mirror of https://github.com/sqlite/sqlite
Move user authentication blocking from sqlite3_prepare() over to the
table lock generator, thus allowing SQL statements (like "PRAGMA locking_mode") that do not touch database content to run prior to authentication. FossilOrigin-Name: 70121e7cf868b7d6d19bf98794ddc3809a901456
This commit is contained in:
parent
32c6a48b5e
commit
b2445d5ee8
16
manifest
16
manifest
|
@ -1,5 +1,5 @@
|
|||
C Add\ssupport\sfor\sthe\sextra\sparameter\son\sthe\ssqlite3_set_authorizer()\scallback\nand\ssupport\sfor\sfailing\san\sATTACH\swith\san\sauthentication-required\sdatabase\nusing\sbad\scredentials.\s\sThe\sextension\sis\snow\sfeature\scomplete,\sbut\smuch\ntesting\sand\sbug-fixing\sremains.
|
||||
D 2014-09-11T13:44:52.150
|
||||
C Move\suser\sauthentication\sblocking\sfrom\ssqlite3_prepare()\sover\sto\sthe\ntable\slock\sgenerator,\sthus\sallowing\sSQL\sstatements\s(like\s\n"PRAGMA\slocking_mode")\sthat\sdo\snot\stouch\sdatabase\scontent\sto\srun\nprior\sto\sauthentication.
|
||||
D 2014-09-11T14:01:41.319
|
||||
F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
|
||||
F Makefile.in cf57f673d77606ab0f2d9627ca52a9ba1464146a
|
||||
F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
|
||||
|
@ -174,7 +174,7 @@ F src/btmutex.c 49ca66250c7dfa844a4d4cb8272b87420d27d3a5
|
|||
F src/btree.c b1c1cd1cc3ae2e433a23b9a6c9ab53805707d8cd
|
||||
F src/btree.h a79aa6a71e7f1055f01052b7f821bd1c2dce95c8
|
||||
F src/btreeInt.h e0ecb5dba292722039a7540beb3fc448103273cc
|
||||
F src/build.c 4c7aac1ddda782c6f1cad84aeabec6e8d0be7495
|
||||
F src/build.c 8b02494e4dc9c4a6c9aff1cac8b40c426733f025
|
||||
F src/callback.c 7b44ce59674338ad48b0e84e7b72f935ea4f68b0
|
||||
F src/complete.c 535183afb3c75628b78ce82612931ac7cdf26f14
|
||||
F src/ctime.c 16cd19215d9fd849ee2b7509b092f2e0bbd6a958
|
||||
|
@ -220,8 +220,8 @@ F src/parse.y 22d6a074e5f5a7258947a1dc55a9bf946b765dd0
|
|||
F src/pcache.c 2048affdb09a04478b5fc6e64cb1083078d369be
|
||||
F src/pcache.h 9b559127b83f84ff76d735c8262f04853be0c59a
|
||||
F src/pcache1.c dab8ab930d4a73b99768d881185994f34b80ecaa
|
||||
F src/pragma.c 3b7b1a5e90804006f44c65464c7032ee6a1d24e3
|
||||
F src/prepare.c f82c009a763e739c6bdf02a270ccfda9e54f783c
|
||||
F src/pragma.c 3f3e959390a10c0131676f0e307acce372777e0f
|
||||
F src/prepare.c 6ef0cf2f9274982988ed6b7cab1be23147e94196
|
||||
F src/printf.c e74925089a85e3c9f0e315595f41c139d3d118c2
|
||||
F src/random.c d10c1f85b6709ca97278428fd5db5bbb9c74eece
|
||||
F src/resolve.c 0d1621e45fffe4b4396477cf46e41a84b0145ffb
|
||||
|
@ -1197,7 +1197,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
|
|||
F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
|
||||
F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32
|
||||
F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
|
||||
P 2f6d8f32eef526b5912f42ab467e3c7812480d8b
|
||||
R 8b68610f4a9d73b92fb9d68a3359baf2
|
||||
P 596e728b0eb19a34c888e33d4d37978ca2bf1e00
|
||||
R c54f70fc39612d9ea503f6c456a7ab1f
|
||||
U drh
|
||||
Z 6a1c7f3384e27f9ad12e8ea277382ab2
|
||||
Z e2993baf94376fc5d680228ffe933715
|
||||
|
|
|
@ -1 +1 @@
|
|||
596e728b0eb19a34c888e33d4d37978ca2bf1e00
|
||||
70121e7cf868b7d6d19bf98794ddc3809a901456
|
18
src/build.c
18
src/build.c
|
@ -156,6 +156,24 @@ void sqlite3FinishCoding(Parse *pParse){
|
|||
while( sqlite3VdbeDeletePriorOpcode(v, OP_Close) ){}
|
||||
sqlite3VdbeAddOp0(v, OP_Halt);
|
||||
|
||||
#if SQLITE_USER_AUTHENTICATION
|
||||
if( pParse->nTableLock>0 && db->init.busy==0 ){
|
||||
if( db->auth.authLevel<UAUTH_User ){
|
||||
if( db->auth.authLevel==UAUTH_Unknown ){
|
||||
u8 authLevel = UAUTH_Fail;
|
||||
sqlite3UserAuthCheckLogin(db, "main", &authLevel);
|
||||
db->auth.authLevel = authLevel;
|
||||
if( authLevel<UAUTH_Admin ) db->flags &= ~SQLITE_WriteSchema;
|
||||
}
|
||||
if( db->auth.authLevel<UAUTH_User ){
|
||||
pParse->rc = SQLITE_AUTH_USER;
|
||||
sqlite3ErrorMsg(pParse, "user not authenticated");
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/* The cookie mask contains one bit for each database file open.
|
||||
** (Bit 0 is for main, bit 1 is for temp, and so forth.) Bits are
|
||||
** set for each database that is used. Generate code to start a
|
||||
|
|
|
@ -1398,7 +1398,7 @@ void sqlite3Pragma(
|
|||
mask &= ~(SQLITE_ForeignKeys);
|
||||
}
|
||||
#if SQLITE_USER_AUTHENTICATION
|
||||
if( db->auth.authLevel<UAUTH_Admin ){
|
||||
if( db->auth.authLevel==UAUTH_User ){
|
||||
/* Do not allow non-admin users to modify the schema arbitrarily */
|
||||
mask &= ~(SQLITE_WriteSchema);
|
||||
}
|
||||
|
|
|
@ -715,20 +715,6 @@ static int sqlite3LockAndPrepare(
|
|||
return SQLITE_MISUSE_BKPT;
|
||||
}
|
||||
sqlite3_mutex_enter(db->mutex);
|
||||
#if SQLITE_USER_AUTHENTICATION
|
||||
if( db->auth.authLevel<UAUTH_User ){
|
||||
if( db->auth.authLevel==UAUTH_Unknown ){
|
||||
u8 authLevel = UAUTH_Fail;
|
||||
sqlite3UserAuthCheckLogin(db, "main", &authLevel);
|
||||
db->auth.authLevel = authLevel;
|
||||
}
|
||||
if( db->auth.authLevel<UAUTH_User ){
|
||||
sqlite3ErrorWithMsg(db, SQLITE_AUTH_USER, "user not authenticated");
|
||||
sqlite3_mutex_leave(db->mutex);
|
||||
return SQLITE_ERROR;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
sqlite3BtreeEnterAll(db);
|
||||
rc = sqlite3Prepare(db, zSql, nBytes, saveSqlFlag, pOld, ppStmt, pzTail);
|
||||
if( rc==SQLITE_SCHEMA ){
|
||||
|
|
Loading…
Reference in New Issue