xref: /sqlite-3.40.0/src/auth.c (revision c023e03e) 
1 /*
2 ** 2003 January 11
3 **
4 ** The author disclaims copyright to this source code.  In place of
5 ** a legal notice, here is a blessing:
6 **
7 **    May you do good and not evil.
8 **    May you find forgiveness for yourself and forgive others.
9 **    May you share freely, never taking more than you give.
10 **
11 *************************************************************************
12 ** This file contains code used to implement the sqlite_set_authorizer()
13 ** API.  This facility is an optional feature of the library.  Embedded
14 ** systems that do not need this facility may omit it by recompiling
15 ** the library with -DSQLITE_OMIT_AUTHORIZATION=1
16 **
17 ** $Id: auth.c,v 1.10 2003/05/10 03:36:54 drh Exp $
18 */
19 #include "sqliteInt.h"
20 
21 /*
22 ** All of the code in this file may be omitted by defining a single
23 ** macro.
24 */
25 #ifndef SQLITE_OMIT_AUTHORIZATION
26 
27 /*
28 ** Set or clear the access authorization function.
29 **
30 ** The access authorization function is be called during the compilation
31 ** phase to verify that the user has read and/or write access permission on
32 ** various fields of the database.  The first argument to the auth function
33 ** is a copy of the 3rd argument to this routine.  The second argument
34 ** to the auth function is one of these constants:
35 **
36 **       SQLITE_COPY
37 **       SQLITE_CREATE_INDEX
38 **       SQLITE_CREATE_TABLE
39 **       SQLITE_CREATE_TEMP_INDEX
40 **       SQLITE_CREATE_TEMP_TABLE
41 **       SQLITE_CREATE_TEMP_TRIGGER
42 **       SQLITE_CREATE_TEMP_VIEW
43 **       SQLITE_CREATE_TRIGGER
44 **       SQLITE_CREATE_VIEW
45 **       SQLITE_DELETE
46 **       SQLITE_DROP_INDEX
47 **       SQLITE_DROP_TABLE
48 **       SQLITE_DROP_TEMP_INDEX
49 **       SQLITE_DROP_TEMP_TABLE
50 **       SQLITE_DROP_TEMP_TRIGGER
51 **       SQLITE_DROP_TEMP_VIEW
52 **       SQLITE_DROP_TRIGGER
53 **       SQLITE_DROP_VIEW
54 **       SQLITE_INSERT
55 **       SQLITE_PRAGMA
56 **       SQLITE_READ
57 **       SQLITE_SELECT
58 **       SQLITE_TRANSACTION
59 **       SQLITE_UPDATE
60 **
61 ** The third and fourth arguments to the auth function are the name of
62 ** the table and the column that are being accessed.  The auth function
63 ** should return either SQLITE_OK, SQLITE_DENY, or SQLITE_IGNORE.  If
64 ** SQLITE_OK is returned, it means that access is allowed.  SQLITE_DENY
65 ** means that the SQL statement will never-run - the sqlite_exec() call
66 ** will return with an error.  SQLITE_IGNORE means that the SQL statement
67 ** should run but attempts to read the specified column will return NULL
68 ** and attempts to write the column will be ignored.
69 **
70 ** Setting the auth function to NULL disables this hook.  The default
71 ** setting of the auth function is NULL.
72 */
73 int sqlite_set_authorizer(
74   sqlite *db,
75   int (*xAuth)(void*,int,const char*,const char*,const char*,const char*),
76   void *pArg
77 ){
78   db->xAuth = xAuth;
79   db->pAuthArg = pArg;
80   return SQLITE_OK;
81 }
82 
83 /*
84 ** Write an error message into pParse->zErrMsg that explains that the
85 ** user-supplied authorization function returned an illegal value.
86 */
87 static void sqliteAuthBadReturnCode(Parse *pParse, int rc){
88   char zBuf[20];
89   sprintf(zBuf, "(%d)", rc);
90   sqliteSetString(&pParse->zErrMsg, "illegal return value ", zBuf,
91     " from the authorization function - should be SQLITE_OK, "
92     "SQLITE_IGNORE, or SQLITE_DENY", 0);
93   pParse->nErr++;
94   pParse->rc = SQLITE_MISUSE;
95 }
96 
97 /*
98 ** The pExpr should be a TK_COLUMN expression.  The table referred to
99 ** is in pTabList or else it is the NEW or OLD table of a trigger.
100 ** Check to see if it is OK to read this particular column.
101 **
102 ** If the auth function returns SQLITE_IGNORE, change the TK_COLUMN
103 ** instruction into a TK_NULL.  If the auth function returns SQLITE_DENY,
104 ** then generate an error.
105 */
106 void sqliteAuthRead(
107   Parse *pParse,        /* The parser context */
108   Expr *pExpr,          /* The expression to check authorization on */
109   SrcList *pTabList     /* All table that pExpr might refer to */
110 ){
111   sqlite *db = pParse->db;
112   int rc;
113   Table *pTab;          /* The table being read */
114   const char *zCol;     /* Name of the column of the table */
115   int iSrc;             /* Index in pTabList->a[] of table being read */
116   const char *zDBase;   /* Name of database being accessed */
117 
118   if( db->xAuth==0 ) return;
119   assert( pExpr->op==TK_COLUMN );
120   for(iSrc=0; iSrc<pTabList->nSrc; iSrc++){
121     if( pExpr->iTable==pTabList->a[iSrc].iCursor ) break;
122   }
123   if( iSrc>=0 && iSrc<pTabList->nSrc ){
124     pTab = pTabList->a[iSrc].pTab;
125   }else{
126     /* This must be an attempt to read the NEW or OLD pseudo-tables
127     ** of a trigger.
128     */
129     TriggerStack *pStack; /* The stack of current triggers */
130     pStack = pParse->trigStack;
131     assert( pStack!=0 );
132     assert( pExpr->iTable==pStack->newIdx || pExpr->iTable==pStack->oldIdx );
133     pTab = pStack->pTab;
134   }
135   if( pTab==0 ) return;
136   if( pExpr->iColumn>=0 ){
137     assert( pExpr->iColumn<pTab->nCol );
138     zCol = pTab->aCol[pExpr->iColumn].zName;
139   }else if( pTab->iPKey>=0 ){
140     assert( pTab->iPKey<pTab->nCol );
141     zCol = pTab->aCol[pTab->iPKey].zName;
142   }else{
143     zCol = "ROWID";
144   }
145   assert( pExpr->iDb<db->nDb );
146   zDBase = db->aDb[pExpr->iDb].zName;
147   rc = db->xAuth(db->pAuthArg, SQLITE_READ, pTab->zName, zCol, zDBase,
148                  pParse->zAuthContext);
149   if( rc==SQLITE_IGNORE ){
150     pExpr->op = TK_NULL;
151   }else if( rc==SQLITE_DENY ){
152     if( db->nDb>2 || pExpr->iDb!=0 ){
153       sqliteSetString(&pParse->zErrMsg,"access to ", zDBase, ".",
154           pTab->zName, ".", zCol, " is prohibited", 0);
155     }else{
156       sqliteSetString(&pParse->zErrMsg,"access to ", pTab->zName, ".",
157                       zCol, " is prohibited", 0);
158     }
159     pParse->nErr++;
160     pParse->rc = SQLITE_AUTH;
161   }else if( rc!=SQLITE_OK ){
162     sqliteAuthBadReturnCode(pParse, rc);
163   }
164 }
165 
166 /*
167 ** Do an authorization check using the code and arguments given.  Return
168 ** either SQLITE_OK (zero) or SQLITE_IGNORE or SQLITE_DENY.  If SQLITE_DENY
169 ** is returned, then the error count and error message in pParse are
170 ** modified appropriately.
171 */
172 int sqliteAuthCheck(
173   Parse *pParse,
174   int code,
175   const char *zArg1,
176   const char *zArg2,
177   const char *zArg3
178 ){
179   sqlite *db = pParse->db;
180   int rc;
181 
182   if( db->xAuth==0 ){
183     return SQLITE_OK;
184   }
185   rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2, zArg3, pParse->zAuthContext);
186   if( rc==SQLITE_DENY ){
187     sqliteSetString(&pParse->zErrMsg, "not authorized", 0);
188     pParse->rc = SQLITE_AUTH;
189     pParse->nErr++;
190   }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){
191     rc = SQLITE_DENY;
192     sqliteAuthBadReturnCode(pParse, rc);
193   }
194   return rc;
195 }
196 
197 /*
198 ** Push an authorization context.  After this routine is called, the
199 ** zArg3 argument to authorization callbacks will be zContext until
200 ** popped.  Or if pParse==0, this routine is a no-op.
201 */
202 void sqliteAuthContextPush(
203   Parse *pParse,
204   AuthContext *pContext,
205   const char *zContext
206 ){
207   pContext->pParse = pParse;
208   if( pParse ){
209     pContext->zAuthContext = pParse->zAuthContext;
210     pParse->zAuthContext = zContext;
211   }
212 }
213 
214 /*
215 ** Pop an authorization context that was previously pushed
216 ** by sqliteAuthContextPush
217 */
218 void sqliteAuthContextPop(AuthContext *pContext){
219   if( pContext->pParse ){
220     pContext->pParse->zAuthContext = pContext->zAuthContext;
221     pContext->pParse = 0;
222   }
223 }
224 
225 #endif /* SQLITE_OMIT_AUTHORIZATION */
226