1 /* 2 ** 2014-09-08 3 ** 4 ** The author disclaims copyright to this source code. In place of 5 ** a legal notice, here is a blessing: 6 ** 7 ** May you do good and not evil. 8 ** May you find forgiveness for yourself and forgive others. 9 ** May you share freely, never taking more than you give. 10 ** 11 ************************************************************************* 12 ** 13 ** This file contains the bulk of the implementation of the 14 ** user-authentication extension feature. Some parts of the user- 15 ** authentication code are contained within the SQLite core (in the 16 ** src/ subdirectory of the main source code tree) but those parts 17 ** that could reasonable be separated out are moved into this file. 18 ** 19 ** To compile with the user-authentication feature, append this file to 20 ** end of an SQLite amalgamation, then add the SQLITE_USER_AUTHENTICATION 21 ** compile-time option. See the user-auth.txt file in the same source 22 ** directory as this file for additional information. 23 */ 24 #ifdef SQLITE_USER_AUTHENTICATION 25 #include "sqliteInt.h" 26 #include "sqlite3userauth.h" 27 28 /* 29 ** Prepare an SQL statement for use by the user authentication logic. 30 ** Return a pointer to the prepared statement on success. Return a 31 ** NULL pointer if there is an error of any kind. 32 */ 33 static sqlite3_stmt *sqlite3UserAuthPrepare( 34 sqlite3 *db, 35 const char *zFormat, 36 ... 37 ){ 38 sqlite3_stmt *pStmt; 39 char *zSql; 40 int rc; 41 va_list ap; 42 43 va_start(ap, zFormat); 44 zSql = sqlite3_vmprintf(zFormat, ap); 45 va_end(ap); 46 if( zSql==0 ) return 0; 47 rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0); 48 sqlite3_free(zSql); 49 if( rc ){ 50 sqlite3_finalize(pStmt); 51 pStmt = 0; 52 } 53 return pStmt; 54 } 55 56 /* 57 ** Check to see if the sqlite_user table exists in database zDb. 58 */ 59 static int userTableExists(sqlite3 *db, const char *zDb){ 60 int rc; 61 sqlite3_mutex_enter(db->mutex); 62 sqlite3BtreeEnterAll(db); 63 rc = sqlite3FindTable(db, "sqlite_user", zDb)!=0; 64 sqlite3BtreeLeaveAll(db); 65 sqlite3_mutex_leave(db->mutex); 66 return rc; 67 } 68 69 /* 70 ** Check to see if database zDb has a "sqlite_user" table and if it does 71 ** whether that table can authenticate zUser with nPw,zPw. Write one of 72 ** the UAUTH_* user authorization level codes into *peAuth and return a 73 ** result code. 74 */ 75 static int userAuthCheckLogin( 76 sqlite3 *db, /* The database connection to check */ 77 const char *zDb, /* Name of specific database to check */ 78 u8 *peAuth /* OUT: One of UAUTH_* constants */ 79 ){ 80 sqlite3_stmt *pStmt; 81 int rc; 82 83 *peAuth = UAUTH_Unknown; 84 if( !userTableExists(db, "main") ){ 85 *peAuth = UAUTH_Admin; /* No sqlite_user table. Everybody is admin. */ 86 } 87 if( db->auth.zAuthUser==0 ){ 88 *peAuth = UAUTH_Fail; 89 return SQLITE_OK; 90 } 91 pStmt = sqlite3UserAuthPrepare(db, 92 "SELECT pw=sqlite_crypt(?1,pw), isAdmin FROM \"%w\".sqlite_user" 93 " WHERE uname=?2", zDb); 94 if( pStmt==0 ) return SQLITE_NOMEM; 95 sqlite3_bind_blob(pStmt, 1, db->auth.zAuthPW, db->auth.nAuthPW,SQLITE_STATIC); 96 sqlite3_bind_text(pStmt, 2, db->auth.zAuthUser, -1, SQLITE_STATIC); 97 rc = sqlite3_step(pStmt); 98 if( rc==SQLITE_ROW && sqlite3_column_int(pStmt,0) ){ 99 *peAuth = sqlite3_column_int(pStmt, 1) + UAUTH_User; 100 }else{ 101 *peAuth = UAUTH_Fail; 102 } 103 sqlite3_finalize(pStmt); 104 return rc; 105 } 106 int sqlite3UserAuthCheckLogin( 107 sqlite3 *db, /* The database connection to check */ 108 const char *zDb, /* Name of specific database to check */ 109 u8 *peAuth /* OUT: One of UAUTH_* constants */ 110 ){ 111 int rc; 112 u8 savedAuthLevel; 113 savedAuthLevel = db->auth.authLevel; 114 db->auth.authLevel = UAUTH_Admin; 115 rc = userAuthCheckLogin(db, zDb, peAuth); 116 db->auth.authLevel = savedAuthLevel; 117 return rc; 118 } 119 120 /* 121 ** Implementation of the sqlite_crypt(X,Y) function. 122 ** 123 ** If Y is NULL then generate a new hash for password X and return that 124 ** hash. If Y is not null, then generate a hash for password X using the 125 ** same salt as the previous hash Y and return the new hash. 126 */ 127 void sqlite3CryptFunc( 128 sqlite3_context *context, 129 int NotUsed, 130 sqlite3_value **argv 131 ){ 132 const char *zIn; 133 int nIn, ii; 134 u8 *zOut; 135 char zSalt[8]; 136 zIn = sqlite3_value_blob(argv[0]); 137 nIn = sqlite3_value_bytes(argv[0]); 138 if( sqlite3_value_type(argv[1])==SQLITE_BLOB 139 && sqlite3_value_bytes(argv[1])==nIn+sizeof(zSalt) 140 ){ 141 memcpy(zSalt, sqlite3_value_blob(argv[1]), sizeof(zSalt)); 142 }else{ 143 sqlite3_randomness(sizeof(zSalt), zSalt); 144 } 145 zOut = sqlite3_malloc( nIn+sizeof(zSalt) ); 146 if( zOut==0 ){ 147 sqlite3_result_error_nomem(context); 148 }else{ 149 memcpy(zOut, zSalt, sizeof(zSalt)); 150 for(ii=0; ii<nIn; ii++){ 151 zOut[ii+sizeof(zSalt)] = zIn[ii]^zSalt[ii&0x7]; 152 } 153 sqlite3_result_blob(context, zOut, nIn+sizeof(zSalt), sqlite3_free); 154 } 155 } 156 157 /* 158 ** If a database contains the SQLITE_USER table, then the 159 ** sqlite3_user_authenticate() interface must be invoked with an 160 ** appropriate username and password prior to enable read and write 161 ** access to the database. 162 ** 163 ** Return SQLITE_OK on success or SQLITE_ERROR if the username/password 164 ** combination is incorrect or unknown. 165 ** 166 ** If the SQLITE_USER table is not present in the database file, then 167 ** this interface is a harmless no-op returnning SQLITE_OK. 168 */ 169 int sqlite3_user_authenticate( 170 sqlite3 *db, /* The database connection */ 171 const char *zUsername, /* Username */ 172 int nPW, /* Number of bytes in aPW[] */ 173 const char *zPW /* Password or credentials */ 174 ){ 175 int rc; 176 u8 authLevel = UAUTH_Fail; 177 db->auth.authLevel = UAUTH_Unknown; 178 sqlite3_free(db->auth.zAuthUser); 179 sqlite3_free(db->auth.zAuthPW); 180 memset(&db->auth, 0, sizeof(db->auth)); 181 db->auth.zAuthUser = sqlite3_mprintf("%s", zUsername); 182 if( db->auth.zAuthUser==0 ) return SQLITE_NOMEM; 183 db->auth.zAuthPW = sqlite3_malloc( nPW+1 ); 184 if( db->auth.zAuthPW==0 ) return SQLITE_NOMEM; 185 memcpy(db->auth.zAuthPW,zPW,nPW); 186 db->auth.nAuthPW = nPW; 187 rc = sqlite3UserAuthCheckLogin(db, "main", &authLevel); 188 db->auth.authLevel = authLevel; 189 sqlite3ExpirePreparedStatements(db); 190 if( rc ){ 191 return rc; /* OOM error, I/O error, etc. */ 192 } 193 if( authLevel<UAUTH_User ){ 194 return SQLITE_AUTH; /* Incorrect username and/or password */ 195 } 196 return SQLITE_OK; /* Successful login */ 197 } 198 199 /* 200 ** The sqlite3_user_add() interface can be used (by an admin user only) 201 ** to create a new user. When called on a no-authentication-required 202 ** database, this routine converts the database into an authentication- 203 ** required database, automatically makes the added user an 204 ** administrator, and logs in the current connection as that user. 205 ** The sqlite3_user_add() interface only works for the "main" database, not 206 ** for any ATTACH-ed databases. Any call to sqlite3_user_add() by a 207 ** non-admin user results in an error. 208 */ 209 int sqlite3_user_add( 210 sqlite3 *db, /* Database connection */ 211 const char *zUsername, /* Username to be added */ 212 int isAdmin, /* True to give new user admin privilege */ 213 int nPW, /* Number of bytes in aPW[] */ 214 const char *aPW /* Password or credentials */ 215 ){ 216 sqlite3_stmt *pStmt; 217 int rc; 218 if( db->auth.authLevel<UAUTH_Admin ) return SQLITE_AUTH; 219 if( !userTableExists(db, "main") ){ 220 if( !isAdmin ) return SQLITE_AUTH; 221 pStmt = sqlite3UserAuthPrepare(db, 222 "CREATE TABLE sqlite_user(\n" 223 " uname TEXT PRIMARY KEY,\n" 224 " isAdmin BOOLEAN,\n" 225 " pw BLOB\n" 226 ") WITHOUT ROWID;"); 227 if( pStmt==0 ) return SQLITE_NOMEM; 228 sqlite3_step(pStmt); 229 rc = sqlite3_finalize(pStmt); 230 if( rc ) return rc; 231 } 232 pStmt = sqlite3UserAuthPrepare(db, 233 "INSERT INTO sqlite_user(uname,isAdmin,sqlite_crypt(pw,NULL))" 234 " VALUES(%Q,%d,?1)", 235 zUsername, isAdmin!=0); 236 if( pStmt==0 ) return SQLITE_NOMEM; 237 sqlite3_bind_blob(pStmt, 1, aPW, nPW, SQLITE_STATIC); 238 sqlite3_step(pStmt); 239 rc = sqlite3_finalize(pStmt); 240 if( rc ) return rc; 241 if( db->auth.zAuthUser==0 ){ 242 assert( isAdmin!=0 ); 243 sqlite3_user_authenticate(db, zUsername, nPW, aPW); 244 } 245 return SQLITE_OK; 246 } 247 248 /* 249 ** The sqlite3_user_change() interface can be used to change a users 250 ** login credentials or admin privilege. Any user can change their own 251 ** login credentials. Only an admin user can change another users login 252 ** credentials or admin privilege setting. No user may change their own 253 ** admin privilege setting. 254 */ 255 int sqlite3_user_change( 256 sqlite3 *db, /* Database connection */ 257 const char *zUsername, /* Username to change */ 258 int isAdmin, /* Modified admin privilege for the user */ 259 int nPW, /* Number of bytes in aPW[] */ 260 const char *aPW /* Modified password or credentials */ 261 ){ 262 if( db->auth.authLevel<UAUTH_User ) return SQLITE_AUTH; 263 if( strcmp(db->auth.zAuthUser, zUsername)!=0 264 && db->auth.authLevel<UAUTH_Admin ) return SQLITE_AUTH; 265 return SQLITE_OK; 266 } 267 268 /* 269 ** The sqlite3_user_delete() interface can be used (by an admin user only) 270 ** to delete a user. The currently logged-in user cannot be deleted, 271 ** which guarantees that there is always an admin user and hence that 272 ** the database cannot be converted into a no-authentication-required 273 ** database. 274 */ 275 int sqlite3_user_delete( 276 sqlite3 *db, /* Database connection */ 277 const char *zUsername /* Username to remove */ 278 ){ 279 if( db->auth.authLevel<UAUTH_Admin ) return SQLITE_AUTH; 280 if( strcmp(db->auth.zAuthUser, zUsername)==0 ) return SQLITE_AUTH; 281 return SQLITE_OK; 282 } 283 284 #endif /* SQLITE_USER_AUTHENTICATION */ 285