Move user authentication blocking from sqlite3_prepare() over to the

table lock generator, thus allowing SQL statements (like "PRAGMA locking_mode") that do not touch database content to run prior to authentication. FossilOrigin-Name: 70121e7cf868b7d6d19bf98794ddc3809a901456
2025-12-03 08:01:19 +03:00 · 2014-09-11 14:01:41 +00:00
parent 32c6a48b5e
commit b2445d5ee8
5 changed files with 28 additions and 24 deletions
--- a/src/build.c
+++ b/src/build.c
@@ -156,6 +156,24 @@ void sqlite3FinishCoding(Parse *pParse){
    while( sqlite3VdbeDeletePriorOpcode(v, OP_Close) ){}
    sqlite3VdbeAddOp0(v, OP_Halt);

+#if SQLITE_USER_AUTHENTICATION
+    if( pParse->nTableLock>0 && db->init.busy==0 ){
+      if( db->auth.authLevel<UAUTH_User ){
+        if( db->auth.authLevel==UAUTH_Unknown ){
+          u8 authLevel = UAUTH_Fail;
+          sqlite3UserAuthCheckLogin(db, "main", &authLevel);
+          db->auth.authLevel = authLevel;
+          if( authLevel<UAUTH_Admin ) db->flags &= ~SQLITE_WriteSchema;
+        }
+        if( db->auth.authLevel<UAUTH_User ){
+          pParse->rc = SQLITE_AUTH_USER;
+          sqlite3ErrorMsg(pParse, "user not authenticated");
+          return;
+        }
+      }
+    }
+#endif
+
    /* The cookie mask contains one bit for each database file open.
    ** (Bit 0 is for main, bit 1 is for temp, and so forth.)  Bits are
    ** set for each database that is used.  Generate code to start a