Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Changes In Branch tktschema-allow-drop Excluding Merge-Ins
This is equivalent to a diff from 3bb3c516f1 to b594f486ef
|
2021-06-14
| ||
| 19:51 | Allow DROP INDEX and DROP VIEW through the ticket-schema authorizer. Enhance the test-db-prepare command so that it can use the ticket-schema or report authorizers for testing purposes. ... (check-in: c717f1ef9a user: drh tags: trunk) | |
| 19:48 | Add reminder hints to the authorizer function header comments about how to test those functions using the "test-db-prepare" command. ... (Closed-Leaf check-in: b594f486ef user: drh tags: tktschema-allow-drop) | |
| 19:44 | Doc typo fix. ... (check-in: 323e3dfcbd user: stephan tags: tktschema-allow-drop) | |
| 19:08 | Per /chat discussion: reopenened branch, merged in trunk, removed this branch's DROP TABLE option (potential data loss risk) but kept DROP VIEW/INDEX (no permanent damage can be done with those). Not yet ready for merge: addition of test code to run against the SQL authorizers is pending. ... (check-in: 02226325b6 user: stephan tags: tktschema-allow-drop) | |
| 15:36 | Update the built-in SQLite to the first 3.36.0 beta. ... (check-in: 3bb3c516f1 user: drh tags: trunk) | |
| 10:48 | Minor /chat-internal doc tweaks. ... (check-in: 994bec3637 user: stephan tags: trunk) | |
Changes to src/db.c.
| ︙ | ︙ | |||
862 863 864 865 866 867 868 | db_find_and_open_repository(0,0); db_prepare(&err, "INSERT INTO repository.config(name) VALUES(NULL);"); db_exec(&err); } /* ** COMMAND: test-db-prepare | | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 |
db_find_and_open_repository(0,0);
db_prepare(&err, "INSERT INTO repository.config(name) VALUES(NULL);");
db_exec(&err);
}
/*
** COMMAND: test-db-prepare
** Usage: %fossil test-db-prepare ?OPTIONS? SQL-STATEMENT
**
** Options:
**
** --auth-report Enable the ticket report query authorizer.
** --auth-ticket Enable the ticket schema query authorizer.
**
** Invoke db_prepare() on the SQL input. Report any errors encountered.
** This command is used to verify error detection logic in the db_prepare()
** utility routine.
*/
void db_test_db_prepare(void){
const int fAuthReport = find_option("auth-report",0,0)!=0;
const int fAuthSchema = find_option("auth-ticket",0,0)!=0;
const int fAuth = fAuthReport + fAuthSchema;
char * zReportErr = 0; /* auth-report error string. */
int nSchemaErr = 0; /* Number of auth-ticket errors. */
Stmt err;
if(fAuth>1){
fossil_fatal("Only one of --auth-report or --auth-ticket "
"may be used.");
}
db_find_and_open_repository(0,0);
verify_all_options();
if( g.argc!=3 ) usage("?OPTIONS? SQL");
if(fAuthReport){
report_restrict_sql(&zReportErr);
}else if(fAuthSchema){
ticket_restrict_sql(&nSchemaErr);
}
db_prepare(&err, "%s", g.argv[2]/*safe-for-%s*/);
db_finalize(&err);
if(fAuthReport){
report_unrestrict_sql();
if(zReportErr){
fossil_warning("Report authorizer error: %s\n", zReportErr);
fossil_free(zReportErr);
}
}else if(fAuthSchema){
ticket_unrestrict_sql();
if(nSchemaErr){
fossil_warning("Ticket schema authorizer error count: %d\n",
nSchemaErr);
}
}
}
/*
** Print the output of one or more SQL queries on standard output.
** This routine is used for debugging purposes only.
*/
int db_debug(const char *zSql, ...){
|
| ︙ | ︙ |
Changes to src/report.c.
| ︙ | ︙ | |||
159 160 161 162 163 164 165 166 167 168 169 170 171 172 | /*********************************************************************/ /* ** This is the SQLite authorizer callback used to make sure that the ** SQL statements entered by users do not try to do anything untoward. ** If anything suspicious is tried, set *(char**)pError to an error ** message obtained from malloc. */ static int report_query_authorizer( void *pError, int code, const char *zArg1, const char *zArg2, const char *zArg3, | > > > | 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 | /*********************************************************************/ /* ** This is the SQLite authorizer callback used to make sure that the ** SQL statements entered by users do not try to do anything untoward. ** If anything suspicious is tried, set *(char**)pError to an error ** message obtained from malloc. ** ** Use the "fossil test-db-prepare --auth-report SQL" command to perform ** manual testing of this authorizer. */ static int report_query_authorizer( void *pError, int code, const char *zArg1, const char *zArg2, const char *zArg3, |
| ︙ | ︙ | |||
238 239 240 241 242 243 244 |
break;
}
}
return rc;
}
/*
| | > | 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 |
break;
}
}
return rc;
}
/*
** Activate the ticket report query authorizer. Must be followed by an
** eventual call to report_unrestrict_sql().
*/
void report_restrict_sql(char **pzErr){
db_set_authorizer(report_query_authorizer,(void*)pzErr,"Ticket-Report");
sqlite3_limit(g.db, SQLITE_LIMIT_VDBE_OP, 10000);
}
void report_unrestrict_sql(void){
db_clear_authorizer();
|
| ︙ | ︙ |
Changes to src/tkt.c.
| ︙ | ︙ | |||
376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 |
/*
** An authorizer function for the SQL used to initialize the
** schema for the ticketing system. Only allow
**
** CREATE TABLE
** CREATE INDEX
** CREATE VIEW
**
** And for objects in "main" or "repository" whose names
** begin with "ticket" or "fx_". Also allow
**
** INSERT
** UPDATE
** DELETE
**
** But only for tables in "main" or "repository" whose names
** begin with "ticket", "sqlite_", or "fx_".
**
** Of particular importance for security is that this routine
** disallows data changes on the "config" table, as that could
** allow a malicious server to modify settings in such a way as
** to cause a remote code execution.
*/
static int ticket_schema_auth(
void *pNErr,
int eCode,
const char *z0,
const char *z1,
const char *z2,
const char *z3
){
switch( eCode ){
case SQLITE_CREATE_VIEW:
case SQLITE_CREATE_TABLE: {
if( sqlite3_stricmp(z2,"main")!=0
&& sqlite3_stricmp(z2,"repository")!=0
){
goto ticket_schema_error;
}
if( sqlite3_strnicmp(z0,"ticket",6)!=0
&& sqlite3_strnicmp(z0,"fx_",3)!=0
){
goto ticket_schema_error;
}
break;
}
case SQLITE_CREATE_INDEX: {
if( sqlite3_stricmp(z2,"main")!=0
&& sqlite3_stricmp(z2,"repository")!=0
){
goto ticket_schema_error;
}
if( sqlite3_strnicmp(z1,"ticket",6)!=0
| > > > > > > > | 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 |
/*
** An authorizer function for the SQL used to initialize the
** schema for the ticketing system. Only allow
**
** CREATE TABLE
** CREATE INDEX
** CREATE VIEW
** DROP INDEX
** DROP VIEW
**
** And for objects in "main" or "repository" whose names
** begin with "ticket" or "fx_". Also allow
**
** INSERT
** UPDATE
** DELETE
**
** But only for tables in "main" or "repository" whose names
** begin with "ticket", "sqlite_", or "fx_".
**
** Of particular importance for security is that this routine
** disallows data changes on the "config" table, as that could
** allow a malicious server to modify settings in such a way as
** to cause a remote code execution.
**
** Use the "fossil test-db-prepare --auth-ticket SQL" command to perform
** manual testing of this authorizer.
*/
static int ticket_schema_auth(
void *pNErr,
int eCode,
const char *z0,
const char *z1,
const char *z2,
const char *z3
){
switch( eCode ){
case SQLITE_DROP_VIEW:
case SQLITE_CREATE_VIEW:
case SQLITE_CREATE_TABLE: {
if( sqlite3_stricmp(z2,"main")!=0
&& sqlite3_stricmp(z2,"repository")!=0
){
goto ticket_schema_error;
}
if( sqlite3_strnicmp(z0,"ticket",6)!=0
&& sqlite3_strnicmp(z0,"fx_",3)!=0
){
goto ticket_schema_error;
}
break;
}
case SQLITE_DROP_INDEX:
case SQLITE_CREATE_INDEX: {
if( sqlite3_stricmp(z2,"main")!=0
&& sqlite3_stricmp(z2,"repository")!=0
){
goto ticket_schema_error;
}
if( sqlite3_strnicmp(z1,"ticket",6)!=0
|
| ︙ | ︙ | |||
461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 |
return SQLITE_OK;
ticket_schema_error:
if( pNErr ) *(int*)pNErr = 1;
return SQLITE_DENY;
}
/*
** Recreate the TICKET and TICKETCHNG tables.
*/
void ticket_create_table(int separateConnection){
char *zSql;
db_multi_exec(
"DROP TABLE IF EXISTS ticket;"
"DROP TABLE IF EXISTS ticketchng;"
);
zSql = ticket_table_schema();
| > > > > > > > > > > > > > > | | | 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 |
return SQLITE_OK;
ticket_schema_error:
if( pNErr ) *(int*)pNErr = 1;
return SQLITE_DENY;
}
/*
** Activate the ticket schema authorizer. Must be followed by
** an eventual call to ticket_unrestrict_sql().
*/
void ticket_restrict_sql(int * pNErr){
db_set_authorizer(ticket_schema_auth,(void*)pNErr,"Ticket-Schema");
}
/*
** Deactivate the ticket schema authorizer.
*/
void ticket_unrestrict_sql(void){
db_clear_authorizer();
}
/*
** Recreate the TICKET and TICKETCHNG tables.
*/
void ticket_create_table(int separateConnection){
char *zSql;
db_multi_exec(
"DROP TABLE IF EXISTS ticket;"
"DROP TABLE IF EXISTS ticketchng;"
);
zSql = ticket_table_schema();
ticket_restrict_sql(0);
if( separateConnection ){
if( db_transaction_nesting_depth() ) db_end_transaction(0);
db_init_database(g.zRepositoryName, zSql, 0);
}else{
db_multi_exec("%s", zSql/*safe-for-%s*/);
}
ticket_unrestrict_sql();
fossil_free(zSql);
}
/*
** Repopulate the TICKET and TICKETCHNG tables from scratch using all
** available ticket artifacts.
*/
|
| ︙ | ︙ |