SQLite Sqlite3_set_authorizer Invocation Routines

Sqlite3_set_authorizer

Most of the reference materials are the simple literal meaning of the registration authorization function, in fact, a my_authorizer function, such as the following format, can be registered in the interpretation execution statement of the SQLite statement, and executed first, like a hook, Control of some access to SQL statements, similar to the netfilter of network packets.

Here is a simple example:

#include <iostream>
#include "sqlite/sqlite3.h"
Using namespace std;

/*
The registered callback function prohibits the user from deleting any tables, in fact, the third parameter
Will pass the name of the table into the current operation, can be matched by the value, whether
Need to operate on the table, of course, because pszString is an unsigned integer, if
There are multiple parameters you want to pass in, you can set the third of sqlite3_set_authorizer
The argument is a struct, and then returned by casting the pszString type
SQLITE_OK, indicating to continue execution, returning SQLITE_DENY means rejecting execution
*/
Int my_authorizer(void* pszString, int nCode, const char* psz1, const char* psz2, const char* psz3, const char* psz4)
{
  Int nNotPermitCode = *(int*)pszString;
  If (nNotPermitCode == 11)
  {
    Printf("can not execute drop\n");
    Return SQLITE_DENY;
  }
  Return SQLITE_OK;
}

Int main()
{
  Int rc = 0;
  Sqlite3* db = NULL;
  Char* pdbName = "test0.db";
  Char* pszErrMsg = NULL;

  Rc = sqlite3_open_v2(pdbName,&db,SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE,NULL);
  

  Char* pszCreateTb1 = "create virtual table geo_test1 using rtree_i32(id, minx, maxx)";
  Rc = sqlite3_exec(db,pszCreateTb1, 0, 0, &pszErrMsg);

  Char* pszInsertsql1 = "insert into geo_test1 values(1, 400, 400)";
  Rc = sqlite3_exec(db, pszInsertsql1, 0, 0, &pszErrMsg);

  Char* pszDropTable = "drop table geo_test1";

  /*
  Authorizer Action Codes
  Excerpt from: https://www.sqlite.org/c3ref/c_alter_table.html
  Each type of authorization opcode will pass different parameters to the authorization registration function.
  URL. 11 is the authorization operation code to delete the database table, when the authorization registration function is called
  The third string will get the name of the table being operated on.
  */
  Int nNotPermitCode = 11;
  /*
  The third parameter is the parameter value passed to the authorization registration function.
  */
  Sqlite3_set_authorizer(db, my_authorizer, &nNotPermitCode);

  Sqlite3_stmt* statement;

  Rc = sqlite3_prepare_v2(db, pszDropTable, -1, &statement, NULL);
  /*
  Single-step debugging to perr error message: no authored, indicating no right to operate
  */
  Const char* pszErr = sqlite3_errmsg(db);


  Sqlite3_close(db);
  

  Return 0;
}

SQLite Sqlite3_set_authorizer Invocation Routines