Enhance the sqlite3_set_authorizer() callback so that it provides callbacks
on each SQL function that is invoked. (CVS 3365) FossilOrigin-Name: 4547c81f7da29b1490c6eba8d9c333218c5cb88f
This commit is contained in:
parent
882e8e4df2
commit
5169bbc6a3
19
manifest
19
manifest
@ -1,5 +1,5 @@
|
||||
C Tcl\sinterface\sdoes\sfilename\stranslation\sprior\sto\scalling\ssqlite3_open().\nTicket\s#1937.\s(CVS\s3364)
|
||||
D 2006-08-24T02:42:28
|
||||
C Enhance\sthe\ssqlite3_set_authorizer()\scallback\sso\sthat\sit\sprovides\scallbacks\non\seach\sSQL\sfunction\sthat\sis\sinvoked.\s(CVS\s3365)
|
||||
D 2006-08-24T14:59:46
|
||||
F Makefile.in 8e7f9ecebab2c6e0f3db20ff129a8f9405ab64f8
|
||||
F Makefile.linux-gcc 2d8574d1ba75f129aba2019f0b959db380a90935
|
||||
F README 9c4e2d6706bdcc3efdd773ce752a8cdab4f90028
|
||||
@ -50,7 +50,7 @@ F src/complete.c 7d1a44be8f37de125fcafd3d3a018690b3799675
|
||||
F src/date.c cd2bd5d1ebc6fa12d6312f69789ae5b0a2766f2e
|
||||
F src/delete.c 804384761144fe1a5035b99f4bd7d706976831bd
|
||||
F src/experimental.c 1b2d1a6cd62ecc39610e97670332ca073c50792b
|
||||
F src/expr.c 715734d8681c5ad179a24156800b5c5646489e05
|
||||
F src/expr.c fb53fb9ddbfb2868bf148031adde2290de0fd65a
|
||||
F src/func.c dd9cea8ed3246d7a4c49fd01034d470d5702b8b0
|
||||
F src/hash.c 449f3d6620193aa557f5d86cbc5cc6b87702b185
|
||||
F src/hash.h 1b3f7e2609141fd571f62199fc38687d262e9564
|
||||
@ -80,11 +80,11 @@ F src/random.c d40f8d356cecbd351ccfab6eaedd7ec1b54f5261
|
||||
F src/select.c 0d4724930a1f34c747105ed1802fa4af0d8eb519
|
||||
F src/server.c 087b92a39d883e3fa113cae259d64e4c7438bc96
|
||||
F src/shell.c bc41feffb59676885368b7be5104e7d65ddb55d3
|
||||
F src/sqlite.h.in 181d04022bcf63a6e8a9111848940512344f41ab
|
||||
F src/sqlite.h.in 84ac26ca94a84dd603fb57a27d862f51bfd9f687
|
||||
F src/sqlite3ext.h 11a046b3519c4b9b7709e6d6a95c3a36366f684a
|
||||
F src/sqliteInt.h 325a2d45be2b22c1e21ad649e0a898c74eaec7de
|
||||
F src/table.c d8817f43a6c6bf139487db161760b9e1e02da3f1
|
||||
F src/tclsqlite.c 075616e270b5e9986f09eac28914b8261ea312e8
|
||||
F src/tclsqlite.c b706556687f0113e01d0574b0caa59c1cd4f3034
|
||||
F src/test1.c 535294d7f21a4127082c4f7a57f225482df9cc36
|
||||
F src/test2.c ca74a1d8aeb7d9606e8f6b762c5daf85c1a3f92b
|
||||
F src/test3.c 85135c09560c48bdb0a23c9b890ab405486b8ec9
|
||||
@ -129,7 +129,8 @@ F test/attach.test c616a88eab6b6fd99b7b2fcf449420f14628bc0b
|
||||
F test/attach2.test 0e6a7c54343c85dd877a1e86073a05176043ed40
|
||||
F test/attach3.test eafcafb107585aecc2ed1569a77914138eef46a9
|
||||
F test/attachmalloc.test cdb26c42850f04698377ccec05f5fa89d987837c
|
||||
F test/auth.test 5e27e39ed196bea6ddb5f4a55e1a202062ea2cf8
|
||||
F test/auth.test 66923137cf78475f5671b5e6e6274935e055aea0
|
||||
F test/auth2.test 8da06f0ffcfd98154dda78e0f3b35a6503c27b64
|
||||
F test/autoinc.test 60005a676e3e4e17dfa9dbd08aa0b76587ff97e3
|
||||
F test/autovacuum.test 5f5d843ff856b7dcfdf3f36b7e1acb04895047ce
|
||||
F test/autovacuum_crash.test 05a63b8805b20cfba7ace82856ce4ccdda075a31
|
||||
@ -387,7 +388,7 @@ F www/tclsqlite.tcl bb0d1357328a42b1993d78573e587c6dcbc964b9
|
||||
F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0
|
||||
F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b
|
||||
F www/whentouse.tcl 97e2b5cd296f7d8057e11f44427dea8a4c2db513
|
||||
P b0d8e0d314d6f77b7d4b5dd00c694a1323f7a8e4
|
||||
R 847b829d695356d3a7be5ec77800c446
|
||||
P 5696e0cb771ea62df6f91cb03dfc428af1441e9e
|
||||
R adbd010d3035a48a51b9cccec0ffd93d
|
||||
U drh
|
||||
Z 5000c3ac936c8f6f0859cbaf4d2914c9
|
||||
Z e780ba3f47ab009dda8d768d0c7835f6
|
||||
|
@ -1 +1 @@
|
||||
5696e0cb771ea62df6f91cb03dfc428af1441e9e
|
||||
4547c81f7da29b1490c6eba8d9c333218c5cb88f
|
15
src/expr.c
15
src/expr.c
@ -12,7 +12,7 @@
|
||||
** This file contains routines used for analyzing expressions and
|
||||
** for generating VDBE code that evaluates expressions in SQLite.
|
||||
**
|
||||
** $Id: expr.c,v 1.266 2006/07/11 13:15:08 drh Exp $
|
||||
** $Id: expr.c,v 1.267 2006/08/24 14:59:46 drh Exp $
|
||||
*/
|
||||
#include "sqliteInt.h"
|
||||
#include <ctype.h>
|
||||
@ -1161,6 +1161,7 @@ static int nameResolverStep(void *pArg, Expr *pExpr){
|
||||
int wrong_num_args = 0; /* True if wrong number of arguments */
|
||||
int is_agg = 0; /* True if is an aggregate function */
|
||||
int i;
|
||||
int auth; /* Authorization to use the function */
|
||||
int nId; /* Number of characters in function name */
|
||||
const char *zId; /* The function name. */
|
||||
FuncDef *pDef; /* Information about the function */
|
||||
@ -1179,6 +1180,18 @@ static int nameResolverStep(void *pArg, Expr *pExpr){
|
||||
}else{
|
||||
is_agg = pDef->xFunc==0;
|
||||
}
|
||||
if( pDef ){
|
||||
auth = sqlite3AuthCheck(pParse, SQLITE_FUNCTION, 0, pDef->zName, 0);
|
||||
if( auth!=SQLITE_OK ){
|
||||
if( auth==SQLITE_DENY ){
|
||||
sqlite3ErrorMsg(pParse, "not authorized to use function: %s",
|
||||
pDef->zName);
|
||||
pNC->nErr++;
|
||||
}
|
||||
pExpr->op = TK_NULL;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
if( is_agg && !pNC->allowAgg ){
|
||||
sqlite3ErrorMsg(pParse, "misuse of aggregate function %.*s()", nId,zId);
|
||||
pNC->nErr++;
|
||||
|
@ -12,7 +12,7 @@
|
||||
** This header file defines the interface that the SQLite library
|
||||
** presents to client programs.
|
||||
**
|
||||
** @(#) $Id: sqlite.h.in,v 1.188 2006/08/23 20:07:22 drh Exp $
|
||||
** @(#) $Id: sqlite.h.in,v 1.189 2006/08/24 14:59:46 drh Exp $
|
||||
*/
|
||||
#ifndef _SQLITE3_H_
|
||||
#define _SQLITE3_H_
|
||||
@ -478,6 +478,7 @@ int sqlite3_set_authorizer(
|
||||
#define SQLITE_ANALYZE 28 /* Table Name NULL */
|
||||
#define SQLITE_CREATE_VTABLE 29 /* Table Name Module Name */
|
||||
#define SQLITE_DROP_VTABLE 30 /* Table Name Module Name */
|
||||
#define SQLITE_FUNCTION 31 /* Function Name NULL */
|
||||
|
||||
/*
|
||||
** The return value of the authorization function should be one of the
|
||||
|
@ -11,7 +11,7 @@
|
||||
*************************************************************************
|
||||
** A TCL Interface to SQLite
|
||||
**
|
||||
** $Id: tclsqlite.c,v 1.168 2006/08/24 02:42:28 drh Exp $
|
||||
** $Id: tclsqlite.c,v 1.169 2006/08/24 14:59:46 drh Exp $
|
||||
*/
|
||||
#ifndef NO_TCL /* Omit this whole file if TCL is unavailable */
|
||||
|
||||
@ -553,6 +553,7 @@ static int auth_callback(
|
||||
case SQLITE_ANALYZE : zCode="SQLITE_ANALYZE"; break;
|
||||
case SQLITE_CREATE_VTABLE : zCode="SQLITE_CREATE_VTABLE"; break;
|
||||
case SQLITE_DROP_VTABLE : zCode="SQLITE_DROP_VTABLE"; break;
|
||||
case SQLITE_FUNCTION : zCode="SQLITE_FUNCTION"; break;
|
||||
default : zCode="????"; break;
|
||||
}
|
||||
Tcl_DStringInit(&str);
|
||||
@ -2068,9 +2069,12 @@ static int DbMain(void *cd, Tcl_Interp *interp, int objc,Tcl_Obj *const*objv){
|
||||
return TCL_ERROR;
|
||||
}
|
||||
p->maxStmt = NUM_PREPARED_STMTS;
|
||||
p->interp = interp;
|
||||
zArg = Tcl_GetStringFromObj(objv[1], 0);
|
||||
Tcl_CreateObjCommand(interp, zArg, DbObjCmd, (char*)p, DbDeleteCmd);
|
||||
|
||||
/* If a TCL procedure named "::sqlite3_init
|
||||
|
||||
/* If compiled with SQLITE_TEST turned on, then register the "md5sum"
|
||||
** SQL function.
|
||||
*/
|
||||
@ -2087,7 +2091,6 @@ static int DbMain(void *cd, Tcl_Interp *interp, int objc,Tcl_Obj *const*objv){
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
p->interp = interp;
|
||||
return TCL_OK;
|
||||
}
|
||||
|
||||
|
@ -9,10 +9,10 @@
|
||||
#
|
||||
#***********************************************************************
|
||||
# This file implements regression tests for SQLite library. The
|
||||
# focus of this script is testing the ATTACH and DETACH commands
|
||||
# focus of this script is testing the sqlite3_set_authorizer() API
|
||||
# and related functionality.
|
||||
#
|
||||
# $Id: auth.test,v 1.36 2006/06/17 09:39:56 danielk1977 Exp $
|
||||
# $Id: auth.test,v 1.37 2006/08/24 14:59:46 drh Exp $
|
||||
#
|
||||
|
||||
set testdir [file dirname $argv0]
|
||||
|
75
test/auth2.test
Normal file
75
test/auth2.test
Normal file
@ -0,0 +1,75 @@
|
||||
# 2006 Aug 24
|
||||
#
|
||||
# The author disclaims copyright to this source code. In place of
|
||||
# a legal notice, here is a blessing:
|
||||
#
|
||||
# May you do good and not evil.
|
||||
# May you find forgiveness for yourself and forgive others.
|
||||
# May you share freely, never taking more than you give.
|
||||
#
|
||||
#***********************************************************************
|
||||
# This file implements regression tests for SQLite library. The
|
||||
# focus of this script is testing the sqlite3_set_authorizer() API
|
||||
# and related functionality.
|
||||
#
|
||||
# $Id: auth2.test,v 1.1 2006/08/24 14:59:46 drh Exp $
|
||||
#
|
||||
|
||||
set testdir [file dirname $argv0]
|
||||
source $testdir/tester.tcl
|
||||
|
||||
# disable this test if the SQLITE_OMIT_AUTHORIZATION macro is
|
||||
# defined during compilation.
|
||||
if {[catch {db auth {}} msg]} {
|
||||
finish_test
|
||||
return
|
||||
}
|
||||
|
||||
do_test auth2-1.1 {
|
||||
execsql {
|
||||
CREATE TABLE t1(a,b,c);
|
||||
INSERT INTO t1 VALUES(1,2,3);
|
||||
}
|
||||
set ::flist {}
|
||||
proc auth {code arg1 arg2 arg3 arg4} {
|
||||
if {$code=="SQLITE_FUNCTION"} {
|
||||
lappend ::flist $arg2
|
||||
if {$arg2=="max"} {
|
||||
return SQLITE_DENY
|
||||
} elseif {$arg2=="min"} {
|
||||
return SQLITE_IGNORE
|
||||
} else {
|
||||
return SQLITE_OK
|
||||
}
|
||||
}
|
||||
return SQLITE_OK
|
||||
}
|
||||
db authorizer ::auth
|
||||
catchsql {SELECT max(a,b,c) FROM t1}
|
||||
} {1 {not authorized to use function: max}}
|
||||
do_test auth2-1.2 {
|
||||
set ::flist
|
||||
} max
|
||||
do_test auth2-1.3 {
|
||||
set ::flist {}
|
||||
catchsql {SELECT min(a,b,c) FROM t1}
|
||||
} {0 {{}}}
|
||||
do_test auth2-1.4 {
|
||||
set ::flist
|
||||
} min
|
||||
do_test auth2-1.5 {
|
||||
set ::flist {}
|
||||
catchsql {SELECT coalesce(min(a,b,c),999) FROM t1}
|
||||
} {0 999}
|
||||
do_test auth2-1.6 {
|
||||
set ::flist
|
||||
} {coalesce min}
|
||||
do_test auth2-1.7 {
|
||||
set ::flist {}
|
||||
catchsql {SELECT coalesce(a,b,c) FROM t1}
|
||||
} {0 1}
|
||||
do_test auth2-1.8 {
|
||||
set ::flist
|
||||
} coalesce
|
||||
|
||||
finish_test
|
Loading…
x
Reference in New Issue
Block a user