diff options
| author | drh <drh@noemail.net> | 2016-07-28 18:38:13 +0000 |
|---|---|---|
| committer | drh <drh@noemail.net> | 2016-07-28 18:38:13 +0000 |
| commit | a8914faaaa981c87f193eb62477e7ba7d0affeed (patch) | |
| tree | b36540d1e52e20d6a894c537ebaaaa74b98d1cbc | |
| parent | aa0325872fa725d1c2622d3bd4f8b87a7c137bc3 (diff) | |
| download | sqlite-a8914faaaa981c87f193eb62477e7ba7d0affeed.tar.gz sqlite-a8914faaaa981c87f193eb62477e7ba7d0affeed.zip | |
Disable the authorizer callback when reparsing the schema. This avoids
undesirable authorization failures following an ALTER TABLE.
FossilOrigin-Name: 805d01cdabb48a69eb986a7f084e53eb25d76b7f
| -rw-r--r-- | manifest | 16 | ||||
| -rw-r--r-- | manifest.uuid | 2 | ||||
| -rw-r--r-- | src/auth.c | 1 | ||||
| -rw-r--r-- | test/auth2.test | 12 | ||||
| -rw-r--r-- | test/auth3.test | 21 |
5 files changed, 29 insertions, 23 deletions
@@ -1,5 +1,5 @@ -C Improvements\sto\sthe\sway\sthe\sCOMPILER\scompile-time\soption\sis\sset\swhen\scompiling\nwith\sClang. -D 2016-07-28T17:24:16.495 +C Disable\sthe\sauthorizer\scallback\swhen\sreparsing\sthe\sschema.\s\sThis\savoids\nundesirable\sauthorization\sfailures\sfollowing\san\sALTER\sTABLE. +D 2016-07-28T18:38:13.187 F Makefile.in 6c20d44f72d4564f11652b26291a214c8367e5db F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434 F Makefile.msc d66d0395c38571aab3804f8db0fa20707ae4609a @@ -323,7 +323,7 @@ F sqlite3.pc.in 48fed132e7cb71ab676105d2a4dc77127d8c1f3a F src/alter.c cc28ab933ae615b22add0d609794ffb6596b42ea F src/analyze.c 37fedc80ac966ce1745811746e68e4d8fa64c7fe F src/attach.c 771153bd1f4ab0b97a44a13dde2c7e5e1efeba22 -F src/auth.c b56c78ebe40a2110fd361379f7e8162d23f92240 +F src/auth.c 5c8e0f37f785f935f589496801edd19840485853 F src/backup.c 6df65fdd569c901a418887a1a76f82ec35044556 F src/bitvec.c 3ee4c8b2c94ed3a7377256e18199e6ff5cf33f63 F src/btmutex.c bc87dd3b062cc26edfe79918de2200ccb8d41e73 @@ -506,8 +506,8 @@ F test/attach3.test 359eb65d00102cdfcef6fa4e81dc1648f8f80b27 F test/attach4.test 53bf502f17647c6d6c5add46dda6bac8b6f4665c F test/attachmalloc.test 3a4bfca9545bfe906a8d2e622de10fbac5b711b0 F test/auth.test 872a122b3977c1d1bb9fd637dc20016e5c01880f -F test/auth2.test 264c6af53cad9aba5218c68bbe18036e39007bfa -F test/auth3.test 5cfa94ed90c6617c42b7ba4b133fd79678b251c7 +F test/auth2.test 9eb7fce9f34bf1f50d3f366fb3e606be5a2000a1 +F test/auth3.test b810826b193831929951c0d50783a200e5ef6b72 F test/autoinc.test c58912526998a39e11f66b533e23cfabea7f25b7 F test/autoindex1.test 14b63a9f1e405fe6d5bfc8c8d00249c2ebaf13ea F test/autoindex2.test 12ef578928102baaa0dc23ad397601a2f4ecb0df @@ -1508,7 +1508,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 6feff15cae8f0427be790355841d49c479c1c586 -R 675b3da4289ec2d84ea94ee475054664 +P 81f9cf86c48f3cd43755ded4dc97388ec650f8af +R ae8bfc7314166cec8de9b44e7e9859e8 U drh -Z 0881f39f36c917424fb94c651f3aec11 +Z 7b0f6930a62d02daa8f4147d6dafd3a6 diff --git a/manifest.uuid b/manifest.uuid index 060502d93..53827a116 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -81f9cf86c48f3cd43755ded4dc97388ec650f8af
\ No newline at end of file +805d01cdabb48a69eb986a7f084e53eb25d76b7f
\ No newline at end of file diff --git a/src/auth.c b/src/auth.c index 9768fc2fc..8a3f8e7d0 100644 --- a/src/auth.c +++ b/src/auth.c @@ -111,6 +111,7 @@ int sqlite3AuthReadCol( char *zDb = db->aDb[iDb].zName; /* Name of attached database */ int rc; /* Auth callback return code */ + if( db->init.busy ) return SQLITE_OK; rc = db->xAuth(db->pAuthArg, SQLITE_READ, zTab,zCol,zDb,pParse->zAuthContext #ifdef SQLITE_USER_AUTHENTICATION ,db->auth.zAuthUser diff --git a/test/auth2.test b/test/auth2.test index a9d64d08a..08d46cac5 100644 --- a/test/auth2.test +++ b/test/auth2.test @@ -98,12 +98,6 @@ SQLITE_UPDATE sqlite_master tbl_name main {} SQLITE_UPDATE sqlite_master rootpage main {} SQLITE_UPDATE sqlite_master sql main {} SQLITE_READ sqlite_master ROWID main {} -SQLITE_READ sqlite_master name main {} -SQLITE_READ sqlite_master rootpage main {} -SQLITE_READ sqlite_master sql main {} -SQLITE_READ sqlite_master tbl_name main {} -SQLITE_READ sqlite_master type main {} -SQLITE_READ sqlite_master ROWID main {} } do_test auth2-2.2 { set ::authargs {} @@ -119,12 +113,6 @@ SQLITE_UPDATE sqlite_master tbl_name main {} SQLITE_UPDATE sqlite_master rootpage main {} SQLITE_UPDATE sqlite_master sql main {} SQLITE_READ sqlite_master ROWID main {} -SQLITE_READ sqlite_master name main {} -SQLITE_READ sqlite_master rootpage main {} -SQLITE_READ sqlite_master sql main {} -SQLITE_READ sqlite_master tbl_name main {} -SQLITE_READ sqlite_master type main {} -SQLITE_READ sqlite_master ROWID main {} } do_test auth2-2.3 { set ::authargs {} diff --git a/test/auth3.test b/test/auth3.test index eef10b398..ca7e16c84 100644 --- a/test/auth3.test +++ b/test/auth3.test @@ -12,8 +12,7 @@ # Test that the truncate optimization is disabled if the SQLITE_DELETE # authorization callback returns SQLITE_IGNORE. # -# $Id: auth3.test,v 1.2 2009/05/04 01:58:31 drh Exp $ -# +# Test that authorizer is disabled during schema parsing. set testdir [file dirname $argv0] source $testdir/tester.tcl @@ -108,4 +107,22 @@ do_test auth3-2.2 { set sqlite_search_count } {1} +# 2016-07-28. A problem report from a private client complaining about +# an authorizer failure during an ALTER TABLE. The solution (I think) is +# to disable the authorizer during schema parsing. +# +proc auth {code args} { + if {$code=="SQLITE_READ" && [regexp {DoNotRead} $args]} { + return SQLITE_DENY + } + return SQLITE_OK +} +do_execsql_test auth3-3.0 { + CREATE TEMPORARY TABLE TempTable ( + key TEXT NOT NULL ON CONFLICT FAIL UNIQUE ON CONFLICT REPLACE, + value TEXT NOT NULL ON CONFLICT FAIL); + ALTER TABLE TempTable RENAME TO DoNotRead; + SELECT name FROM sqlite_temp_master; +} {DoNotRead sqlite_autoindex_DoNotRead_1} + finish_test |