/*** 2003 January 11**** The author disclaims copyright to this source code. In place of** a legal notice, here is a blessing:**** May you do good and not evil.** May you find forgiveness for yourself and forgive others.** May you share freely, never taking more than you give.***************************************************************************** This file contains code used to implement the sqlite3_set_authorizer()** API. This facility is an optional feature of the library. Embedded** systems that do not need this facility may omit it by recompiling** the library with -DSQLITE_OMIT_AUTHORIZATION=1*/#include "sqliteInt.h"/*** All of the code in this file may be omitted by defining a single** macro.*/#ifndef SQLITE_OMIT_AUTHORIZATION/*** Set or clear the access authorization function.**** The access authorization function is be called during the compilation** phase to verify that the user has read and/or write access permission on** various fields of the database. The first argument to the auth function** is a copy of the 3rd argument to this routine. The second argument** to the auth function is one of these constants:**** SQLITE_CREATE_INDEX** SQLITE_CREATE_TABLE** SQLITE_CREATE_TEMP_INDEX** SQLITE_CREATE_TEMP_TABLE** SQLITE_CREATE_TEMP_TRIGGER** SQLITE_CREATE_TEMP_VIEW** SQLITE_CREATE_TRIGGER** SQLITE_CREATE_VIEW** SQLITE_DELETE** SQLITE_DROP_INDEX** SQLITE_DROP_TABLE** SQLITE_DROP_TEMP_INDEX** SQLITE_DROP_TEMP_TABLE** SQLITE_DROP_TEMP_TRIGGER** SQLITE_DROP_TEMP_VIEW** SQLITE_DROP_TRIGGER** SQLITE_DROP_VIEW** SQLITE_INSERT** SQLITE_PRAGMA** SQLITE_READ** SQLITE_SELECT** SQLITE_TRANSACTION** SQLITE_UPDATE**** The third and fourth arguments to the auth function are the name of** the table and the column that are being accessed. The auth function** should return either SQLITE_OK, SQLITE_DENY, or SQLITE_IGNORE. If** SQLITE_OK is returned, it means that access is allowed. SQLITE_DENY** means that the SQL statement will never-run - the sqlite3_exec() call** will return with an error. SQLITE_IGNORE means that the SQL statement** should run but attempts to read the specified column will return NULL** and attempts to write the column will be ignored.**** Setting the auth function to NULL disables this hook. The default** setting of the auth function is NULL.*/int sqlite3_set_authorizer(sqlite3 *db,int (*xAuth)(void*,int,const char*,const char*,const char*,const char*),void *pArg){#ifdef SQLITE_ENABLE_API_ARMORif( !sqlite3SafetyCheckOk(db) ) return SQLITE_MISUSE_BKPT;#endifsqlite3_mutex_enter(db->mutex);db->xAuth = (sqlite3_xauth)xAuth;db->pAuthArg = pArg;if( db->xAuth ) sqlite3ExpirePreparedStatements(db, 1);sqlite3_mutex_leave(db->mutex);return SQLITE_OK;}/*** Write an error message into pParse->zErrMsg that explains that the** user-supplied authorization function returned an illegal value.*/static void sqliteAuthBadReturnCode(Parse *pParse){sqlite3ErrorMsg(pParse, "authorizer malfunction");pParse->rc = SQLITE_ERROR;}/*** Invoke the authorization callback for permission to read column zCol from** table zTab in database zDb. This function assumes that an authorization** callback has been registered (i.e. that sqlite3.xAuth is not NULL).**** If SQLITE_IGNORE is returned and pExpr is not NULL, then pExpr is changed** to an SQL NULL expression. Otherwise, if pExpr is NULL, then SQLITE_IGNORE** is treated as SQLITE_DENY. In this case an error is left in pParse.*/int sqlite3AuthReadCol(Parse *pParse, /* The parser context */const char *zTab, /* Table name */const char *zCol, /* Column name */int iDb /* Index of containing database. */){sqlite3 *db = pParse->db; /* Database handle */char *zDb = db->aDb[iDb].zDbSName; /* Schema name of attached database */int rc; /* Auth callback return code */if( db->init.busy ) return SQLITE_OK;rc = db->xAuth(db->pAuthArg, SQLITE_READ, zTab,zCol,zDb,pParse->zAuthContext#ifdef SQLITE_USER_AUTHENTICATION,db->auth.zAuthUser#endif);if( rc==SQLITE_DENY ){char *z = sqlite3_mprintf("%s.%s", zTab, zCol);if( db->nDb>2 || iDb!=0 ) z = sqlite3_mprintf("%s.%z", zDb, z);sqlite3ErrorMsg(pParse, "access to %z is prohibited", z);pParse->rc = SQLITE_AUTH;}else if( rc!=SQLITE_IGNORE && rc!=SQLITE_OK ){sqliteAuthBadReturnCode(pParse);}return rc;}/*** The pExpr should be a TK_COLUMN expression. The table referred to** is in pTabList or else it is the NEW or OLD table of a trigger.** Check to see if it is OK to read this particular column.**** If the auth function returns SQLITE_IGNORE, change the TK_COLUMN** instruction into a TK_NULL. If the auth function returns SQLITE_DENY,** then generate an error.*/void sqlite3AuthRead(Parse *pParse, /* The parser context */Expr *pExpr, /* The expression to check authorization on */Schema *pSchema, /* The schema of the expression */SrcList *pTabList /* All table that pExpr might refer to */){Table *pTab = 0; /* The table being read */const char *zCol; /* Name of the column of the table */int iSrc; /* Index in pTabList->a[] of table being read */int iDb; /* The index of the database the expression refers to */int iCol; /* Index of column in table */assert( pExpr->op==TK_COLUMN || pExpr->op==TK_TRIGGER );assert( !IN_RENAME_OBJECT );assert( pParse->db->xAuth!=0 );iDb = sqlite3SchemaToIndex(pParse->db, pSchema);if( iDb<0 ){/* An attempt to read a column out of a subquery or other** temporary table. */return;}if( pExpr->op==TK_TRIGGER ){pTab = pParse->pTriggerTab;}else{assert( pTabList );for(iSrc=0; iSrc<pTabList->nSrc; iSrc++){if( pExpr->iTable==pTabList->a[iSrc].iCursor ){pTab = pTabList->a[iSrc].pTab;break;}}}iCol = pExpr->iColumn;if( pTab==0 ) return;if( iCol>=0 ){assert( iCol<pTab->nCol );zCol = pTab->aCol[iCol].zCnName;}else if( pTab->iPKey>=0 ){assert( pTab->iPKey<pTab->nCol );zCol = pTab->aCol[pTab->iPKey].zCnName;}else{zCol = "ROWID";}assert( iDb>=0 && iDb<pParse->db->nDb );if( SQLITE_IGNORE==sqlite3AuthReadCol(pParse, pTab->zName, zCol, iDb) ){pExpr->op = TK_NULL;}}/*** Do an authorization check using the code and arguments given. Return** either SQLITE_OK (zero) or SQLITE_IGNORE or SQLITE_DENY. If SQLITE_DENY** is returned, then the error count and error message in pParse are** modified appropriately.*/int sqlite3AuthCheck(Parse *pParse,int code,const char *zArg1,const char *zArg2,const char *zArg3){sqlite3 *db = pParse->db;int rc;/* Don't do any authorization checks if the database is initializing** or if the parser is being invoked from within sqlite3_declare_vtab.*/assert( !IN_RENAME_OBJECT || db->xAuth==0 );if( db->xAuth==0 || db->init.busy || IN_SPECIAL_PARSE ){return SQLITE_OK;}/* EVIDENCE-OF: R-43249-19882 The third through sixth parameters to the** callback are either NULL pointers or zero-terminated strings that** contain additional details about the action to be authorized.**** The following testcase() macros show that any of the 3rd through 6th** parameters can be either NULL or a string. */testcase( zArg1==0 );testcase( zArg2==0 );testcase( zArg3==0 );testcase( pParse->zAuthContext==0 );rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2, zArg3, pParse->zAuthContext#ifdef SQLITE_USER_AUTHENTICATION,db->auth.zAuthUser#endif);if( rc==SQLITE_DENY ){sqlite3ErrorMsg(pParse, "not authorized");pParse->rc = SQLITE_AUTH;}else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){rc = SQLITE_DENY;sqliteAuthBadReturnCode(pParse);}return rc;}/*** Push an authorization context. After this routine is called, the** zArg3 argument to authorization callbacks will be zContext until** popped. Or if pParse==0, this routine is a no-op.*/void sqlite3AuthContextPush(Parse *pParse,AuthContext *pContext,const char *zContext){assert( pParse );pContext->pParse = pParse;pContext->zAuthContext = pParse->zAuthContext;pParse->zAuthContext = zContext;}/*** Pop an authorization context that was previously pushed** by sqlite3AuthContextPush*/void sqlite3AuthContextPop(AuthContext *pContext){if( pContext->pParse ){pContext->pParse->zAuthContext = pContext->zAuthContext;pContext->pParse = 0;}}#endif /* SQLITE_OMIT_AUTHORIZATION */
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。