blob: d38bb836a784fbfab6ab7b03d4e6dd43edc41fa7 [file] [log] [blame]
drhe6d01c32003-01-12 18:07:48 +00001/*
2** 2003 January 11
3**
4** The author disclaims copyright to this source code. In place of
5** a legal notice, here is a blessing:
6**
7** May you do good and not evil.
8** May you find forgiveness for yourself and forgive others.
9** May you share freely, never taking more than you give.
10**
11*************************************************************************
danielk197724b03fd2004-05-10 10:34:34 +000012** This file contains code used to implement the sqlite3_set_authorizer()
drhe6d01c32003-01-12 18:07:48 +000013** API. This facility is an optional feature of the library. Embedded
14** systems that do not need this facility may omit it by recompiling
15** the library with -DSQLITE_OMIT_AUTHORIZATION=1
drhe6d01c32003-01-12 18:07:48 +000016*/
17#include "sqliteInt.h"
18
19/*
20** All of the code in this file may be omitted by defining a single
21** macro.
22*/
23#ifndef SQLITE_OMIT_AUTHORIZATION
24
25/*
26** Set or clear the access authorization function.
27**
28** The access authorization function is be called during the compilation
drh5fe2d8c2003-05-10 03:36:53 +000029** phase to verify that the user has read and/or write access permission on
drhe6d01c32003-01-12 18:07:48 +000030** various fields of the database. The first argument to the auth function
31** is a copy of the 3rd argument to this routine. The second argument
32** to the auth function is one of these constants:
33**
drh5fe2d8c2003-05-10 03:36:53 +000034** SQLITE_CREATE_INDEX
35** SQLITE_CREATE_TABLE
36** SQLITE_CREATE_TEMP_INDEX
37** SQLITE_CREATE_TEMP_TABLE
38** SQLITE_CREATE_TEMP_TRIGGER
39** SQLITE_CREATE_TEMP_VIEW
40** SQLITE_CREATE_TRIGGER
41** SQLITE_CREATE_VIEW
42** SQLITE_DELETE
43** SQLITE_DROP_INDEX
44** SQLITE_DROP_TABLE
45** SQLITE_DROP_TEMP_INDEX
46** SQLITE_DROP_TEMP_TABLE
47** SQLITE_DROP_TEMP_TRIGGER
48** SQLITE_DROP_TEMP_VIEW
49** SQLITE_DROP_TRIGGER
50** SQLITE_DROP_VIEW
51** SQLITE_INSERT
52** SQLITE_PRAGMA
53** SQLITE_READ
54** SQLITE_SELECT
55** SQLITE_TRANSACTION
56** SQLITE_UPDATE
drhe6d01c32003-01-12 18:07:48 +000057**
58** The third and fourth arguments to the auth function are the name of
59** the table and the column that are being accessed. The auth function
60** should return either SQLITE_OK, SQLITE_DENY, or SQLITE_IGNORE. If
61** SQLITE_OK is returned, it means that access is allowed. SQLITE_DENY
danielk197724b03fd2004-05-10 10:34:34 +000062** means that the SQL statement will never-run - the sqlite3_exec() call
drhe6d01c32003-01-12 18:07:48 +000063** will return with an error. SQLITE_IGNORE means that the SQL statement
64** should run but attempts to read the specified column will return NULL
65** and attempts to write the column will be ignored.
66**
67** Setting the auth function to NULL disables this hook. The default
68** setting of the auth function is NULL.
69*/
danielk197724b03fd2004-05-10 10:34:34 +000070int sqlite3_set_authorizer(
drh9bb575f2004-09-06 17:24:11 +000071 sqlite3 *db,
drhe22a3342003-04-22 20:30:37 +000072 int (*xAuth)(void*,int,const char*,const char*,const char*,const char*),
drhe6d01c32003-01-12 18:07:48 +000073 void *pArg
74){
drhb21c8cd2007-08-21 19:33:56 +000075 sqlite3_mutex_enter(db->mutex);
drhe6d01c32003-01-12 18:07:48 +000076 db->xAuth = xAuth;
77 db->pAuthArg = pArg;
drhd89bd002005-01-22 03:03:54 +000078 sqlite3ExpirePreparedStatements(db);
drhb21c8cd2007-08-21 19:33:56 +000079 sqlite3_mutex_leave(db->mutex);
drhe6d01c32003-01-12 18:07:48 +000080 return SQLITE_OK;
81}
82
83/*
84** Write an error message into pParse->zErrMsg that explains that the
85** user-supplied authorization function returned an illegal value.
86*/
drhce9b0152009-05-04 01:58:31 +000087static void sqliteAuthBadReturnCode(Parse *pParse){
88 sqlite3ErrorMsg(pParse, "authorizer malfunction");
drhc60d0442004-09-30 13:43:13 +000089 pParse->rc = SQLITE_ERROR;
drhe6d01c32003-01-12 18:07:48 +000090}
91
92/*
dan47a06342009-10-02 14:23:41 +000093** Invoke the authorization callback for permission to read column zCol from
94** table zTab in database zDb. This function assumes that an authorization
95** callback has been registered (i.e. that sqlite3.xAuth is not NULL).
96**
97** If SQLITE_IGNORE is returned and pExpr is not NULL, then pExpr is changed
98** to an SQL NULL expression. Otherwise, if pExpr is NULL, then SQLITE_IGNORE
99** is treated as SQLITE_DENY. In this case an error is left in pParse.
100*/
dan02470b22009-10-03 07:04:11 +0000101int sqlite3AuthReadCol(
dan47a06342009-10-02 14:23:41 +0000102 Parse *pParse, /* The parser context */
103 const char *zTab, /* Table name */
104 const char *zCol, /* Column name */
dan02470b22009-10-03 07:04:11 +0000105 int iDb /* Index of containing database. */
dan47a06342009-10-02 14:23:41 +0000106){
107 sqlite3 *db = pParse->db; /* Database handle */
108 char *zDb = db->aDb[iDb].zName; /* Name of attached database */
109 int rc; /* Auth callback return code */
110
111 rc = db->xAuth(db->pAuthArg, SQLITE_READ, zTab,zCol,zDb,pParse->zAuthContext);
dan02470b22009-10-03 07:04:11 +0000112 if( rc==SQLITE_DENY ){
dan47a06342009-10-02 14:23:41 +0000113 if( db->nDb>2 || iDb!=0 ){
114 sqlite3ErrorMsg(pParse, "access to %s.%s.%s is prohibited",zDb,zTab,zCol);
115 }else{
116 sqlite3ErrorMsg(pParse, "access to %s.%s is prohibited", zTab, zCol);
117 }
118 pParse->rc = SQLITE_AUTH;
dan02470b22009-10-03 07:04:11 +0000119 }else if( rc!=SQLITE_IGNORE && rc!=SQLITE_OK ){
120 sqliteAuthBadReturnCode(pParse);
dan47a06342009-10-02 14:23:41 +0000121 }
dan02470b22009-10-03 07:04:11 +0000122 return rc;
dan47a06342009-10-02 14:23:41 +0000123}
124
125/*
drhe6d01c32003-01-12 18:07:48 +0000126** The pExpr should be a TK_COLUMN expression. The table referred to
drh6a3ea0e2003-05-02 14:32:12 +0000127** is in pTabList or else it is the NEW or OLD table of a trigger.
128** Check to see if it is OK to read this particular column.
drhe6d01c32003-01-12 18:07:48 +0000129**
130** If the auth function returns SQLITE_IGNORE, change the TK_COLUMN
131** instruction into a TK_NULL. If the auth function returns SQLITE_DENY,
132** then generate an error.
133*/
danielk19774adee202004-05-08 08:23:19 +0000134void sqlite3AuthRead(
drhe6d01c32003-01-12 18:07:48 +0000135 Parse *pParse, /* The parser context */
136 Expr *pExpr, /* The expression to check authorization on */
drh728b5772007-09-18 15:55:07 +0000137 Schema *pSchema, /* The schema of the expression */
drh6a3ea0e2003-05-02 14:32:12 +0000138 SrcList *pTabList /* All table that pExpr might refer to */
drhe6d01c32003-01-12 18:07:48 +0000139){
drh9bb575f2004-09-06 17:24:11 +0000140 sqlite3 *db = pParse->db;
danielk1977880c15b2007-09-01 18:24:55 +0000141 Table *pTab = 0; /* The table being read */
drh027850b2003-04-16 20:24:52 +0000142 const char *zCol; /* Name of the column of the table */
143 int iSrc; /* Index in pTabList->a[] of table being read */
danielk1977da184232006-01-05 11:34:32 +0000144 int iDb; /* The index of the database the expression refers to */
dan2bd93512009-08-31 08:22:46 +0000145 int iCol; /* Index of column in table */
drh027850b2003-04-16 20:24:52 +0000146
drhe6d01c32003-01-12 18:07:48 +0000147 if( db->xAuth==0 ) return;
drh728b5772007-09-18 15:55:07 +0000148 iDb = sqlite3SchemaToIndex(pParse->db, pSchema);
drha3e4d962006-01-13 13:55:44 +0000149 if( iDb<0 ){
150 /* An attempt to read a column out of a subquery or other
151 ** temporary table. */
152 return;
153 }
dan2bd93512009-08-31 08:22:46 +0000154
155 assert( pExpr->op==TK_COLUMN || pExpr->op==TK_TRIGGER );
156 if( pExpr->op==TK_TRIGGER ){
157 pTab = pParse->pTriggerTab;
158 }else{
159 assert( pTabList );
drh3e9ca092009-09-08 01:14:48 +0000160 for(iSrc=0; ALWAYS(iSrc<pTabList->nSrc); iSrc++){
danielk197734acdc92009-07-02 18:40:34 +0000161 if( pExpr->iTable==pTabList->a[iSrc].iCursor ){
162 pTab = pTabList->a[iSrc].pTab;
dan2bd93512009-08-31 08:22:46 +0000163 break;
danielk197734acdc92009-07-02 18:40:34 +0000164 }
drheba661f2009-05-04 18:01:39 +0000165 }
danielk197734acdc92009-07-02 18:40:34 +0000166 }
dan2bd93512009-08-31 08:22:46 +0000167 iCol = pExpr->iColumn;
drheba661f2009-05-04 18:01:39 +0000168 if( NEVER(pTab==0) ) return;
dan2bd93512009-08-31 08:22:46 +0000169
170 if( iCol>=0 ){
171 assert( iCol<pTab->nCol );
172 zCol = pTab->aCol[iCol].zName;
drhe6d01c32003-01-12 18:07:48 +0000173 }else if( pTab->iPKey>=0 ){
174 assert( pTab->iPKey<pTab->nCol );
175 zCol = pTab->aCol[pTab->iPKey].zName;
176 }else{
177 zCol = "ROWID";
178 }
drha3e4d962006-01-13 13:55:44 +0000179 assert( iDb>=0 && iDb<db->nDb );
dan02470b22009-10-03 07:04:11 +0000180 if( SQLITE_IGNORE==sqlite3AuthReadCol(pParse, pTab->zName, zCol, iDb) ){
181 pExpr->op = TK_NULL;
182 }
drhe6d01c32003-01-12 18:07:48 +0000183}
184
185/*
drhe5f9c642003-01-13 23:27:31 +0000186** Do an authorization check using the code and arguments given. Return
187** either SQLITE_OK (zero) or SQLITE_IGNORE or SQLITE_DENY. If SQLITE_DENY
188** is returned, then the error count and error message in pParse are
189** modified appropriately.
drhe6d01c32003-01-12 18:07:48 +0000190*/
danielk19774adee202004-05-08 08:23:19 +0000191int sqlite3AuthCheck(
drhe5f9c642003-01-13 23:27:31 +0000192 Parse *pParse,
193 int code,
194 const char *zArg1,
drhe22a3342003-04-22 20:30:37 +0000195 const char *zArg2,
196 const char *zArg3
drhe5f9c642003-01-13 23:27:31 +0000197){
drh9bb575f2004-09-06 17:24:11 +0000198 sqlite3 *db = pParse->db;
drhe6d01c32003-01-12 18:07:48 +0000199 int rc;
drhe22a3342003-04-22 20:30:37 +0000200
danielk1977f1a381e2006-06-16 08:01:02 +0000201 /* Don't do any authorization checks if the database is initialising
202 ** or if the parser is being invoked from within sqlite3_declare_vtab.
203 */
204 if( db->init.busy || IN_DECLARE_VTAB ){
danielk197766b978a2004-06-14 11:35:17 +0000205 return SQLITE_OK;
206 }
207
drhe6d01c32003-01-12 18:07:48 +0000208 if( db->xAuth==0 ){
209 return SQLITE_OK;
210 }
drh5cf590c2003-04-24 01:45:04 +0000211 rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2, zArg3, pParse->zAuthContext);
drhe5f9c642003-01-13 23:27:31 +0000212 if( rc==SQLITE_DENY ){
danielk19774adee202004-05-08 08:23:19 +0000213 sqlite3ErrorMsg(pParse, "not authorized");
drhdcd997e2003-01-31 17:21:49 +0000214 pParse->rc = SQLITE_AUTH;
drhe6d01c32003-01-12 18:07:48 +0000215 }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){
216 rc = SQLITE_DENY;
drhce9b0152009-05-04 01:58:31 +0000217 sqliteAuthBadReturnCode(pParse);
drhe6d01c32003-01-12 18:07:48 +0000218 }
219 return rc;
220}
221
drh85e20962003-04-25 17:52:11 +0000222/*
223** Push an authorization context. After this routine is called, the
224** zArg3 argument to authorization callbacks will be zContext until
225** popped. Or if pParse==0, this routine is a no-op.
226*/
danielk19774adee202004-05-08 08:23:19 +0000227void sqlite3AuthContextPush(
drh85e20962003-04-25 17:52:11 +0000228 Parse *pParse,
229 AuthContext *pContext,
230 const char *zContext
231){
drheba661f2009-05-04 18:01:39 +0000232 assert( pParse );
drh85e20962003-04-25 17:52:11 +0000233 pContext->pParse = pParse;
drheba661f2009-05-04 18:01:39 +0000234 pContext->zAuthContext = pParse->zAuthContext;
235 pParse->zAuthContext = zContext;
drh85e20962003-04-25 17:52:11 +0000236}
237
238/*
239** Pop an authorization context that was previously pushed
danielk19774adee202004-05-08 08:23:19 +0000240** by sqlite3AuthContextPush
drh85e20962003-04-25 17:52:11 +0000241*/
danielk19774adee202004-05-08 08:23:19 +0000242void sqlite3AuthContextPop(AuthContext *pContext){
drh85e20962003-04-25 17:52:11 +0000243 if( pContext->pParse ){
244 pContext->pParse->zAuthContext = pContext->zAuthContext;
245 pContext->pParse = 0;
246 }
247}
248
drhe6d01c32003-01-12 18:07:48 +0000249#endif /* SQLITE_OMIT_AUTHORIZATION */