Add the ability for the authorizer callback to disallow recursive
queries. FossilOrigin-Name: 9efc120a1548c03f3d8aabbadf1050ff2a119c31
This commit is contained in:
drh
parent
727a99f1e3
commit
65a2aaa633
18
manifest
18
manifest
@ -1,5 +1,5 @@
|
||||
C Tweaks\sto\serror\smessage\stext.
|
||||
D 2014-01-16T21:59:51.988
|
||||
C Add\sthe\sability\sfor\sthe\sauthorizer\scallback\sto\sdisallow\srecursive\nqueries.
|
||||
D 2014-01-16T22:40:02.405
|
||||
F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
|
||||
F Makefile.in 2ef13430cd359f7b361bb863504e227b25cc7f81
|
||||
F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
|
||||
@ -219,16 +219,16 @@ F src/printf.c 85d07756e45d7496d19439dcae3e6e9e0090f269
|
||||
F src/random.c d10c1f85b6709ca97278428fd5db5bbb9c74eece
|
||||
F src/resolve.c ae278d8ce037883323f677e78c241f64289f12ec
|
||||
F src/rowset.c 64655f1a627c9c212d9ab497899e7424a34222e0
|
||||
F src/select.c d75733ab2ad5e9f0d79fb4ab9f45d3d3d3675a3d
|
||||
F src/select.c fc7499ac90fd4d49782e0a16372d3a5efde2aa3b
|
||||
F src/shell.c 9f3bc02a658b8f61d2cbe60cfc482f660c1c6c48
|
||||
F src/sqlite.h.in d94a8b89522f526ba711182ee161e06f8669bcc9
|
||||
F src/sqlite.h.in eed7f7d66a60daaa7b4a597dcd9bad87aad9611b
|
||||
F src/sqlite3.rc 11094cc6a157a028b301a9f06b3d03089ea37c3e
|
||||
F src/sqlite3ext.h 886f5a34de171002ad46fae8c36a7d8051c190fc
|
||||
F src/sqliteInt.h d49c0bea5282f15c1eb1eb9d705770f70d19c1e2
|
||||
F src/sqliteLimit.h 164b0e6749d31e0daa1a4589a169d31c0dec7b3d
|
||||
F src/status.c 7ac05a5c7017d0b9f0b4bcd701228b784f987158
|
||||
F src/table.c 2cd62736f845d82200acfa1287e33feb3c15d62e
|
||||
F src/tclsqlite.c c43379f77f90399802b0e215faa71c0adc3a4d2e
|
||||
F src/tclsqlite.c 46073db71011b6542fde1f234c56a076d5ff23f9
|
||||
F src/test1.c db16ba651453b15001c7f2838c446284dde4ecaf
|
||||
F src/test2.c 7355101c085304b90024f2261e056cdff13c6c35
|
||||
F src/test3.c 1c0e5d6f080b8e33c1ce8b3078e7013fdbcd560c
|
||||
@ -327,7 +327,7 @@ F test/attach2.test 0ec5defa340363de6cd50fd595046465e9aaba2d
|
||||
F test/attach3.test 359eb65d00102cdfcef6fa4e81dc1648f8f80b27
|
||||
F test/attach4.test 53bf502f17647c6d6c5add46dda6bac8b6f4665c
|
||||
F test/attachmalloc.test 3a4bfca9545bfe906a8d2e622de10fbac5b711b0
|
||||
F test/auth.test 9bea29041871807d9f289ee679d05d3ed103642f
|
||||
F test/auth.test 5bdf154eb28c0e4bbc0473f335858c0d96171768
|
||||
F test/auth2.test c3b415b76c033bedb81292118fb7c01f5f10cbcd
|
||||
F test/auth3.test a4755e6a2a2fea547ffe63c874eb569e60a28eb5
|
||||
F test/autoinc.test c58912526998a39e11f66b533e23cfabea7f25b7
|
||||
@ -1150,7 +1150,7 @@ F tool/vdbe-compress.tcl 0cf56e9263a152b84da86e75a5c0cdcdb7a47891
|
||||
F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
|
||||
F tool/warnings.sh d1a6de74685f360ab718efda6265994b99bbea01
|
||||
F tool/win/sqlite.vsix 030f3eeaf2cb811a3692ab9c14d021a75ce41fff
|
||||
P 54eee9fe99290e59469bd3e1a66bb749887d37ee
|
||||
R 7385964692340c50e255f43b779c83ed
|
||||
P 090a77d97808b86d1e9f5c63c743a2b159a15f5d
|
||||
R f01d2088e8545f61e859d9aad946ffb1
|
||||
U drh
|
||||
Z 3d3568f983c7b2bd0c47dd0558e3c02c
|
||||
Z b5ce4714b23c3d6e2db0cb8e18c5a93d
|
||||
|
||||
@ -1 +1 @@
|
||||
090a77d97808b86d1e9f5c63c743a2b159a15f5d
|
||||
9efc120a1548c03f3d8aabbadf1050ff2a119c31
|
||||
@ -1814,6 +1814,9 @@ static int multiSelect(
|
||||
SelectDest tmp2dest;
|
||||
int i;
|
||||
|
||||
if( sqlite3AuthCheck(pParse, SQLITE_RECURSIVE, 0, 0, 0) ){
|
||||
goto multi_select_end;
|
||||
}
|
||||
iBreak = sqlite3VdbeMakeLabel(v);
|
||||
iCont = sqlite3VdbeMakeLabel(v);
|
||||
|
||||
|
||||
@ -2561,6 +2561,7 @@ int sqlite3_set_authorizer(
|
||||
#define SQLITE_FUNCTION 31 /* NULL Function Name */
|
||||
#define SQLITE_SAVEPOINT 32 /* Operation Savepoint Name */
|
||||
#define SQLITE_COPY 0 /* No longer used */
|
||||
#define SQLITE_RECURSIVE 33 /* NULL NULL */
|
||||
|
||||
/*
|
||||
** CAPI3REF: Tracing And Profiling Functions
|
||||
|
||||
@ -914,6 +914,7 @@ static int auth_callback(
|
||||
case SQLITE_DROP_VTABLE : zCode="SQLITE_DROP_VTABLE"; break;
|
||||
case SQLITE_FUNCTION : zCode="SQLITE_FUNCTION"; break;
|
||||
case SQLITE_SAVEPOINT : zCode="SQLITE_SAVEPOINT"; break;
|
||||
case SQLITE_RECURSIVE : zCode="SQLITE_RECURSIVE"; break;
|
||||
default : zCode="????"; break;
|
||||
}
|
||||
Tcl_DStringInit(&str);
|
||||
|
||||
@ -2080,6 +2080,42 @@ ifcapable {altertable} {
|
||||
execsql {DROP TABLE t5}
|
||||
} ;# ifcapable altertable
|
||||
|
||||
ifcapable {cte} {
|
||||
do_test auth-1.310 {
|
||||
proc auth {code arg1 arg2 arg3 arg4} {
|
||||
if {$code=="SQLITE_RECURSIVE"} {
|
||||
return SQLITE_DENY
|
||||
}
|
||||
return SQLITE_OK
|
||||
}
|
||||
db eval {
|
||||
DROP TABLE IF EXISTS t1;
|
||||
CREATE TABLE t1(a,b);
|
||||
INSERT INTO t1 VALUES(1,2),(3,4),(5,6);
|
||||
}
|
||||
} {}
|
||||
do_catchsql_test auth-1.311 {
|
||||
WITH
|
||||
auth1311(x,y) AS (SELECT a+b, b-a FROM t1)
|
||||
SELECT * FROM auth1311 ORDER BY x;
|
||||
} {0 {3 1 7 1 11 1}}
|
||||
do_catchsql_test auth-1.312 {
|
||||
WITH RECURSIVE
|
||||
auth1312(x,y) AS (SELECT a+b, b-a FROM t1)
|
||||
SELECT x, y FROM auth1312 ORDER BY x;
|
||||
} {0 {3 1 7 1 11 1}}
|
||||
do_catchsql_test auth-1.313 {
|
||||
WITH RECURSIVE
|
||||
auth1313(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM auth1313 WHERE x<5)
|
||||
SELECT * FROM t1;
|
||||
} {0 {1 2 3 4 5 6}}
|
||||
do_catchsql_test auth-1.314 {
|
||||
WITH RECURSIVE
|
||||
auth1314(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM auth1314 WHERE x<5)
|
||||
SELECT * FROM t1 LEFT JOIN auth1314;
|
||||
} {1 {not authorized}}
|
||||
} ;# ifcapable cte
|
||||
|
||||
do_test auth-2.1 {
|
||||
proc auth {code arg1 arg2 arg3 arg4} {
|
||||
if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user