Extend the authorization mechanism to disallow the ATTACH and DETACH commands.

Ticket #340. (CVS 1010) FossilOrigin-Name: a97dca73aed0b42d8dcf944360667ae93c5324fd
2025-11-14 00:22:38 +03:00 · 2003-06-06 19:00:42 +00:00
parent 70dc85a4c2
commit 81e293b4b2
6 changed files with 150 additions and 31 deletions
--- a/src/attach.c
+++ b/src/attach.c
@@ -11,7 +11,7 @@
 *************************************************************************
 ** This file contains code used to implement the ATTACH and DETACH commands.
 **
-** $Id: attach.c,v 1.5 2003/06/03 01:47:11 drh Exp $
+** $Id: attach.c,v 1.6 2003/06/06 19:00:42 drh Exp $
 */
 #include "sqliteInt.h"

@@ -43,6 +43,32 @@ void sqliteAttach(Parse *pParse, Token *pFilename, Token *pDbname){
    pParse->rc = SQLITE_ERROR;
    return;
  }
+
+  zFile = 0;
+  sqliteSetNString(&zFile, pFilename->z, pFilename->n, 0);
+  if( zFile==0 ) return;
+  sqliteDequote(zFile);
+#ifndef SQLITE_OMIT_AUTHORIZATION
+  if( sqliteAuthCheck(pParse, SQLITE_ATTACH, zFile, 0, 0)!=SQLITE_OK ){
+    sqliteFree(zFile);
+    return;
+  }
+#endif /* SQLITE_OMIT_AUTHORIZATION */
+
+  zName = 0;
+  sqliteSetNString(&zName, pDbname->z, pDbname->n, 0);
+  if( zName==0 ) return;
+  sqliteDequote(zName);
+  for(i=0; i<db->nDb; i++){
+    if( db->aDb[i].zName && sqliteStrICmp(db->aDb[i].zName, zName)==0 ){
+      sqliteErrorMsg(pParse, "database %z is already in use", zName);
+      pParse->rc = SQLITE_ERROR;
+      sqliteFree(zFile);
+      sqliteFree(zName);
+      return;
+    }
+  }
+
  if( db->aDb==db->aDbStatic ){
    aNew = sqliteMalloc( sizeof(db->aDb[0])*3 );
    if( aNew==0 ) return;
@@ -58,24 +84,7 @@ void sqliteAttach(Parse *pParse, Token *pFilename, Token *pDbname){
  sqliteHashInit(&aNew->idxHash, SQLITE_HASH_STRING, 0);
  sqliteHashInit(&aNew->trigHash, SQLITE_HASH_STRING, 0);
  sqliteHashInit(&aNew->aFKey, SQLITE_HASH_STRING, 1);
-  
-  zName = 0;
-  sqliteSetNString(&zName, pDbname->z, pDbname->n, 0);
-  if( zName==0 ) return;
-  sqliteDequote(zName);
-  for(i=0; i<db->nDb; i++){
-    if( db->aDb[i].zName && sqliteStrICmp(db->aDb[i].zName, zName)==0 ){
-      sqliteErrorMsg(pParse, "database %z is already in use", zName);
-      db->nDb--;
-      pParse->rc = SQLITE_ERROR;
-      return;
-    }
-  }
  aNew->zName = zName;
-  zFile = 0;
-  sqliteSetNString(&zFile, pFilename->z, pFilename->n, 0);
-  if( zFile==0 ) return;
-  sqliteDequote(zFile);
  rc = sqliteBtreeFactory(db, zFile, 0, MAX_PAGES, &aNew->pBt);
  if( rc ){
    sqliteErrorMsg(pParse, "unable to open database: %s", zFile);
@@ -117,6 +126,11 @@ void sqliteDetach(Parse *pParse, Token *pDbname){
    sqliteErrorMsg(pParse, "cannot detach database %T", pDbname);
    return;
  }
+#ifndef SQLITE_OMIT_AUTHORIZATION
+  if( sqliteAuthCheck(pParse,SQLITE_DETACH,db->aDb[i].zName,0,0)!=SQLITE_OK ){
+    return;
+  }
+#endif /* SQLITE_OMIT_AUTHORIZATION */
  sqliteBtreeClose(db->aDb[i].pBt);
  db->aDb[i].pBt = 0;
  sqliteFree(db->aDb[i].zName);