auth.c 8.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249
  1. /*
  2. ** 2003 January 11
  3. **
  4. ** The author disclaims copyright to this source code. In place of
  5. ** a legal notice, here is a blessing:
  6. **
  7. ** May you do good and not evil.
  8. ** May you find forgiveness for yourself and forgive others.
  9. ** May you share freely, never taking more than you give.
  10. **
  11. *************************************************************************
  12. ** This file contains code used to implement the sqlite3_set_authorizer()
  13. ** API. This facility is an optional feature of the library. Embedded
  14. ** systems that do not need this facility may omit it by recompiling
  15. ** the library with -DSQLITE_OMIT_AUTHORIZATION=1
  16. */
  17. #include "sqliteInt.h"
  18. /*
  19. ** All of the code in this file may be omitted by defining a single
  20. ** macro.
  21. */
  22. #ifndef SQLITE_OMIT_AUTHORIZATION
  23. /*
  24. ** Set or clear the access authorization function.
  25. **
  26. ** The access authorization function is be called during the compilation
  27. ** phase to verify that the user has read and/or write access permission on
  28. ** various fields of the database. The first argument to the auth function
  29. ** is a copy of the 3rd argument to this routine. The second argument
  30. ** to the auth function is one of these constants:
  31. **
  32. ** SQLITE_CREATE_INDEX
  33. ** SQLITE_CREATE_TABLE
  34. ** SQLITE_CREATE_TEMP_INDEX
  35. ** SQLITE_CREATE_TEMP_TABLE
  36. ** SQLITE_CREATE_TEMP_TRIGGER
  37. ** SQLITE_CREATE_TEMP_VIEW
  38. ** SQLITE_CREATE_TRIGGER
  39. ** SQLITE_CREATE_VIEW
  40. ** SQLITE_DELETE
  41. ** SQLITE_DROP_INDEX
  42. ** SQLITE_DROP_TABLE
  43. ** SQLITE_DROP_TEMP_INDEX
  44. ** SQLITE_DROP_TEMP_TABLE
  45. ** SQLITE_DROP_TEMP_TRIGGER
  46. ** SQLITE_DROP_TEMP_VIEW
  47. ** SQLITE_DROP_TRIGGER
  48. ** SQLITE_DROP_VIEW
  49. ** SQLITE_INSERT
  50. ** SQLITE_PRAGMA
  51. ** SQLITE_READ
  52. ** SQLITE_SELECT
  53. ** SQLITE_TRANSACTION
  54. ** SQLITE_UPDATE
  55. **
  56. ** The third and fourth arguments to the auth function are the name of
  57. ** the table and the column that are being accessed. The auth function
  58. ** should return either SQLITE_OK, SQLITE_DENY, or SQLITE_IGNORE. If
  59. ** SQLITE_OK is returned, it means that access is allowed. SQLITE_DENY
  60. ** means that the SQL statement will never-run - the sqlite3_exec() call
  61. ** will return with an error. SQLITE_IGNORE means that the SQL statement
  62. ** should run but attempts to read the specified column will return NULL
  63. ** and attempts to write the column will be ignored.
  64. **
  65. ** Setting the auth function to NULL disables this hook. The default
  66. ** setting of the auth function is NULL.
  67. */
  68. int sqlite3_set_authorizer(
  69. sqlite3 *db,
  70. int (*xAuth)(void*,int,const char*,const char*,const char*,const char*),
  71. void *pArg
  72. ){
  73. sqlite3_mutex_enter(db->mutex);
  74. db->xAuth = xAuth;
  75. db->pAuthArg = pArg;
  76. sqlite3ExpirePreparedStatements(db);
  77. sqlite3_mutex_leave(db->mutex);
  78. return SQLITE_OK;
  79. }
  80. /*
  81. ** Write an error message into pParse->zErrMsg that explains that the
  82. ** user-supplied authorization function returned an illegal value.
  83. */
  84. static void sqliteAuthBadReturnCode(Parse *pParse){
  85. sqlite3ErrorMsg(pParse, "authorizer malfunction");
  86. pParse->rc = SQLITE_ERROR;
  87. }
  88. /*
  89. ** Invoke the authorization callback for permission to read column zCol from
  90. ** table zTab in database zDb. This function assumes that an authorization
  91. ** callback has been registered (i.e. that sqlite3.xAuth is not NULL).
  92. **
  93. ** If SQLITE_IGNORE is returned and pExpr is not NULL, then pExpr is changed
  94. ** to an SQL NULL expression. Otherwise, if pExpr is NULL, then SQLITE_IGNORE
  95. ** is treated as SQLITE_DENY. In this case an error is left in pParse.
  96. */
  97. int sqlite3AuthReadCol(
  98. Parse *pParse, /* The parser context */
  99. const char *zTab, /* Table name */
  100. const char *zCol, /* Column name */
  101. int iDb /* Index of containing database. */
  102. ){
  103. sqlite3 *db = pParse->db; /* Database handle */
  104. char *zDb = db->aDb[iDb].zName; /* Name of attached database */
  105. int rc; /* Auth callback return code */
  106. rc = db->xAuth(db->pAuthArg, SQLITE_READ, zTab,zCol,zDb,pParse->zAuthContext);
  107. if( rc==SQLITE_DENY ){
  108. if( db->nDb>2 || iDb!=0 ){
  109. sqlite3ErrorMsg(pParse, "access to %s.%s.%s is prohibited",zDb,zTab,zCol);
  110. }else{
  111. sqlite3ErrorMsg(pParse, "access to %s.%s is prohibited", zTab, zCol);
  112. }
  113. pParse->rc = SQLITE_AUTH;
  114. }else if( rc!=SQLITE_IGNORE && rc!=SQLITE_OK ){
  115. sqliteAuthBadReturnCode(pParse);
  116. }
  117. return rc;
  118. }
  119. /*
  120. ** The pExpr should be a TK_COLUMN expression. The table referred to
  121. ** is in pTabList or else it is the NEW or OLD table of a trigger.
  122. ** Check to see if it is OK to read this particular column.
  123. **
  124. ** If the auth function returns SQLITE_IGNORE, change the TK_COLUMN
  125. ** instruction into a TK_NULL. If the auth function returns SQLITE_DENY,
  126. ** then generate an error.
  127. */
  128. void sqlite3AuthRead(
  129. Parse *pParse, /* The parser context */
  130. Expr *pExpr, /* The expression to check authorization on */
  131. Schema *pSchema, /* The schema of the expression */
  132. SrcList *pTabList /* All table that pExpr might refer to */
  133. ){
  134. sqlite3 *db = pParse->db;
  135. Table *pTab = 0; /* The table being read */
  136. const char *zCol; /* Name of the column of the table */
  137. int iSrc; /* Index in pTabList->a[] of table being read */
  138. int iDb; /* The index of the database the expression refers to */
  139. int iCol; /* Index of column in table */
  140. if( db->xAuth==0 ) return;
  141. iDb = sqlite3SchemaToIndex(pParse->db, pSchema);
  142. if( iDb<0 ){
  143. /* An attempt to read a column out of a subquery or other
  144. ** temporary table. */
  145. return;
  146. }
  147. assert( pExpr->op==TK_COLUMN || pExpr->op==TK_TRIGGER );
  148. if( pExpr->op==TK_TRIGGER ){
  149. pTab = pParse->pTriggerTab;
  150. }else{
  151. assert( pTabList );
  152. for(iSrc=0; ALWAYS(iSrc<pTabList->nSrc); iSrc++){
  153. if( pExpr->iTable==pTabList->a[iSrc].iCursor ){
  154. pTab = pTabList->a[iSrc].pTab;
  155. break;
  156. }
  157. }
  158. }
  159. iCol = pExpr->iColumn;
  160. if( NEVER(pTab==0) ) return;
  161. if( iCol>=0 ){
  162. assert( iCol<pTab->nCol );
  163. zCol = pTab->aCol[iCol].zName;
  164. }else if( pTab->iPKey>=0 ){
  165. assert( pTab->iPKey<pTab->nCol );
  166. zCol = pTab->aCol[pTab->iPKey].zName;
  167. }else{
  168. zCol = "ROWID";
  169. }
  170. assert( iDb>=0 && iDb<db->nDb );
  171. if( SQLITE_IGNORE==sqlite3AuthReadCol(pParse, pTab->zName, zCol, iDb) ){
  172. pExpr->op = TK_NULL;
  173. }
  174. }
  175. /*
  176. ** Do an authorization check using the code and arguments given. Return
  177. ** either SQLITE_OK (zero) or SQLITE_IGNORE or SQLITE_DENY. If SQLITE_DENY
  178. ** is returned, then the error count and error message in pParse are
  179. ** modified appropriately.
  180. */
  181. int sqlite3AuthCheck(
  182. Parse *pParse,
  183. int code,
  184. const char *zArg1,
  185. const char *zArg2,
  186. const char *zArg3
  187. ){
  188. sqlite3 *db = pParse->db;
  189. int rc;
  190. /* Don't do any authorization checks if the database is initialising
  191. ** or if the parser is being invoked from within sqlite3_declare_vtab.
  192. */
  193. if( db->init.busy || IN_DECLARE_VTAB ){
  194. return SQLITE_OK;
  195. }
  196. if( db->xAuth==0 ){
  197. return SQLITE_OK;
  198. }
  199. rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2, zArg3, pParse->zAuthContext);
  200. if( rc==SQLITE_DENY ){
  201. sqlite3ErrorMsg(pParse, "not authorized");
  202. pParse->rc = SQLITE_AUTH;
  203. }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){
  204. rc = SQLITE_DENY;
  205. sqliteAuthBadReturnCode(pParse);
  206. }
  207. return rc;
  208. }
  209. /*
  210. ** Push an authorization context. After this routine is called, the
  211. ** zArg3 argument to authorization callbacks will be zContext until
  212. ** popped. Or if pParse==0, this routine is a no-op.
  213. */
  214. void sqlite3AuthContextPush(
  215. Parse *pParse,
  216. AuthContext *pContext,
  217. const char *zContext
  218. ){
  219. assert( pParse );
  220. pContext->pParse = pParse;
  221. pContext->zAuthContext = pParse->zAuthContext;
  222. pParse->zAuthContext = zContext;
  223. }
  224. /*
  225. ** Pop an authorization context that was previously pushed
  226. ** by sqlite3AuthContextPush
  227. */
  228. void sqlite3AuthContextPop(AuthContext *pContext){
  229. if( pContext->pParse ){
  230. pContext->pParse->zAuthContext = pContext->zAuthContext;
  231. pContext->pParse = 0;
  232. }
  233. }
  234. #endif /* SQLITE_OMIT_AUTHORIZATION */