aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/attach.c9
-rw-r--r--src/auth.c14
-rw-r--r--src/build.c2
-rw-r--r--src/prepare.c2
-rw-r--r--src/sqliteInt.h15
-rw-r--r--src/tclsqlite.c11
6 files changed, 44 insertions, 9 deletions
diff --git a/src/attach.c b/src/attach.c
index 89050fd9d..5763e631a 100644
--- a/src/attach.c
+++ b/src/attach.c
@@ -207,6 +207,15 @@ static void attachFunc(
rc = sqlite3Init(db, &zErrDyn);
sqlite3BtreeLeaveAll(db);
}
+#ifdef SQLITE_USER_AUTHENTICATION
+ if( rc==SQLITE_OK ){
+ u8 newAuth = 0;
+ rc = sqlite3UserAuthCheckLogin(db, zName, &newAuth);
+ if( newAuth<db->auth.authLevel ){
+ rc = SQLITE_AUTH;
+ }
+ }
+#endif
if( rc ){
int iDb = db->nDb - 1;
assert( iDb>=2 );
diff --git a/src/auth.c b/src/auth.c
index d38bb836a..1680c9a7c 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -73,7 +73,7 @@ int sqlite3_set_authorizer(
void *pArg
){
sqlite3_mutex_enter(db->mutex);
- db->xAuth = xAuth;
+ db->xAuth = (sqlite3_xauth)xAuth;
db->pAuthArg = pArg;
sqlite3ExpirePreparedStatements(db);
sqlite3_mutex_leave(db->mutex);
@@ -108,7 +108,11 @@ int sqlite3AuthReadCol(
char *zDb = db->aDb[iDb].zName; /* Name of attached database */
int rc; /* Auth callback return code */
- rc = db->xAuth(db->pAuthArg, SQLITE_READ, zTab,zCol,zDb,pParse->zAuthContext);
+ rc = db->xAuth(db->pAuthArg, SQLITE_READ, zTab,zCol,zDb,pParse->zAuthContext
+#ifdef SQLITE_USER_AUTHENTICATION
+ ,db->auth.zAuthUser
+#endif
+ );
if( rc==SQLITE_DENY ){
if( db->nDb>2 || iDb!=0 ){
sqlite3ErrorMsg(pParse, "access to %s.%s.%s is prohibited",zDb,zTab,zCol);
@@ -208,7 +212,11 @@ int sqlite3AuthCheck(
if( db->xAuth==0 ){
return SQLITE_OK;
}
- rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2, zArg3, pParse->zAuthContext);
+ rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2, zArg3, pParse->zAuthContext
+#ifdef SQLITE_USER_AUTHENTICATION
+ ,db->auth.zAuthUser
+#endif
+ );
if( rc==SQLITE_DENY ){
sqlite3ErrorMsg(pParse, "not authorized");
pParse->rc = SQLITE_AUTH;
diff --git a/src/build.c b/src/build.c
index f745164e5..c94c5a131 100644
--- a/src/build.c
+++ b/src/build.c
@@ -2075,7 +2075,7 @@ int sqlite3ViewGetColumnNames(Parse *pParse, Table *pTable){
int nErr = 0; /* Number of errors encountered */
int n; /* Temporarily holds the number of cursors assigned */
sqlite3 *db = pParse->db; /* Database connection for malloc errors */
- int (*xAuth)(void*,int,const char*,const char*,const char*,const char*);
+ sqlite3_xauth xAuth; /* Saved xAuth pointer */
assert( pTable );
diff --git a/src/prepare.c b/src/prepare.c
index c6752548f..c57fda002 100644
--- a/src/prepare.c
+++ b/src/prepare.c
@@ -328,7 +328,7 @@ static int sqlite3InitOne(sqlite3 *db, int iDb, char **pzErrMsg){
db->aDb[iDb].zName, zMasterName);
#ifndef SQLITE_OMIT_AUTHORIZATION
{
- int (*xAuth)(void*,int,const char*,const char*,const char*,const char*);
+ sqlite3_xauth xAuth;
xAuth = db->xAuth;
db->xAuth = 0;
#endif
diff --git a/src/sqliteInt.h b/src/sqliteInt.h
index 9ef4e3620..a9f200145 100644
--- a/src/sqliteInt.h
+++ b/src/sqliteInt.h
@@ -1012,9 +1012,19 @@ int sqlite3UserAuthTable(const char*);
int sqlite3UserAuthCheckLogin(sqlite3*,const char*,u8*);
void sqlite3CryptFunc(sqlite3_context*,int,sqlite3_value**);
-
#endif /* SQLITE_USER_AUTHENTICATION */
+/*
+** typedef for the authorization callback function.
+*/
+#ifdef SQLITE_USER_AUTHENTICATION
+ typedef int (*sqlite3_xauth)(void*,int,const char*,const char*,const char*,
+ const char*, const char*);
+#else
+ typedef int (*sqlite3_xauth)(void*,int,const char*,const char*,const char*,
+ const char*);
+#endif
+
/*
** Each database connection is an instance of the following structure.
@@ -1083,8 +1093,7 @@ struct sqlite3 {
} u1;
Lookaside lookaside; /* Lookaside malloc configuration */
#ifndef SQLITE_OMIT_AUTHORIZATION
- int (*xAuth)(void*,int,const char*,const char*,const char*,const char*);
- /* Access authorization function */
+ sqlite3_xauth xAuth; /* Access authorization function */
void *pAuthArg; /* 1st argument to the access auth function */
#endif
#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
diff --git a/src/tclsqlite.c b/src/tclsqlite.c
index 945fd9598..756d0daa5 100644
--- a/src/tclsqlite.c
+++ b/src/tclsqlite.c
@@ -872,6 +872,9 @@ static int auth_callback(
const char *zArg2,
const char *zArg3,
const char *zArg4
+#ifdef SQLITE_USER_AUTHENTICATION
+ ,const char *zArg5
+#endif
){
const char *zCode;
Tcl_DString str;
@@ -924,6 +927,9 @@ static int auth_callback(
Tcl_DStringAppendElement(&str, zArg2 ? zArg2 : "");
Tcl_DStringAppendElement(&str, zArg3 ? zArg3 : "");
Tcl_DStringAppendElement(&str, zArg4 ? zArg4 : "");
+#ifdef SQLITE_USER_AUTHENTICATION
+ Tcl_DStringAppendElement(&str, zArg5 ? zArg5 : "");
+#endif
rc = Tcl_GlobalEval(pDb->interp, Tcl_DStringValue(&str));
Tcl_DStringFree(&str);
zReply = rc==TCL_OK ? Tcl_GetStringResult(pDb->interp) : "SQLITE_DENY";
@@ -1700,8 +1706,11 @@ static int DbObjCmd(void *cd, Tcl_Interp *interp, int objc,Tcl_Obj *const*objv){
pDb->zAuth = 0;
}
if( pDb->zAuth ){
+ typedef int (*sqlite3_auth_cb)(
+ void*,int,const char*,const char*,
+ const char*,const char*);
pDb->interp = interp;
- sqlite3_set_authorizer(pDb->db, auth_callback, pDb);
+ sqlite3_set_authorizer(pDb->db,(sqlite3_auth_cb)auth_callback,pDb);
}else{
sqlite3_set_authorizer(pDb->db, 0, 0);
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-18 06:33:59 +0000