Handle an SQLITE_IGNORE returned when requesting authorization to read parent key columns by pretending the parent key columns contain NULL values.

FossilOrigin-Name: 3c24df38e6ae5dfe999bbf3133b65df0074c6a50

src/auth.c

@@ -100,30 +100,28 @@ static void sqliteAuthBadReturnCode(Parse *pParse){
 ** to an SQL NULL expression. Otherwise, if pExpr is NULL, then SQLITE_IGNORE
 ** is treated as SQLITE_DENY. In this case an error is left in pParse.
 */
-void sqlite3AuthReadCol(
+int sqlite3AuthReadCol(
   Parse *pParse,                  /* The parser context */
   const char *zTab,               /* Table name */
   const char *zCol,               /* Column name */
-  int iDb,                        /* Index of containing database. */
-  Expr *pExpr                     /* Optional expression */
+  int iDb                         /* Index of containing database. */
 ){
   sqlite3 *db = pParse->db;       /* Database handle */
   char *zDb = db->aDb[iDb].zName; /* Name of attached database */
   int rc;                         /* Auth callback return code */
 
   rc = db->xAuth(db->pAuthArg, SQLITE_READ, zTab,zCol,zDb,pParse->zAuthContext);
-  if( rc!=SQLITE_IGNORE && rc!=SQLITE_DENY && rc!=SQLITE_OK ){
-    sqliteAuthBadReturnCode(pParse);
-  }else if( rc==SQLITE_IGNORE && pExpr ){
-    pExpr->op = TK_NULL;
-  }else if( rc!=SQLITE_OK ){
+  if( rc==SQLITE_DENY ){
     if( db->nDb>2 || iDb!=0 ){
       sqlite3ErrorMsg(pParse, "access to %s.%s.%s is prohibited",zDb,zTab,zCol);
     }else{
       sqlite3ErrorMsg(pParse, "access to %s.%s is prohibited", zTab, zCol);
     }
     pParse->rc = SQLITE_AUTH;
+  }else if( rc!=SQLITE_IGNORE && rc!=SQLITE_OK ){
+    sqliteAuthBadReturnCode(pParse);
   }
+  return rc;
 }
 
 /*
@@ -181,7 +179,9 @@ void sqlite3AuthRead(
     zCol = "ROWID";
   }
   assert( iDb>=0 && iDb<db->nDb );
-  sqlite3AuthReadCol(pParse, pTab->zName, zCol, iDb, pExpr);
+  if( SQLITE_IGNORE==sqlite3AuthReadCol(pParse, pTab->zName, zCol, iDb) ){
+    pExpr->op = TK_NULL;
+  }
 }
 
 /*