Call out restricted DB access when we acquire the reader.

git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@4429 ed5197a5-7fde-0310-b194-c3ffbd925b24
This commit is contained in:
Cory McWilliams 2023-08-25 19:41:54 +00:00
parent 172826bf13
commit b252b921f8
4 changed files with 11 additions and 6 deletions

View File

@ -2178,6 +2178,14 @@ sqlite3* tf_ssb_acquire_db_reader(tf_ssb_t* ssb)
} }
tf_trace_sqlite(ssb->trace, db); tf_trace_sqlite(ssb->trace, db);
uv_mutex_unlock(&ssb->db_readers_lock); uv_mutex_unlock(&ssb->db_readers_lock);
sqlite3_set_authorizer(db, NULL, NULL);
return db;
}
sqlite3* tf_ssb_acquire_db_reader_restricted(tf_ssb_t* ssb)
{
sqlite3* db = tf_ssb_acquire_db_reader(ssb);
sqlite3_set_authorizer(db, tf_ssb_sqlite_authorizer, ssb);
return db; return db;
} }

View File

@ -960,10 +960,9 @@ int tf_ssb_sqlite_authorizer(void* user_data, int action_code, const char* arg0,
JSValue tf_ssb_db_visit_query(tf_ssb_t* ssb, const char* query, const JSValue binds, void (*callback)(JSValue row, void* user_data), void* user_data) JSValue tf_ssb_db_visit_query(tf_ssb_t* ssb, const char* query, const JSValue binds, void (*callback)(JSValue row, void* user_data), void* user_data)
{ {
JSValue result = JS_UNDEFINED; JSValue result = JS_UNDEFINED;
sqlite3* db = tf_ssb_acquire_db_reader(ssb); sqlite3* db = tf_ssb_acquire_db_reader_restricted(ssb);
JSContext* context = tf_ssb_get_context(ssb); JSContext* context = tf_ssb_get_context(ssb);
sqlite3_stmt* statement; sqlite3_stmt* statement;
sqlite3_set_authorizer(db, tf_ssb_sqlite_authorizer, ssb);
if (sqlite3_prepare(db, query, -1, &statement, NULL) == SQLITE_OK) if (sqlite3_prepare(db, query, -1, &statement, NULL) == SQLITE_OK)
{ {
JSValue bind_result = _tf_ssb_sqlite_bind_json(context, db, statement, binds); JSValue bind_result = _tf_ssb_sqlite_bind_json(context, db, statement, binds);
@ -994,7 +993,6 @@ JSValue tf_ssb_db_visit_query(tf_ssb_t* ssb, const char* query, const JSValue bi
{ {
result = JS_ThrowInternalError(context, "SQL Error %s: preparing \"%s\".", sqlite3_errmsg(db), query); result = JS_ThrowInternalError(context, "SQL Error %s: preparing \"%s\".", sqlite3_errmsg(db), query);
} }
sqlite3_set_authorizer(db, NULL, NULL);
tf_ssb_release_db_reader(ssb, db); tf_ssb_release_db_reader(ssb, db);
return result; return result;
} }

View File

@ -82,6 +82,7 @@ tf_ssb_t* tf_ssb_create(uv_loop_t* loop, JSContext* context, const char* db_path
void tf_ssb_destroy(tf_ssb_t* ssb); void tf_ssb_destroy(tf_ssb_t* ssb);
sqlite3* tf_ssb_acquire_db_reader(tf_ssb_t* ssb); sqlite3* tf_ssb_acquire_db_reader(tf_ssb_t* ssb);
sqlite3* tf_ssb_acquire_db_reader_restricted(tf_ssb_t* ssb);
void tf_ssb_release_db_reader(tf_ssb_t* ssb, sqlite3* db); void tf_ssb_release_db_reader(tf_ssb_t* ssb, sqlite3* db);
sqlite3* tf_ssb_acquire_db_writer(tf_ssb_t* ssb); sqlite3* tf_ssb_acquire_db_writer(tf_ssb_t* ssb);
void tf_ssb_release_db_writer(tf_ssb_t* ssb, sqlite3* db); void tf_ssb_release_db_writer(tf_ssb_t* ssb, sqlite3* db);

View File

@ -428,8 +428,7 @@ static void _tf_ssb_sqlAsync_work(uv_work_t* work)
tf_ssb_record_thread_busy(sql_work->ssb, true); tf_ssb_record_thread_busy(sql_work->ssb, true);
tf_trace_t* trace = tf_ssb_get_trace(sql_work->ssb); tf_trace_t* trace = tf_ssb_get_trace(sql_work->ssb);
tf_trace_begin(trace, "sql_async_work"); tf_trace_begin(trace, "sql_async_work");
sqlite3* db = tf_ssb_acquire_db_reader(sql_work->ssb); sqlite3* db = tf_ssb_acquire_db_reader_restricted(sql_work->ssb);
sqlite3_set_authorizer(db, tf_ssb_sqlite_authorizer, sql_work->ssb);
sqlite3_stmt* statement = NULL; sqlite3_stmt* statement = NULL;
sql_work->result = sqlite3_prepare(db, sql_work->query, -1, &statement, NULL); sql_work->result = sqlite3_prepare(db, sql_work->query, -1, &statement, NULL);
if (sql_work->result == SQLITE_OK) if (sql_work->result == SQLITE_OK)
@ -523,7 +522,6 @@ static void _tf_ssb_sqlAsync_work(uv_work_t* work)
{ {
sql_work->error = tf_strdup(sqlite3_errmsg(db)); sql_work->error = tf_strdup(sqlite3_errmsg(db));
} }
sqlite3_set_authorizer(db, NULL, NULL);
tf_ssb_release_db_reader(sql_work->ssb, db); tf_ssb_release_db_reader(sql_work->ssb, db);
tf_ssb_record_thread_busy(sql_work->ssb, false); tf_ssb_record_thread_busy(sql_work->ssb, false);
tf_trace_end(trace); tf_trace_end(trace);