Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromium / deps / sqlite / e5f9c6442f4277bc6bc29987cbc3df5c1ff55514 / . / src / auth.c
blob: ca5af14ba805d59eb663ed51dfe1ed2daf8da705 [file] [log] [blame]
drhe6d01c32003-01-12 18:07:48 +0000[diff] [blame]1/*
2** 2003 January 11
3**
4** The author disclaims copyright to this source code. In place of
5** a legal notice, here is a blessing:
6**
7** May you do good and not evil.
8** May you find forgiveness for yourself and forgive others.
9** May you share freely, never taking more than you give.
10**
11*************************************************************************
12** This file contains code used to implement the sqlite_set_authorizer()
13** API. This facility is an optional feature of the library. Embedded
14** systems that do not need this facility may omit it by recompiling
15** the library with -DSQLITE_OMIT_AUTHORIZATION=1
16**
drhe5f9c642003-01-13 23:27:31 +0000[diff] [blame^]17** $Id: auth.c,v 1.3 2003/01/13 23:27:32 drh Exp $
drhe6d01c32003-01-12 18:07:48 +0000[diff] [blame]18*/
19#include "sqliteInt.h"
20
21/*
22** All of the code in this file may be omitted by defining a single
23** macro.
24*/
25#ifndef SQLITE_OMIT_AUTHORIZATION
26
27/*
28** Set or clear the access authorization function.
29**
30** The access authorization function is be called during the compilation
31** phase to verify that the user has read and/or write access permission
32** various fields of the database. The first argument to the auth function
33** is a copy of the 3rd argument to this routine. The second argument
34** to the auth function is one of these constants:
35**
36** SQLITE_READ_COLUMN
37** SQLITE_WRITE_COLUMN
38** SQLITE_DELETE_ROW
39** SQLITE_INSERT_ROW
40**
41** The third and fourth arguments to the auth function are the name of
42** the table and the column that are being accessed. The auth function
43** should return either SQLITE_OK, SQLITE_DENY, or SQLITE_IGNORE. If
44** SQLITE_OK is returned, it means that access is allowed. SQLITE_DENY
45** means that the SQL statement will never-run - the sqlite_exec() call
46** will return with an error. SQLITE_IGNORE means that the SQL statement
47** should run but attempts to read the specified column will return NULL
48** and attempts to write the column will be ignored.
49**
50** Setting the auth function to NULL disables this hook. The default
51** setting of the auth function is NULL.
52*/
53int sqlite_set_authorizer(
54 sqlite *db,
55 int (*xAuth)(void*,int,const char*,const char*),
56 void *pArg
57){
58 db->xAuth = xAuth;
59 db->pAuthArg = pArg;
60 return SQLITE_OK;
61}
62
63/*
64** Write an error message into pParse->zErrMsg that explains that the
65** user-supplied authorization function returned an illegal value.
66*/
67static void sqliteAuthBadReturnCode(Parse *pParse, int rc){
68 char zBuf[20];
69 sprintf(zBuf, "(%d)", rc);
70 sqliteSetString(&pParse->zErrMsg, "illegal return value ", zBuf,
drh1962bda2003-01-12 19:33:52 +0000[diff] [blame]71 " from the authorization function - should be SQLITE_OK, "
drhe6d01c32003-01-12 18:07:48 +0000[diff] [blame]72 "SQLITE_IGNORE, or SQLITE_DENY", 0);
73 pParse->nErr++;
74}
75
76/*
77** The pExpr should be a TK_COLUMN expression. The table referred to
78** is in pTabList with an offset of base. Check to see if it is OK to read
79** this particular column.
80**
81** If the auth function returns SQLITE_IGNORE, change the TK_COLUMN
82** instruction into a TK_NULL. If the auth function returns SQLITE_DENY,
83** then generate an error.
84*/
85void sqliteAuthRead(
86 Parse *pParse, /* The parser context */
87 Expr *pExpr, /* The expression to check authorization on */
88 SrcList *pTabList, /* All table that pExpr might refer to */
89 int base /* Offset of pTabList relative to pExpr */
90){
91 sqlite *db = pParse->db;
92 int rc;
93 Table *pTab;
94 const char *zCol;
95 if( db->xAuth==0 ) return;
96 assert( pExpr->op==TK_COLUMN );
97 assert( pExpr->iTable>=base && pExpr->iTable<base+pTabList->nSrc );
98 pTab = pTabList->a[pExpr->iTable-base].pTab;
99 if( pTab==0 ) return;
100 if( pExpr->iColumn>=0 ){
101 assert( pExpr->iColumn<pTab->nCol );
102 zCol = pTab->aCol[pExpr->iColumn].zName;
103 }else if( pTab->iPKey>=0 ){
104 assert( pTab->iPKey<pTab->nCol );
105 zCol = pTab->aCol[pTab->iPKey].zName;
106 }else{
107 zCol = "ROWID";
108 }
drhe5f9c642003-01-13 23:27:31 +0000[diff] [blame^]109 rc = db->xAuth(db->pAuthArg, SQLITE_READ, pTab->zName, zCol);
drhe6d01c32003-01-12 18:07:48 +0000[diff] [blame]110 if( rc==SQLITE_IGNORE ){
111 pExpr->op = TK_NULL;
112 }else if( rc==SQLITE_DENY ){
113 sqliteSetString(&pParse->zErrMsg,"access to ",
114 pTab->zName, ".", zCol, " is prohibited", 0);
115 pParse->nErr++;
116 }else if( rc!=SQLITE_OK ){
117 sqliteAuthBadReturnCode(pParse, rc);
118 }
119}
120
121/*
drhe5f9c642003-01-13 23:27:31 +0000[diff] [blame^]122** Do an authorization check using the code and arguments given. Return
123** either SQLITE_OK (zero) or SQLITE_IGNORE or SQLITE_DENY. If SQLITE_DENY
124** is returned, then the error count and error message in pParse are
125** modified appropriately.
drhe6d01c32003-01-12 18:07:48 +0000[diff] [blame]126*/
drhe5f9c642003-01-13 23:27:31 +0000[diff] [blame^]127int sqliteAuthCheck(
128 Parse *pParse,
129 int code,
130 const char *zArg1,
131 const char *zArg2
132){
drhe6d01c32003-01-12 18:07:48 +0000[diff] [blame]133 sqlite *db = pParse->db;
134 int rc;
135 if( db->xAuth==0 ){
136 return SQLITE_OK;
137 }
drhe5f9c642003-01-13 23:27:31 +0000[diff] [blame^]138 rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2);
139 if( rc==SQLITE_DENY ){
140 sqliteSetString(&pParse->zErrMsg, "not authorized", 0);
drhe6d01c32003-01-12 18:07:48 +0000[diff] [blame]141 pParse->nErr++;
142 }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){
143 rc = SQLITE_DENY;
144 sqliteAuthBadReturnCode(pParse, rc);
145 }
146 return rc;
147}
148
drhe6d01c32003-01-12 18:07:48 +0000[diff] [blame]149#endif /* SQLITE_OMIT_AUTHORIZATION */