15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** 2003 January 11 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** The author disclaims copyright to this source code. In place of 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** a legal notice, here is a blessing: 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** May you do good and not evil. 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** May you find forgiveness for yourself and forgive others. 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** May you share freely, never taking more than you give. 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)************************************************************************* 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** This file contains code used to implement the sqlite3_set_authorizer() 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** API. This facility is an optional feature of the library. Embedded 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** systems that do not need this facility may omit it by recompiling 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** the library with -DSQLITE_OMIT_AUTHORIZATION=1 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sqliteInt.h" 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** All of the code in this file may be omitted by defining a single 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** macro. 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifndef SQLITE_OMIT_AUTHORIZATION 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** Set or clear the access authorization function. 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** The access authorization function is be called during the compilation 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** phase to verify that the user has read and/or write access permission on 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** various fields of the database. The first argument to the auth function 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** is a copy of the 3rd argument to this routine. The second argument 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** to the auth function is one of these constants: 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_CREATE_INDEX 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_CREATE_TABLE 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_CREATE_TEMP_INDEX 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_CREATE_TEMP_TABLE 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_CREATE_TEMP_TRIGGER 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_CREATE_TEMP_VIEW 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_CREATE_TRIGGER 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_CREATE_VIEW 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_DELETE 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_DROP_INDEX 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_DROP_TABLE 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_DROP_TEMP_INDEX 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_DROP_TEMP_TABLE 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_DROP_TEMP_TRIGGER 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_DROP_TEMP_VIEW 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_DROP_TRIGGER 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_DROP_VIEW 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_INSERT 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_PRAGMA 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_READ 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_SELECT 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_TRANSACTION 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_UPDATE 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** The third and fourth arguments to the auth function are the name of 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** the table and the column that are being accessed. The auth function 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** should return either SQLITE_OK, SQLITE_DENY, or SQLITE_IGNORE. If 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SQLITE_OK is returned, it means that access is allowed. SQLITE_DENY 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** means that the SQL statement will never-run - the sqlite3_exec() call 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** will return with an error. SQLITE_IGNORE means that the SQL statement 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** should run but attempts to read the specified column will return NULL 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** and attempts to write the column will be ignored. 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** Setting the auth function to NULL disables this hook. The default 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** setting of the auth function is NULL. 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int sqlite3_set_authorizer( 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sqlite3 *db, 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int (*xAuth)(void*,int,const char*,const char*,const char*,const char*), 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void *pArg 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)){ 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sqlite3_mutex_enter(db->mutex); 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) db->xAuth = xAuth; 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) db->pAuthArg = pArg; 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sqlite3ExpirePreparedStatements(db); 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sqlite3_mutex_leave(db->mutex); 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return SQLITE_OK; 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** Write an error message into pParse->zErrMsg that explains that the 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** user-supplied authorization function returned an illegal value. 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static void sqliteAuthBadReturnCode(Parse *pParse){ 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sqlite3ErrorMsg(pParse, "authorizer malfunction"); 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) pParse->rc = SQLITE_ERROR; 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** Invoke the authorization callback for permission to read column zCol from 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** table zTab in database zDb. This function assumes that an authorization 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** callback has been registered (i.e. that sqlite3.xAuth is not NULL). 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** If SQLITE_IGNORE is returned and pExpr is not NULL, then pExpr is changed 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** to an SQL NULL expression. Otherwise, if pExpr is NULL, then SQLITE_IGNORE 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** is treated as SQLITE_DENY. In this case an error is left in pParse. 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int sqlite3AuthReadCol( 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Parse *pParse, /* The parser context */ 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char *zTab, /* Table name */ 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char *zCol, /* Column name */ 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int iDb /* Index of containing database. */ 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)){ 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sqlite3 *db = pParse->db; /* Database handle */ 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) char *zDb = db->aDb[iDb].zName; /* Name of attached database */ 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rc; /* Auth callback return code */ 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rc = db->xAuth(db->pAuthArg, SQLITE_READ, zTab,zCol,zDb,pParse->zAuthContext); 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if( rc==SQLITE_DENY ){ 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if( db->nDb>2 || iDb!=0 ){ 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sqlite3ErrorMsg(pParse, "access to %s.%s.%s is prohibited",zDb,zTab,zCol); 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }else{ 1165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sqlite3ErrorMsg(pParse, "access to %s.%s is prohibited", zTab, zCol); 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) pParse->rc = SQLITE_AUTH; 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }else if( rc!=SQLITE_IGNORE && rc!=SQLITE_OK ){ 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sqliteAuthBadReturnCode(pParse); 1215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rc; 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** The pExpr should be a TK_COLUMN expression. The table referred to 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** is in pTabList or else it is the NEW or OLD table of a trigger. 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** Check to see if it is OK to read this particular column. 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** If the auth function returns SQLITE_IGNORE, change the TK_COLUMN 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** instruction into a TK_NULL. If the auth function returns SQLITE_DENY, 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** then generate an error. 1335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void sqlite3AuthRead( 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Parse *pParse, /* The parser context */ 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Expr *pExpr, /* The expression to check authorization on */ 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Schema *pSchema, /* The schema of the expression */ 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SrcList *pTabList /* All table that pExpr might refer to */ 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)){ 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sqlite3 *db = pParse->db; 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Table *pTab = 0; /* The table being read */ 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char *zCol; /* Name of the column of the table */ 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int iSrc; /* Index in pTabList->a[] of table being read */ 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int iDb; /* The index of the database the expression refers to */ 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int iCol; /* Index of column in table */ 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if( db->xAuth==0 ) return; 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) iDb = sqlite3SchemaToIndex(pParse->db, pSchema); 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if( iDb<0 ){ 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* An attempt to read a column out of a subquery or other 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** temporary table. */ 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return; 1535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) assert( pExpr->op==TK_COLUMN || pExpr->op==TK_TRIGGER ); 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if( pExpr->op==TK_TRIGGER ){ 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) pTab = pParse->pTriggerTab; 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }else{ 1595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) assert( pTabList ); 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) for(iSrc=0; ALWAYS(iSrc<pTabList->nSrc); iSrc++){ 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if( pExpr->iTable==pTabList->a[iSrc].iCursor ){ 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) pTab = pTabList->a[iSrc].pTab; 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) iCol = pExpr->iColumn; 1685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if( NEVER(pTab==0) ) return; 1695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if( iCol>=0 ){ 1715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) assert( iCol<pTab->nCol ); 1725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) zCol = pTab->aCol[iCol].zName; 1735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }else if( pTab->iPKey>=0 ){ 1745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) assert( pTab->iPKey<pTab->nCol ); 1755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) zCol = pTab->aCol[pTab->iPKey].zName; 1765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }else{ 1775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) zCol = "ROWID"; 1785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) assert( iDb>=0 && iDb<db->nDb ); 1805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if( SQLITE_IGNORE==sqlite3AuthReadCol(pParse, pTab->zName, zCol, iDb) ){ 1815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) pExpr->op = TK_NULL; 1825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 1865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** Do an authorization check using the code and arguments given. Return 1875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** either SQLITE_OK (zero) or SQLITE_IGNORE or SQLITE_DENY. If SQLITE_DENY 1885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** is returned, then the error count and error message in pParse are 1895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** modified appropriately. 1905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 1915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int sqlite3AuthCheck( 1925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Parse *pParse, 1935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int code, 1945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char *zArg1, 1955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char *zArg2, 1965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char *zArg3 1975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)){ 1985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sqlite3 *db = pParse->db; 1995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rc; 2005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Don't do any authorization checks if the database is initialising 2025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** or if the parser is being invoked from within sqlite3_declare_vtab. 2035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 2045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if( db->init.busy || IN_DECLARE_VTAB ){ 2055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return SQLITE_OK; 2065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if( db->xAuth==0 ){ 2095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return SQLITE_OK; 2105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2, zArg3, pParse->zAuthContext); 2125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if( rc==SQLITE_DENY ){ 2135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sqlite3ErrorMsg(pParse, "not authorized"); 2145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) pParse->rc = SQLITE_AUTH; 2155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){ 2165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rc = SQLITE_DENY; 2175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sqliteAuthBadReturnCode(pParse); 2185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rc; 2205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 2235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** Push an authorization context. After this routine is called, the 2245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** zArg3 argument to authorization callbacks will be zContext until 2255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** popped. Or if pParse==0, this routine is a no-op. 2265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 2275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void sqlite3AuthContextPush( 2285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Parse *pParse, 2295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AuthContext *pContext, 2305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char *zContext 2315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)){ 2325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) assert( pParse ); 2335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) pContext->pParse = pParse; 2345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) pContext->zAuthContext = pParse->zAuthContext; 2355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) pParse->zAuthContext = zContext; 2365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 2395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** Pop an authorization context that was previously pushed 2405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** by sqlite3AuthContextPush 2415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 2425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void sqlite3AuthContextPop(AuthContext *pContext){ 2435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if( pContext->pParse ){ 2445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) pContext->pParse->zAuthContext = pContext->zAuthContext; 2455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) pContext->pParse = 0; 2465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif /* SQLITE_OMIT_AUTHORIZATION */ 250