Hello, This email contains a patch that introduces a new authorizer action code: SQLITE_READ_TABLE.
The goal of this new action code is to fill a hole in the current authorization API, which does not tell about all tables read by a statement. For example, the statement "SELECT COUNT(*) FROM table1" currently invokes the callback twice: SQLITE_SELECT, SQLITE_FUNCTION. Nothing is said about table1. With the provided patch, we add a third invocation of the callback, with the new code SQLITE_READ_TABLE. Its 3d parameter is "table1", and the schema name is the 5th parameter. Following the current practice which calls sqlite3AuthCheck() during the parsing phase, I have added a call to sqlite3AuthCheck() in the selectExpander() function, right after the call to sqlite3LocateTableItem(). Basically, for each table used by the select statement, either it is not found by sqlite3LocateTableItem(), either it has to be authorized by the authorization callback. I'm not familiar with the way code and feature requests are handled within the SQLite community. If you are interested about this patch, let me know how I can help! Gwendal Roué $ fossil info project-name: SQLite repository: /Users/groue/Documents/git/sqlite/sqlite.fossil local-root: /Users/groue/Documents/git/sqlite/ config-db: /Users/groue/.fossil project-code: 2ab58778c2967968b94284e989e43dc11791f548 checkout: b9a58daca80a815e87e541cb5fff9bc8b93f131d 2017-05-04 11:13:50 UTC parent: e24b73820cdca07eee87853fe6dd9f60d76e039e 2017-05-03 19:36:50 UTC tags: trunk comment: Fix a collision of the "B0" identifier name between the termios.h header file and the SHA3 implementation in the shell. (user: drh) check-ins: 18701 $ fossil diff Index: src/select.c ================================================================== --- src/select.c +++ src/select.c @@ -10,10 +10,11 @@ ** ************************************************************************* ** This file contains C code routines that are called by the parser ** to handle SELECT statements in SQLite. */ +#include <stdio.h> #include "sqliteInt.h" /* ** Trace output macros */ @@ -4370,10 +4371,14 @@ }else{ /* An ordinary table or view name in the FROM clause */ assert( pFrom->pTab==0 ); pFrom->pTab = pTab = sqlite3LocateTableItem(pParse, 0, pFrom); if( pTab==0 ) return WRC_Abort; + int iDb = sqlite3SchemaToIndex(db, pTab->pSchema); + if( sqlite3AuthCheck(pParse, SQLITE_READ_TABLE, pTab->zName, 0, db->aDb[iDb].zDbSName) ){ + return WRC_Abort; + } if( pTab->nTabRef>=0xffff ){ sqlite3ErrorMsg(pParse, "too many references to \"%s\": max 65535", pTab->zName); pFrom->pTab = 0; return WRC_Abort; Index: src/sqlite.h.in ================================================================== --- src/sqlite.h.in +++ src/sqlite.h.in @@ -2824,10 +2824,11 @@ #define SQLITE_DROP_VTABLE 30 /* Table Name Module Name */ #define SQLITE_FUNCTION 31 /* NULL Function Name */ #define SQLITE_SAVEPOINT 32 /* Operation Savepoint Name */ #define SQLITE_COPY 0 /* No longer used */ #define SQLITE_RECURSIVE 33 /* NULL NULL */ +#define SQLITE_READ_TABLE 34 /* Table Name NULL */ /* ** CAPI3REF: Tracing And Profiling Functions ** METHOD: sqlite3 ** _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users