Shulou(Shulou.com)06/01 Report--

Example illustration

A my_authorizer function in the following format can be registered in the interpreter execution statement of the SQLite statement and executed first, just like a hook, giving some access control to the sql statement, similar to the netfilter of a network packet.

Code

# include

# include "sqlite/sqlite3.h"

Using namespace std

/ *

The registered callback function forbids the user to delete any table, in fact, the third parameter

The name of the table that will be passed in the current operation, which can be matched with this value, whether or not

You need to operate on the table, of course, because pszString is an unsigned integer, if

If there are multiple parameters you want to pass in, you can set the third one of the sqlite3_set_authorizer

Parameter is a structure, and then returns by casting the type of pszString

SQLITE_OK: continue execution. Return SQLITE_DENY to reject execution.

, /

Int my_authorizer (void* pszString

The operation code being executed by the current SQL parsing module of int nCode,/* * /

Const char* psz1,/* is passed into the database table for the current operation by the SQL parsing module, and whether it is empty or not is determined by the opcode * /

Const char* psz2

Const char* psz3

Const char* psz4)

{

Int nNotPermitCode = * (int*) pszString

If (nNotPermitCode = = 11)

{

Printf ("can not execute drop\ n")

Return SQLITE_DENY

}

Return SQLITE_OK

}

Int main ()

{

Int rc = 0

Sqlite3* db = NULL

Char* pdbName = "test0.db"

Char* pszErrMsg = NULL

Rc = sqlite3_open_v2 (pdbName,&db,SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE,NULL)

Char* pszCreateTb1 = "create virtual table geo_test1 using rtree_i32 (id, minx, maxx)"

Rc = sqlite3_exec (db,pszCreateTb1, 0,0, & pszErrMsg)

Char* pszInsertsql1 = "insert into geo_test1 values (1400400)"

Rc = sqlite3_exec (db,pszInsertsql1, 0,0, & pszErrMsg)

Char* pszDropTable = "drop table geo_test1"

/ *

Authorized Action coding (Authorizer Action Codes)

Extracted from: https://www.sqlite.org/c3ref/c_alter_table.html

Each authorization opcode passes different parameters to the authorization registration function, refer to

Web address. 11 is the authorized opcode to delete the database table, when the authorization registration function is called

The third string will get the name of the table currently being manipulated.

, /

Int nNotPermitCode = 11

/ / the third parameter is the parameter value passed to the authorization registration function.

Sqlite3_set_authorizer (db, my_authorizer, & nNotPermitCode)

Sqlite3_stmt* statement

Rc = sqlite3_prepare_v2 (db, pszDropTable,-1, & statement, NULL)

/ / error message for debugging to perr in a single step: no authored, indicating that you have no right to operate

Const char* pszErr = sqlite3_errmsg (db)

Sqlite3_close (db)

Return 0

}

Principle analysis

This file contains the code that implements the sliqte3_set_authorizer function. For the SQLite library, this feature

It's optional. This feature is not needed in embedded systems, and can be precompiled by macro-DSQLITE_OMIT_AUTHORIZATION=1

To disable this option. In fact, in VS's precompilation options, you can add SQLITE_OMIT_AUTHORIZATION!

If the SQLITE_OMIT_ authentication macro is defined, all code in the file will be ignored

Two heavyweight functions are described as follows:

Int sqlite3_set_authorizer

(

Sqlite3 * db

Int (* xAuth) (void*,int,const char*,const char*,const char*,const char*)

Void * pArg

)

Set or clear the access authorization function

The sqlite3_set_authorizer function passes the pointer to the registered authorization function to the

The handle structure of the database sqlite3*db, and also save the third parameter of the function to the handle

Never take it for granted that a handle is a pointer that can point to a structure.

In fact, there is a question worth considering here: how to prevent deadlocks, a lock her maximum range.

How to control, where to really add the lock!

Learn how to use C language to realize the idea of object-oriented programming and how to organize the processing structure of functions.

The third and fourth parameters are the table and column names currently being accessed, respectively. The authentication function can only return SQLITE_OK,SQLITE_DENY.

SQLITE_IGNORE. If SQLITE_OK is returned, the access operation is allowed. SQLITE_DENY means that the SQL statement will not be executed

Line, the sqlite3_exec function will return an error message, SQLITE_IGNORE means that the SQL statement will be parsed, but try to read

Fetch, an empty collection will be returned, and attempts to write will be ignored!

/ *

This function is called by SQLite to execute the registered authorization function

An authentication check is performed according to the given parameters. The return value can be SQLITE_OK or SQLITE_IGNORE or

SQLITE_DENY. If SQLITE_DENY,pParse is returned, it will be returned with the modified error message.

, /

Int sqlite3AuthCheck (

Parse * pParse

Int code

Const char * zArg1

Const char * zArg2

Const char * zArg3

) {

Sqlite3 * db = pParse- > db

Int rc

/ * Don't do any authorization checks if the database is initialising

* * or if the parser is being invoked from within sqlite3_declare_vtab.

, /

If (db- > init.busy | | IN_DECLARE_VTAB) {

Return SQLITE_OK

}

If (db- > xAuth==0) {

Return SQLITE_OK

}

Rc = db- > xAuth (db- > pAuthArg, code, zArg1, zArg2, zArg3, pParse- > zAuthContext

# ifdef SQLITE_USER_AUTHENTICATION

, db- > auth.zAuthUser

# endif

);

If (rc==SQLITE_DENY) {

Sqlite3ErrorMsg (pParse, "not authorized")

PParse- > rc = SQLITE_AUTH

} else if (rclockSQLITEOOK & & rclockSQLITEIGNORE) {

Rc = SQLITE_DENY

SqliteAuthBadReturnCode (pParse)

}

Return rc

}

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.