1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/persistentdata/persistentstorage/sql/SQLite/auth.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,234 @@
1.4 +/*
1.5 +** 2003 January 11
1.6 +**
1.7 +** The author disclaims copyright to this source code. In place of
1.8 +** a legal notice, here is a blessing:
1.9 +**
1.10 +** May you do good and not evil.
1.11 +** May you find forgiveness for yourself and forgive others.
1.12 +** May you share freely, never taking more than you give.
1.13 +**
1.14 +*************************************************************************
1.15 +** This file contains code used to implement the sqlite3_set_authorizer()
1.16 +** API. This facility is an optional feature of the library. Embedded
1.17 +** systems that do not need this facility may omit it by recompiling
1.18 +** the library with -DSQLITE_OMIT_AUTHORIZATION=1
1.19 +**
1.20 +** $Id: auth.c,v 1.29 2007/09/18 15:55:07 drh Exp $
1.21 +*/
1.22 +#include "sqliteInt.h"
1.23 +
1.24 +/*
1.25 +** All of the code in this file may be omitted by defining a single
1.26 +** macro.
1.27 +*/
1.28 +#ifndef SQLITE_OMIT_AUTHORIZATION
1.29 +
1.30 +/*
1.31 +** Set or clear the access authorization function.
1.32 +**
1.33 +** The access authorization function is be called during the compilation
1.34 +** phase to verify that the user has read and/or write access permission on
1.35 +** various fields of the database. The first argument to the auth function
1.36 +** is a copy of the 3rd argument to this routine. The second argument
1.37 +** to the auth function is one of these constants:
1.38 +**
1.39 +** SQLITE_CREATE_INDEX
1.40 +** SQLITE_CREATE_TABLE
1.41 +** SQLITE_CREATE_TEMP_INDEX
1.42 +** SQLITE_CREATE_TEMP_TABLE
1.43 +** SQLITE_CREATE_TEMP_TRIGGER
1.44 +** SQLITE_CREATE_TEMP_VIEW
1.45 +** SQLITE_CREATE_TRIGGER
1.46 +** SQLITE_CREATE_VIEW
1.47 +** SQLITE_DELETE
1.48 +** SQLITE_DROP_INDEX
1.49 +** SQLITE_DROP_TABLE
1.50 +** SQLITE_DROP_TEMP_INDEX
1.51 +** SQLITE_DROP_TEMP_TABLE
1.52 +** SQLITE_DROP_TEMP_TRIGGER
1.53 +** SQLITE_DROP_TEMP_VIEW
1.54 +** SQLITE_DROP_TRIGGER
1.55 +** SQLITE_DROP_VIEW
1.56 +** SQLITE_INSERT
1.57 +** SQLITE_PRAGMA
1.58 +** SQLITE_READ
1.59 +** SQLITE_SELECT
1.60 +** SQLITE_TRANSACTION
1.61 +** SQLITE_UPDATE
1.62 +**
1.63 +** The third and fourth arguments to the auth function are the name of
1.64 +** the table and the column that are being accessed. The auth function
1.65 +** should return either SQLITE_OK, SQLITE_DENY, or SQLITE_IGNORE. If
1.66 +** SQLITE_OK is returned, it means that access is allowed. SQLITE_DENY
1.67 +** means that the SQL statement will never-run - the sqlite3_exec() call
1.68 +** will return with an error. SQLITE_IGNORE means that the SQL statement
1.69 +** should run but attempts to read the specified column will return NULL
1.70 +** and attempts to write the column will be ignored.
1.71 +**
1.72 +** Setting the auth function to NULL disables this hook. The default
1.73 +** setting of the auth function is NULL.
1.74 +*/
1.75 +int sqlite3_set_authorizer(
1.76 + sqlite3 *db,
1.77 + int (*xAuth)(void*,int,const char*,const char*,const char*,const char*),
1.78 + void *pArg
1.79 +){
1.80 + sqlite3_mutex_enter(db->mutex);
1.81 + db->xAuth = xAuth;
1.82 + db->pAuthArg = pArg;
1.83 + sqlite3ExpirePreparedStatements(db);
1.84 + sqlite3_mutex_leave(db->mutex);
1.85 + return SQLITE_OK;
1.86 +}
1.87 +
1.88 +/*
1.89 +** Write an error message into pParse->zErrMsg that explains that the
1.90 +** user-supplied authorization function returned an illegal value.
1.91 +*/
1.92 +static void sqliteAuthBadReturnCode(Parse *pParse, int rc){
1.93 + sqlite3ErrorMsg(pParse, "illegal return value (%d) from the "
1.94 + "authorization function - should be SQLITE_OK, SQLITE_IGNORE, "
1.95 + "or SQLITE_DENY", rc);
1.96 + pParse->rc = SQLITE_ERROR;
1.97 +}
1.98 +
1.99 +/*
1.100 +** The pExpr should be a TK_COLUMN expression. The table referred to
1.101 +** is in pTabList or else it is the NEW or OLD table of a trigger.
1.102 +** Check to see if it is OK to read this particular column.
1.103 +**
1.104 +** If the auth function returns SQLITE_IGNORE, change the TK_COLUMN
1.105 +** instruction into a TK_NULL. If the auth function returns SQLITE_DENY,
1.106 +** then generate an error.
1.107 +*/
1.108 +void sqlite3AuthRead(
1.109 + Parse *pParse, /* The parser context */
1.110 + Expr *pExpr, /* The expression to check authorization on */
1.111 + Schema *pSchema, /* The schema of the expression */
1.112 + SrcList *pTabList /* All table that pExpr might refer to */
1.113 +){
1.114 + sqlite3 *db = pParse->db;
1.115 + int rc;
1.116 + Table *pTab = 0; /* The table being read */
1.117 + const char *zCol; /* Name of the column of the table */
1.118 + int iSrc; /* Index in pTabList->a[] of table being read */
1.119 + const char *zDBase; /* Name of database being accessed */
1.120 + TriggerStack *pStack; /* The stack of current triggers */
1.121 + int iDb; /* The index of the database the expression refers to */
1.122 +
1.123 + if( db->xAuth==0 ) return;
1.124 + if( pExpr->op!=TK_COLUMN ) return;
1.125 + iDb = sqlite3SchemaToIndex(pParse->db, pSchema);
1.126 + if( iDb<0 ){
1.127 + /* An attempt to read a column out of a subquery or other
1.128 + ** temporary table. */
1.129 + return;
1.130 + }
1.131 + for(iSrc=0; pTabList && iSrc<pTabList->nSrc; iSrc++){
1.132 + if( pExpr->iTable==pTabList->a[iSrc].iCursor ) break;
1.133 + }
1.134 + if( iSrc>=0 && pTabList && iSrc<pTabList->nSrc ){
1.135 + pTab = pTabList->a[iSrc].pTab;
1.136 + }else if( (pStack = pParse->trigStack)!=0 ){
1.137 + /* This must be an attempt to read the NEW or OLD pseudo-tables
1.138 + ** of a trigger.
1.139 + */
1.140 + assert( pExpr->iTable==pStack->newIdx || pExpr->iTable==pStack->oldIdx );
1.141 + pTab = pStack->pTab;
1.142 + }
1.143 + if( pTab==0 ) return;
1.144 + if( pExpr->iColumn>=0 ){
1.145 + assert( pExpr->iColumn<pTab->nCol );
1.146 + zCol = pTab->aCol[pExpr->iColumn].zName;
1.147 + }else if( pTab->iPKey>=0 ){
1.148 + assert( pTab->iPKey<pTab->nCol );
1.149 + zCol = pTab->aCol[pTab->iPKey].zName;
1.150 + }else{
1.151 + zCol = "ROWID";
1.152 + }
1.153 + assert( iDb>=0 && iDb<db->nDb );
1.154 + zDBase = db->aDb[iDb].zName;
1.155 + rc = db->xAuth(db->pAuthArg, SQLITE_READ, pTab->zName, zCol, zDBase,
1.156 + pParse->zAuthContext);
1.157 + if( rc==SQLITE_IGNORE ){
1.158 + pExpr->op = TK_NULL;
1.159 + }else if( rc==SQLITE_DENY ){
1.160 + if( db->nDb>2 || iDb!=0 ){
1.161 + sqlite3ErrorMsg(pParse, "access to %s.%s.%s is prohibited",
1.162 + zDBase, pTab->zName, zCol);
1.163 + }else{
1.164 + sqlite3ErrorMsg(pParse, "access to %s.%s is prohibited",pTab->zName,zCol);
1.165 + }
1.166 + pParse->rc = SQLITE_AUTH;
1.167 + }else if( rc!=SQLITE_OK ){
1.168 + sqliteAuthBadReturnCode(pParse, rc);
1.169 + }
1.170 +}
1.171 +
1.172 +/*
1.173 +** Do an authorization check using the code and arguments given. Return
1.174 +** either SQLITE_OK (zero) or SQLITE_IGNORE or SQLITE_DENY. If SQLITE_DENY
1.175 +** is returned, then the error count and error message in pParse are
1.176 +** modified appropriately.
1.177 +*/
1.178 +int sqlite3AuthCheck(
1.179 + Parse *pParse,
1.180 + int code,
1.181 + const char *zArg1,
1.182 + const char *zArg2,
1.183 + const char *zArg3
1.184 +){
1.185 + sqlite3 *db = pParse->db;
1.186 + int rc;
1.187 +
1.188 + /* Don't do any authorization checks if the database is initialising
1.189 + ** or if the parser is being invoked from within sqlite3_declare_vtab.
1.190 + */
1.191 + if( db->init.busy || IN_DECLARE_VTAB ){
1.192 + return SQLITE_OK;
1.193 + }
1.194 +
1.195 + if( db->xAuth==0 ){
1.196 + return SQLITE_OK;
1.197 + }
1.198 + rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2, zArg3, pParse->zAuthContext);
1.199 + if( rc==SQLITE_DENY ){
1.200 + sqlite3ErrorMsg(pParse, "not authorized");
1.201 + pParse->rc = SQLITE_AUTH;
1.202 + }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){
1.203 + rc = SQLITE_DENY;
1.204 + sqliteAuthBadReturnCode(pParse, rc);
1.205 + }
1.206 + return rc;
1.207 +}
1.208 +
1.209 +/*
1.210 +** Push an authorization context. After this routine is called, the
1.211 +** zArg3 argument to authorization callbacks will be zContext until
1.212 +** popped. Or if pParse==0, this routine is a no-op.
1.213 +*/
1.214 +void sqlite3AuthContextPush(
1.215 + Parse *pParse,
1.216 + AuthContext *pContext,
1.217 + const char *zContext
1.218 +){
1.219 + pContext->pParse = pParse;
1.220 + if( pParse ){
1.221 + pContext->zAuthContext = pParse->zAuthContext;
1.222 + pParse->zAuthContext = zContext;
1.223 + }
1.224 +}
1.225 +
1.226 +/*
1.227 +** Pop an authorization context that was previously pushed
1.228 +** by sqlite3AuthContextPush
1.229 +*/
1.230 +void sqlite3AuthContextPop(AuthContext *pContext){
1.231 + if( pContext->pParse ){
1.232 + pContext->pParse->zAuthContext = pContext->zAuthContext;
1.233 + pContext->pParse = 0;
1.234 + }
1.235 +}
1.236 +
1.237 +#endif /* SQLITE_OMIT_AUTHORIZATION */