1 /* 2 ** 2014-09-08 3 ** 4 ** The author disclaims copyright to this source code. In place of 5 ** a legal notice, here is a blessing: 6 ** 7 ** May you do good and not evil. 8 ** May you find forgiveness for yourself and forgive others. 9 ** May you share freely, never taking more than you give. 10 ** 11 ************************************************************************* 12 ** 13 ** This file contains the bulk of the implementation of the 14 ** user-authentication extension feature. Some parts of the user- 15 ** authentication code are contained within the SQLite core (in the 16 ** src/ subdirectory of the main source code tree) but those parts 17 ** that could reasonable be separated out are moved into this file. 18 ** 19 ** To compile with the user-authentication feature, append this file to 20 ** end of an SQLite amalgamation, then add the SQLITE_USER_AUTHENTICATION 21 ** compile-time option. See the user-auth.txt file in the same source 22 ** directory as this file for additional information. 23 */ 24 #ifdef SQLITE_USER_AUTHENTICATION 25 #include "sqliteInt.h" 26 #include "sqlite3userauth.h" 27 28 /* 29 ** Prepare an SQL statement for use by the user authentication logic. 30 ** Return a pointer to the prepared statement on success. Return a 31 ** NULL pointer if there is an error of any kind. 32 */ 33 static sqlite3_stmt *sqlite3UserAuthPrepare( 34 sqlite3 *db, 35 const char *zFormat, 36 ... 37 ){ 38 sqlite3_stmt *pStmt; 39 char *zSql; 40 int rc; 41 va_list ap; 42 int savedFlags = db->flags; 43 44 va_start(ap, zFormat); 45 zSql = sqlite3_vmprintf(zFormat, ap); 46 va_end(ap); 47 if( zSql==0 ) return 0; 48 db->flags |= SQLITE_WriteSchema; 49 rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0); 50 db->flags = savedFlags; 51 sqlite3_free(zSql); 52 if( rc ){ 53 sqlite3_finalize(pStmt); 54 pStmt = 0; 55 } 56 return pStmt; 57 } 58 59 /* 60 ** Check to see if the sqlite_user table exists in database zDb. 61 */ 62 static int userTableExists(sqlite3 *db, const char *zDb){ 63 int rc; 64 sqlite3_mutex_enter(db->mutex); 65 sqlite3BtreeEnterAll(db); 66 if( db->init.busy==0 ){ 67 char *zErr = 0; 68 sqlite3Init(db, &zErr); 69 sqlite3DbFree(db, zErr); 70 } 71 rc = sqlite3FindTable(db, "sqlite_user", zDb)!=0; 72 sqlite3BtreeLeaveAll(db); 73 sqlite3_mutex_leave(db->mutex); 74 return rc; 75 } 76 77 /* 78 ** Check to see if database zDb has a "sqlite_user" table and if it does 79 ** whether that table can authenticate zUser with nPw,zPw. Write one of 80 ** the UAUTH_* user authorization level codes into *peAuth and return a 81 ** result code. 82 */ 83 static int userAuthCheckLogin( 84 sqlite3 *db, /* The database connection to check */ 85 const char *zDb, /* Name of specific database to check */ 86 u8 *peAuth /* OUT: One of UAUTH_* constants */ 87 ){ 88 sqlite3_stmt *pStmt; 89 int rc; 90 91 *peAuth = UAUTH_Unknown; 92 if( !userTableExists(db, "main") ){ 93 *peAuth = UAUTH_Admin; /* No sqlite_user table. Everybody is admin. */ 94 return SQLITE_OK; 95 } 96 if( db->auth.zAuthUser==0 ){ 97 *peAuth = UAUTH_Fail; 98 return SQLITE_OK; 99 } 100 pStmt = sqlite3UserAuthPrepare(db, 101 "SELECT pw=sqlite_crypt(?1,pw), isAdmin FROM \"%w\".sqlite_user" 102 " WHERE uname=?2", zDb); 103 if( pStmt==0 ) return SQLITE_NOMEM; 104 sqlite3_bind_blob(pStmt, 1, db->auth.zAuthPW, db->auth.nAuthPW,SQLITE_STATIC); 105 sqlite3_bind_text(pStmt, 2, db->auth.zAuthUser, -1, SQLITE_STATIC); 106 rc = sqlite3_step(pStmt); 107 if( rc==SQLITE_ROW && sqlite3_column_int(pStmt,0) ){ 108 *peAuth = sqlite3_column_int(pStmt, 1) + UAUTH_User; 109 }else{ 110 *peAuth = UAUTH_Fail; 111 } 112 return sqlite3_finalize(pStmt); 113 } 114 int sqlite3UserAuthCheckLogin( 115 sqlite3 *db, /* The database connection to check */ 116 const char *zDb, /* Name of specific database to check */ 117 u8 *peAuth /* OUT: One of UAUTH_* constants */ 118 ){ 119 int rc; 120 u8 savedAuthLevel; 121 savedAuthLevel = db->auth.authLevel; 122 db->auth.authLevel = UAUTH_Admin; 123 rc = userAuthCheckLogin(db, zDb, peAuth); 124 db->auth.authLevel = savedAuthLevel; 125 return rc; 126 } 127 128 /* 129 ** Implementation of the sqlite_crypt(X,Y) function. 130 ** 131 ** If Y is NULL then generate a new hash for password X and return that 132 ** hash. If Y is not null, then generate a hash for password X using the 133 ** same salt as the previous hash Y and return the new hash. 134 */ 135 void sqlite3CryptFunc( 136 sqlite3_context *context, 137 int NotUsed, 138 sqlite3_value **argv 139 ){ 140 const char *zIn; 141 int nIn, ii; 142 u8 *zOut; 143 char zSalt[8]; 144 zIn = sqlite3_value_blob(argv[0]); 145 nIn = sqlite3_value_bytes(argv[0]); 146 if( sqlite3_value_type(argv[1])==SQLITE_BLOB 147 && sqlite3_value_bytes(argv[1])==nIn+sizeof(zSalt) 148 ){ 149 memcpy(zSalt, sqlite3_value_blob(argv[1]), sizeof(zSalt)); 150 }else{ 151 sqlite3_randomness(sizeof(zSalt), zSalt); 152 } 153 zOut = sqlite3_malloc( nIn+sizeof(zSalt) ); 154 if( zOut==0 ){ 155 sqlite3_result_error_nomem(context); 156 }else{ 157 memcpy(zOut, zSalt, sizeof(zSalt)); 158 for(ii=0; ii<nIn; ii++){ 159 zOut[ii+sizeof(zSalt)] = zIn[ii]^zSalt[ii&0x7]; 160 } 161 sqlite3_result_blob(context, zOut, nIn+sizeof(zSalt), sqlite3_free); 162 } 163 } 164 165 /* 166 ** If a database contains the SQLITE_USER table, then the 167 ** sqlite3_user_authenticate() interface must be invoked with an 168 ** appropriate username and password prior to enable read and write 169 ** access to the database. 170 ** 171 ** Return SQLITE_OK on success or SQLITE_ERROR if the username/password 172 ** combination is incorrect or unknown. 173 ** 174 ** If the SQLITE_USER table is not present in the database file, then 175 ** this interface is a harmless no-op returnning SQLITE_OK. 176 */ 177 int sqlite3_user_authenticate( 178 sqlite3 *db, /* The database connection */ 179 const char *zUsername, /* Username */ 180 const char *zPW, /* Password or credentials */ 181 int nPW /* Number of bytes in aPW[] */ 182 ){ 183 int rc; 184 u8 authLevel = UAUTH_Fail; 185 db->auth.authLevel = UAUTH_Unknown; 186 sqlite3_free(db->auth.zAuthUser); 187 sqlite3_free(db->auth.zAuthPW); 188 memset(&db->auth, 0, sizeof(db->auth)); 189 db->auth.zAuthUser = sqlite3_mprintf("%s", zUsername); 190 if( db->auth.zAuthUser==0 ) return SQLITE_NOMEM; 191 db->auth.zAuthPW = sqlite3_malloc( nPW+1 ); 192 if( db->auth.zAuthPW==0 ) return SQLITE_NOMEM; 193 memcpy(db->auth.zAuthPW,zPW,nPW); 194 db->auth.nAuthPW = nPW; 195 rc = sqlite3UserAuthCheckLogin(db, "main", &authLevel); 196 db->auth.authLevel = authLevel; 197 sqlite3ExpirePreparedStatements(db); 198 if( rc ){ 199 return rc; /* OOM error, I/O error, etc. */ 200 } 201 if( authLevel<UAUTH_User ){ 202 return SQLITE_AUTH; /* Incorrect username and/or password */ 203 } 204 return SQLITE_OK; /* Successful login */ 205 } 206 207 /* 208 ** The sqlite3_user_add() interface can be used (by an admin user only) 209 ** to create a new user. When called on a no-authentication-required 210 ** database, this routine converts the database into an authentication- 211 ** required database, automatically makes the added user an 212 ** administrator, and logs in the current connection as that user. 213 ** The sqlite3_user_add() interface only works for the "main" database, not 214 ** for any ATTACH-ed databases. Any call to sqlite3_user_add() by a 215 ** non-admin user results in an error. 216 */ 217 int sqlite3_user_add( 218 sqlite3 *db, /* Database connection */ 219 const char *zUsername, /* Username to be added */ 220 const char *aPW, /* Password or credentials */ 221 int nPW, /* Number of bytes in aPW[] */ 222 int isAdmin /* True to give new user admin privilege */ 223 ){ 224 sqlite3_stmt *pStmt; 225 int rc; 226 if( db->auth.authLevel<UAUTH_Admin ) return SQLITE_AUTH; 227 if( !userTableExists(db, "main") ){ 228 if( !isAdmin ) return SQLITE_AUTH; 229 pStmt = sqlite3UserAuthPrepare(db, 230 "CREATE TABLE sqlite_user(\n" 231 " uname TEXT PRIMARY KEY,\n" 232 " isAdmin BOOLEAN,\n" 233 " pw BLOB\n" 234 ") WITHOUT ROWID;"); 235 if( pStmt==0 ) return SQLITE_NOMEM; 236 sqlite3_step(pStmt); 237 rc = sqlite3_finalize(pStmt); 238 if( rc ) return rc; 239 } 240 pStmt = sqlite3UserAuthPrepare(db, 241 "INSERT INTO sqlite_user(uname,isAdmin,pw)" 242 " VALUES(%Q,%d,sqlite_crypt(?1,NULL))", 243 zUsername, isAdmin!=0); 244 if( pStmt==0 ) return SQLITE_NOMEM; 245 sqlite3_bind_blob(pStmt, 1, aPW, nPW, SQLITE_STATIC); 246 sqlite3_step(pStmt); 247 rc = sqlite3_finalize(pStmt); 248 if( rc ) return rc; 249 if( db->auth.zAuthUser==0 ){ 250 assert( isAdmin!=0 ); 251 sqlite3_user_authenticate(db, zUsername, aPW, nPW); 252 } 253 return SQLITE_OK; 254 } 255 256 /* 257 ** The sqlite3_user_change() interface can be used to change a users 258 ** login credentials or admin privilege. Any user can change their own 259 ** login credentials. Only an admin user can change another users login 260 ** credentials or admin privilege setting. No user may change their own 261 ** admin privilege setting. 262 */ 263 int sqlite3_user_change( 264 sqlite3 *db, /* Database connection */ 265 const char *zUsername, /* Username to change */ 266 const char *aPW, /* Modified password or credentials */ 267 int nPW, /* Number of bytes in aPW[] */ 268 int isAdmin /* Modified admin privilege for the user */ 269 ){ 270 sqlite3_stmt *pStmt; 271 if( db->auth.authLevel<UAUTH_User ){ 272 /* Must be logged in to make a change */ 273 return SQLITE_AUTH; 274 } 275 if( strcmp(db->auth.zAuthUser, zUsername)!=0 ){ 276 if( db->auth.authLevel<UAUTH_Admin ){ 277 /* Must be an administrator to change a different user */ 278 return SQLITE_AUTH; 279 } 280 }else if( isAdmin!=(db->auth.authLevel==UAUTH_Admin) ){ 281 /* Cannot change the isAdmin setting for self */ 282 return SQLITE_AUTH; 283 } 284 if( !userTableExists(db, "main") ){ 285 /* This routine is a no-op if the user to be modified does not exist */ 286 return SQLITE_OK; 287 } 288 pStmt = sqlite3UserAuthPrepare(db, 289 "UPDATE sqlite_user SET isAdmin=%d, pw=sqlite_crypt(?1,NULL)" 290 " WHERE uname=%Q", isAdmin, zUsername); 291 if( pStmt==0 ) return SQLITE_NOMEM; 292 sqlite3_bind_blob(pStmt, 1, aPW, nPW, SQLITE_STATIC); 293 sqlite3_step(pStmt); 294 return sqlite3_finalize(pStmt); 295 } 296 297 /* 298 ** The sqlite3_user_delete() interface can be used (by an admin user only) 299 ** to delete a user. The currently logged-in user cannot be deleted, 300 ** which guarantees that there is always an admin user and hence that 301 ** the database cannot be converted into a no-authentication-required 302 ** database. 303 */ 304 int sqlite3_user_delete( 305 sqlite3 *db, /* Database connection */ 306 const char *zUsername /* Username to remove */ 307 ){ 308 sqlite3_stmt *pStmt; 309 if( db->auth.authLevel<UAUTH_Admin ){ 310 /* Must be an administrator to delete a user */ 311 return SQLITE_AUTH; 312 } 313 if( strcmp(db->auth.zAuthUser, zUsername)==0 ){ 314 /* Cannot delete self */ 315 return SQLITE_AUTH; 316 } 317 if( !userTableExists(db, "main") ){ 318 /* This routine is a no-op if the user to be deleted does not exist */ 319 return SQLITE_OK; 320 } 321 pStmt = sqlite3UserAuthPrepare(db, 322 "SELECT FROM sqlite_user WHERE uname=%Q", zUsername); 323 if( pStmt==0 ) return SQLITE_NOMEM; 324 sqlite3_step(pStmt); 325 return sqlite3_finalize(pStmt); 326 } 327 328 #endif /* SQLITE_USER_AUTHENTICATION */ 329