Problem with SQLite version 3.9.2 together with user authentication extension

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem with SQLite version 3.9.2 together with user authentication extension

Ulrich Telle
SQLite version 3.8.7 introduced the user authentication extension. This
extension worked well for all 3.8.x versions.

Now I intended to upgrade to SQLite version 3.9.2. However, if I enable
the user authentication extension using the compile time define
SQLITE_USER_AUTHENTICATION I experience problems.

If I start with a new, empty database (using the SQLite shell), it
should not require user authentication. However, I always get the error
message

Error: SQL logic error or missing database

as soon as I enter for example a "create table" statement.

I tracked it down to a call of function sqlite3Parser in function
sqlite3RunParser. The statement to be parsed is

SELECT name, rootpage, sql FROM 'main'.sqlite_master ORDER BY rowid

The call is in line 461 of tokenize.c:

sqlite3Parser(pEngine, TK_SEMI, pParse->sLastToken, pParse);

This function returns with a return code 1 in pParse->rc. And
pParse->zErrMsg contains "user not authenticated".

Is this a bug in SQLite somewhere? Or am I doing something wrong?

Regards,

Ulrich


_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with SQLite version 3.9.2 together with user authentication extension

Ulrich Telle


I further tracked the problem down to lines 379 to 384 in build.c:

#if SQLITE_USER_AUTHENTICATION
   else if( pParse->db->auth.authLevel<UAUTH_User ){
     sqlite3ErrorMsg(pParse, "user not authenticated");
     p = 0;
   }
#endif

authLevel has the value 0 (that "Authentication not yet checked"). My
guess is that in this case no check should be done.

All seems to be fine, if I change line 380 to

   else if( pParse->db->auth.authLevel != 0 &&
pParse->db->auth.authLevel<UAUTH_User ){

However, this should probably be verified by the SQLite developers.

Regards,

Ulrich


Am 25.11.2015 um 21:25 schrieb Ulrich Telle:

> SQLite version 3.8.7 introduced the user authentication extension. This
> extension worked well for all 3.8.x versions.
>
> Now I intended to upgrade to SQLite version 3.9.2. However, if I enable
> the user authentication extension using the compile time define
> SQLITE_USER_AUTHENTICATION I experience problems.
>
> If I start with a new, empty database (using the SQLite shell), it
> should not require user authentication. However, I always get the error
> message
>
> Error: SQL logic error or missing database
>
> as soon as I enter for example a "create table" statement.
>
> I tracked it down to a call of function sqlite3Parser in function
> sqlite3RunParser. The statement to be parsed is
>
> SELECT name, rootpage, sql FROM 'main'.sqlite_master ORDER BY rowid
>
> The call is in line 461 of tokenize.c:
>
> sqlite3Parser(pEngine, TK_SEMI, pParse->sLastToken, pParse);
>
> This function returns with a return code 1 in pParse->rc. And
> pParse->zErrMsg contains "user not authenticated".
>
> Is this a bug in SQLite somewhere? Or am I doing something wrong?
>
> Regards,
>
> Ulrich


_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with SQLite version 3.9.2 together with user authentication extension

Simon Slavin-3
In reply to this post by Ulrich Telle

On 25 Nov 2015, at 8:25pm, Ulrich Telle <[hidden email]> wrote:

> SELECT name, rootpage, sql FROM 'main'.sqlite_master ORDER BY rowid

Can you try that again without the quotes around "main" ?

SELECT name, rootpage, sql FROM main.sqlite_master ORDER BY rowid

Simon.
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with SQLite version 3.9.2 together with user authentication extension

Ulrich Telle
Am 26.11.2015 um 01:30 schrieb Simon Slavin:
>
> On 25 Nov 2015, at 8:25pm, Ulrich Telle <[hidden email]> wrote:
>
>> SELECT name, rootpage, sql FROM 'main'.sqlite_master ORDER BY rowid
>
> Can you try that again without the quotes around "main" ?
>
> SELECT name, rootpage, sql FROM main.sqlite_master ORDER BY rowid

No. The reason is that this is an SQL statement generated by SQLite
itself internally while initializing an empty database.

In fact, I finally found out that the lines 379-384 in build.c (or
93143-93148 in the amalgamation) are the cause of the problem:

#if SQLITE_USER_AUTHENTICATION
   else if( pParse->db->auth.authLevel<UAUTH_User ){
     sqlite3ErrorMsg(pParse, "user not authenticated");
     p = 0;
   }
#endif

This code "worked" in prior versions (before 3.9.0), because the symbol
SQLITE_USER_AUTHENTICATION was misspelled as SQLITE_USER_AUTHENICATION
... and the code was not executed at all.

The problem is that during initialization of a new database the value of
authLevel is still 0. In that case the check should either not be
prformed at all, or the user authentication should be initialized:

a) Change line 380 to:

else if( pParse->db->auth.authLevel!=0 &&
pParse->db->auth.authLevel<UAUTH_User ){

or

b) Add initialization

#if SQLITE_USER_AUTHENTICATION
else {
   if( pParse->db->auth.authLevel==UAUTH_Unknown ){
     sqlite3UserAuthInit(pParse->db);
   }
   if( pParse->db->auth.authLevel<UAUTH_User ){
     sqlite3ErrorMsg(pParse, "user not authenticated");
     p = 0;
   }
}
#endif


Probably something like b) should be preferred. However, I really don't
know whether other conditions have to be checked before calling
sqlite3UserAuthInit. I assume the SQLite developers will know that.

Regards,

Ulrich


_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users