bpo-44491: Allow clearing the sqlite3 authoriser callback (GH-26863)

Author: Erlend Egeberg Aasland

Doc/library/sqlite3.rst

@@ -430,6 +430,11 @@ Connection Objects
       argument and the meaning of the second and third argument depending on the first
       one. All necessary constants are available in the :mod:`sqlite3` module.
 
+      Passing :const:`None` as *authorizer_callback* will disable the authorizer.
+
+      .. versionchanged:: 3.11
+         Added support for disabling the authorizer using :const:`None`.
+
 
    .. method:: set_progress_handler(handler, n)
 

Doc/whatsnew/3.11.rst

@@ -106,6 +106,14 @@ math
   Dickinson in :issue:`44339`.)
 
 
+sqlite3
+-------
+
+* You can now disable the authorizer by passing :const:`None` to
+  :meth:`~sqlite3.Connection.set_authorizer`.
+  (Contributed by Erlend E. Aasland in :issue:`44491`.)
+
+
 Removed
 =======
 * :class:`smtpd.MailmanProxy` is now removed as it is unusable without

Lib/sqlite3/test/dbapi.py

@@ -652,6 +652,7 @@ def test_check_connection_thread(self):
             lambda: self.con.rollback(),
             lambda: self.con.close(),
             lambda: self.con.set_trace_callback(None),
+            lambda: self.con.set_authorizer(None),
             lambda: self.con.create_collation("foo", None),
         ]
         for fn in fns:

Lib/sqlite3/test/userfunctions.py

@@ -522,6 +522,12 @@ def test_column_access(self):
             self.con.execute("select c2 from t1")
         self.assertIn('prohibited', str(cm.exception))
 
+    def test_clear_authorizer(self):
+        self.con.set_authorizer(None)
+        self.con.execute("select * from t2")
+        self.con.execute("select c2 from t1")
+
+
 class AuthorizerRaiseExceptionTests(AuthorizerTests):
     @staticmethod
     def authorizer_cb(action, arg1, arg2, dbname, source):

Misc/NEWS.d/next/Library/2021-06-23-01-33-01.bpo-44491.tiOlr5.rst

@@ -0,0 +1,3 @@
+Allow clearing the :mod:`sqlite3` authorizer callback by passing
+:const:``None`` to :meth:`~sqlite3.Connection.set_authorizer`. Patch by
+Erlend E. Aasland.

Modules/_sqlite/connection.c

@@ -1053,20 +1053,24 @@ pysqlite_connection_set_authorizer_impl(pysqlite_Connection *self,
                                         PyObject *authorizer_cb)
 /*[clinic end generated code: output=f18ba575d788b35c input=df079724c020d2f2]*/
 {
-    int rc;
-
     if (!pysqlite_check_thread(self) || !pysqlite_check_connection(self)) {
         return NULL;
     }
 
-    rc = sqlite3_set_authorizer(self->db, _authorizer_callback, (void*)authorizer_cb);
+    int rc;
+    if (authorizer_cb == Py_None) {
+        rc = sqlite3_set_authorizer(self->db, NULL, NULL);
+        Py_XSETREF(self->function_pinboard_authorizer_cb, NULL);
+    }
+    else {
+        Py_INCREF(authorizer_cb);
+        Py_XSETREF(self->function_pinboard_authorizer_cb, authorizer_cb);
+        rc = sqlite3_set_authorizer(self->db, _authorizer_callback, authorizer_cb);
+    }
     if (rc != SQLITE_OK) {
         PyErr_SetString(pysqlite_OperationalError, "Error setting authorizer callback");
         Py_XSETREF(self->function_pinboard_authorizer_cb, NULL);
         return NULL;
-    } else {
-        Py_INCREF(authorizer_cb);
-        Py_XSETREF(self->function_pinboard_authorizer_cb, authorizer_cb);
     }
     Py_RETURN_NONE;
 }