monotone

monotone Mtn Source Tree

Root/sqlite/auth.c

1/*
2** 2003 January 11
3**
4** The author disclaims copyright to this source code. In place of
5** a legal notice, here is a blessing:
6**
7** May you do good and not evil.
8** May you find forgiveness for yourself and forgive others.
9** May you share freely, never taking more than you give.
10**
11*************************************************************************
12** This file contains code used to implement the sqlite3_set_authorizer()
13** API. This facility is an optional feature of the library. Embedded
14** systems that do not need this facility may omit it by recompiling
15** the library with -DSQLITE_OMIT_AUTHORIZATION=1
16**
17** $Id: auth.c,v 1.26 2007/05/14 11:34:47 drh Exp $
18*/
19#include "sqliteInt.h"
20
21/*
22** All of the code in this file may be omitted by defining a single
23** macro.
24*/
25#ifndef SQLITE_OMIT_AUTHORIZATION
26
27/*
28** Set or clear the access authorization function.
29**
30** The access authorization function is be called during the compilation
31** phase to verify that the user has read and/or write access permission on
32** various fields of the database. The first argument to the auth function
33** is a copy of the 3rd argument to this routine. The second argument
34** to the auth function is one of these constants:
35**
36** SQLITE_CREATE_INDEX
37** SQLITE_CREATE_TABLE
38** SQLITE_CREATE_TEMP_INDEX
39** SQLITE_CREATE_TEMP_TABLE
40** SQLITE_CREATE_TEMP_TRIGGER
41** SQLITE_CREATE_TEMP_VIEW
42** SQLITE_CREATE_TRIGGER
43** SQLITE_CREATE_VIEW
44** SQLITE_DELETE
45** SQLITE_DROP_INDEX
46** SQLITE_DROP_TABLE
47** SQLITE_DROP_TEMP_INDEX
48** SQLITE_DROP_TEMP_TABLE
49** SQLITE_DROP_TEMP_TRIGGER
50** SQLITE_DROP_TEMP_VIEW
51** SQLITE_DROP_TRIGGER
52** SQLITE_DROP_VIEW
53** SQLITE_INSERT
54** SQLITE_PRAGMA
55** SQLITE_READ
56** SQLITE_SELECT
57** SQLITE_TRANSACTION
58** SQLITE_UPDATE
59**
60** The third and fourth arguments to the auth function are the name of
61** the table and the column that are being accessed. The auth function
62** should return either SQLITE_OK, SQLITE_DENY, or SQLITE_IGNORE. If
63** SQLITE_OK is returned, it means that access is allowed. SQLITE_DENY
64** means that the SQL statement will never-run - the sqlite3_exec() call
65** will return with an error. SQLITE_IGNORE means that the SQL statement
66** should run but attempts to read the specified column will return NULL
67** and attempts to write the column will be ignored.
68**
69** Setting the auth function to NULL disables this hook. The default
70** setting of the auth function is NULL.
71*/
72int sqlite3_set_authorizer(
73 sqlite3 *db,
74 int (*xAuth)(void*,int,const char*,const char*,const char*,const char*),
75 void *pArg
76){
77 db->xAuth = xAuth;
78 db->pAuthArg = pArg;
79 sqlite3ExpirePreparedStatements(db);
80 return SQLITE_OK;
81}
82
83/*
84** Write an error message into pParse->zErrMsg that explains that the
85** user-supplied authorization function returned an illegal value.
86*/
87static void sqliteAuthBadReturnCode(Parse *pParse, int rc){
88 sqlite3ErrorMsg(pParse, "illegal return value (%d) from the "
89 "authorization function - should be SQLITE_OK, SQLITE_IGNORE, "
90 "or SQLITE_DENY", rc);
91 pParse->rc = SQLITE_ERROR;
92}
93
94/*
95** The pExpr should be a TK_COLUMN expression. The table referred to
96** is in pTabList or else it is the NEW or OLD table of a trigger.
97** Check to see if it is OK to read this particular column.
98**
99** If the auth function returns SQLITE_IGNORE, change the TK_COLUMN
100** instruction into a TK_NULL. If the auth function returns SQLITE_DENY,
101** then generate an error.
102*/
103void sqlite3AuthRead(
104 Parse *pParse, /* The parser context */
105 Expr *pExpr, /* The expression to check authorization on */
106 SrcList *pTabList /* All table that pExpr might refer to */
107){
108 sqlite3 *db = pParse->db;
109 int rc;
110 Table *pTab; /* The table being read */
111 const char *zCol; /* Name of the column of the table */
112 int iSrc; /* Index in pTabList->a[] of table being read */
113 const char *zDBase; /* Name of database being accessed */
114 TriggerStack *pStack; /* The stack of current triggers */
115 int iDb; /* The index of the database the expression refers to */
116
117 if( db->xAuth==0 ) return;
118 if( pExpr->op!=TK_COLUMN ) return;
119 iDb = sqlite3SchemaToIndex(pParse->db, pExpr->pSchema);
120 if( iDb<0 ){
121 /* An attempt to read a column out of a subquery or other
122 ** temporary table. */
123 return;
124 }
125 for(iSrc=0; pTabList && iSrc<pTabList->nSrc; iSrc++){
126 if( pExpr->iTable==pTabList->a[iSrc].iCursor ) break;
127 }
128 if( iSrc>=0 && pTabList && iSrc<pTabList->nSrc ){
129 pTab = pTabList->a[iSrc].pTab;
130 }else if( (pStack = pParse->trigStack)!=0 ){
131 /* This must be an attempt to read the NEW or OLD pseudo-tables
132 ** of a trigger.
133 */
134 assert( pExpr->iTable==pStack->newIdx || pExpr->iTable==pStack->oldIdx );
135 pTab = pStack->pTab;
136 }else{
137 return;
138 }
139 if( pTab==0 ) return;
140 if( pExpr->iColumn>=0 ){
141 assert( pExpr->iColumn<pTab->nCol );
142 zCol = pTab->aCol[pExpr->iColumn].zName;
143 }else if( pTab->iPKey>=0 ){
144 assert( pTab->iPKey<pTab->nCol );
145 zCol = pTab->aCol[pTab->iPKey].zName;
146 }else{
147 zCol = "ROWID";
148 }
149 assert( iDb>=0 && iDb<db->nDb );
150 zDBase = db->aDb[iDb].zName;
151 rc = db->xAuth(db->pAuthArg, SQLITE_READ, pTab->zName, zCol, zDBase,
152 pParse->zAuthContext);
153 if( rc==SQLITE_IGNORE ){
154 pExpr->op = TK_NULL;
155 }else if( rc==SQLITE_DENY ){
156 if( db->nDb>2 || iDb!=0 ){
157 sqlite3ErrorMsg(pParse, "access to %s.%s.%s is prohibited",
158 zDBase, pTab->zName, zCol);
159 }else{
160 sqlite3ErrorMsg(pParse, "access to %s.%s is prohibited",pTab->zName,zCol);
161 }
162 pParse->rc = SQLITE_AUTH;
163 }else if( rc!=SQLITE_OK ){
164 sqliteAuthBadReturnCode(pParse, rc);
165 }
166}
167
168/*
169** Do an authorization check using the code and arguments given. Return
170** either SQLITE_OK (zero) or SQLITE_IGNORE or SQLITE_DENY. If SQLITE_DENY
171** is returned, then the error count and error message in pParse are
172** modified appropriately.
173*/
174int sqlite3AuthCheck(
175 Parse *pParse,
176 int code,
177 const char *zArg1,
178 const char *zArg2,
179 const char *zArg3
180){
181 sqlite3 *db = pParse->db;
182 int rc;
183
184 /* Don't do any authorization checks if the database is initialising
185 ** or if the parser is being invoked from within sqlite3_declare_vtab.
186 */
187 if( db->init.busy || IN_DECLARE_VTAB ){
188 return SQLITE_OK;
189 }
190
191 if( db->xAuth==0 ){
192 return SQLITE_OK;
193 }
194 rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2, zArg3, pParse->zAuthContext);
195 if( rc==SQLITE_DENY ){
196 sqlite3ErrorMsg(pParse, "not authorized");
197 pParse->rc = SQLITE_AUTH;
198 }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){
199 rc = SQLITE_DENY;
200 sqliteAuthBadReturnCode(pParse, rc);
201 }
202 return rc;
203}
204
205/*
206** Push an authorization context. After this routine is called, the
207** zArg3 argument to authorization callbacks will be zContext until
208** popped. Or if pParse==0, this routine is a no-op.
209*/
210void sqlite3AuthContextPush(
211 Parse *pParse,
212 AuthContext *pContext,
213 const char *zContext
214){
215 pContext->pParse = pParse;
216 if( pParse ){
217 pContext->zAuthContext = pParse->zAuthContext;
218 pParse->zAuthContext = zContext;
219 }
220}
221
222/*
223** Pop an authorization context that was previously pushed
224** by sqlite3AuthContextPush
225*/
226void sqlite3AuthContextPop(AuthContext *pContext){
227 if( pContext->pParse ){
228 pContext->pParse->zAuthContext = pContext->zAuthContext;
229 pContext->pParse = 0;
230 }
231}
232
233#endif /* SQLITE_OMIT_AUTHORIZATION */

Archive Download this file

Branches

Tags

Quick Links:     www.monotone.ca    -     Downloads    -     Documentation    -     Wiki    -     Code Forge    -     Build Status