1 /* 2 ** 2014-09-08 3 ** 4 ** The author disclaims copyright to this source code. In place of 5 ** a legal notice, here is a blessing: 6 ** 7 ** May you do good and not evil. 8 ** May you find forgiveness for yourself and forgive others. 9 ** May you share freely, never taking more than you give. 10 ** 11 ************************************************************************* 12 ** 13 ** This file contains the bulk of the implementation of the 14 ** user-authentication extension feature. Some parts of the user- 15 ** authentication code are contained within the SQLite core (in the 16 ** src/ subdirectory of the main source code tree) but those parts 17 ** that could reasonable be separated out are moved into this file. 18 ** 19 ** To compile with the user-authentication feature, append this file to 20 ** end of an SQLite amalgamation, then add the SQLITE_USER_AUTHENTICATION 21 ** compile-time option. See the user-auth.txt file in the same source 22 ** directory as this file for additional information. 23 */ 24 #ifdef SQLITE_USER_AUTHENTICATION 25 #include "sqliteInt.h" 26 #include "sqlite3userauth.h" 27 28 /* 29 ** Prepare an SQL statement for use by the user authentication logic. 30 ** Return a pointer to the prepared statement on success. Return a 31 ** NULL pointer if there is an error of any kind. 32 */ 33 static sqlite3_stmt *sqlite3UserAuthPrepare( 34 sqlite3 *db, 35 const char *zFormat, 36 ... 37 ){ 38 sqlite3_stmt *pStmt; 39 char *zSql; 40 int rc; 41 va_list ap; 42 int savedFlags = db->flags; 43 44 va_start(ap, zFormat); 45 zSql = sqlite3_vmprintf(zFormat, ap); 46 va_end(ap); 47 if( zSql==0 ) return 0; 48 db->flags |= SQLITE_WriteSchema; 49 rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0); 50 db->flags = savedFlags; 51 sqlite3_free(zSql); 52 if( rc ){ 53 sqlite3_finalize(pStmt); 54 pStmt = 0; 55 } 56 return pStmt; 57 } 58 59 /* 60 ** Check to see if the sqlite_user table exists in database zDb. 61 */ 62 static int userTableExists(sqlite3 *db, const char *zDb){ 63 int rc; 64 sqlite3_mutex_enter(db->mutex); 65 sqlite3BtreeEnterAll(db); 66 if( db->init.busy==0 ){ 67 char *zErr = 0; 68 sqlite3Init(db, &zErr); 69 sqlite3DbFree(db, zErr); 70 } 71 rc = sqlite3FindTable(db, "sqlite_user", zDb)!=0; 72 sqlite3BtreeLeaveAll(db); 73 sqlite3_mutex_leave(db->mutex); 74 return rc; 75 } 76 77 /* 78 ** Check to see if database zDb has a "sqlite_user" table and if it does 79 ** whether that table can authenticate zUser with nPw,zPw. Write one of 80 ** the UAUTH_* user authorization level codes into *peAuth and return a 81 ** result code. 82 */ 83 static int userAuthCheckLogin( 84 sqlite3 *db, /* The database connection to check */ 85 const char *zDb, /* Name of specific database to check */ 86 u8 *peAuth /* OUT: One of UAUTH_* constants */ 87 ){ 88 sqlite3_stmt *pStmt; 89 int rc; 90 91 *peAuth = UAUTH_Unknown; 92 if( !userTableExists(db, "main") ){ 93 *peAuth = UAUTH_Admin; /* No sqlite_user table. Everybody is admin. */ 94 return SQLITE_OK; 95 } 96 if( db->auth.zAuthUser==0 ){ 97 *peAuth = UAUTH_Fail; 98 return SQLITE_OK; 99 } 100 pStmt = sqlite3UserAuthPrepare(db, 101 "SELECT pw=sqlite_crypt(?1,pw), isAdmin FROM \"%w\".sqlite_user" 102 " WHERE uname=?2", zDb); 103 if( pStmt==0 ) return SQLITE_NOMEM; 104 sqlite3_bind_blob(pStmt, 1, db->auth.zAuthPW, db->auth.nAuthPW,SQLITE_STATIC); 105 sqlite3_bind_text(pStmt, 2, db->auth.zAuthUser, -1, SQLITE_STATIC); 106 rc = sqlite3_step(pStmt); 107 if( rc==SQLITE_ROW && sqlite3_column_int(pStmt,0) ){ 108 *peAuth = sqlite3_column_int(pStmt, 1) + UAUTH_User; 109 }else{ 110 *peAuth = UAUTH_Fail; 111 } 112 return sqlite3_finalize(pStmt); 113 } 114 int sqlite3UserAuthCheckLogin( 115 sqlite3 *db, /* The database connection to check */ 116 const char *zDb, /* Name of specific database to check */ 117 u8 *peAuth /* OUT: One of UAUTH_* constants */ 118 ){ 119 int rc; 120 u8 savedAuthLevel; 121 assert( zDb!=0 ); 122 assert( peAuth!=0 ); 123 savedAuthLevel = db->auth.authLevel; 124 db->auth.authLevel = UAUTH_Admin; 125 rc = userAuthCheckLogin(db, zDb, peAuth); 126 db->auth.authLevel = savedAuthLevel; 127 return rc; 128 } 129 130 /* 131 ** If the current authLevel is UAUTH_Unknown, the take actions to figure 132 ** out what authLevel should be 133 */ 134 void sqlite3UserAuthInit(sqlite3 *db){ 135 if( db->auth.authLevel==UAUTH_Unknown ){ 136 u8 authLevel = UAUTH_Fail; 137 sqlite3UserAuthCheckLogin(db, "main", &authLevel); 138 db->auth.authLevel = authLevel; 139 if( authLevel<UAUTH_Admin ) db->flags &= ~SQLITE_WriteSchema; 140 } 141 } 142 143 /* 144 ** Implementation of the sqlite_crypt(X,Y) function. 145 ** 146 ** If Y is NULL then generate a new hash for password X and return that 147 ** hash. If Y is not null, then generate a hash for password X using the 148 ** same salt as the previous hash Y and return the new hash. 149 */ 150 void sqlite3CryptFunc( 151 sqlite3_context *context, 152 int NotUsed, 153 sqlite3_value **argv 154 ){ 155 const char *zIn; 156 int nIn, ii; 157 u8 *zOut; 158 char zSalt[8]; 159 zIn = sqlite3_value_blob(argv[0]); 160 nIn = sqlite3_value_bytes(argv[0]); 161 if( sqlite3_value_type(argv[1])==SQLITE_BLOB 162 && sqlite3_value_bytes(argv[1])==nIn+sizeof(zSalt) 163 ){ 164 memcpy(zSalt, sqlite3_value_blob(argv[1]), sizeof(zSalt)); 165 }else{ 166 sqlite3_randomness(sizeof(zSalt), zSalt); 167 } 168 zOut = sqlite3_malloc( nIn+sizeof(zSalt) ); 169 if( zOut==0 ){ 170 sqlite3_result_error_nomem(context); 171 }else{ 172 memcpy(zOut, zSalt, sizeof(zSalt)); 173 for(ii=0; ii<nIn; ii++){ 174 zOut[ii+sizeof(zSalt)] = zIn[ii]^zSalt[ii&0x7]; 175 } 176 sqlite3_result_blob(context, zOut, nIn+sizeof(zSalt), sqlite3_free); 177 } 178 } 179 180 /* 181 ** If a database contains the SQLITE_USER table, then the 182 ** sqlite3_user_authenticate() interface must be invoked with an 183 ** appropriate username and password prior to enable read and write 184 ** access to the database. 185 ** 186 ** Return SQLITE_OK on success or SQLITE_ERROR if the username/password 187 ** combination is incorrect or unknown. 188 ** 189 ** If the SQLITE_USER table is not present in the database file, then 190 ** this interface is a harmless no-op returnning SQLITE_OK. 191 */ 192 int sqlite3_user_authenticate( 193 sqlite3 *db, /* The database connection */ 194 const char *zUsername, /* Username */ 195 const char *zPW, /* Password or credentials */ 196 int nPW /* Number of bytes in aPW[] */ 197 ){ 198 int rc; 199 u8 authLevel = UAUTH_Fail; 200 db->auth.authLevel = UAUTH_Unknown; 201 sqlite3_free(db->auth.zAuthUser); 202 sqlite3_free(db->auth.zAuthPW); 203 memset(&db->auth, 0, sizeof(db->auth)); 204 db->auth.zAuthUser = sqlite3_mprintf("%s", zUsername); 205 if( db->auth.zAuthUser==0 ) return SQLITE_NOMEM; 206 db->auth.zAuthPW = sqlite3_malloc( nPW+1 ); 207 if( db->auth.zAuthPW==0 ) return SQLITE_NOMEM; 208 memcpy(db->auth.zAuthPW,zPW,nPW); 209 db->auth.nAuthPW = nPW; 210 rc = sqlite3UserAuthCheckLogin(db, "main", &authLevel); 211 db->auth.authLevel = authLevel; 212 sqlite3ExpirePreparedStatements(db); 213 if( rc ){ 214 return rc; /* OOM error, I/O error, etc. */ 215 } 216 if( authLevel<UAUTH_User ){ 217 return SQLITE_AUTH; /* Incorrect username and/or password */ 218 } 219 return SQLITE_OK; /* Successful login */ 220 } 221 222 /* 223 ** The sqlite3_user_add() interface can be used (by an admin user only) 224 ** to create a new user. When called on a no-authentication-required 225 ** database, this routine converts the database into an authentication- 226 ** required database, automatically makes the added user an 227 ** administrator, and logs in the current connection as that user. 228 ** The sqlite3_user_add() interface only works for the "main" database, not 229 ** for any ATTACH-ed databases. Any call to sqlite3_user_add() by a 230 ** non-admin user results in an error. 231 */ 232 int sqlite3_user_add( 233 sqlite3 *db, /* Database connection */ 234 const char *zUsername, /* Username to be added */ 235 const char *aPW, /* Password or credentials */ 236 int nPW, /* Number of bytes in aPW[] */ 237 int isAdmin /* True to give new user admin privilege */ 238 ){ 239 sqlite3_stmt *pStmt; 240 int rc; 241 sqlite3UserAuthInit(db); 242 if( db->auth.authLevel<UAUTH_Admin ) return SQLITE_AUTH; 243 if( !userTableExists(db, "main") ){ 244 if( !isAdmin ) return SQLITE_AUTH; 245 pStmt = sqlite3UserAuthPrepare(db, 246 "CREATE TABLE sqlite_user(\n" 247 " uname TEXT PRIMARY KEY,\n" 248 " isAdmin BOOLEAN,\n" 249 " pw BLOB\n" 250 ") WITHOUT ROWID;"); 251 if( pStmt==0 ) return SQLITE_NOMEM; 252 sqlite3_step(pStmt); 253 rc = sqlite3_finalize(pStmt); 254 if( rc ) return rc; 255 } 256 pStmt = sqlite3UserAuthPrepare(db, 257 "INSERT INTO sqlite_user(uname,isAdmin,pw)" 258 " VALUES(%Q,%d,sqlite_crypt(?1,NULL))", 259 zUsername, isAdmin!=0); 260 if( pStmt==0 ) return SQLITE_NOMEM; 261 sqlite3_bind_blob(pStmt, 1, aPW, nPW, SQLITE_STATIC); 262 sqlite3_step(pStmt); 263 rc = sqlite3_finalize(pStmt); 264 if( rc ) return rc; 265 if( db->auth.zAuthUser==0 ){ 266 assert( isAdmin!=0 ); 267 sqlite3_user_authenticate(db, zUsername, aPW, nPW); 268 } 269 return SQLITE_OK; 270 } 271 272 /* 273 ** The sqlite3_user_change() interface can be used to change a users 274 ** login credentials or admin privilege. Any user can change their own 275 ** login credentials. Only an admin user can change another users login 276 ** credentials or admin privilege setting. No user may change their own 277 ** admin privilege setting. 278 */ 279 int sqlite3_user_change( 280 sqlite3 *db, /* Database connection */ 281 const char *zUsername, /* Username to change */ 282 const char *aPW, /* Modified password or credentials */ 283 int nPW, /* Number of bytes in aPW[] */ 284 int isAdmin /* Modified admin privilege for the user */ 285 ){ 286 sqlite3_stmt *pStmt; 287 int rc; 288 u8 authLevel; 289 290 authLevel = db->auth.authLevel; 291 if( authLevel<UAUTH_User ){ 292 /* Must be logged in to make a change */ 293 return SQLITE_AUTH; 294 } 295 if( strcmp(db->auth.zAuthUser, zUsername)!=0 ){ 296 if( db->auth.authLevel<UAUTH_Admin ){ 297 /* Must be an administrator to change a different user */ 298 return SQLITE_AUTH; 299 } 300 }else if( isAdmin!=(authLevel==UAUTH_Admin) ){ 301 /* Cannot change the isAdmin setting for self */ 302 return SQLITE_AUTH; 303 } 304 db->auth.authLevel = UAUTH_Admin; 305 if( !userTableExists(db, "main") ){ 306 /* This routine is a no-op if the user to be modified does not exist */ 307 }else{ 308 pStmt = sqlite3UserAuthPrepare(db, 309 "UPDATE sqlite_user SET isAdmin=%d, pw=sqlite_crypt(?1,NULL)" 310 " WHERE uname=%Q", isAdmin, zUsername); 311 if( pStmt==0 ){ 312 rc = SQLITE_NOMEM; 313 }else{ 314 sqlite3_bind_blob(pStmt, 1, aPW, nPW, SQLITE_STATIC); 315 sqlite3_step(pStmt); 316 rc = sqlite3_finalize(pStmt); 317 } 318 } 319 db->auth.authLevel = authLevel; 320 return rc; 321 } 322 323 /* 324 ** The sqlite3_user_delete() interface can be used (by an admin user only) 325 ** to delete a user. The currently logged-in user cannot be deleted, 326 ** which guarantees that there is always an admin user and hence that 327 ** the database cannot be converted into a no-authentication-required 328 ** database. 329 */ 330 int sqlite3_user_delete( 331 sqlite3 *db, /* Database connection */ 332 const char *zUsername /* Username to remove */ 333 ){ 334 sqlite3_stmt *pStmt; 335 if( db->auth.authLevel<UAUTH_Admin ){ 336 /* Must be an administrator to delete a user */ 337 return SQLITE_AUTH; 338 } 339 if( strcmp(db->auth.zAuthUser, zUsername)==0 ){ 340 /* Cannot delete self */ 341 return SQLITE_AUTH; 342 } 343 if( !userTableExists(db, "main") ){ 344 /* This routine is a no-op if the user to be deleted does not exist */ 345 return SQLITE_OK; 346 } 347 pStmt = sqlite3UserAuthPrepare(db, 348 "DELETE FROM sqlite_user WHERE uname=%Q", zUsername); 349 if( pStmt==0 ) return SQLITE_NOMEM; 350 sqlite3_step(pStmt); 351 return sqlite3_finalize(pStmt); 352 } 353 354 #endif /* SQLITE_USER_AUTHENTICATION */ 355