Enhance the sqlite3_set_authorizer() callback so that it provides callbacks
on each SQL function that is invoked. (CVS 3365)
FossilOrigin-Name: 4547c81f7da29b1490c6eba8d9c333218c5cb88f
diff --git a/src/expr.c b/src/expr.c
index 4e8d322..32fb543 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -12,7 +12,7 @@
** This file contains routines used for analyzing expressions and
** for generating VDBE code that evaluates expressions in SQLite.
**
-** $Id: expr.c,v 1.266 2006/07/11 13:15:08 drh Exp $
+** $Id: expr.c,v 1.267 2006/08/24 14:59:46 drh Exp $
*/
#include "sqliteInt.h"
#include <ctype.h>
@@ -1161,6 +1161,7 @@
int wrong_num_args = 0; /* True if wrong number of arguments */
int is_agg = 0; /* True if is an aggregate function */
int i;
+ int auth; /* Authorization to use the function */
int nId; /* Number of characters in function name */
const char *zId; /* The function name. */
FuncDef *pDef; /* Information about the function */
@@ -1179,6 +1180,18 @@
}else{
is_agg = pDef->xFunc==0;
}
+ if( pDef ){
+ auth = sqlite3AuthCheck(pParse, SQLITE_FUNCTION, 0, pDef->zName, 0);
+ if( auth!=SQLITE_OK ){
+ if( auth==SQLITE_DENY ){
+ sqlite3ErrorMsg(pParse, "not authorized to use function: %s",
+ pDef->zName);
+ pNC->nErr++;
+ }
+ pExpr->op = TK_NULL;
+ return 1;
+ }
+ }
if( is_agg && !pNC->allowAgg ){
sqlite3ErrorMsg(pParse, "misuse of aggregate function %.*s()", nId,zId);
pNC->nErr++;