monotone

monotone Mtn Source Tree

Root/sqlite/auth.c

1/*
2** 2003 January 11
3**
4** The author disclaims copyright to this source code. In place of
5** a legal notice, here is a blessing:
6**
7** May you do good and not evil.
8** May you find forgiveness for yourself and forgive others.
9** May you share freely, never taking more than you give.
10**
11*************************************************************************
12** This file contains code used to implement the sqlite_set_authorizer()
13** API. This facility is an optional feature of the library. Embedded
14** systems that do not need this facility may omit it by recompiling
15** the library with -DSQLITE_OMIT_AUTHORIZATION=1
16**
17** $Id: auth.c,v 1.1 2003/08/05 23:03:07 graydon Exp $
18*/
19#include "sqliteInt.h"
20
21/*
22** All of the code in this file may be omitted by defining a single
23** macro.
24*/
25#ifndef SQLITE_OMIT_AUTHORIZATION
26
27/*
28** Set or clear the access authorization function.
29**
30** The access authorization function is be called during the compilation
31** phase to verify that the user has read and/or write access permission on
32** various fields of the database. The first argument to the auth function
33** is a copy of the 3rd argument to this routine. The second argument
34** to the auth function is one of these constants:
35**
36** SQLITE_COPY
37** SQLITE_CREATE_INDEX
38** SQLITE_CREATE_TABLE
39** SQLITE_CREATE_TEMP_INDEX
40** SQLITE_CREATE_TEMP_TABLE
41** SQLITE_CREATE_TEMP_TRIGGER
42** SQLITE_CREATE_TEMP_VIEW
43** SQLITE_CREATE_TRIGGER
44** SQLITE_CREATE_VIEW
45** SQLITE_DELETE
46** SQLITE_DROP_INDEX
47** SQLITE_DROP_TABLE
48** SQLITE_DROP_TEMP_INDEX
49** SQLITE_DROP_TEMP_TABLE
50** SQLITE_DROP_TEMP_TRIGGER
51** SQLITE_DROP_TEMP_VIEW
52** SQLITE_DROP_TRIGGER
53** SQLITE_DROP_VIEW
54** SQLITE_INSERT
55** SQLITE_PRAGMA
56** SQLITE_READ
57** SQLITE_SELECT
58** SQLITE_TRANSACTION
59** SQLITE_UPDATE
60**
61** The third and fourth arguments to the auth function are the name of
62** the table and the column that are being accessed. The auth function
63** should return either SQLITE_OK, SQLITE_DENY, or SQLITE_IGNORE. If
64** SQLITE_OK is returned, it means that access is allowed. SQLITE_DENY
65** means that the SQL statement will never-run - the sqlite_exec() call
66** will return with an error. SQLITE_IGNORE means that the SQL statement
67** should run but attempts to read the specified column will return NULL
68** and attempts to write the column will be ignored.
69**
70** Setting the auth function to NULL disables this hook. The default
71** setting of the auth function is NULL.
72*/
73int sqlite_set_authorizer(
74 sqlite *db,
75 int (*xAuth)(void*,int,const char*,const char*,const char*,const char*),
76 void *pArg
77){
78 db->xAuth = xAuth;
79 db->pAuthArg = pArg;
80 return SQLITE_OK;
81}
82
83/*
84** Write an error message into pParse->zErrMsg that explains that the
85** user-supplied authorization function returned an illegal value.
86*/
87static void sqliteAuthBadReturnCode(Parse *pParse, int rc){
88 char zBuf[20];
89 sprintf(zBuf, "(%d)", rc);
90 sqliteSetString(&pParse->zErrMsg, "illegal return value ", zBuf,
91 " from the authorization function - should be SQLITE_OK, "
92 "SQLITE_IGNORE, or SQLITE_DENY", 0);
93 pParse->nErr++;
94 pParse->rc = SQLITE_MISUSE;
95}
96
97/*
98** The pExpr should be a TK_COLUMN expression. The table referred to
99** is in pTabList or else it is the NEW or OLD table of a trigger.
100** Check to see if it is OK to read this particular column.
101**
102** If the auth function returns SQLITE_IGNORE, change the TK_COLUMN
103** instruction into a TK_NULL. If the auth function returns SQLITE_DENY,
104** then generate an error.
105*/
106void sqliteAuthRead(
107 Parse *pParse, /* The parser context */
108 Expr *pExpr, /* The expression to check authorization on */
109 SrcList *pTabList /* All table that pExpr might refer to */
110){
111 sqlite *db = pParse->db;
112 int rc;
113 Table *pTab; /* The table being read */
114 const char *zCol; /* Name of the column of the table */
115 int iSrc; /* Index in pTabList->a[] of table being read */
116 const char *zDBase; /* Name of database being accessed */
117
118 if( db->xAuth==0 ) return;
119 assert( pExpr->op==TK_COLUMN );
120 for(iSrc=0; iSrc<pTabList->nSrc; iSrc++){
121 if( pExpr->iTable==pTabList->a[iSrc].iCursor ) break;
122 }
123 if( iSrc>=0 && iSrc<pTabList->nSrc ){
124 pTab = pTabList->a[iSrc].pTab;
125 }else{
126 /* This must be an attempt to read the NEW or OLD pseudo-tables
127 ** of a trigger.
128 */
129 TriggerStack *pStack; /* The stack of current triggers */
130 pStack = pParse->trigStack;
131 assert( pStack!=0 );
132 assert( pExpr->iTable==pStack->newIdx || pExpr->iTable==pStack->oldIdx );
133 pTab = pStack->pTab;
134 }
135 if( pTab==0 ) return;
136 if( pExpr->iColumn>=0 ){
137 assert( pExpr->iColumn<pTab->nCol );
138 zCol = pTab->aCol[pExpr->iColumn].zName;
139 }else if( pTab->iPKey>=0 ){
140 assert( pTab->iPKey<pTab->nCol );
141 zCol = pTab->aCol[pTab->iPKey].zName;
142 }else{
143 zCol = "ROWID";
144 }
145 assert( pExpr->iDb<db->nDb );
146 zDBase = db->aDb[pExpr->iDb].zName;
147 rc = db->xAuth(db->pAuthArg, SQLITE_READ, pTab->zName, zCol, zDBase,
148 pParse->zAuthContext);
149 if( rc==SQLITE_IGNORE ){
150 pExpr->op = TK_NULL;
151 }else if( rc==SQLITE_DENY ){
152 if( db->nDb>2 || pExpr->iDb!=0 ){
153 sqliteSetString(&pParse->zErrMsg,"access to ", zDBase, ".",
154 pTab->zName, ".", zCol, " is prohibited", 0);
155 }else{
156 sqliteSetString(&pParse->zErrMsg,"access to ", pTab->zName, ".",
157 zCol, " is prohibited", 0);
158 }
159 pParse->nErr++;
160 pParse->rc = SQLITE_AUTH;
161 }else if( rc!=SQLITE_OK ){
162 sqliteAuthBadReturnCode(pParse, rc);
163 }
164}
165
166/*
167** Do an authorization check using the code and arguments given. Return
168** either SQLITE_OK (zero) or SQLITE_IGNORE or SQLITE_DENY. If SQLITE_DENY
169** is returned, then the error count and error message in pParse are
170** modified appropriately.
171*/
172int sqliteAuthCheck(
173 Parse *pParse,
174 int code,
175 const char *zArg1,
176 const char *zArg2,
177 const char *zArg3
178){
179 sqlite *db = pParse->db;
180 int rc;
181
182 if( db->xAuth==0 ){
183 return SQLITE_OK;
184 }
185 rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2, zArg3, pParse->zAuthContext);
186 if( rc==SQLITE_DENY ){
187 sqliteSetString(&pParse->zErrMsg, "not authorized", 0);
188 pParse->rc = SQLITE_AUTH;
189 pParse->nErr++;
190 }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){
191 rc = SQLITE_DENY;
192 sqliteAuthBadReturnCode(pParse, rc);
193 }
194 return rc;
195}
196
197/*
198** Push an authorization context. After this routine is called, the
199** zArg3 argument to authorization callbacks will be zContext until
200** popped. Or if pParse==0, this routine is a no-op.
201*/
202void sqliteAuthContextPush(
203 Parse *pParse,
204 AuthContext *pContext,
205 const char *zContext
206){
207 pContext->pParse = pParse;
208 if( pParse ){
209 pContext->zAuthContext = pParse->zAuthContext;
210 pParse->zAuthContext = zContext;
211 }
212}
213
214/*
215** Pop an authorization context that was previously pushed
216** by sqliteAuthContextPush
217*/
218void sqliteAuthContextPop(AuthContext *pContext){
219 if( pContext->pParse ){
220 pContext->pParse->zAuthContext = pContext->zAuthContext;
221 pContext->pParse = 0;
222 }
223}
224
225#endif /* SQLITE_OMIT_AUTHORIZATION */

Archive Download this file

Branches

Tags

Quick Links:     www.monotone.ca    -     Downloads    -     Documentation    -     Wiki    -     Code Forge    -     Build Status