Hello,
This email contains a patch that introduces a new authorizer action code:
SQLITE_READ_TABLE.
The goal of this new action code is to fill a hole in the current authorization
API, which does not tell about all tables read by a statement. For example, the
statement "SELECT COUNT(*) FROM table1" currently invokes the callback twice:
SQLITE_SELECT, SQLITE_FUNCTION. Nothing is said about table1.
With the provided patch, we add a third invocation of the callback, with the
new code SQLITE_READ_TABLE. Its 3d parameter is "table1", and the schema name
is the 5th parameter.
Following the current practice which calls sqlite3AuthCheck() during the
parsing phase, I have added a call to sqlite3AuthCheck() in the
selectExpander() function, right after the call to sqlite3LocateTableItem().
Basically, for each table used by the select statement, either it is not found
by sqlite3LocateTableItem(), either it has to be authorized by the
authorization callback.
I'm not familiar with the way code and feature requests are handled within the
SQLite community. If you are interested about this patch, let me know how I can
help!
Gwendal Roué
$ fossil info
project-name: SQLite
repository: /Users/groue/Documents/git/sqlite/sqlite.fossil
local-root: /Users/groue/Documents/git/sqlite/
config-db: /Users/groue/.fossil
project-code: 2ab58778c2967968b94284e989e43dc11791f548
checkout: b9a58daca80a815e87e541cb5fff9bc8b93f131d 2017-05-04 11:13:50 UTC
parent: e24b73820cdca07eee87853fe6dd9f60d76e039e 2017-05-03 19:36:50 UTC
tags: trunk
comment: Fix a collision of the "B0" identifier name between the termios.h
header file and the SHA3 implementation in the shell. (user: drh)
check-ins: 18701
$ fossil diff
Index: src/select.c
==================================================================
--- src/select.c
+++ src/select.c
@@ -10,10 +10,11 @@
**
*************************************************************************
** This file contains C code routines that are called by the parser
** to handle SELECT statements in SQLite.
*/
+#include <stdio.h>
#include "sqliteInt.h"
/*
** Trace output macros
*/
@@ -4370,10 +4371,14 @@
}else{
/* An ordinary table or view name in the FROM clause */
assert( pFrom->pTab==0 );
pFrom->pTab = pTab = sqlite3LocateTableItem(pParse, 0, pFrom);
if( pTab==0 ) return WRC_Abort;
+ int iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
+ if( sqlite3AuthCheck(pParse, SQLITE_READ_TABLE, pTab->zName, 0,
db->aDb[iDb].zDbSName) ){
+ return WRC_Abort;
+ }
if( pTab->nTabRef>=0xffff ){
sqlite3ErrorMsg(pParse, "too many references to \"%s\": max 65535",
pTab->zName);
pFrom->pTab = 0;
return WRC_Abort;
Index: src/sqlite.h.in
==================================================================
--- src/sqlite.h.in
+++ src/sqlite.h.in
@@ -2824,10 +2824,11 @@
#define SQLITE_DROP_VTABLE 30 /* Table Name Module Name */
#define SQLITE_FUNCTION 31 /* NULL Function Name */
#define SQLITE_SAVEPOINT 32 /* Operation Savepoint Name */
#define SQLITE_COPY 0 /* No longer used */
#define SQLITE_RECURSIVE 33 /* NULL NULL */
+#define SQLITE_READ_TABLE 34 /* Table Name NULL */
/*
** CAPI3REF: Tracing And Profiling Functions
** METHOD: sqlite3
**
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
