an error */
#define SQLITE_IGNORE 2 /* Don't allow access, but don't generate an error */
} {
This routine registers a callback with the SQLite library. The
callback is invoked (at compile-time, not at run-time) for each
attempt to access a column of a table in the database. The callback should
return SQLITE_OK if access is allowed, SQLITE_DENY if the entire
SQL statement should be aborted with an error and SQLITE_IGNORE
if the column should be treated as a NULL value.
The second argument to the access authorization function will be one
of the defined constants shown. These values signify what kind of operation
is to be authorized. The 3rd and 4th arguments to the authorization
function will be arguments or NULL depending on which of the following
codes is used as the second argument. The 5th argument is the name
of the database ("main", "temp", etc.) if applicable. The 6th argument
is the name of the inner-most trigger or view that is responsible for
the access attempt or NULL if this access attempt is directly from
input SQL code.
The return value of the authorization function should be one of the
constants SQLITE_OK, SQLITE_DENY, or SQLITE_IGNORE.
The intent of this routine is to allow applications to safely execute
user-entered SQL. An appropriate callback can deny the user-entered
SQL access certain operations (ex: anything that changes the database)
or to deny access to certain tables or columns within the database.
}
|
|
>
>
>
|
|
|
>
>
>
>
>
|
|
>
>
>
>
>
>
>
|
|
>
>
>
>
>
>
>
>
|
1
2
3
4
5
6
7
8
....
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
|
set rcsid {$Id: capi3ref.tcl,v 1.43 2006/08/24 15:18:25 drh Exp $}
source common.tcl
header {C/C++ Interface For SQLite Version 3}
puts {
<h2>C/C++ Interface For SQLite Version 3</h2>
}
proc api {name prototype desc {notused x}} {
................................................................................
#define SQLITE_TRANSACTION 22 /* NULL NULL */
#define SQLITE_UPDATE 23 /* Table Name Column Name */
#define SQLITE_ATTACH 24 /* Filename NULL */
#define SQLITE_DETACH 25 /* Database Name NULL */
#define SQLITE_ALTER_TABLE 26 /* Database Name Table Name */
#define SQLITE_REINDEX 27 /* Index Name NULL */
#define SQLITE_ANALYZE 28 /* Table Name NULL */
#define SQLITE_CREATE_VTABLE 29 /* Table Name Module Name */
#define SQLITE_DROP_VTABLE 30 /* Table Name Module Name */
#define SQLITE_FUNCTION 31 /* Function Name NULL */
#define SQLITE_DENY 1 /* Abort the SQL statement with an error */
#define SQLITE_IGNORE 2 /* Don't allow access, but don't generate an error */
} {
This routine registers a callback with the SQLite library. The
callback is invoked by sqlite3_prepare() to authorize various
operations against the database. The callback should
return SQLITE_OK if access is allowed, SQLITE_DENY if the entire
SQL statement should be aborted with an error and SQLITE_IGNORE
if the operation should be treated as a no-op.
Each database connection have at most one authorizer registered
at a time one time. Each call
to sqlite3_set_authorizer() overrides the previous authorizer.
Setting the callback to NULL disables the authorizer.
The second argument to the access authorization function will be one
of the defined constants shown. These values signify what kind of operation
is to be authorized. The 3rd and 4th arguments to the authorization
function will be arguments or NULL depending on which of the
codes is used as the second argument. For example, if the the
2nd argument code is SQLITE_READ then the 3rd argument will be the name
of the table that is being read from and the 4th argument will be the
name of the column that is being read from. Or if the 2nd argument
is SQLITE_FUNCTION then the 3rd argument will be the name of the
function that is being invoked and the 4th argument will be NULL.
The 5th argument is the name
of the database ("main", "temp", etc.) where applicable. The 6th argument
is the name of the inner-most trigger or view that is responsible for
the access attempt or NULL if this access attempt is directly from
input SQL code.
The return value of the authorization function should be one of the
constants SQLITE_OK, SQLITE_DENY, or SQLITE_IGNORE. A return of
SQLITE_OK means that the operation is permitted and that
sqlite3_prepare() can proceed as normal.
A return of SQLITE_DENY means that the sqlite3_prepare()
should fail with an error. A return of SQLITE_IGNORE causes the
sqlite3_prepare() to continue as normal but the requested
operation is silently converted into a no-op. A return of SQLITE_IGNORE
in response to an SQLITE_READ or SQLITE_FUNCTION causes the column
being read or the function being invoked to return a NULL.
The intent of this routine is to allow applications to safely execute
user-entered SQL. An appropriate callback can deny the user-entered
SQL access certain operations (ex: anything that changes the database)
or to deny access to certain tables or columns within the database.
}
|