User Authentication Extension is broken in 3.19 branch

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

User Authentication Extension is broken in 3.19 branch

Thien, Christoph
Hi all,

we are compiling and using the User Authentication extension (Windows, MSVC10 and MSVC14, x86 and amd64).

Problem:
In 3.19 branch one can access a database without authentication.


Example:
When using sqlite 3.12 series (e.g. 3.12.2) everything works like expected.
One can do:

sqlite3.exe db
.user add admin pwd 1
.user login admin pwd
create table mytable (col1 int);
insert into mytable values (1);
.quit

Starting again

sqlite3.exe db
select * from mytable;
Error: user not authenticated

This error message is expected.


In 3.19 branch (3.19.2 and 3.19.3) you get this:

sqlite3.exe db
select * from mytable;
1

Access without authentication.


Is this a regression?

The user authentication extension source code did not change so far.

Best regards,
Christoph Thien
Bruker Optik GmbH

_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: User Authentication Extension is broken in 3.19 branch

Richard Hipp-3
On 6/23/17, Thien, Christoph <[hidden email]> wrote:
>
> we are compiling and using the User Authentication extension (Windows,
> MSVC10 and MSVC14, x86 and amd64).
>
> Problem:
> In 3.19 branch one can access a database without authentication.
>

Bummer.  Do you have a patch to fix it, because that is not an
extension that is supported by the SQLite developers.

We originally wrote the user authentication extension at the request
of Oracle, who at the time was a support customer.  But Oracle never
used the extension, as far as we know, and they dropped their support
contract, so we have never bothered to properly document or test that
extension, nor maintain it.

What are you using it for?

--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: User Authentication Extension is broken in 3.19 branch

Thien, Christoph
We use an ODBC frontend which calls the user authentication functions.

The last release with working user authentication is 3.15.2.
Release 3.16.0 breaks user authentication.

There had been a lot of changes between those releases.
At the moment we do not have a patch.
Would be great if some developer with knowledge about internals could fix it.

Best,
Christoph Thien

-----Ursprüngliche Nachricht-----
Von: [hidden email] [mailto:[hidden email]] Im Auftrag von Richard Hipp
Gesendet: Freitag, 23. Juni 2017 17:14
An: SQLite mailing list
Cc: Thien, Christoph
Betreff: Re: [sqlite] User Authentication Extension is broken in 3.19 branch

On 6/23/17, Thien, Christoph <[hidden email]> wrote:
>
> we are compiling and using the User Authentication extension (Windows,
> MSVC10 and MSVC14, x86 and amd64).
>
> Problem:
> In 3.19 branch one can access a database without authentication.
>

Bummer.  Do you have a patch to fix it, because that is not an extension that is supported by the SQLite developers.

We originally wrote the user authentication extension at the request of Oracle, who at the time was a support customer.  But Oracle never used the extension, as far as we know, and they dropped their support contract, so we have never bothered to properly document or test that extension, nor maintain it.

What are you using it for?

--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: User Authentication Extension is broken in 3.19 branch

Warren Young
On Jun 28, 2017, at 1:18 AM, Thien, Christoph <[hidden email]> wrote:
>
> The last release with working user authentication is 3.15.2.
> Release 3.16.0 breaks user authentication.
>
> There had been a lot of changes between those releases.

The version control system that SQLite is hosted on (Fossil) has a very useful feature for situations like this called “bisect.”  To start using it, create a Fossil checkout of SQLite,[1] then from within that checkout directory say:

    $ fossil update version-3.15.2
    $ fossil bisect reset          # not necessary on first run-thru
    $ fossil bisect good
    $ fossil update version-3.16.0
    $ fossil bisect bad

Fossil will then check out a version roughly halfway between those two.  Build that, try it, and then say “bisect bad” or “good” depending on whether your auth feature works or not.  In a few minutes, you will find the specific checkin that broke this feature.  Inspect the diffs for that checkin to see why it broke and what the fix is.

The fix will probably be obvious from the diffs.  The only trick is finding the particular checkin to examine, which is what bisect does for you.

[1]: https://www.sqlite.org/getthecode.html#clone

> At the moment we do not have a patch.

Given that this is an unsupported feature, I think it’s up to you to provide that patch.

> Would be great if some developer with knowledge about internals could fix it.

The SQLite core developers aren’t likely to do that, because “unsupported” means they don’t mess with that code any more.

Anyone else would have to have a reason to fix it, and given that it’s been broken for 3 major versions, I think that’s a fair indicator that very few people care about this feature working.

You’re one of the few people in the world with the motive to fix it.
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Loading...