When inserting a row into a child table, invoke the authorization callback to request permission to read the parent key columns.

FossilOrigin-Name: 9842f2d5f606eb8f641ecae9fbc5368b8d7e4286
2025-08-10 01:02:56 +03:00 · 2009-10-02 14:23:41 +00:00
parent 1316700e54
commit 47a06346ff
6 changed files with 120 additions and 29 deletions
--- a/18
+++ b/18
@@ -1,5 +1,5 @@
-C Add\sa\stest\sto\scheck\sthat\sthe\sincrblob\sAPI\scannot\sbe\sused\sto\swrite\sto\san\sIPK\scolumn.\sAlso\sa\scomment\sto\sexplain\swhy\sthe\sincrblob\scode\sdoes\snot\sneed\sto\scheck\sif\sa\scolumn\sis\spart\sof\sa\sparent\skey\sbefore\swriting\sto\sit.
-D 2009-10-02T06:35:06
+C When\sinserting\sa\srow\sinto\sa\schild\stable,\sinvoke\sthe\sauthorization\scallback\sto\srequest\spermission\sto\sread\sthe\sparent\skey\scolumns.
+D 2009-10-02T14:23:42
 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
 F Makefile.in 4ca3f1dd6efa2075bcb27f4dc43eef749877740d
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -102,7 +102,7 @@ F sqlite3.pc.in ae6f59a76e862f5c561eb32a380228a02afc3cad
 F src/alter.c 1b63d4f2a6e76af9e2964d4d86ccc8e74c3fae4a
 F src/analyze.c 5a8b8aa3d170eac5e71af45458cec61f83c623ee
 F src/attach.c 13995348fc5a26cdd136a50806faf292aabc173f
-F src/auth.c d6a88bf8e81e6a079ccb8881002b327e42ec46b9
+F src/auth.c 50a4fd3ad4a0d3dec95cec7c022a6ca9d5ca3f4e
 F src/backup.c 6f1c2d9862c8a3feb7739dfcca02c1f5352e37f3
 F src/bitvec.c ed215b95734045e58358c3b3e16448f8fe6a235a
 F src/btmutex.c 0f43a75bb5b8147b386e8e1c3e71ba734e3863b7
@@ -116,7 +116,7 @@ F src/date.c 657ff12ca0f1195b531561afacbb38b772d16638
 F src/delete.c 308e300d599d2d11b838687e2cf7309d42f29a1a
 F src/expr.c c7f3f718bd5c392344ec8694a41c1824f30cf375
 F src/fault.c dc88c821842157460750d2d61a8a8b4197d047ff
-F src/fkey.c b20074e0dcbf6bbaafa8a520ed12efb30bb6aac3
+F src/fkey.c bcc2af88a4f88cb2127cd5fb68d4e09e73e03063
 F src/func.c e536218d193b8d326aab91120bc4c6f28aa2b606
 F src/global.c 271952d199a8cc59d4ce840b3bbbfd2f30c8ba32
 F src/hash.c ebcaa921ffd9d86f7ea5ae16a0a29d1c871130a7
@@ -164,7 +164,7 @@ F src/select.c 1d0a13137532321b4364f964e46f057d271691e3
 F src/shell.c d6e64471aafb81f355262533393169a70529847a
 F src/sqlite.h.in 5af8181f815831a8672c3834c60e6b4418448bcc
 F src/sqlite3ext.h 1db7d63ab5de4b3e6b83dd03d1a4e64fef6d2a17
-F src/sqliteInt.h 6730f9584eed76460ed85d2ade13914a6b68caab
+F src/sqliteInt.h 20ca4172804c85745445bd3291d7884446b67bd7
 F src/sqliteLimit.h 504a3161886d2938cbd163054ad620b8356df758
 F src/status.c 237b193efae0cf6ac3f0817a208de6c6c6ef6d76
 F src/table.c cc86ad3d6ad54df7c63a3e807b5783c90411a08d
@@ -330,7 +330,7 @@ F test/expr.test 9f521ae22f00e074959f72ce2e55d46b9ed23f68
 F test/filectrl.test 8923a6dc7630f31c8a9dd3d3d740aa0922df7bf8
 F test/filefmt.test 84e3d0fe9f12d0d2ac852465c6f8450aea0d6f43
 F test/fkey1.test 01c7de578e11747e720c2d9aeef27f239853c4da
-F test/fkey2.test 8a3620f0f230d90c9a934064203061c697948a92
+F test/fkey2.test e4bc39a77e140bff6f5b8f6adfad599a0dca1720
 F test/fkey3.test 42f88d6048d8dc079e2a8cf7baad1cc1483a7620
 F test/fkey_malloc.test a5ede29bd2f6e56dea78c3d43fb86dd696c068c8
 F test/format4.test 1f0cac8ff3895e9359ed87e41aaabee982a812eb
@@ -755,7 +755,7 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
 F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
-P aaa005b6da222f711f201c453d28f5be40e9c601
-R 41b569942ce78deea05315bc00bbbc6d
+P dca2a7f608d9237039541707846c76cd460f5805
+R 30336a7d8a841925ec6f327a1d0cb82e
 U dan
-Z 9732e09af43d5f7c1ec2d1ca2b86bc1f
+Z f7abd111a6647a2871746e5a320e0ffd
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-dca2a7f608d9237039541707846c76cd460f5805
+9842f2d5f606eb8f641ecae9fbc5368b8d7e4286
--- a/src/auth.c
+++ b/src/auth.c
@@ -91,6 +91,41 @@ static void sqliteAuthBadReturnCode(Parse *pParse){
  pParse->rc = SQLITE_ERROR;
 }

+/*
+** Invoke the authorization callback for permission to read column zCol from
+** table zTab in database zDb. This function assumes that an authorization
+** callback has been registered (i.e. that sqlite3.xAuth is not NULL).
+**
+** If SQLITE_IGNORE is returned and pExpr is not NULL, then pExpr is changed
+** to an SQL NULL expression. Otherwise, if pExpr is NULL, then SQLITE_IGNORE
+** is treated as SQLITE_DENY. In this case an error is left in pParse.
+*/
+void sqlite3AuthReadCol(
+  Parse *pParse,                  /* The parser context */
+  const char *zTab,               /* Table name */
+  const char *zCol,               /* Column name */
+  int iDb,                        /* Index of containing database. */
+  Expr *pExpr                     /* Optional expression */
+){
+  sqlite3 *db = pParse->db;       /* Database handle */
+  char *zDb = db->aDb[iDb].zName; /* Name of attached database */
+  int rc;                         /* Auth callback return code */
+
+  rc = db->xAuth(db->pAuthArg, SQLITE_READ, zTab,zCol,zDb,pParse->zAuthContext);
+  if( rc!=SQLITE_IGNORE && rc!=SQLITE_DENY && rc!=SQLITE_OK ){
+    sqliteAuthBadReturnCode(pParse);
+  }else if( rc==SQLITE_IGNORE && pExpr ){
+    pExpr->op = TK_NULL;
+  }else if( rc!=SQLITE_OK ){
+    if( db->nDb>2 || iDb!=0 ){
+      sqlite3ErrorMsg(pParse, "access to %s.%s.%s is prohibited",zDb,zTab,zCol);
+    }else{
+      sqlite3ErrorMsg(pParse, "access to %s.%s is prohibited", zTab, zCol);
+    }
+    pParse->rc = SQLITE_AUTH;
+  }
+}
+
 /*
 ** The pExpr should be a TK_COLUMN expression.  The table referred to
 ** is in pTabList or else it is the NEW or OLD table of a trigger.  
@@ -107,11 +142,9 @@ void sqlite3AuthRead(
  SrcList *pTabList     /* All table that pExpr might refer to */
 ){
  sqlite3 *db = pParse->db;
-  int rc;
  Table *pTab = 0;      /* The table being read */
  const char *zCol;     /* Name of the column of the table */
  int iSrc;             /* Index in pTabList->a[] of table being read */
-  const char *zDBase;   /* Name of database being accessed */
  int iDb;              /* The index of the database the expression refers to */
  int iCol;             /* Index of column in table */

@@ -148,22 +181,7 @@ void sqlite3AuthRead(
    zCol = "ROWID";
  }
  assert( iDb>=0 && iDb<db->nDb );
-  zDBase = db->aDb[iDb].zName;
-  rc = db->xAuth(db->pAuthArg, SQLITE_READ, pTab->zName, zCol, zDBase, 
-                 pParse->zAuthContext);
-  if( rc==SQLITE_IGNORE ){
-    pExpr->op = TK_NULL;
-  }else if( rc==SQLITE_DENY ){
-    if( db->nDb>2 || iDb!=0 ){
-      sqlite3ErrorMsg(pParse, "access to %s.%s.%s is prohibited", 
-         zDBase, pTab->zName, zCol);
-    }else{
-      sqlite3ErrorMsg(pParse, "access to %s.%s is prohibited",pTab->zName,zCol);
-    }
-    pParse->rc = SQLITE_AUTH;
-  }else if( rc!=SQLITE_OK ){
-    sqliteAuthBadReturnCode(pParse);
-  }
+  sqlite3AuthReadCol(pParse, pTab->zName, zCol, iDb, pExpr);
 }

 /*
--- a/src/fkey.c
+++ b/src/fkey.c
@@ -732,6 +732,13 @@ void sqlite3FkCheck(
      if( aiCol[i]==pTab->iPKey ){
        aiCol[i] = -1;
      }
+#ifndef SQLITE_OMIT_AUTHORIZATION
+      /* Request permission to read the parent key columns. */
+      if( db->xAuth ){
+        char *zCol = pTo->aCol[pIdx ? pIdx->aiColumn[i] : pTo->iPKey].zName;
+        sqlite3AuthReadCol(pParse, pTo->zName, zCol, iDb, 0);
+      }
+#endif
    }

    /* Take a shared-cache advisory read-lock on the parent table. Allocate 
--- a/src/sqliteInt.h
+++ b/src/sqliteInt.h
@@ -2734,6 +2734,7 @@ void sqlite3DeferForeignKey(Parse*, int);
  int sqlite3AuthCheck(Parse*,int, const char*, const char*, const char*);
  void sqlite3AuthContextPush(Parse*, AuthContext*, const char*);
  void sqlite3AuthContextPop(AuthContext*);
+  void sqlite3AuthReadCol(Parse*, const char *, const char *, int, Expr *);
 #else
 # define sqlite3AuthRead(a,b,c,d)
 # define sqlite3AuthCheck(a,b,c,d,e)    SQLITE_OK
--- a/test/fkey2.test
+++ b/test/fkey2.test
@@ -1351,13 +1351,78 @@ do_test fkey2-17.2.9 {
 do_test fkey2-17.2.10 {
  execsql { SELECT * FROM high ; SELECT * FROM low }
 } {}
+execsql { PRAGMA count_changes = 0 }

 #-------------------------------------------------------------------------
 # Test that the authorization callback works.
 #

+ifcapable auth {
+  do_test fkey2-18.1 {
+    execsql {
+      CREATE TABLE long(a, b PRIMARY KEY, c);
+      CREATE TABLE short(d, e, f REFERENCES long);
+      CREATE TABLE mid(g, h, i REFERENCES long DEFERRABLE INITIALLY DEFERRED);
+    }
+  } {}
+
+  proc auth {args} {eval lappend ::authargs $args ; return SQLITE_OK}
+  db auth auth
+
+  # An insert on the parent table must read the child key of any deferred
+  # foreign key constraints. But not the child key of immediate constraints.
+  set authargs {}
+  do_test fkey2-18.2 {
+    execsql { INSERT INTO long VALUES(1, 2, 3) }
+    set authargs
+  } {SQLITE_INSERT long {} main {} SQLITE_READ mid i main {}}
+
+  # An insert on the child table of an immediate constraint must read the
+  # parent key columns (to see if it is a violation or not).
+  set authargs {}
+  do_test fkey2-18.3 {
+    execsql { INSERT INTO short VALUES(1, 3, 2) }
+    set authargs
+  } {SQLITE_INSERT short {} main {} SQLITE_READ long b main {}}
+  
+  # As must an insert on the child table of a deferred constraint.
+  set authargs {}
+  do_test fkey2-18.4 {
+    execsql { INSERT INTO mid VALUES(1, 3, 2) }
+    set authargs
+  } {SQLITE_INSERT mid {} main {} SQLITE_READ long b main {}}
+
+  do_test fkey2-18.5 {
+    execsql {
+      CREATE TABLE nought(a, b PRIMARY KEY, c);
+      CREATE TABLE cross(d, e, f,
+        FOREIGN KEY(e) REFERENCES nought(b) ON UPDATE CASCADE
+      );
+    }
+    execsql { INSERT INTO nought VALUES(2, 1, 2) }
+    execsql { INSERT INTO cross VALUES(0, 1, 0) }
+    set authargs [list]
+    execsql { UPDATE nought SET b = 5 }
+    set authargs
+  } {SQLITE_UPDATE nought b main {} SQLITE_READ cross e main {} SQLITE_READ cross e main {} SQLITE_READ nought b main {} SQLITE_READ nought b main {} SQLITE_READ nought b main {} SQLITE_UPDATE cross e main {} SQLITE_READ nought b main {} SQLITE_READ cross e main {} SQLITE_READ nought b main {} SQLITE_READ nought b main {}}
+
+  do_test fkey2-18.6 {
+    execsql {SELECT * FROM cross}
+  } {0 5 0}
+
+  rename auth {}
+  proc auth {args} {
+    if {[lindex $args 1] == "long"} {return SQLITE_IGNORE}
+    return SQLITE_OK
+  }
+  do_test fkey2-18.7 {
+    catchsql { INSERT INTO short VALUES(1, 3, 2) }
+  } {1 {access to long.b is prohibited}}
+
+  db auth {}
+  unset authargs
+}

-execsql { PRAGMA count_changes = 0 }
 #-------------------------------------------------------------------------
 # The following block of tests, those prefixed with "fkey2-genfkey.", are 
 # the same tests that were used to test the ".genfkey" command provided