mirror of
https://github.com/sqlite/sqlite.git
synced 2025-11-18 10:21:03 +03:00
Move user authentication blocking from sqlite3_prepare() over to the
table lock generator, thus allowing SQL statements (like "PRAGMA locking_mode") that do not touch database content to run prior to authentication. FossilOrigin-Name: 70121e7cf868b7d6d19bf98794ddc3809a901456
This commit is contained in:
drh
16
manifest
16
manifest
@@ -1,5 +1,5 @@
|
|||||||
C Add\ssupport\sfor\sthe\sextra\sparameter\son\sthe\ssqlite3_set_authorizer()\scallback\nand\ssupport\sfor\sfailing\san\sATTACH\swith\san\sauthentication-required\sdatabase\nusing\sbad\scredentials.\s\sThe\sextension\sis\snow\sfeature\scomplete,\sbut\smuch\ntesting\sand\sbug-fixing\sremains.
|
C Move\suser\sauthentication\sblocking\sfrom\ssqlite3_prepare()\sover\sto\sthe\ntable\slock\sgenerator,\sthus\sallowing\sSQL\sstatements\s(like\s\n"PRAGMA\slocking_mode")\sthat\sdo\snot\stouch\sdatabase\scontent\sto\srun\nprior\sto\sauthentication.
|
||||||
D 2014-09-11T13:44:52.150
|
D 2014-09-11T14:01:41.319
|
||||||
F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
|
F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
|
||||||
F Makefile.in cf57f673d77606ab0f2d9627ca52a9ba1464146a
|
F Makefile.in cf57f673d77606ab0f2d9627ca52a9ba1464146a
|
||||||
F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
|
F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
|
||||||
@@ -174,7 +174,7 @@ F src/btmutex.c 49ca66250c7dfa844a4d4cb8272b87420d27d3a5
|
|||||||
F src/btree.c b1c1cd1cc3ae2e433a23b9a6c9ab53805707d8cd
|
F src/btree.c b1c1cd1cc3ae2e433a23b9a6c9ab53805707d8cd
|
||||||
F src/btree.h a79aa6a71e7f1055f01052b7f821bd1c2dce95c8
|
F src/btree.h a79aa6a71e7f1055f01052b7f821bd1c2dce95c8
|
||||||
F src/btreeInt.h e0ecb5dba292722039a7540beb3fc448103273cc
|
F src/btreeInt.h e0ecb5dba292722039a7540beb3fc448103273cc
|
||||||
F src/build.c 4c7aac1ddda782c6f1cad84aeabec6e8d0be7495
|
F src/build.c 8b02494e4dc9c4a6c9aff1cac8b40c426733f025
|
||||||
F src/callback.c 7b44ce59674338ad48b0e84e7b72f935ea4f68b0
|
F src/callback.c 7b44ce59674338ad48b0e84e7b72f935ea4f68b0
|
||||||
F src/complete.c 535183afb3c75628b78ce82612931ac7cdf26f14
|
F src/complete.c 535183afb3c75628b78ce82612931ac7cdf26f14
|
||||||
F src/ctime.c 16cd19215d9fd849ee2b7509b092f2e0bbd6a958
|
F src/ctime.c 16cd19215d9fd849ee2b7509b092f2e0bbd6a958
|
||||||
@@ -220,8 +220,8 @@ F src/parse.y 22d6a074e5f5a7258947a1dc55a9bf946b765dd0
|
|||||||
F src/pcache.c 2048affdb09a04478b5fc6e64cb1083078d369be
|
F src/pcache.c 2048affdb09a04478b5fc6e64cb1083078d369be
|
||||||
F src/pcache.h 9b559127b83f84ff76d735c8262f04853be0c59a
|
F src/pcache.h 9b559127b83f84ff76d735c8262f04853be0c59a
|
||||||
F src/pcache1.c dab8ab930d4a73b99768d881185994f34b80ecaa
|
F src/pcache1.c dab8ab930d4a73b99768d881185994f34b80ecaa
|
||||||
F src/pragma.c 3b7b1a5e90804006f44c65464c7032ee6a1d24e3
|
F src/pragma.c 3f3e959390a10c0131676f0e307acce372777e0f
|
||||||
F src/prepare.c f82c009a763e739c6bdf02a270ccfda9e54f783c
|
F src/prepare.c 6ef0cf2f9274982988ed6b7cab1be23147e94196
|
||||||
F src/printf.c e74925089a85e3c9f0e315595f41c139d3d118c2
|
F src/printf.c e74925089a85e3c9f0e315595f41c139d3d118c2
|
||||||
F src/random.c d10c1f85b6709ca97278428fd5db5bbb9c74eece
|
F src/random.c d10c1f85b6709ca97278428fd5db5bbb9c74eece
|
||||||
F src/resolve.c 0d1621e45fffe4b4396477cf46e41a84b0145ffb
|
F src/resolve.c 0d1621e45fffe4b4396477cf46e41a84b0145ffb
|
||||||
@@ -1197,7 +1197,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
|
|||||||
F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
|
F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
|
||||||
F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32
|
F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32
|
||||||
F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
|
F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
|
||||||
P 2f6d8f32eef526b5912f42ab467e3c7812480d8b
|
P 596e728b0eb19a34c888e33d4d37978ca2bf1e00
|
||||||
R 8b68610f4a9d73b92fb9d68a3359baf2
|
R c54f70fc39612d9ea503f6c456a7ab1f
|
||||||
U drh
|
U drh
|
||||||
Z 6a1c7f3384e27f9ad12e8ea277382ab2
|
Z e2993baf94376fc5d680228ffe933715
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
596e728b0eb19a34c888e33d4d37978ca2bf1e00
|
70121e7cf868b7d6d19bf98794ddc3809a901456
|
||||||
18
src/build.c
18
src/build.c
@@ -156,6 +156,24 @@ void sqlite3FinishCoding(Parse *pParse){
|
|||||||
while( sqlite3VdbeDeletePriorOpcode(v, OP_Close) ){}
|
while( sqlite3VdbeDeletePriorOpcode(v, OP_Close) ){}
|
||||||
sqlite3VdbeAddOp0(v, OP_Halt);
|
sqlite3VdbeAddOp0(v, OP_Halt);
|
||||||
|
|
||||||
|
#if SQLITE_USER_AUTHENTICATION
|
||||||
|
if( pParse->nTableLock>0 && db->init.busy==0 ){
|
||||||
|
if( db->auth.authLevel<UAUTH_User ){
|
||||||
|
if( db->auth.authLevel==UAUTH_Unknown ){
|
||||||
|
u8 authLevel = UAUTH_Fail;
|
||||||
|
sqlite3UserAuthCheckLogin(db, "main", &authLevel);
|
||||||
|
db->auth.authLevel = authLevel;
|
||||||
|
if( authLevel<UAUTH_Admin ) db->flags &= ~SQLITE_WriteSchema;
|
||||||
|
}
|
||||||
|
if( db->auth.authLevel<UAUTH_User ){
|
||||||
|
pParse->rc = SQLITE_AUTH_USER;
|
||||||
|
sqlite3ErrorMsg(pParse, "user not authenticated");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/* The cookie mask contains one bit for each database file open.
|
/* The cookie mask contains one bit for each database file open.
|
||||||
** (Bit 0 is for main, bit 1 is for temp, and so forth.) Bits are
|
** (Bit 0 is for main, bit 1 is for temp, and so forth.) Bits are
|
||||||
** set for each database that is used. Generate code to start a
|
** set for each database that is used. Generate code to start a
|
||||||
|
|||||||
@@ -1398,7 +1398,7 @@ void sqlite3Pragma(
|
|||||||
mask &= ~(SQLITE_ForeignKeys);
|
mask &= ~(SQLITE_ForeignKeys);
|
||||||
}
|
}
|
||||||
#if SQLITE_USER_AUTHENTICATION
|
#if SQLITE_USER_AUTHENTICATION
|
||||||
if( db->auth.authLevel<UAUTH_Admin ){
|
if( db->auth.authLevel==UAUTH_User ){
|
||||||
/* Do not allow non-admin users to modify the schema arbitrarily */
|
/* Do not allow non-admin users to modify the schema arbitrarily */
|
||||||
mask &= ~(SQLITE_WriteSchema);
|
mask &= ~(SQLITE_WriteSchema);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -715,20 +715,6 @@ static int sqlite3LockAndPrepare(
|
|||||||
return SQLITE_MISUSE_BKPT;
|
return SQLITE_MISUSE_BKPT;
|
||||||
}
|
}
|
||||||
sqlite3_mutex_enter(db->mutex);
|
sqlite3_mutex_enter(db->mutex);
|
||||||
#if SQLITE_USER_AUTHENTICATION
|
|
||||||
if( db->auth.authLevel<UAUTH_User ){
|
|
||||||
if( db->auth.authLevel==UAUTH_Unknown ){
|
|
||||||
u8 authLevel = UAUTH_Fail;
|
|
||||||
sqlite3UserAuthCheckLogin(db, "main", &authLevel);
|
|
||||||
db->auth.authLevel = authLevel;
|
|
||||||
}
|
|
||||||
if( db->auth.authLevel<UAUTH_User ){
|
|
||||||
sqlite3ErrorWithMsg(db, SQLITE_AUTH_USER, "user not authenticated");
|
|
||||||
sqlite3_mutex_leave(db->mutex);
|
|
||||||
return SQLITE_ERROR;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
sqlite3BtreeEnterAll(db);
|
sqlite3BtreeEnterAll(db);
|
||||||
rc = sqlite3Prepare(db, zSql, nBytes, saveSqlFlag, pOld, ppStmt, pzTail);
|
rc = sqlite3Prepare(db, zSql, nBytes, saveSqlFlag, pOld, ppStmt, pzTail);
|
||||||
if( rc==SQLITE_SCHEMA ){
|
if( rc==SQLITE_SCHEMA ){
|
||||||
|
|||||||
Reference in New Issue
Block a user