diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/auth.c | 54 | ||||
| -rw-r--r-- | src/fkey.c | 7 | ||||
| -rw-r--r-- | src/sqliteInt.h | 1 |
3 files changed, 44 insertions, 18 deletions
diff --git a/src/auth.c b/src/auth.c index ec3514257..042fc6615 100644 --- a/src/auth.c +++ b/src/auth.c @@ -92,6 +92,41 @@ static void sqliteAuthBadReturnCode(Parse *pParse){ } /* +** Invoke the authorization callback for permission to read column zCol from +** table zTab in database zDb. This function assumes that an authorization +** callback has been registered (i.e. that sqlite3.xAuth is not NULL). +** +** If SQLITE_IGNORE is returned and pExpr is not NULL, then pExpr is changed +** to an SQL NULL expression. Otherwise, if pExpr is NULL, then SQLITE_IGNORE +** is treated as SQLITE_DENY. In this case an error is left in pParse. +*/ +void sqlite3AuthReadCol( + Parse *pParse, /* The parser context */ + const char *zTab, /* Table name */ + const char *zCol, /* Column name */ + int iDb, /* Index of containing database. */ + Expr *pExpr /* Optional expression */ +){ + sqlite3 *db = pParse->db; /* Database handle */ + char *zDb = db->aDb[iDb].zName; /* Name of attached database */ + int rc; /* Auth callback return code */ + + rc = db->xAuth(db->pAuthArg, SQLITE_READ, zTab,zCol,zDb,pParse->zAuthContext); + if( rc!=SQLITE_IGNORE && rc!=SQLITE_DENY && rc!=SQLITE_OK ){ + sqliteAuthBadReturnCode(pParse); + }else if( rc==SQLITE_IGNORE && pExpr ){ + pExpr->op = TK_NULL; + }else if( rc!=SQLITE_OK ){ + if( db->nDb>2 || iDb!=0 ){ + sqlite3ErrorMsg(pParse, "access to %s.%s.%s is prohibited",zDb,zTab,zCol); + }else{ + sqlite3ErrorMsg(pParse, "access to %s.%s is prohibited", zTab, zCol); + } + pParse->rc = SQLITE_AUTH; + } +} + +/* ** The pExpr should be a TK_COLUMN expression. The table referred to ** is in pTabList or else it is the NEW or OLD table of a trigger. ** Check to see if it is OK to read this particular column. @@ -107,11 +142,9 @@ void sqlite3AuthRead( SrcList *pTabList /* All table that pExpr might refer to */ ){ sqlite3 *db = pParse->db; - int rc; Table *pTab = 0; /* The table being read */ const char *zCol; /* Name of the column of the table */ int iSrc; /* Index in pTabList->a[] of table being read */ - const char *zDBase; /* Name of database being accessed */ int iDb; /* The index of the database the expression refers to */ int iCol; /* Index of column in table */ @@ -148,22 +181,7 @@ void sqlite3AuthRead( zCol = "ROWID"; } assert( iDb>=0 && iDb<db->nDb ); - zDBase = db->aDb[iDb].zName; - rc = db->xAuth(db->pAuthArg, SQLITE_READ, pTab->zName, zCol, zDBase, - pParse->zAuthContext); - if( rc==SQLITE_IGNORE ){ - pExpr->op = TK_NULL; - }else if( rc==SQLITE_DENY ){ - if( db->nDb>2 || iDb!=0 ){ - sqlite3ErrorMsg(pParse, "access to %s.%s.%s is prohibited", - zDBase, pTab->zName, zCol); - }else{ - sqlite3ErrorMsg(pParse, "access to %s.%s is prohibited",pTab->zName,zCol); - } - pParse->rc = SQLITE_AUTH; - }else if( rc!=SQLITE_OK ){ - sqliteAuthBadReturnCode(pParse); - } + sqlite3AuthReadCol(pParse, pTab->zName, zCol, iDb, pExpr); } /* diff --git a/src/fkey.c b/src/fkey.c index 4d6a32ad6..dc5b4199c 100644 --- a/src/fkey.c +++ b/src/fkey.c @@ -732,6 +732,13 @@ void sqlite3FkCheck( if( aiCol[i]==pTab->iPKey ){ aiCol[i] = -1; } +#ifndef SQLITE_OMIT_AUTHORIZATION + /* Request permission to read the parent key columns. */ + if( db->xAuth ){ + char *zCol = pTo->aCol[pIdx ? pIdx->aiColumn[i] : pTo->iPKey].zName; + sqlite3AuthReadCol(pParse, pTo->zName, zCol, iDb, 0); + } +#endif } /* Take a shared-cache advisory read-lock on the parent table. Allocate diff --git a/src/sqliteInt.h b/src/sqliteInt.h index f97a81ca6..a82bbdfc8 100644 --- a/src/sqliteInt.h +++ b/src/sqliteInt.h @@ -2734,6 +2734,7 @@ void sqlite3DeferForeignKey(Parse*, int); int sqlite3AuthCheck(Parse*,int, const char*, const char*, const char*); void sqlite3AuthContextPush(Parse*, AuthContext*, const char*); void sqlite3AuthContextPop(AuthContext*); + void sqlite3AuthReadCol(Parse*, const char *, const char *, int, Expr *); #else # define sqlite3AuthRead(a,b,c,d) # define sqlite3AuthCheck(a,b,c,d,e) SQLITE_OK |