3 # The author disclaims copyright to this source code. In place of
4 # a legal notice, here is a blessing:
6 # May you do good and not evil.
7 # May you find forgiveness for yourself and forgive others.
8 # May you share freely, never taking more than you give.
10 #***********************************************************************
11 # This file implements regression tests for SQLite library. The
12 # focus of this script is testing the sqlite3_set_authorizer() API
13 # and related functionality.
15 # $Id: auth.test,v 1.46 2009/07/02 18:40:35 danielk1977 Exp $
18 set testdir [file dirname $argv0]
19 source $testdir/tester.tcl
21 # disable this test if the SQLITE_OMIT_AUTHORIZATION macro is
22 # defined during compilation.
23 if {[catch {db auth {}} msg]} {
29 proc_real proc {name arguments script} {
30 proc_real $name $arguments $script
38 set ::DB [sqlite3 db test.db]
39 proc authx {code arg1 arg2 arg3 arg4 args} {return SQLITE_DENY}
40 proc auth {code arg1 arg2 arg3 arg4 args} {
41 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
47 # EVIDENCE-OF: R-03993-24285 Only a single authorizer can be in place on
48 # a database connection at a time. Each call to sqlite3_set_authorizer
49 # overrides the previous call.
51 # The authx authorizer above is overridden by the auth authorizer below
52 # authx is never invoked.
54 catchsql {CREATE TABLE t1(a,b,c)}
55 } {1 {not authorized}}
67 } {1 {no such column: x}}
69 execsql {SELECT name FROM sqlite_master}
71 # EVIDENCE-OF: R-04452-49349 When the callback returns SQLITE_DENY, the
72 # sqlite3_prepare_v2() or equivalent call that triggered the authorizer
73 # will fail with an error message explaining that access is denied.
75 proc auth {code arg1 arg2 arg3 arg4 args} {
76 if {$code=="SQLITE_CREATE_TABLE"} {
77 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
82 catchsql {CREATE TABLE t1(a,b,c)}
83 } {1 {not authorized}}
91 execsql {SELECT name FROM sqlite_master}
96 proc auth {code arg1 arg2 arg3 arg4 args} {
97 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
102 catchsql {CREATE TEMP TABLE t1(a,b,c)}
103 } {1 {not authorized}}
105 execsql {SELECT name FROM temp.sqlite_master}
108 proc auth {code arg1 arg2 arg3 arg4 args} {
109 if {$code=="SQLITE_CREATE_TEMP_TABLE"} {
110 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
115 catchsql {CREATE TEMP TABLE t1(a,b,c)}
116 } {1 {not authorized}}
121 execsql {SELECT name FROM sqlite_temp_master}
126 proc auth {code arg1 arg2 arg3 arg4 args} {
127 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
132 catchsql {CREATE TABLE t1(a,b,c)}
135 execsql {SELECT name FROM sqlite_master}
138 proc auth {code arg1 arg2 arg3 arg4 args} {
139 if {$code=="SQLITE_CREATE_TABLE"} {
140 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
145 catchsql {CREATE TABLE t1(a,b,c)}
148 execsql {SELECT name FROM sqlite_master}
153 proc auth {code arg1 arg2 arg3 arg4 args} {
154 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
159 catchsql {CREATE TEMP TABLE t1(a,b,c)}
162 execsql {SELECT name FROM temp.sqlite_master}
165 proc auth {code arg1 arg2 arg3 arg4 args} {
166 if {$code=="SQLITE_CREATE_TEMP_TABLE"} {
167 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
172 catchsql {CREATE TEMP TABLE t1(a,b,c)}
175 execsql {SELECT name FROM sqlite_temp_master}
179 proc auth {code arg1 arg2 arg3 arg4 args} {
180 if {$code=="SQLITE_CREATE_TABLE"} {
181 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
186 catchsql {CREATE TEMP TABLE t1(a,b,c)}
189 execsql {SELECT name FROM sqlite_temp_master}
193 do_test auth-1.19.1 {
195 proc auth {code arg1 arg2 arg3 arg4 args} {
196 if {$code=="SQLITE_CREATE_TEMP_TABLE"} {
197 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
202 catchsql {CREATE TABLE t2(a,b,c)}
204 do_test auth-1.19.2 {
208 execsql {SELECT name FROM sqlite_master}
211 do_test auth-1.21.1 {
212 proc auth {code arg1 arg2 arg3 arg4 args} {
213 if {$code=="SQLITE_DROP_TABLE"} {
214 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
219 catchsql {DROP TABLE t2}
220 } {1 {not authorized}}
221 do_test auth-1.21.2 {
225 execsql {SELECT name FROM sqlite_master}
227 do_test auth-1.23.1 {
228 proc auth {code arg1 arg2 arg3 arg4 args} {
229 if {$code=="SQLITE_DROP_TABLE"} {
230 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
235 catchsql {DROP TABLE t2}
237 do_test auth-1.23.2 {
241 execsql {SELECT name FROM sqlite_master}
246 proc auth {code arg1 arg2 arg3 arg4 args} {
247 if {$code=="SQLITE_DROP_TEMP_TABLE"} {
248 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
253 catchsql {DROP TABLE t1}
254 } {1 {not authorized}}
256 execsql {SELECT name FROM sqlite_temp_master}
259 proc auth {code arg1 arg2 arg3 arg4 args} {
260 if {$code=="SQLITE_DROP_TEMP_TABLE"} {
261 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
266 catchsql {DROP TABLE t1}
269 execsql {SELECT name FROM sqlite_temp_master}
274 proc auth {code arg1 arg2 arg3 arg4 args} {
275 if {$code=="SQLITE_INSERT" && $arg1=="t2"} {
280 catchsql {INSERT INTO t2 VALUES(1,2,3)}
281 } {1 {not authorized}}
283 execsql {SELECT * FROM t2}
286 proc auth {code arg1 arg2 arg3 arg4 args} {
287 if {$code=="SQLITE_INSERT" && $arg1=="t2"} {
292 catchsql {INSERT INTO t2 VALUES(1,2,3)}
295 execsql {SELECT * FROM t2}
298 proc auth {code arg1 arg2 arg3 arg4 args} {
299 if {$code=="SQLITE_INSERT" && $arg1=="t1"} {
304 catchsql {INSERT INTO t2 VALUES(1,2,3)}
307 execsql {SELECT * FROM t2}
310 do_test auth-1.35.1 {
311 proc auth {code arg1 arg2 arg3 arg4 args} {
312 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
317 catchsql {SELECT * FROM t2}
318 } {1 {access to t2.b is prohibited}}
320 do_test auth-1.35.2 {
321 execsql {ATTACH DATABASE 'test.db' AS two}
322 catchsql {SELECT * FROM two.t2}
323 } {1 {access to two.t2.b is prohibited}}
324 execsql {DETACH DATABASE two}
326 # EVIDENCE-OF: R-38392-49970 If the action code is SQLITE_READ and the
327 # callback returns SQLITE_IGNORE then the prepared statement statement
328 # is constructed to substitute a NULL value in place of the table column
329 # that would have been read if SQLITE_OK had been returned.
331 proc auth {code arg1 arg2 arg3 arg4 args} {
332 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
337 catchsql {SELECT * FROM t2}
340 proc auth {code arg1 arg2 arg3 arg4 args} {
341 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
346 catchsql {SELECT * FROM t2 WHERE b=2}
349 proc auth {code arg1 arg2 arg3 arg4 args} {
350 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="a"} {
355 catchsql {SELECT * FROM t2 WHERE b=2}
358 proc auth {code arg1 arg2 arg3 arg4 args} {
359 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
364 catchsql {SELECT * FROM t2 WHERE b IS NULL}
367 proc auth {code arg1 arg2 arg3 arg4 args} {
368 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
373 catchsql {SELECT a,c FROM t2 WHERE b IS NULL}
374 } {1 {access to t2.b is prohibited}}
377 proc auth {code arg1 arg2 arg3 arg4 args} {
378 if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} {
383 catchsql {UPDATE t2 SET a=11}
386 execsql {SELECT * FROM t2}
389 proc auth {code arg1 arg2 arg3 arg4 args} {
390 if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} {
395 catchsql {UPDATE t2 SET b=22, c=33}
396 } {1 {not authorized}}
398 execsql {SELECT * FROM t2}
401 proc auth {code arg1 arg2 arg3 arg4 args} {
402 if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} {
407 catchsql {UPDATE t2 SET b=22, c=33}
410 execsql {SELECT * FROM t2}
414 proc auth {code arg1 arg2 arg3 arg4 args} {
415 if {$code=="SQLITE_DELETE" && $arg1=="t2"} {
420 catchsql {DELETE FROM t2 WHERE a=11}
421 } {1 {not authorized}}
423 execsql {SELECT * FROM t2}
426 proc auth {code arg1 arg2 arg3 arg4 args} {
427 if {$code=="SQLITE_DELETE" && $arg1=="t2"} {
432 catchsql {DELETE FROM t2 WHERE a=11}
435 execsql {SELECT * FROM t2}
437 do_test auth-1.50.2 {
438 execsql {INSERT INTO t2 VALUES(11, 2, 33)}
442 proc auth {code arg1 arg2 arg3 arg4 args} {
443 if {$code=="SQLITE_SELECT"} {
448 catchsql {SELECT * FROM t2}
449 } {1 {not authorized}}
451 proc auth {code arg1 arg2 arg3 arg4 args} {
452 if {$code=="SQLITE_SELECT"} {
457 catchsql {SELECT * FROM t2}
460 proc auth {code arg1 arg2 arg3 arg4 args} {
461 if {$code=="SQLITE_SELECT"} {
466 catchsql {SELECT * FROM t2}
469 # Update for version 3: There used to be a handful of test here that
470 # tested the authorisation callback with the COPY command. The following
471 # test makes the same database modifications as they used to.
473 execsql {INSERT INTO t2 VALUES(7, 8, 9);}
476 execsql {SELECT * FROM t2}
480 proc auth {code arg1 arg2 arg3 arg4 args} {
481 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
486 catchsql {DROP TABLE t2}
487 } {1 {not authorized}}
489 execsql {SELECT name FROM sqlite_master}
492 proc auth {code arg1 arg2 arg3 arg4 args} {
493 if {$code=="SQLITE_DELETE" && $arg1=="t2"} {
498 catchsql {DROP TABLE t2}
499 } {1 {not authorized}}
501 execsql {SELECT name FROM sqlite_master}
506 proc auth {code arg1 arg2 arg3 arg4 args} {
507 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
512 catchsql {DROP TABLE t1}
513 } {1 {not authorized}}
515 execsql {SELECT name FROM sqlite_temp_master}
518 proc auth {code arg1 arg2 arg3 arg4 args} {
519 if {$code=="SQLITE_DELETE" && $arg1=="t1"} {
524 catchsql {DROP TABLE t1}
525 } {1 {not authorized}}
527 execsql {SELECT name FROM sqlite_temp_master}
532 proc auth {code arg1 arg2 arg3 arg4 args} {
533 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
538 catchsql {DROP TABLE t2}
541 execsql {SELECT name FROM sqlite_master}
544 proc auth {code arg1 arg2 arg3 arg4 args} {
545 if {$code=="SQLITE_DELETE" && $arg1=="t2"} {
550 catchsql {DROP TABLE t2}
553 execsql {SELECT name FROM sqlite_master}
558 proc auth {code arg1 arg2 arg3 arg4 args} {
559 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
564 catchsql {DROP TABLE t1}
567 execsql {SELECT name FROM sqlite_temp_master}
570 proc auth {code arg1 arg2 arg3 arg4 args} {
571 if {$code=="SQLITE_DELETE" && $arg1=="t1"} {
576 catchsql {DROP TABLE t1}
579 execsql {SELECT name FROM temp.sqlite_master}
583 # Test cases auth-1.79 to auth-1.124 test creating and dropping views.
584 # Omit these if the library was compiled with views omitted.
587 proc auth {code arg1 arg2 arg3 arg4 args} {
588 if {$code=="SQLITE_CREATE_VIEW"} {
589 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
594 catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2}
595 } {1 {not authorized}}
600 execsql {SELECT name FROM sqlite_master}
603 proc auth {code arg1 arg2 arg3 arg4 args} {
604 if {$code=="SQLITE_CREATE_VIEW"} {
605 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
610 catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2}
616 execsql {SELECT name FROM sqlite_master}
621 proc auth {code arg1 arg2 arg3 arg4 args} {
622 if {$code=="SQLITE_CREATE_TEMP_VIEW"} {
623 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
628 catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2}
629 } {1 {not authorized}}
634 execsql {SELECT name FROM sqlite_temp_master}
637 proc auth {code arg1 arg2 arg3 arg4 args} {
638 if {$code=="SQLITE_CREATE_TEMP_VIEW"} {
639 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
644 catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2}
650 execsql {SELECT name FROM temp.sqlite_master}
655 proc auth {code arg1 arg2 arg3 arg4 args} {
656 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
661 catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2}
662 } {1 {not authorized}}
664 execsql {SELECT name FROM sqlite_master}
667 proc auth {code arg1 arg2 arg3 arg4 args} {
668 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
673 catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2}
676 execsql {SELECT name FROM sqlite_master}
681 proc auth {code arg1 arg2 arg3 arg4 args} {
682 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
687 catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2}
688 } {1 {not authorized}}
690 execsql {SELECT name FROM sqlite_temp_master}
693 proc auth {code arg1 arg2 arg3 arg4 args} {
694 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
699 catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2}
702 execsql {SELECT name FROM sqlite_temp_master}
707 proc auth {code arg1 arg2 arg3 arg4 args} {
708 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
714 CREATE VIEW v2 AS SELECT a+1,b+1 FROM t2;
717 } {1 {not authorized}}
719 execsql {SELECT name FROM sqlite_master}
722 proc auth {code arg1 arg2 arg3 arg4 args} {
723 if {$code=="SQLITE_DROP_VIEW"} {
724 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
729 catchsql {DROP VIEW v2}
730 } {1 {not authorized}}
735 execsql {SELECT name FROM sqlite_master}
738 proc auth {code arg1 arg2 arg3 arg4 args} {
739 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
744 catchsql {DROP VIEW v2}
747 execsql {SELECT name FROM sqlite_master}
750 proc auth {code arg1 arg2 arg3 arg4 args} {
751 if {$code=="SQLITE_DROP_VIEW"} {
752 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
757 catchsql {DROP VIEW v2}
763 execsql {SELECT name FROM sqlite_master}
766 proc auth {code arg1 arg2 arg3 arg4 args} {
767 if {$code=="SQLITE_DROP_VIEW"} {
768 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
773 catchsql {DROP VIEW v2}
779 execsql {SELECT name FROM sqlite_master}
785 proc auth {code arg1 arg2 arg3 arg4 args} {
786 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
792 CREATE TEMP VIEW v1 AS SELECT a+1,b+1 FROM t1;
795 } {1 {not authorized}}
797 execsql {SELECT name FROM temp.sqlite_master}
800 proc auth {code arg1 arg2 arg3 arg4 args} {
801 if {$code=="SQLITE_DROP_TEMP_VIEW"} {
802 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
807 catchsql {DROP VIEW v1}
808 } {1 {not authorized}}
813 execsql {SELECT name FROM sqlite_temp_master}
816 proc auth {code arg1 arg2 arg3 arg4 args} {
817 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
822 catchsql {DROP VIEW v1}
825 execsql {SELECT name FROM sqlite_temp_master}
828 proc auth {code arg1 arg2 arg3 arg4 args} {
829 if {$code=="SQLITE_DROP_TEMP_VIEW"} {
830 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
835 catchsql {DROP VIEW v1}
841 execsql {SELECT name FROM temp.sqlite_master}
844 proc auth {code arg1 arg2 arg3 arg4 args} {
845 if {$code=="SQLITE_DROP_TEMP_VIEW"} {
846 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
851 catchsql {DROP VIEW v1}
857 execsql {SELECT name FROM sqlite_temp_master}
862 # Test cases auth-1.125 to auth-1.176 test creating and dropping triggers.
863 # Omit these if the library was compiled with triggers omitted.
865 ifcapable trigger&&tempdb {
867 proc auth {code arg1 arg2 arg3 arg4 args} {
868 if {$code=="SQLITE_CREATE_TRIGGER"} {
869 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
875 CREATE TRIGGER r2 DELETE on t2 BEGIN
879 } {1 {not authorized}}
884 execsql {SELECT name FROM sqlite_master}
887 proc auth {code arg1 arg2 arg3 arg4 args} {
888 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
894 CREATE TRIGGER r2 DELETE on t2 BEGIN
898 } {1 {not authorized}}
900 execsql {SELECT name FROM sqlite_master}
903 proc auth {code arg1 arg2 arg3 arg4 args} {
904 if {$code=="SQLITE_CREATE_TRIGGER"} {
905 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
911 CREATE TRIGGER r2 DELETE on t2 BEGIN
920 execsql {SELECT name FROM sqlite_master}
923 proc auth {code arg1 arg2 arg3 arg4 args} {
924 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
930 CREATE TRIGGER r2 DELETE on t2 BEGIN
936 execsql {SELECT name FROM sqlite_master}
939 proc auth {code arg1 arg2 arg3 arg4 args} {
940 if {$code=="SQLITE_CREATE_TRIGGER"} {
941 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
948 CREATE TRIGGER r2 AFTER INSERT ON t2 BEGIN
949 INSERT INTO tx VALUES(NEW.rowid);
953 do_test auth-1.136.1 {
956 do_test auth-1.136.2 {
958 SELECT name FROM sqlite_master WHERE type='trigger'
961 do_test auth-1.136.3 {
962 proc auth {code arg1 arg2 arg3 arg4 args} {
963 lappend ::authargs $code $arg1 $arg2 $arg3 $arg4
968 INSERT INTO t2 VALUES(1,2,3);
971 } {SQLITE_INSERT t2 {} main {} SQLITE_INSERT tx {} main r2 SQLITE_READ t2 ROWID main r2}
972 do_test auth-1.136.4 {
978 execsql {SELECT name FROM sqlite_master}
981 proc auth {code arg1 arg2 arg3 arg4 args} {
982 if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} {
983 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
989 CREATE TRIGGER r1 DELETE on t1 BEGIN
993 } {1 {not authorized}}
998 execsql {SELECT name FROM temp.sqlite_master}
1000 do_test auth-1.141 {
1001 proc auth {code arg1 arg2 arg3 arg4 args} {
1002 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
1008 CREATE TRIGGER r1 DELETE on t1 BEGIN
1012 } {1 {not authorized}}
1013 do_test auth-1.142 {
1014 execsql {SELECT name FROM sqlite_temp_master}
1016 do_test auth-1.143 {
1017 proc auth {code arg1 arg2 arg3 arg4 args} {
1018 if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} {
1019 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1020 return SQLITE_IGNORE
1025 CREATE TRIGGER r1 DELETE on t1 BEGIN
1030 do_test auth-1.144 {
1033 do_test auth-1.145 {
1034 execsql {SELECT name FROM temp.sqlite_master}
1036 do_test auth-1.146 {
1037 proc auth {code arg1 arg2 arg3 arg4 args} {
1038 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
1039 return SQLITE_IGNORE
1044 CREATE TRIGGER r1 DELETE on t1 BEGIN
1049 do_test auth-1.147 {
1050 execsql {SELECT name FROM sqlite_temp_master}
1052 do_test auth-1.148 {
1053 proc auth {code arg1 arg2 arg3 arg4 args} {
1054 if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} {
1055 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1061 CREATE TRIGGER r1 DELETE on t1 BEGIN
1066 do_test auth-1.149 {
1069 do_test auth-1.150 {
1070 execsql {SELECT name FROM temp.sqlite_master}
1073 do_test auth-1.151 {
1074 proc auth {code arg1 arg2 arg3 arg4 args} {
1075 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
1080 catchsql {DROP TRIGGER r2}
1081 } {1 {not authorized}}
1082 do_test auth-1.152 {
1083 execsql {SELECT name FROM sqlite_master}
1085 do_test auth-1.153 {
1086 proc auth {code arg1 arg2 arg3 arg4 args} {
1087 if {$code=="SQLITE_DROP_TRIGGER"} {
1088 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1093 catchsql {DROP TRIGGER r2}
1094 } {1 {not authorized}}
1095 do_test auth-1.154 {
1098 do_test auth-1.155 {
1099 execsql {SELECT name FROM sqlite_master}
1101 do_test auth-1.156 {
1102 proc auth {code arg1 arg2 arg3 arg4 args} {
1103 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
1104 return SQLITE_IGNORE
1108 catchsql {DROP TRIGGER r2}
1110 do_test auth-1.157 {
1111 execsql {SELECT name FROM sqlite_master}
1113 do_test auth-1.158 {
1114 proc auth {code arg1 arg2 arg3 arg4 args} {
1115 if {$code=="SQLITE_DROP_TRIGGER"} {
1116 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1117 return SQLITE_IGNORE
1121 catchsql {DROP TRIGGER r2}
1123 do_test auth-1.159 {
1126 do_test auth-1.160 {
1127 execsql {SELECT name FROM sqlite_master}
1129 do_test auth-1.161 {
1130 proc auth {code arg1 arg2 arg3 arg4 args} {
1131 if {$code=="SQLITE_DROP_TRIGGER"} {
1132 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1137 catchsql {DROP TRIGGER r2}
1139 do_test auth-1.162 {
1142 do_test auth-1.163 {
1145 DELETE FROM t2 WHERE a=1 AND b=2 AND c=3;
1146 SELECT name FROM sqlite_master;
1150 do_test auth-1.164 {
1151 proc auth {code arg1 arg2 arg3 arg4 args} {
1152 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
1157 catchsql {DROP TRIGGER r1}
1158 } {1 {not authorized}}
1159 do_test auth-1.165 {
1160 execsql {SELECT name FROM temp.sqlite_master}
1162 do_test auth-1.166 {
1163 proc auth {code arg1 arg2 arg3 arg4 args} {
1164 if {$code=="SQLITE_DROP_TEMP_TRIGGER"} {
1165 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1170 catchsql {DROP TRIGGER r1}
1171 } {1 {not authorized}}
1172 do_test auth-1.167 {
1175 do_test auth-1.168 {
1176 execsql {SELECT name FROM sqlite_temp_master}
1178 do_test auth-1.169 {
1179 proc auth {code arg1 arg2 arg3 arg4 args} {
1180 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
1181 return SQLITE_IGNORE
1185 catchsql {DROP TRIGGER r1}
1187 do_test auth-1.170 {
1188 execsql {SELECT name FROM temp.sqlite_master}
1190 do_test auth-1.171 {
1191 proc auth {code arg1 arg2 arg3 arg4 args} {
1192 if {$code=="SQLITE_DROP_TEMP_TRIGGER"} {
1193 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1194 return SQLITE_IGNORE
1198 catchsql {DROP TRIGGER r1}
1200 do_test auth-1.172 {
1203 do_test auth-1.173 {
1204 execsql {SELECT name FROM sqlite_temp_master}
1206 do_test auth-1.174 {
1207 proc auth {code arg1 arg2 arg3 arg4 args} {
1208 if {$code=="SQLITE_DROP_TEMP_TRIGGER"} {
1209 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1214 catchsql {DROP TRIGGER r1}
1216 do_test auth-1.175 {
1219 do_test auth-1.176 {
1220 execsql {SELECT name FROM temp.sqlite_master}
1222 } ;# ifcapable trigger
1224 do_test auth-1.177 {
1225 proc auth {code arg1 arg2 arg3 arg4 args} {
1226 if {$code=="SQLITE_CREATE_INDEX"} {
1227 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1232 catchsql {CREATE INDEX i2 ON t2(a)}
1233 } {1 {not authorized}}
1234 do_test auth-1.178 {
1237 do_test auth-1.179 {
1238 execsql {SELECT name FROM sqlite_master}
1240 do_test auth-1.180 {
1241 proc auth {code arg1 arg2 arg3 arg4 args} {
1242 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
1247 catchsql {CREATE INDEX i2 ON t2(a)}
1248 } {1 {not authorized}}
1249 do_test auth-1.181 {
1250 execsql {SELECT name FROM sqlite_master}
1252 do_test auth-1.182 {
1253 proc auth {code arg1 arg2 arg3 arg4 args} {
1254 if {$code=="SQLITE_CREATE_INDEX"} {
1255 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1256 return SQLITE_IGNORE
1260 catchsql {CREATE INDEX i2 ON t2(b)}
1262 do_test auth-1.183 {
1265 do_test auth-1.184 {
1266 execsql {SELECT name FROM sqlite_master}
1268 do_test auth-1.185 {
1269 proc auth {code arg1 arg2 arg3 arg4 args} {
1270 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
1271 return SQLITE_IGNORE
1275 catchsql {CREATE INDEX i2 ON t2(b)}
1277 do_test auth-1.186 {
1278 execsql {SELECT name FROM sqlite_master}
1280 do_test auth-1.187 {
1281 proc auth {code arg1 arg2 arg3 arg4 args} {
1282 if {$code=="SQLITE_CREATE_INDEX"} {
1283 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1288 catchsql {CREATE INDEX i2 ON t2(a)}
1290 do_test auth-1.188 {
1293 do_test auth-1.189 {
1294 execsql {SELECT name FROM sqlite_master}
1298 do_test auth-1.190 {
1299 proc auth {code arg1 arg2 arg3 arg4 args} {
1300 if {$code=="SQLITE_CREATE_TEMP_INDEX"} {
1301 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1306 catchsql {CREATE INDEX i1 ON t1(a)}
1307 } {1 {not authorized}}
1308 do_test auth-1.191 {
1311 do_test auth-1.192 {
1312 execsql {SELECT name FROM sqlite_temp_master}
1314 do_test auth-1.193 {
1315 proc auth {code arg1 arg2 arg3 arg4 args} {
1316 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
1321 catchsql {CREATE INDEX i1 ON t1(b)}
1322 } {1 {not authorized}}
1323 do_test auth-1.194 {
1324 execsql {SELECT name FROM temp.sqlite_master}
1326 do_test auth-1.195 {
1327 proc auth {code arg1 arg2 arg3 arg4 args} {
1328 if {$code=="SQLITE_CREATE_TEMP_INDEX"} {
1329 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1330 return SQLITE_IGNORE
1334 catchsql {CREATE INDEX i1 ON t1(b)}
1336 do_test auth-1.196 {
1339 do_test auth-1.197 {
1340 execsql {SELECT name FROM sqlite_temp_master}
1342 do_test auth-1.198 {
1343 proc auth {code arg1 arg2 arg3 arg4 args} {
1344 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
1345 return SQLITE_IGNORE
1349 catchsql {CREATE INDEX i1 ON t1(c)}
1351 do_test auth-1.199 {
1352 execsql {SELECT name FROM sqlite_temp_master}
1354 do_test auth-1.200 {
1355 proc auth {code arg1 arg2 arg3 arg4 args} {
1356 if {$code=="SQLITE_CREATE_TEMP_INDEX"} {
1357 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1362 catchsql {CREATE INDEX i1 ON t1(a)}
1364 do_test auth-1.201 {
1367 do_test auth-1.202 {
1368 execsql {SELECT name FROM temp.sqlite_master}
1372 do_test auth-1.203 {
1373 proc auth {code arg1 arg2 arg3 arg4 args} {
1374 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
1379 catchsql {DROP INDEX i2}
1380 } {1 {not authorized}}
1381 do_test auth-1.204 {
1382 execsql {SELECT name FROM sqlite_master}
1384 do_test auth-1.205 {
1385 proc auth {code arg1 arg2 arg3 arg4 args} {
1386 if {$code=="SQLITE_DROP_INDEX"} {
1387 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1392 catchsql {DROP INDEX i2}
1393 } {1 {not authorized}}
1394 do_test auth-1.206 {
1397 do_test auth-1.207 {
1398 execsql {SELECT name FROM sqlite_master}
1400 do_test auth-1.208 {
1401 proc auth {code arg1 arg2 arg3 arg4 args} {
1402 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
1403 return SQLITE_IGNORE
1407 catchsql {DROP INDEX i2}
1409 do_test auth-1.209 {
1410 execsql {SELECT name FROM sqlite_master}
1412 do_test auth-1.210 {
1413 proc auth {code arg1 arg2 arg3 arg4 args} {
1414 if {$code=="SQLITE_DROP_INDEX"} {
1415 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1416 return SQLITE_IGNORE
1420 catchsql {DROP INDEX i2}
1422 do_test auth-1.211 {
1425 do_test auth-1.212 {
1426 execsql {SELECT name FROM sqlite_master}
1428 do_test auth-1.213 {
1429 proc auth {code arg1 arg2 arg3 arg4 args} {
1430 if {$code=="SQLITE_DROP_INDEX"} {
1431 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1436 catchsql {DROP INDEX i2}
1438 do_test auth-1.214 {
1441 do_test auth-1.215 {
1442 execsql {SELECT name FROM sqlite_master}
1446 do_test auth-1.216 {
1447 proc auth {code arg1 arg2 arg3 arg4 args} {
1448 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
1453 catchsql {DROP INDEX i1}
1454 } {1 {not authorized}}
1455 do_test auth-1.217 {
1456 execsql {SELECT name FROM sqlite_temp_master}
1458 do_test auth-1.218 {
1459 proc auth {code arg1 arg2 arg3 arg4 args} {
1460 if {$code=="SQLITE_DROP_TEMP_INDEX"} {
1461 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1466 catchsql {DROP INDEX i1}
1467 } {1 {not authorized}}
1468 do_test auth-1.219 {
1471 do_test auth-1.220 {
1472 execsql {SELECT name FROM sqlite_temp_master}
1474 do_test auth-1.221 {
1475 proc auth {code arg1 arg2 arg3 arg4 args} {
1476 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
1477 return SQLITE_IGNORE
1481 catchsql {DROP INDEX i1}
1483 do_test auth-1.222 {
1484 execsql {SELECT name FROM temp.sqlite_master}
1486 do_test auth-1.223 {
1487 proc auth {code arg1 arg2 arg3 arg4 args} {
1488 if {$code=="SQLITE_DROP_TEMP_INDEX"} {
1489 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1490 return SQLITE_IGNORE
1494 catchsql {DROP INDEX i1}
1496 do_test auth-1.224 {
1499 do_test auth-1.225 {
1500 execsql {SELECT name FROM temp.sqlite_master}
1502 do_test auth-1.226 {
1503 proc auth {code arg1 arg2 arg3 arg4 args} {
1504 if {$code=="SQLITE_DROP_TEMP_INDEX"} {
1505 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1510 catchsql {DROP INDEX i1}
1512 do_test auth-1.227 {
1515 do_test auth-1.228 {
1516 execsql {SELECT name FROM temp.sqlite_master}
1520 do_test auth-1.229 {
1521 proc auth {code arg1 arg2 arg3 arg4 args} {
1522 if {$code=="SQLITE_PRAGMA"} {
1523 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1528 catchsql {PRAGMA full_column_names=on}
1529 } {1 {not authorized}}
1530 do_test auth-1.230 {
1532 } {full_column_names on {} {}}
1533 do_test auth-1.231 {
1534 execsql2 {SELECT a FROM t2}
1536 do_test auth-1.232 {
1537 proc auth {code arg1 arg2 arg3 arg4 args} {
1538 if {$code=="SQLITE_PRAGMA"} {
1539 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1540 return SQLITE_IGNORE
1544 catchsql {PRAGMA full_column_names=on}
1546 do_test auth-1.233 {
1548 } {full_column_names on {} {}}
1549 do_test auth-1.234 {
1550 execsql2 {SELECT a FROM t2}
1552 do_test auth-1.235 {
1553 proc auth {code arg1 arg2 arg3 arg4 args} {
1554 if {$code=="SQLITE_PRAGMA"} {
1555 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1560 catchsql {PRAGMA full_column_names=on}
1562 do_test auth-1.236 {
1563 execsql2 {SELECT a FROM t2}
1565 do_test auth-1.237 {
1566 proc auth {code arg1 arg2 arg3 arg4 args} {
1567 if {$code=="SQLITE_PRAGMA"} {
1568 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1573 catchsql {PRAGMA full_column_names=OFF}
1575 do_test auth-1.238 {
1577 } {full_column_names OFF {} {}}
1578 do_test auth-1.239 {
1579 execsql2 {SELECT a FROM t2}
1582 do_test auth-1.240 {
1583 proc auth {code arg1 arg2 arg3 arg4 args} {
1584 if {$code=="SQLITE_TRANSACTION"} {
1585 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1591 } {1 {not authorized}}
1592 do_test auth-1.241 {
1595 do_test auth-1.242 {
1596 proc auth {code arg1 arg2 arg3 arg4 args} {
1597 if {$code=="SQLITE_TRANSACTION" && $arg1!="BEGIN"} {
1598 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1603 catchsql {BEGIN; INSERT INTO t2 VALUES(44,55,66); COMMIT}
1604 } {1 {not authorized}}
1605 do_test auth-1.243 {
1608 do_test auth-1.244 {
1609 execsql {SELECT * FROM t2}
1610 } {11 2 33 7 8 9 44 55 66}
1611 do_test auth-1.245 {
1613 } {1 {not authorized}}
1614 do_test auth-1.246 {
1616 } {ROLLBACK {} {} {}}
1617 do_test auth-1.247 {
1618 catchsql {END TRANSACTION}
1619 } {1 {not authorized}}
1620 do_test auth-1.248 {
1623 do_test auth-1.249 {
1624 # EVIDENCE-OF: R-52112-44167 Disable the authorizer by installing a NULL
1629 do_test auth-1.250 {
1630 execsql {SELECT * FROM t2}
1633 # ticket #340 - authorization for ATTACH and DETACH.
1636 do_test auth-1.251 {
1637 db authorizer ::auth
1638 proc auth {code arg1 arg2 arg3 arg4 args} {
1639 if {$code=="SQLITE_ATTACH"} {
1640 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1645 ATTACH DATABASE ':memory:' AS test1
1648 do_test auth-1.252a {
1650 } {:memory: {} {} {}}
1651 do_test auth-1.252b {
1652 db eval {DETACH test1}
1653 set ::attachfilename :memory:
1654 db eval {ATTACH $::attachfilename AS test1}
1657 do_test auth-1.252c {
1658 db eval {DETACH test1}
1659 db eval {ATTACH ':mem' || 'ory:' AS test1}
1662 do_test auth-1.253 {
1663 catchsql {DETACH DATABASE test1}
1664 proc auth {code arg1 arg2 arg3 arg4 args} {
1665 if {$code=="SQLITE_ATTACH"} {
1666 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1672 ATTACH DATABASE ':memory:' AS test1;
1674 } {1 {not authorized}}
1675 do_test auth-1.254 {
1676 lindex [execsql {PRAGMA database_list}] 7
1678 do_test auth-1.255 {
1679 catchsql {DETACH DATABASE test1}
1680 proc auth {code arg1 arg2 arg3 arg4 args} {
1681 if {$code=="SQLITE_ATTACH"} {
1682 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1683 return SQLITE_IGNORE
1688 ATTACH DATABASE ':memory:' AS test1;
1691 do_test auth-1.256 {
1692 lindex [execsql {PRAGMA database_list}] 7
1694 do_test auth-1.257 {
1695 proc auth {code arg1 arg2 arg3 arg4 args} {
1696 if {$code=="SQLITE_DETACH"} {
1697 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1702 execsql {ATTACH DATABASE ':memory:' AS test1}
1704 DETACH DATABASE test1;
1707 do_test auth-1.258 {
1708 lindex [execsql {PRAGMA database_list}] 7
1710 do_test auth-1.259 {
1711 execsql {ATTACH DATABASE ':memory:' AS test1}
1712 proc auth {code arg1 arg2 arg3 arg4 args} {
1713 if {$code=="SQLITE_DETACH"} {
1714 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1715 return SQLITE_IGNORE
1720 DETACH DATABASE test1;
1724 ifcapable schema_pragmas {
1725 do_test auth-1.260 {
1726 lindex [execsql {PRAGMA database_list}] 7
1728 } ;# ifcapable schema_pragmas
1729 do_test auth-1.261 {
1730 proc auth {code arg1 arg2 arg3 arg4 args} {
1731 if {$code=="SQLITE_DETACH"} {
1732 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1738 DETACH DATABASE test1;
1740 } {1 {not authorized}}
1741 ifcapable schema_pragmas {
1742 do_test auth-1.262 {
1743 lindex [execsql {PRAGMA database_list}] 7
1745 } ;# ifcapable schema_pragmas
1747 execsql {DETACH DATABASE test1}
1748 db authorizer ::auth
1750 # Authorization for ALTER TABLE. These tests are omitted if the library
1751 # was built without ALTER TABLE support.
1752 ifcapable altertable {
1754 do_test auth-1.263 {
1755 proc auth {code arg1 arg2 arg3 arg4 args} {
1756 if {$code=="SQLITE_ALTER_TABLE"} {
1757 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1763 ALTER TABLE t1 RENAME TO t1x
1766 do_test auth-1.264 {
1767 execsql {SELECT name FROM sqlite_temp_master WHERE type='table'}
1769 do_test auth-1.265 {
1772 do_test auth-1.266 {
1773 proc auth {code arg1 arg2 arg3 arg4 args} {
1774 if {$code=="SQLITE_ALTER_TABLE"} {
1775 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1776 return SQLITE_IGNORE
1781 ALTER TABLE t1x RENAME TO t1
1784 do_test auth-1.267 {
1785 execsql {SELECT name FROM temp.sqlite_master WHERE type='table'}
1787 do_test auth-1.268 {
1790 do_test auth-1.269 {
1791 proc auth {code arg1 arg2 arg3 arg4 args} {
1792 if {$code=="SQLITE_ALTER_TABLE"} {
1793 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1799 ALTER TABLE t1x RENAME TO t1
1801 } {1 {not authorized}}
1802 do_test auth-1.270 {
1803 execsql {SELECT name FROM sqlite_temp_master WHERE type='table'}
1806 do_test auth-1.271 {
1809 } ;# ifcapable altertable
1814 DETACH DATABASE test1;
1819 ifcapable altertable {
1821 catchsql {ALTER TABLE t1x RENAME TO t1}
1822 db authorizer ::auth
1823 do_test auth-1.272 {
1824 proc auth {code arg1 arg2 arg3 arg4 args} {
1825 if {$code=="SQLITE_ALTER_TABLE"} {
1826 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1832 ALTER TABLE t2 RENAME TO t2x
1835 do_test auth-1.273 {
1836 execsql {SELECT name FROM sqlite_master WHERE type='table'}
1838 do_test auth-1.274 {
1841 do_test auth-1.275 {
1842 proc auth {code arg1 arg2 arg3 arg4 args} {
1843 if {$code=="SQLITE_ALTER_TABLE"} {
1844 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1845 return SQLITE_IGNORE
1850 ALTER TABLE t2x RENAME TO t2
1853 do_test auth-1.276 {
1854 execsql {SELECT name FROM sqlite_master WHERE type='table'}
1856 do_test auth-1.277 {
1859 do_test auth-1.278 {
1860 proc auth {code arg1 arg2 arg3 arg4 args} {
1861 if {$code=="SQLITE_ALTER_TABLE"} {
1862 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1868 ALTER TABLE t2x RENAME TO t2
1870 } {1 {not authorized}}
1871 do_test auth-1.279 {
1872 execsql {SELECT name FROM sqlite_master WHERE type='table'}
1874 do_test auth-1.280 {
1878 catchsql {ALTER TABLE t2x RENAME TO t2}
1880 } ;# ifcapable altertable
1882 # Test the authorization callbacks for the REINDEX command.
1885 proc auth {code args} {
1886 if {$code=="SQLITE_REINDEX"} {
1887 set ::authargs [concat $::authargs [lrange $args 0 3]]
1892 do_test auth-1.281 {
1894 CREATE TABLE t3(a PRIMARY KEY, b, c);
1895 CREATE INDEX t3_idx1 ON t3(c COLLATE BINARY);
1896 CREATE INDEX t3_idx2 ON t3(b COLLATE NOCASE);
1899 do_test auth-1.282 {
1905 } {t3_idx1 {} main {}}
1906 do_test auth-1.283 {
1912 } {t3_idx1 {} main {} sqlite_autoindex_t3_1 {} main {}}
1913 do_test auth-1.284 {
1919 } {t3_idx2 {} main {}}
1920 do_test auth-1.285 {
1926 } {t3_idx2 {} main {} t3_idx1 {} main {} sqlite_autoindex_t3_1 {} main {}}
1927 do_test auth-1.286 {
1933 do_test auth-1.287 {
1935 CREATE TEMP TABLE t3(a PRIMARY KEY, b, c);
1936 CREATE INDEX t3_idx1 ON t3(c COLLATE BINARY);
1937 CREATE INDEX t3_idx2 ON t3(b COLLATE NOCASE);
1940 do_test auth-1.288 {
1943 REINDEX temp.t3_idx1;
1946 } {t3_idx1 {} temp {}}
1947 do_test auth-1.289 {
1953 } {t3_idx1 {} temp {} sqlite_autoindex_t3_1 {} temp {}}
1954 do_test auth-1.290 {
1960 } {t3_idx2 {} temp {}}
1961 do_test auth-1.291 {
1967 } {t3_idx2 {} temp {} t3_idx1 {} temp {} sqlite_autoindex_t3_1 {} temp {}}
1968 proc auth {code args} {
1969 if {$code=="SQLITE_REINDEX"} {
1970 set ::authargs [concat $::authargs [lrange $args 0 3]]
1975 do_test auth-1.292 {
1980 } {1 {not authorized}}
1981 do_test auth-1.293 {
1988 } ;# ifcapable reindex
1991 proc auth {code args} {
1992 if {$code=="SQLITE_ANALYZE"} {
1993 set ::authargs [concat $::authargs [lrange $args 0 3]]
1997 do_test auth-1.294 {
2000 CREATE TABLE t4(a,b,c);
2001 CREATE INDEX t4i1 ON t4(a);
2002 CREATE INDEX t4i2 ON t4(b,a,c);
2003 INSERT INTO t4 VALUES(1,2,3);
2007 } {t4 {} main {} t2 {} main {}}
2008 do_test auth-1.295 {
2010 SELECT count(*) FROM sqlite_stat1;
2013 proc auth {code args} {
2014 if {$code=="SQLITE_ANALYZE"} {
2015 set ::authargs [concat $::authargs $args]
2020 do_test auth-1.296 {
2025 } {1 {not authorized}}
2026 do_test auth-1.297 {
2028 SELECT count(*) FROM sqlite_stat1;
2031 } ;# ifcapable analyze
2034 # Authorization for ALTER TABLE ADD COLUMN.
2035 # These tests are omitted if the library
2036 # was built without ALTER TABLE support.
2037 ifcapable {altertable} {
2038 do_test auth-1.300 {
2039 execsql {CREATE TABLE t5(x)}
2040 proc auth {code arg1 arg2 arg3 arg4 args} {
2041 if {$code=="SQLITE_ALTER_TABLE"} {
2042 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
2048 ALTER TABLE t5 ADD COLUMN new_col_1;
2051 do_test auth-1.301 {
2052 set x [execsql {SELECT sql FROM sqlite_master WHERE name='t5'}]
2055 do_test auth-1.302 {
2058 do_test auth-1.303 {
2059 proc auth {code arg1 arg2 arg3 arg4 args} {
2060 if {$code=="SQLITE_ALTER_TABLE"} {
2061 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
2062 return SQLITE_IGNORE
2067 ALTER TABLE t5 ADD COLUMN new_col_2;
2070 do_test auth-1.304 {
2071 set x [execsql {SELECT sql FROM sqlite_master WHERE name='t5'}]
2074 do_test auth-1.305 {
2077 do_test auth-1.306 {
2078 proc auth {code arg1 arg2 arg3 arg4 args} {
2079 if {$code=="SQLITE_ALTER_TABLE"} {
2080 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
2086 ALTER TABLE t5 ADD COLUMN new_col_3
2088 } {1 {not authorized}}
2089 do_test auth-1.307 {
2090 set x [execsql {SELECT sql FROM temp.sqlite_master WHERE type='t5'}]
2094 do_test auth-1.308 {
2097 execsql {DROP TABLE t5}
2098 } ;# ifcapable altertable
2101 do_test auth-1.310 {
2102 proc auth {code arg1 arg2 arg3 arg4 args} {
2103 if {$code=="SQLITE_RECURSIVE"} {
2109 DROP TABLE IF EXISTS t1;
2110 CREATE TABLE t1(a,b);
2111 INSERT INTO t1 VALUES(1,2),(3,4),(5,6);
2114 do_catchsql_test auth-1.311 {
2116 auth1311(x,y) AS (SELECT a+b, b-a FROM t1)
2117 SELECT * FROM auth1311 ORDER BY x;
2118 } {0 {3 1 7 1 11 1}}
2119 do_catchsql_test auth-1.312 {
2121 auth1312(x,y) AS (SELECT a+b, b-a FROM t1)
2122 SELECT x, y FROM auth1312 ORDER BY x;
2123 } {0 {3 1 7 1 11 1}}
2124 do_catchsql_test auth-1.313 {
2126 auth1313(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM auth1313 WHERE x<5)
2129 do_catchsql_test auth-1.314 {
2131 auth1314(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM auth1314 WHERE x<5)
2132 SELECT * FROM t1 LEFT JOIN auth1314;
2133 } {1 {not authorized}}
2137 # db eval {SELECT sql FROM temp.sqlite_master} {puts "TEMP: $sql;"}
2138 # db eval {SELECT sql FROM main.sqlite_master} {puts "MAIN: $sql;"}
2140 # MAIN: CREATE TABLE "t2"(a,b,c);
2141 # MAIN: CREATE TABLE t4(a,b,c);
2142 # MAIN: CREATE INDEX t4i1 ON t4(a);
2143 # MAIN: CREATE INDEX t4i2 ON t4(b,a,c);
2144 # MAIN: CREATE TABLE sqlite_stat1(tbl,idx,stat);
2145 # MAIN: CREATE TABLE t1(a,b);
2147 ifcapable altertable&&vtab {
2149 proc auth {code arg1 arg2 arg3 arg4 args} {
2150 if {$code=="SQLITE_ALTER_TABLE"} {
2151 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
2157 ALTER TABLE t1 RENAME COLUMN b TO bcdefg;
2160 do_execsql_test auth-1.351 {
2161 SELECT name FROM pragma_table_info('t1') ORDER BY cid;
2163 do_test auth-1.352 {
2167 proc auth {code arg1 arg2 arg3 arg4 args} {
2168 if {$code=="SQLITE_ALTER_TABLE"} {
2169 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
2170 return SQLITE_IGNORE
2175 ALTER TABLE t1 RENAME COLUMN bcdefg TO b;
2178 do_execsql_test auth-1.354 {
2179 SELECT name FROM pragma_table_info('t1') ORDER BY cid;
2181 do_test auth-1.355 {
2185 proc auth {code arg1 arg2 arg3 arg4 args} {
2186 if {$code=="SQLITE_ALTER_TABLE"} {
2187 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
2193 ALTER TABLE t1 RENAME COLUMN bcdefg TO b;
2195 } {1 {not authorized}}
2196 do_execsql_test auth-1.356 {
2197 SELECT name FROM pragma_table_info('t1') ORDER BY cid;
2199 do_test auth-1.357 {
2206 proc auth {code arg1 arg2 arg3 arg4 args} {
2207 if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} {
2212 db authorizer ::auth
2213 execsql {CREATE TABLE t3(x INTEGER PRIMARY KEY, y, z)}
2214 catchsql {SELECT * FROM t3}
2215 } {1 {access to t3.x is prohibited}}
2217 catchsql {SELECT y,z FROM t3}
2220 catchsql {SELECT ROWID,y,z FROM t3}
2221 } {1 {access to t3.x is prohibited}}
2223 catchsql {SELECT OID,y,z FROM t3}
2224 } {1 {access to t3.x is prohibited}}
2226 proc auth {code arg1 arg2 arg3 arg4 args} {
2227 if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} {
2228 return SQLITE_IGNORE
2232 execsql {INSERT INTO t3 VALUES(44,55,66)}
2233 catchsql {SELECT * FROM t3}
2236 catchsql {SELECT rowid,y,z FROM t3}
2239 proc auth {code arg1 arg2 arg3 arg4 args} {
2240 if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="ROWID"} {
2241 return SQLITE_IGNORE
2245 catchsql {SELECT * FROM t3}
2248 catchsql {SELECT ROWID,y,z FROM t3}
2251 proc auth {code arg1 arg2 arg3 arg4 args} {
2252 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} {
2253 return SQLITE_IGNORE
2257 catchsql {SELECT ROWID,b,c FROM t2}
2258 } {0 {{} 2 33 {} 8 9}}
2259 do_test auth-2.9.1 {
2260 # We have to flush the cache here in case the Tcl interface tries to
2261 # reuse a statement compiled with sqlite3_prepare_v2(). In this case,
2262 # the first error encountered is an SQLITE_SCHEMA error. Then, when
2263 # trying to recompile the statement, the authorization error is encountered.
2264 # If we do not flush the cache, the correct error message is returned, but
2265 # the error code is SQLITE_SCHEMA, not SQLITE_ERROR as required by the test
2266 # case after this one.
2270 proc auth {code arg1 arg2 arg3 arg4 args} {
2271 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} {
2276 catchsql {SELECT ROWID,b,c FROM t2}
2277 } {1 {authorizer malfunction}}
2278 do_test auth-2.9.2 {
2282 proc auth {code arg1 arg2 arg3 arg4 args} {
2283 if {$code=="SQLITE_SELECT"} {
2288 catchsql {SELECT ROWID,b,c FROM t2}
2289 } {1 {authorizer malfunction}}
2290 do_test auth-2.11.1 {
2291 proc auth {code arg1 arg2 arg3 arg4 args} {
2292 if {$code=="SQLITE_READ" && $arg2=="a"} {
2293 return SQLITE_IGNORE
2297 catchsql {SELECT * FROM t2, t3}
2298 } {0 {{} 2 33 44 55 66 {} 8 9 44 55 66}}
2299 do_test auth-2.11.2 {
2300 proc auth {code arg1 arg2 arg3 arg4 args} {
2301 if {$code=="SQLITE_READ" && $arg2=="x"} {
2302 return SQLITE_IGNORE
2306 catchsql {SELECT * FROM t2, t3}
2307 } {0 {11 2 33 {} 55 66 7 8 9 {} 55 66}}
2309 # Make sure the OLD and NEW pseudo-tables of a trigger get authorized.
2313 proc auth {code arg1 arg2 arg3 arg4 args} {
2317 CREATE TABLE tx(a1,a2,b1,b2,c1,c2);
2318 CREATE TRIGGER r1 AFTER UPDATE ON t2 FOR EACH ROW BEGIN
2319 INSERT INTO tx VALUES(OLD.a,NEW.a,OLD.b,NEW.b,OLD.c,NEW.c);
2321 UPDATE t2 SET a=a+1;
2324 } {11 12 2 2 33 33 7 8 8 8 9 9}
2326 proc auth {code arg1 arg2 arg3 arg4 args} {
2327 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="c"} {
2328 return SQLITE_IGNORE
2334 UPDATE t2 SET a=a+100;
2337 } {12 112 2 2 {} {} 8 108 8 8 {} {}}
2338 } ;# ifcapable trigger
2340 # Make sure the names of views and triggers are passed on on arg4.
2344 proc auth {code arg1 arg2 arg3 arg4 args} {
2345 lappend ::authargs $code $arg1 $arg2 $arg3 $arg4
2350 UPDATE t2 SET a=a+1;
2354 SQLITE_READ t2 a main {} \
2355 SQLITE_UPDATE t2 a main {} \
2356 SQLITE_INSERT tx {} main r1 \
2357 SQLITE_READ t2 a main r1 \
2358 SQLITE_READ t2 a main r1 \
2359 SQLITE_READ t2 b main r1 \
2360 SQLITE_READ t2 b main r1 \
2361 SQLITE_READ t2 c main r1 \
2362 SQLITE_READ t2 c main r1]
2365 ifcapable {view && trigger} {
2368 CREATE VIEW v1 AS SELECT a+b AS x FROM t2;
2369 CREATE TABLE v1chng(x1,x2);
2370 CREATE TRIGGER r2 INSTEAD OF UPDATE ON v1 BEGIN
2371 INSERT INTO v1chng VALUES(OLD.x,NEW.x);
2379 UPDATE v1 SET x=1 WHERE x=117
2383 SQLITE_UPDATE v1 x main {} \
2384 SQLITE_SELECT {} {} {} v1 \
2385 SQLITE_READ t2 a main v1 \
2386 SQLITE_READ t2 b main v1 \
2387 SQLITE_READ v1 x main v1 \
2388 SQLITE_READ v1 x main v1 \
2389 SQLITE_SELECT {} {} {} v1 \
2390 SQLITE_READ v1 x main v1 \
2391 SQLITE_INSERT v1chng {} main r2 \
2392 SQLITE_READ v1 x main r2 \
2393 SQLITE_READ v1 x main r2 \
2398 CREATE TRIGGER r3 INSTEAD OF DELETE ON v1 BEGIN
2399 INSERT INTO v1chng VALUES(OLD.x,NULL);
2407 DELETE FROM v1 WHERE x=117
2411 SQLITE_DELETE v1 {} main {} \
2412 SQLITE_SELECT {} {} {} v1 \
2413 SQLITE_READ t2 a main v1 \
2414 SQLITE_READ t2 b main v1 \
2415 SQLITE_READ v1 x main v1 \
2416 SQLITE_READ v1 x main v1 \
2417 SQLITE_SELECT {} {} {} v1 \
2418 SQLITE_READ v1 x main v1 \
2419 SQLITE_INSERT v1chng {} main r3 \
2420 SQLITE_READ v1 x main r3 \
2423 } ;# ifcapable view && trigger
2425 # Ticket #1338: Make sure authentication works in the presence of an AS
2429 proc auth {code arg1 arg2 arg3 arg4 args} {
2433 SELECT count(a) AS cnt FROM t4 ORDER BY cnt
2439 ifcapable compound&&subquery {
2451 set stat4 "sqlite_stat4 "
2458 SELECT * FROM sqlite_master UNION ALL SELECT * FROM temp.sqlite_master)
2462 } "sqlite_stat1 ${stat4}t1 t2 t3 t4"
2468 do_test auth-5.3.1 {
2470 CREATE TABLE t5 ( x );
2471 CREATE TRIGGER t5_tr1 AFTER INSERT ON t5 BEGIN
2472 UPDATE t5 SET x = 1 WHERE NEW.x = 0;
2476 set ::authargs [list]
2478 eval lappend ::authargs [lrange $args 0 4]
2481 do_test auth-5.3.2 {
2482 execsql { INSERT INTO t5 (x) values(0) }
2484 } [list SQLITE_INSERT t5 {} main {} \
2485 SQLITE_UPDATE t5 x main t5_tr1 \
2486 SQLITE_READ t5 x main t5_tr1 \
2488 do_test auth-5.3.2 {
2489 execsql { SELECT * FROM t5 }
2493 # Ticket [0eb70d77cb05bb22720]: Invalid pointer passsed to the authorizer
2494 # callback when updating a ROWID.
2498 CREATE TABLE t6(a,b,c,d,e,f,g,h);
2499 INSERT INTO t6 VALUES(1,2,3,4,5,6,7,8);
2502 set ::authargs [list]
2504 eval lappend ::authargs [lrange $args 0 4]
2508 execsql {UPDATE t6 SET rowID=rowID+100}
2510 } [list SQLITE_READ t6 ROWID main {} \
2511 SQLITE_UPDATE t6 ROWID main {} \
2514 execsql {SELECT rowid, * FROM t6}
2515 } {101 1 2 3 4 5 6 7 8}
2517 #-------------------------------------------------------------------------
2518 # Test that view names are included as zArg4.
2520 do_execsql_test auth-7.1 {
2521 CREATE TABLE t7(a, b, c);
2522 CREATE VIEW v7 AS SELECT * FROM t7;
2524 set ::authargs [list]
2526 eval lappend ::authargs [lrange $args 0 4]
2531 execsql {SELECT a, c FROM v7}
2534 SQLITE_SELECT {} {} {} {} \
2535 SQLITE_READ t7 a main v7 \
2536 SQLITE_READ t7 b main v7 \
2537 SQLITE_READ t7 c main v7 \
2538 SQLITE_READ v7 a main {} \
2539 SQLITE_READ v7 c main {} \
2540 SQLITE_SELECT {} {} {} v7 \
2543 set ::authargs [list]
2545 execsql {SELECT a, c FROM t7}
2548 SQLITE_SELECT {} {} {} {} \
2549 SQLITE_READ t7 a main {} \
2550 SQLITE_READ t7 c main {} \
2553 set ::authargs [list]
2555 execsql {SELECT a, c FROM t7 AS v7}
2558 SQLITE_SELECT {} {} {} {} \
2559 SQLITE_READ t7 a main {} \
2560 SQLITE_READ t7 c main {} \
2563 # If a table is referenced but no columns are read from the table,
2564 # that causes a single SQLITE_READ authorization with a NULL column
2567 # EVIDENCE-OF: R-31520-16302 When a table is referenced by a SELECT but
2568 # no column values are extracted from that table (for example in a query
2569 # like "SELECT count(*) FROM tab") then the SQLITE_READ authorizer
2570 # callback is invoked once for that table with a column name that is an
2573 set ::authargs [list]
2575 execsql {SELECT count(*) FROM t7}
2578 SQLITE_SELECT {} {} {} {} \
2579 SQLITE_FUNCTION {} count {} {} \
2580 SQLITE_READ t7 {} {} {} \
2582 set ::authargs [list]
2585 execsql {SELECT t6.a FROM t6, t7}
2588 SQLITE_SELECT {} {} {} {} \
2589 SQLITE_READ t6 a main {} \
2590 SQLITE_READ t7 {} {} {} \
2593 # Test also that if SQLITE_DENY is returned from an SQLITE_READ authorizer
2594 # invocation with no column name specified, compilation fails.
2596 set ::authargs [list]
2597 proc auth {op args} {
2598 foreach {a b c d} $args break
2599 lappend ::authargs $op $a $b $c $d
2600 if {$op == "SQLITE_READ"} { return "SQLITE_DENY" }
2603 set ::authargs [list]
2604 do_catchsql_test auth-8.3 {
2605 SELECT count(*) FROM t7
2606 } {1 {not authorized}}
2610 SQLITE_SELECT {} {} {} {} \
2611 SQLITE_FUNCTION {} count {} {} \
2612 SQLITE_READ t7 {} {} {} \
2617 rename proc_real proc