1: # 2003 April 4
2: #
3: # The author disclaims copyright to this source code. In place of
4: # a legal notice, here is a blessing:
5: #
6: # May you do good and not evil.
7: # May you find forgiveness for yourself and forgive others.
8: # May you share freely, never taking more than you give.
9: #
10: #***********************************************************************
11: # This file implements regression tests for SQLite library. The
12: # focus of this script is testing the sqlite3_set_authorizer() API
13: # and related functionality.
14: #
15: # $Id: auth.test,v 1.1.1.1 2012/02/21 17:04:16 misho Exp $
16: #
17:
18: set testdir [file dirname $argv0]
19: source $testdir/tester.tcl
20:
21: # disable this test if the SQLITE_OMIT_AUTHORIZATION macro is
22: # defined during compilation.
23: if {[catch {db auth {}} msg]} {
24: finish_test
25: return
26: }
27:
28: rename proc proc_real
29: proc_real proc {name arguments script} {
30: proc_real $name $arguments $script
31: if {$name=="auth"} {
32: db authorizer ::auth
33: }
34: }
35:
36: do_test auth-1.1.1 {
37: db close
38: set ::DB [sqlite3 db test.db]
39: proc auth {code arg1 arg2 arg3 arg4} {
40: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
41: return SQLITE_DENY
42: }
43: return SQLITE_OK
44: }
45: db authorizer ::auth
46: catchsql {CREATE TABLE t1(a,b,c)}
47: } {1 {not authorized}}
48: do_test auth-1.1.2 {
49: db errorcode
50: } {23}
51: do_test auth-1.1.3 {
52: db authorizer
53: } {::auth}
54: do_test auth-1.1.4 {
55: # Ticket #896.
56: catchsql {
57: SELECT x;
58: }
59: } {1 {no such column: x}}
60: do_test auth-1.2 {
61: execsql {SELECT name FROM sqlite_master}
62: } {}
63: do_test auth-1.3.1 {
64: proc auth {code arg1 arg2 arg3 arg4} {
65: if {$code=="SQLITE_CREATE_TABLE"} {
66: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
67: return SQLITE_DENY
68: }
69: return SQLITE_OK
70: }
71: catchsql {CREATE TABLE t1(a,b,c)}
72: } {1 {not authorized}}
73: do_test auth-1.3.2 {
74: db errorcode
75: } {23}
76: do_test auth-1.3.3 {
77: set ::authargs
78: } {t1 {} main {}}
79: do_test auth-1.4 {
80: execsql {SELECT name FROM sqlite_master}
81: } {}
82:
83: ifcapable tempdb {
84: do_test auth-1.5 {
85: proc auth {code arg1 arg2 arg3 arg4} {
86: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
87: return SQLITE_DENY
88: }
89: return SQLITE_OK
90: }
91: catchsql {CREATE TEMP TABLE t1(a,b,c)}
92: } {1 {not authorized}}
93: do_test auth-1.6 {
94: execsql {SELECT name FROM sqlite_temp_master}
95: } {}
96: do_test auth-1.7.1 {
97: proc auth {code arg1 arg2 arg3 arg4} {
98: if {$code=="SQLITE_CREATE_TEMP_TABLE"} {
99: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
100: return SQLITE_DENY
101: }
102: return SQLITE_OK
103: }
104: catchsql {CREATE TEMP TABLE t1(a,b,c)}
105: } {1 {not authorized}}
106: do_test auth-1.7.2 {
107: set ::authargs
108: } {t1 {} temp {}}
109: do_test auth-1.8 {
110: execsql {SELECT name FROM sqlite_temp_master}
111: } {}
112: }
113:
114: do_test auth-1.9 {
115: proc auth {code arg1 arg2 arg3 arg4} {
116: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
117: return SQLITE_IGNORE
118: }
119: return SQLITE_OK
120: }
121: catchsql {CREATE TABLE t1(a,b,c)}
122: } {0 {}}
123: do_test auth-1.10 {
124: execsql {SELECT name FROM sqlite_master}
125: } {}
126: do_test auth-1.11 {
127: proc auth {code arg1 arg2 arg3 arg4} {
128: if {$code=="SQLITE_CREATE_TABLE"} {
129: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
130: return SQLITE_IGNORE
131: }
132: return SQLITE_OK
133: }
134: catchsql {CREATE TABLE t1(a,b,c)}
135: } {0 {}}
136: do_test auth-1.12 {
137: execsql {SELECT name FROM sqlite_master}
138: } {}
139:
140: ifcapable tempdb {
141: do_test auth-1.13 {
142: proc auth {code arg1 arg2 arg3 arg4} {
143: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
144: return SQLITE_IGNORE
145: }
146: return SQLITE_OK
147: }
148: catchsql {CREATE TEMP TABLE t1(a,b,c)}
149: } {0 {}}
150: do_test auth-1.14 {
151: execsql {SELECT name FROM sqlite_temp_master}
152: } {}
153: do_test auth-1.15 {
154: proc auth {code arg1 arg2 arg3 arg4} {
155: if {$code=="SQLITE_CREATE_TEMP_TABLE"} {
156: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
157: return SQLITE_IGNORE
158: }
159: return SQLITE_OK
160: }
161: catchsql {CREATE TEMP TABLE t1(a,b,c)}
162: } {0 {}}
163: do_test auth-1.16 {
164: execsql {SELECT name FROM sqlite_temp_master}
165: } {}
166:
167: do_test auth-1.17 {
168: proc auth {code arg1 arg2 arg3 arg4} {
169: if {$code=="SQLITE_CREATE_TABLE"} {
170: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
171: return SQLITE_DENY
172: }
173: return SQLITE_OK
174: }
175: catchsql {CREATE TEMP TABLE t1(a,b,c)}
176: } {0 {}}
177: do_test auth-1.18 {
178: execsql {SELECT name FROM sqlite_temp_master}
179: } {t1}
180: }
181:
182: do_test auth-1.19.1 {
183: set ::authargs {}
184: proc auth {code arg1 arg2 arg3 arg4} {
185: if {$code=="SQLITE_CREATE_TEMP_TABLE"} {
186: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
187: return SQLITE_DENY
188: }
189: return SQLITE_OK
190: }
191: catchsql {CREATE TABLE t2(a,b,c)}
192: } {0 {}}
193: do_test auth-1.19.2 {
194: set ::authargs
195: } {}
196: do_test auth-1.20 {
197: execsql {SELECT name FROM sqlite_master}
198: } {t2}
199:
200: do_test auth-1.21.1 {
201: proc auth {code arg1 arg2 arg3 arg4} {
202: if {$code=="SQLITE_DROP_TABLE"} {
203: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
204: return SQLITE_DENY
205: }
206: return SQLITE_OK
207: }
208: catchsql {DROP TABLE t2}
209: } {1 {not authorized}}
210: do_test auth-1.21.2 {
211: set ::authargs
212: } {t2 {} main {}}
213: do_test auth-1.22 {
214: execsql {SELECT name FROM sqlite_master}
215: } {t2}
216: do_test auth-1.23.1 {
217: proc auth {code arg1 arg2 arg3 arg4} {
218: if {$code=="SQLITE_DROP_TABLE"} {
219: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
220: return SQLITE_IGNORE
221: }
222: return SQLITE_OK
223: }
224: catchsql {DROP TABLE t2}
225: } {0 {}}
226: do_test auth-1.23.2 {
227: set ::authargs
228: } {t2 {} main {}}
229: do_test auth-1.24 {
230: execsql {SELECT name FROM sqlite_master}
231: } {t2}
232:
233: ifcapable tempdb {
234: do_test auth-1.25 {
235: proc auth {code arg1 arg2 arg3 arg4} {
236: if {$code=="SQLITE_DROP_TEMP_TABLE"} {
237: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
238: return SQLITE_DENY
239: }
240: return SQLITE_OK
241: }
242: catchsql {DROP TABLE t1}
243: } {1 {not authorized}}
244: do_test auth-1.26 {
245: execsql {SELECT name FROM sqlite_temp_master}
246: } {t1}
247: do_test auth-1.27 {
248: proc auth {code arg1 arg2 arg3 arg4} {
249: if {$code=="SQLITE_DROP_TEMP_TABLE"} {
250: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
251: return SQLITE_IGNORE
252: }
253: return SQLITE_OK
254: }
255: catchsql {DROP TABLE t1}
256: } {0 {}}
257: do_test auth-1.28 {
258: execsql {SELECT name FROM sqlite_temp_master}
259: } {t1}
260: }
261:
262: do_test auth-1.29 {
263: proc auth {code arg1 arg2 arg3 arg4} {
264: if {$code=="SQLITE_INSERT" && $arg1=="t2"} {
265: return SQLITE_DENY
266: }
267: return SQLITE_OK
268: }
269: catchsql {INSERT INTO t2 VALUES(1,2,3)}
270: } {1 {not authorized}}
271: do_test auth-1.30 {
272: execsql {SELECT * FROM t2}
273: } {}
274: do_test auth-1.31 {
275: proc auth {code arg1 arg2 arg3 arg4} {
276: if {$code=="SQLITE_INSERT" && $arg1=="t2"} {
277: return SQLITE_IGNORE
278: }
279: return SQLITE_OK
280: }
281: catchsql {INSERT INTO t2 VALUES(1,2,3)}
282: } {0 {}}
283: do_test auth-1.32 {
284: execsql {SELECT * FROM t2}
285: } {}
286: do_test auth-1.33 {
287: proc auth {code arg1 arg2 arg3 arg4} {
288: if {$code=="SQLITE_INSERT" && $arg1=="t1"} {
289: return SQLITE_IGNORE
290: }
291: return SQLITE_OK
292: }
293: catchsql {INSERT INTO t2 VALUES(1,2,3)}
294: } {0 {}}
295: do_test auth-1.34 {
296: execsql {SELECT * FROM t2}
297: } {1 2 3}
298:
299: do_test auth-1.35.1 {
300: proc auth {code arg1 arg2 arg3 arg4} {
301: if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
302: return SQLITE_DENY
303: }
304: return SQLITE_OK
305: }
306: catchsql {SELECT * FROM t2}
307: } {1 {access to t2.b is prohibited}}
308: ifcapable attach {
309: do_test auth-1.35.2 {
310: execsql {ATTACH DATABASE 'test.db' AS two}
311: catchsql {SELECT * FROM two.t2}
312: } {1 {access to two.t2.b is prohibited}}
313: execsql {DETACH DATABASE two}
314: }
315: do_test auth-1.36 {
316: proc auth {code arg1 arg2 arg3 arg4} {
317: if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
318: return SQLITE_IGNORE
319: }
320: return SQLITE_OK
321: }
322: catchsql {SELECT * FROM t2}
323: } {0 {1 {} 3}}
324: do_test auth-1.37 {
325: proc auth {code arg1 arg2 arg3 arg4} {
326: if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
327: return SQLITE_IGNORE
328: }
329: return SQLITE_OK
330: }
331: catchsql {SELECT * FROM t2 WHERE b=2}
332: } {0 {}}
333: do_test auth-1.38 {
334: proc auth {code arg1 arg2 arg3 arg4} {
335: if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="a"} {
336: return SQLITE_IGNORE
337: }
338: return SQLITE_OK
339: }
340: catchsql {SELECT * FROM t2 WHERE b=2}
341: } {0 {{} 2 3}}
342: do_test auth-1.39 {
343: proc auth {code arg1 arg2 arg3 arg4} {
344: if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
345: return SQLITE_IGNORE
346: }
347: return SQLITE_OK
348: }
349: catchsql {SELECT * FROM t2 WHERE b IS NULL}
350: } {0 {1 {} 3}}
351: do_test auth-1.40 {
352: proc auth {code arg1 arg2 arg3 arg4} {
353: if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
354: return SQLITE_DENY
355: }
356: return SQLITE_OK
357: }
358: catchsql {SELECT a,c FROM t2 WHERE b IS NULL}
359: } {1 {access to t2.b is prohibited}}
360:
361: do_test auth-1.41 {
362: proc auth {code arg1 arg2 arg3 arg4} {
363: if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} {
364: return SQLITE_DENY
365: }
366: return SQLITE_OK
367: }
368: catchsql {UPDATE t2 SET a=11}
369: } {0 {}}
370: do_test auth-1.42 {
371: execsql {SELECT * FROM t2}
372: } {11 2 3}
373: do_test auth-1.43 {
374: proc auth {code arg1 arg2 arg3 arg4} {
375: if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} {
376: return SQLITE_DENY
377: }
378: return SQLITE_OK
379: }
380: catchsql {UPDATE t2 SET b=22, c=33}
381: } {1 {not authorized}}
382: do_test auth-1.44 {
383: execsql {SELECT * FROM t2}
384: } {11 2 3}
385: do_test auth-1.45 {
386: proc auth {code arg1 arg2 arg3 arg4} {
387: if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} {
388: return SQLITE_IGNORE
389: }
390: return SQLITE_OK
391: }
392: catchsql {UPDATE t2 SET b=22, c=33}
393: } {0 {}}
394: do_test auth-1.46 {
395: execsql {SELECT * FROM t2}
396: } {11 2 33}
397:
398: do_test auth-1.47 {
399: proc auth {code arg1 arg2 arg3 arg4} {
400: if {$code=="SQLITE_DELETE" && $arg1=="t2"} {
401: return SQLITE_DENY
402: }
403: return SQLITE_OK
404: }
405: catchsql {DELETE FROM t2 WHERE a=11}
406: } {1 {not authorized}}
407: do_test auth-1.48 {
408: execsql {SELECT * FROM t2}
409: } {11 2 33}
410: do_test auth-1.49 {
411: proc auth {code arg1 arg2 arg3 arg4} {
412: if {$code=="SQLITE_DELETE" && $arg1=="t2"} {
413: return SQLITE_IGNORE
414: }
415: return SQLITE_OK
416: }
417: catchsql {DELETE FROM t2 WHERE a=11}
418: } {0 {}}
419: do_test auth-1.50 {
420: execsql {SELECT * FROM t2}
421: } {}
422: do_test auth-1.50.2 {
423: execsql {INSERT INTO t2 VALUES(11, 2, 33)}
424: } {}
425:
426: do_test auth-1.51 {
427: proc auth {code arg1 arg2 arg3 arg4} {
428: if {$code=="SQLITE_SELECT"} {
429: return SQLITE_DENY
430: }
431: return SQLITE_OK
432: }
433: catchsql {SELECT * FROM t2}
434: } {1 {not authorized}}
435: do_test auth-1.52 {
436: proc auth {code arg1 arg2 arg3 arg4} {
437: if {$code=="SQLITE_SELECT"} {
438: return SQLITE_IGNORE
439: }
440: return SQLITE_OK
441: }
442: catchsql {SELECT * FROM t2}
443: } {0 {}}
444: do_test auth-1.53 {
445: proc auth {code arg1 arg2 arg3 arg4} {
446: if {$code=="SQLITE_SELECT"} {
447: return SQLITE_OK
448: }
449: return SQLITE_OK
450: }
451: catchsql {SELECT * FROM t2}
452: } {0 {11 2 33}}
453:
454: # Update for version 3: There used to be a handful of test here that
455: # tested the authorisation callback with the COPY command. The following
456: # test makes the same database modifications as they used to.
457: do_test auth-1.54 {
458: execsql {INSERT INTO t2 VALUES(7, 8, 9);}
459: } {}
460: do_test auth-1.55 {
461: execsql {SELECT * FROM t2}
462: } {11 2 33 7 8 9}
463:
464: do_test auth-1.63 {
465: proc auth {code arg1 arg2 arg3 arg4} {
466: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
467: return SQLITE_DENY
468: }
469: return SQLITE_OK
470: }
471: catchsql {DROP TABLE t2}
472: } {1 {not authorized}}
473: do_test auth-1.64 {
474: execsql {SELECT name FROM sqlite_master}
475: } {t2}
476: do_test auth-1.65 {
477: proc auth {code arg1 arg2 arg3 arg4} {
478: if {$code=="SQLITE_DELETE" && $arg1=="t2"} {
479: return SQLITE_DENY
480: }
481: return SQLITE_OK
482: }
483: catchsql {DROP TABLE t2}
484: } {1 {not authorized}}
485: do_test auth-1.66 {
486: execsql {SELECT name FROM sqlite_master}
487: } {t2}
488:
489: ifcapable tempdb {
490: do_test auth-1.67 {
491: proc auth {code arg1 arg2 arg3 arg4} {
492: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
493: return SQLITE_DENY
494: }
495: return SQLITE_OK
496: }
497: catchsql {DROP TABLE t1}
498: } {1 {not authorized}}
499: do_test auth-1.68 {
500: execsql {SELECT name FROM sqlite_temp_master}
501: } {t1}
502: do_test auth-1.69 {
503: proc auth {code arg1 arg2 arg3 arg4} {
504: if {$code=="SQLITE_DELETE" && $arg1=="t1"} {
505: return SQLITE_DENY
506: }
507: return SQLITE_OK
508: }
509: catchsql {DROP TABLE t1}
510: } {1 {not authorized}}
511: do_test auth-1.70 {
512: execsql {SELECT name FROM sqlite_temp_master}
513: } {t1}
514: }
515:
516: do_test auth-1.71 {
517: proc auth {code arg1 arg2 arg3 arg4} {
518: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
519: return SQLITE_IGNORE
520: }
521: return SQLITE_OK
522: }
523: catchsql {DROP TABLE t2}
524: } {0 {}}
525: do_test auth-1.72 {
526: execsql {SELECT name FROM sqlite_master}
527: } {t2}
528: do_test auth-1.73 {
529: proc auth {code arg1 arg2 arg3 arg4} {
530: if {$code=="SQLITE_DELETE" && $arg1=="t2"} {
531: return SQLITE_IGNORE
532: }
533: return SQLITE_OK
534: }
535: catchsql {DROP TABLE t2}
536: } {0 {}}
537: do_test auth-1.74 {
538: execsql {SELECT name FROM sqlite_master}
539: } {t2}
540:
541: ifcapable tempdb {
542: do_test auth-1.75 {
543: proc auth {code arg1 arg2 arg3 arg4} {
544: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
545: return SQLITE_IGNORE
546: }
547: return SQLITE_OK
548: }
549: catchsql {DROP TABLE t1}
550: } {0 {}}
551: do_test auth-1.76 {
552: execsql {SELECT name FROM sqlite_temp_master}
553: } {t1}
554: do_test auth-1.77 {
555: proc auth {code arg1 arg2 arg3 arg4} {
556: if {$code=="SQLITE_DELETE" && $arg1=="t1"} {
557: return SQLITE_IGNORE
558: }
559: return SQLITE_OK
560: }
561: catchsql {DROP TABLE t1}
562: } {0 {}}
563: do_test auth-1.78 {
564: execsql {SELECT name FROM sqlite_temp_master}
565: } {t1}
566: }
567:
568: # Test cases auth-1.79 to auth-1.124 test creating and dropping views.
569: # Omit these if the library was compiled with views omitted.
570: ifcapable view {
571: do_test auth-1.79 {
572: proc auth {code arg1 arg2 arg3 arg4} {
573: if {$code=="SQLITE_CREATE_VIEW"} {
574: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
575: return SQLITE_DENY
576: }
577: return SQLITE_OK
578: }
579: catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2}
580: } {1 {not authorized}}
581: do_test auth-1.80 {
582: set ::authargs
583: } {v1 {} main {}}
584: do_test auth-1.81 {
585: execsql {SELECT name FROM sqlite_master}
586: } {t2}
587: do_test auth-1.82 {
588: proc auth {code arg1 arg2 arg3 arg4} {
589: if {$code=="SQLITE_CREATE_VIEW"} {
590: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
591: return SQLITE_IGNORE
592: }
593: return SQLITE_OK
594: }
595: catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2}
596: } {0 {}}
597: do_test auth-1.83 {
598: set ::authargs
599: } {v1 {} main {}}
600: do_test auth-1.84 {
601: execsql {SELECT name FROM sqlite_master}
602: } {t2}
603:
604: ifcapable tempdb {
605: do_test auth-1.85 {
606: proc auth {code arg1 arg2 arg3 arg4} {
607: if {$code=="SQLITE_CREATE_TEMP_VIEW"} {
608: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
609: return SQLITE_DENY
610: }
611: return SQLITE_OK
612: }
613: catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2}
614: } {1 {not authorized}}
615: do_test auth-1.86 {
616: set ::authargs
617: } {v1 {} temp {}}
618: do_test auth-1.87 {
619: execsql {SELECT name FROM sqlite_temp_master}
620: } {t1}
621: do_test auth-1.88 {
622: proc auth {code arg1 arg2 arg3 arg4} {
623: if {$code=="SQLITE_CREATE_TEMP_VIEW"} {
624: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
625: return SQLITE_IGNORE
626: }
627: return SQLITE_OK
628: }
629: catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2}
630: } {0 {}}
631: do_test auth-1.89 {
632: set ::authargs
633: } {v1 {} temp {}}
634: do_test auth-1.90 {
635: execsql {SELECT name FROM sqlite_temp_master}
636: } {t1}
637: }
638:
639: do_test auth-1.91 {
640: proc auth {code arg1 arg2 arg3 arg4} {
641: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
642: return SQLITE_DENY
643: }
644: return SQLITE_OK
645: }
646: catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2}
647: } {1 {not authorized}}
648: do_test auth-1.92 {
649: execsql {SELECT name FROM sqlite_master}
650: } {t2}
651: do_test auth-1.93 {
652: proc auth {code arg1 arg2 arg3 arg4} {
653: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
654: return SQLITE_IGNORE
655: }
656: return SQLITE_OK
657: }
658: catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2}
659: } {0 {}}
660: do_test auth-1.94 {
661: execsql {SELECT name FROM sqlite_master}
662: } {t2}
663:
664: ifcapable tempdb {
665: do_test auth-1.95 {
666: proc auth {code arg1 arg2 arg3 arg4} {
667: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
668: return SQLITE_DENY
669: }
670: return SQLITE_OK
671: }
672: catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2}
673: } {1 {not authorized}}
674: do_test auth-1.96 {
675: execsql {SELECT name FROM sqlite_temp_master}
676: } {t1}
677: do_test auth-1.97 {
678: proc auth {code arg1 arg2 arg3 arg4} {
679: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
680: return SQLITE_IGNORE
681: }
682: return SQLITE_OK
683: }
684: catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2}
685: } {0 {}}
686: do_test auth-1.98 {
687: execsql {SELECT name FROM sqlite_temp_master}
688: } {t1}
689: }
690:
691: do_test auth-1.99 {
692: proc auth {code arg1 arg2 arg3 arg4} {
693: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
694: return SQLITE_DENY
695: }
696: return SQLITE_OK
697: }
698: catchsql {
699: CREATE VIEW v2 AS SELECT a+1,b+1 FROM t2;
700: DROP VIEW v2
701: }
702: } {1 {not authorized}}
703: do_test auth-1.100 {
704: execsql {SELECT name FROM sqlite_master}
705: } {t2 v2}
706: do_test auth-1.101 {
707: proc auth {code arg1 arg2 arg3 arg4} {
708: if {$code=="SQLITE_DROP_VIEW"} {
709: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
710: return SQLITE_DENY
711: }
712: return SQLITE_OK
713: }
714: catchsql {DROP VIEW v2}
715: } {1 {not authorized}}
716: do_test auth-1.102 {
717: set ::authargs
718: } {v2 {} main {}}
719: do_test auth-1.103 {
720: execsql {SELECT name FROM sqlite_master}
721: } {t2 v2}
722: do_test auth-1.104 {
723: proc auth {code arg1 arg2 arg3 arg4} {
724: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
725: return SQLITE_IGNORE
726: }
727: return SQLITE_OK
728: }
729: catchsql {DROP VIEW v2}
730: } {0 {}}
731: do_test auth-1.105 {
732: execsql {SELECT name FROM sqlite_master}
733: } {t2 v2}
734: do_test auth-1.106 {
735: proc auth {code arg1 arg2 arg3 arg4} {
736: if {$code=="SQLITE_DROP_VIEW"} {
737: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
738: return SQLITE_IGNORE
739: }
740: return SQLITE_OK
741: }
742: catchsql {DROP VIEW v2}
743: } {0 {}}
744: do_test auth-1.107 {
745: set ::authargs
746: } {v2 {} main {}}
747: do_test auth-1.108 {
748: execsql {SELECT name FROM sqlite_master}
749: } {t2 v2}
750: do_test auth-1.109 {
751: proc auth {code arg1 arg2 arg3 arg4} {
752: if {$code=="SQLITE_DROP_VIEW"} {
753: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
754: return SQLITE_OK
755: }
756: return SQLITE_OK
757: }
758: catchsql {DROP VIEW v2}
759: } {0 {}}
760: do_test auth-1.110 {
761: set ::authargs
762: } {v2 {} main {}}
763: do_test auth-1.111 {
764: execsql {SELECT name FROM sqlite_master}
765: } {t2}
766:
767:
768: ifcapable tempdb {
769: do_test auth-1.112 {
770: proc auth {code arg1 arg2 arg3 arg4} {
771: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
772: return SQLITE_DENY
773: }
774: return SQLITE_OK
775: }
776: catchsql {
777: CREATE TEMP VIEW v1 AS SELECT a+1,b+1 FROM t1;
778: DROP VIEW v1
779: }
780: } {1 {not authorized}}
781: do_test auth-1.113 {
782: execsql {SELECT name FROM sqlite_temp_master}
783: } {t1 v1}
784: do_test auth-1.114 {
785: proc auth {code arg1 arg2 arg3 arg4} {
786: if {$code=="SQLITE_DROP_TEMP_VIEW"} {
787: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
788: return SQLITE_DENY
789: }
790: return SQLITE_OK
791: }
792: catchsql {DROP VIEW v1}
793: } {1 {not authorized}}
794: do_test auth-1.115 {
795: set ::authargs
796: } {v1 {} temp {}}
797: do_test auth-1.116 {
798: execsql {SELECT name FROM sqlite_temp_master}
799: } {t1 v1}
800: do_test auth-1.117 {
801: proc auth {code arg1 arg2 arg3 arg4} {
802: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
803: return SQLITE_IGNORE
804: }
805: return SQLITE_OK
806: }
807: catchsql {DROP VIEW v1}
808: } {0 {}}
809: do_test auth-1.118 {
810: execsql {SELECT name FROM sqlite_temp_master}
811: } {t1 v1}
812: do_test auth-1.119 {
813: proc auth {code arg1 arg2 arg3 arg4} {
814: if {$code=="SQLITE_DROP_TEMP_VIEW"} {
815: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
816: return SQLITE_IGNORE
817: }
818: return SQLITE_OK
819: }
820: catchsql {DROP VIEW v1}
821: } {0 {}}
822: do_test auth-1.120 {
823: set ::authargs
824: } {v1 {} temp {}}
825: do_test auth-1.121 {
826: execsql {SELECT name FROM sqlite_temp_master}
827: } {t1 v1}
828: do_test auth-1.122 {
829: proc auth {code arg1 arg2 arg3 arg4} {
830: if {$code=="SQLITE_DROP_TEMP_VIEW"} {
831: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
832: return SQLITE_OK
833: }
834: return SQLITE_OK
835: }
836: catchsql {DROP VIEW v1}
837: } {0 {}}
838: do_test auth-1.123 {
839: set ::authargs
840: } {v1 {} temp {}}
841: do_test auth-1.124 {
842: execsql {SELECT name FROM sqlite_temp_master}
843: } {t1}
844: }
845: } ;# ifcapable view
846:
847: # Test cases auth-1.125 to auth-1.176 test creating and dropping triggers.
848: # Omit these if the library was compiled with triggers omitted.
849: #
850: ifcapable trigger&&tempdb {
851: do_test auth-1.125 {
852: proc auth {code arg1 arg2 arg3 arg4} {
853: if {$code=="SQLITE_CREATE_TRIGGER"} {
854: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
855: return SQLITE_DENY
856: }
857: return SQLITE_OK
858: }
859: catchsql {
860: CREATE TRIGGER r2 DELETE on t2 BEGIN
861: SELECT NULL;
862: END;
863: }
864: } {1 {not authorized}}
865: do_test auth-1.126 {
866: set ::authargs
867: } {r2 t2 main {}}
868: do_test auth-1.127 {
869: execsql {SELECT name FROM sqlite_master}
870: } {t2}
871: do_test auth-1.128 {
872: proc auth {code arg1 arg2 arg3 arg4} {
873: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
874: return SQLITE_DENY
875: }
876: return SQLITE_OK
877: }
878: catchsql {
879: CREATE TRIGGER r2 DELETE on t2 BEGIN
880: SELECT NULL;
881: END;
882: }
883: } {1 {not authorized}}
884: do_test auth-1.129 {
885: execsql {SELECT name FROM sqlite_master}
886: } {t2}
887: do_test auth-1.130 {
888: proc auth {code arg1 arg2 arg3 arg4} {
889: if {$code=="SQLITE_CREATE_TRIGGER"} {
890: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
891: return SQLITE_IGNORE
892: }
893: return SQLITE_OK
894: }
895: catchsql {
896: CREATE TRIGGER r2 DELETE on t2 BEGIN
897: SELECT NULL;
898: END;
899: }
900: } {0 {}}
901: do_test auth-1.131 {
902: set ::authargs
903: } {r2 t2 main {}}
904: do_test auth-1.132 {
905: execsql {SELECT name FROM sqlite_master}
906: } {t2}
907: do_test auth-1.133 {
908: proc auth {code arg1 arg2 arg3 arg4} {
909: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
910: return SQLITE_IGNORE
911: }
912: return SQLITE_OK
913: }
914: catchsql {
915: CREATE TRIGGER r2 DELETE on t2 BEGIN
916: SELECT NULL;
917: END;
918: }
919: } {0 {}}
920: do_test auth-1.134 {
921: execsql {SELECT name FROM sqlite_master}
922: } {t2}
923: do_test auth-1.135 {
924: proc auth {code arg1 arg2 arg3 arg4} {
925: if {$code=="SQLITE_CREATE_TRIGGER"} {
926: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
927: return SQLITE_OK
928: }
929: return SQLITE_OK
930: }
931: catchsql {
932: CREATE TABLE tx(id);
933: CREATE TRIGGER r2 AFTER INSERT ON t2 BEGIN
934: INSERT INTO tx VALUES(NEW.rowid);
935: END;
936: }
937: } {0 {}}
938: do_test auth-1.136.1 {
939: set ::authargs
940: } {r2 t2 main {}}
941: do_test auth-1.136.2 {
942: execsql {
943: SELECT name FROM sqlite_master WHERE type='trigger'
944: }
945: } {r2}
946: do_test auth-1.136.3 {
947: proc auth {code arg1 arg2 arg3 arg4} {
948: lappend ::authargs $code $arg1 $arg2 $arg3 $arg4
949: return SQLITE_OK
950: }
951: set ::authargs {}
952: execsql {
953: INSERT INTO t2 VALUES(1,2,3);
954: }
955: set ::authargs
956: } {SQLITE_INSERT t2 {} main {} SQLITE_INSERT tx {} main r2 SQLITE_READ t2 ROWID main r2}
957: do_test auth-1.136.4 {
958: execsql {
959: SELECT * FROM tx;
960: }
961: } {3}
962: do_test auth-1.137 {
963: execsql {SELECT name FROM sqlite_master}
964: } {t2 tx r2}
965: do_test auth-1.138 {
966: proc auth {code arg1 arg2 arg3 arg4} {
967: if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} {
968: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
969: return SQLITE_DENY
970: }
971: return SQLITE_OK
972: }
973: catchsql {
974: CREATE TRIGGER r1 DELETE on t1 BEGIN
975: SELECT NULL;
976: END;
977: }
978: } {1 {not authorized}}
979: do_test auth-1.139 {
980: set ::authargs
981: } {r1 t1 temp {}}
982: do_test auth-1.140 {
983: execsql {SELECT name FROM sqlite_temp_master}
984: } {t1}
985: do_test auth-1.141 {
986: proc auth {code arg1 arg2 arg3 arg4} {
987: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
988: return SQLITE_DENY
989: }
990: return SQLITE_OK
991: }
992: catchsql {
993: CREATE TRIGGER r1 DELETE on t1 BEGIN
994: SELECT NULL;
995: END;
996: }
997: } {1 {not authorized}}
998: do_test auth-1.142 {
999: execsql {SELECT name FROM sqlite_temp_master}
1000: } {t1}
1001: do_test auth-1.143 {
1002: proc auth {code arg1 arg2 arg3 arg4} {
1003: if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} {
1004: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1005: return SQLITE_IGNORE
1006: }
1007: return SQLITE_OK
1008: }
1009: catchsql {
1010: CREATE TRIGGER r1 DELETE on t1 BEGIN
1011: SELECT NULL;
1012: END;
1013: }
1014: } {0 {}}
1015: do_test auth-1.144 {
1016: set ::authargs
1017: } {r1 t1 temp {}}
1018: do_test auth-1.145 {
1019: execsql {SELECT name FROM sqlite_temp_master}
1020: } {t1}
1021: do_test auth-1.146 {
1022: proc auth {code arg1 arg2 arg3 arg4} {
1023: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
1024: return SQLITE_IGNORE
1025: }
1026: return SQLITE_OK
1027: }
1028: catchsql {
1029: CREATE TRIGGER r1 DELETE on t1 BEGIN
1030: SELECT NULL;
1031: END;
1032: }
1033: } {0 {}}
1034: do_test auth-1.147 {
1035: execsql {SELECT name FROM sqlite_temp_master}
1036: } {t1}
1037: do_test auth-1.148 {
1038: proc auth {code arg1 arg2 arg3 arg4} {
1039: if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} {
1040: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1041: return SQLITE_OK
1042: }
1043: return SQLITE_OK
1044: }
1045: catchsql {
1046: CREATE TRIGGER r1 DELETE on t1 BEGIN
1047: SELECT NULL;
1048: END;
1049: }
1050: } {0 {}}
1051: do_test auth-1.149 {
1052: set ::authargs
1053: } {r1 t1 temp {}}
1054: do_test auth-1.150 {
1055: execsql {SELECT name FROM sqlite_temp_master}
1056: } {t1 r1}
1057:
1058: do_test auth-1.151 {
1059: proc auth {code arg1 arg2 arg3 arg4} {
1060: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
1061: return SQLITE_DENY
1062: }
1063: return SQLITE_OK
1064: }
1065: catchsql {DROP TRIGGER r2}
1066: } {1 {not authorized}}
1067: do_test auth-1.152 {
1068: execsql {SELECT name FROM sqlite_master}
1069: } {t2 tx r2}
1070: do_test auth-1.153 {
1071: proc auth {code arg1 arg2 arg3 arg4} {
1072: if {$code=="SQLITE_DROP_TRIGGER"} {
1073: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1074: return SQLITE_DENY
1075: }
1076: return SQLITE_OK
1077: }
1078: catchsql {DROP TRIGGER r2}
1079: } {1 {not authorized}}
1080: do_test auth-1.154 {
1081: set ::authargs
1082: } {r2 t2 main {}}
1083: do_test auth-1.155 {
1084: execsql {SELECT name FROM sqlite_master}
1085: } {t2 tx r2}
1086: do_test auth-1.156 {
1087: proc auth {code arg1 arg2 arg3 arg4} {
1088: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
1089: return SQLITE_IGNORE
1090: }
1091: return SQLITE_OK
1092: }
1093: catchsql {DROP TRIGGER r2}
1094: } {0 {}}
1095: do_test auth-1.157 {
1096: execsql {SELECT name FROM sqlite_master}
1097: } {t2 tx r2}
1098: do_test auth-1.158 {
1099: proc auth {code arg1 arg2 arg3 arg4} {
1100: if {$code=="SQLITE_DROP_TRIGGER"} {
1101: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1102: return SQLITE_IGNORE
1103: }
1104: return SQLITE_OK
1105: }
1106: catchsql {DROP TRIGGER r2}
1107: } {0 {}}
1108: do_test auth-1.159 {
1109: set ::authargs
1110: } {r2 t2 main {}}
1111: do_test auth-1.160 {
1112: execsql {SELECT name FROM sqlite_master}
1113: } {t2 tx r2}
1114: do_test auth-1.161 {
1115: proc auth {code arg1 arg2 arg3 arg4} {
1116: if {$code=="SQLITE_DROP_TRIGGER"} {
1117: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1118: return SQLITE_OK
1119: }
1120: return SQLITE_OK
1121: }
1122: catchsql {DROP TRIGGER r2}
1123: } {0 {}}
1124: do_test auth-1.162 {
1125: set ::authargs
1126: } {r2 t2 main {}}
1127: do_test auth-1.163 {
1128: execsql {
1129: DROP TABLE tx;
1130: DELETE FROM t2 WHERE a=1 AND b=2 AND c=3;
1131: SELECT name FROM sqlite_master;
1132: }
1133: } {t2}
1134:
1135: do_test auth-1.164 {
1136: proc auth {code arg1 arg2 arg3 arg4} {
1137: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
1138: return SQLITE_DENY
1139: }
1140: return SQLITE_OK
1141: }
1142: catchsql {DROP TRIGGER r1}
1143: } {1 {not authorized}}
1144: do_test auth-1.165 {
1145: execsql {SELECT name FROM sqlite_temp_master}
1146: } {t1 r1}
1147: do_test auth-1.166 {
1148: proc auth {code arg1 arg2 arg3 arg4} {
1149: if {$code=="SQLITE_DROP_TEMP_TRIGGER"} {
1150: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1151: return SQLITE_DENY
1152: }
1153: return SQLITE_OK
1154: }
1155: catchsql {DROP TRIGGER r1}
1156: } {1 {not authorized}}
1157: do_test auth-1.167 {
1158: set ::authargs
1159: } {r1 t1 temp {}}
1160: do_test auth-1.168 {
1161: execsql {SELECT name FROM sqlite_temp_master}
1162: } {t1 r1}
1163: do_test auth-1.169 {
1164: proc auth {code arg1 arg2 arg3 arg4} {
1165: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
1166: return SQLITE_IGNORE
1167: }
1168: return SQLITE_OK
1169: }
1170: catchsql {DROP TRIGGER r1}
1171: } {0 {}}
1172: do_test auth-1.170 {
1173: execsql {SELECT name FROM sqlite_temp_master}
1174: } {t1 r1}
1175: do_test auth-1.171 {
1176: proc auth {code arg1 arg2 arg3 arg4} {
1177: if {$code=="SQLITE_DROP_TEMP_TRIGGER"} {
1178: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1179: return SQLITE_IGNORE
1180: }
1181: return SQLITE_OK
1182: }
1183: catchsql {DROP TRIGGER r1}
1184: } {0 {}}
1185: do_test auth-1.172 {
1186: set ::authargs
1187: } {r1 t1 temp {}}
1188: do_test auth-1.173 {
1189: execsql {SELECT name FROM sqlite_temp_master}
1190: } {t1 r1}
1191: do_test auth-1.174 {
1192: proc auth {code arg1 arg2 arg3 arg4} {
1193: if {$code=="SQLITE_DROP_TEMP_TRIGGER"} {
1194: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1195: return SQLITE_OK
1196: }
1197: return SQLITE_OK
1198: }
1199: catchsql {DROP TRIGGER r1}
1200: } {0 {}}
1201: do_test auth-1.175 {
1202: set ::authargs
1203: } {r1 t1 temp {}}
1204: do_test auth-1.176 {
1205: execsql {SELECT name FROM sqlite_temp_master}
1206: } {t1}
1207: } ;# ifcapable trigger
1208:
1209: do_test auth-1.177 {
1210: proc auth {code arg1 arg2 arg3 arg4} {
1211: if {$code=="SQLITE_CREATE_INDEX"} {
1212: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1213: return SQLITE_DENY
1214: }
1215: return SQLITE_OK
1216: }
1217: catchsql {CREATE INDEX i2 ON t2(a)}
1218: } {1 {not authorized}}
1219: do_test auth-1.178 {
1220: set ::authargs
1221: } {i2 t2 main {}}
1222: do_test auth-1.179 {
1223: execsql {SELECT name FROM sqlite_master}
1224: } {t2}
1225: do_test auth-1.180 {
1226: proc auth {code arg1 arg2 arg3 arg4} {
1227: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
1228: return SQLITE_DENY
1229: }
1230: return SQLITE_OK
1231: }
1232: catchsql {CREATE INDEX i2 ON t2(a)}
1233: } {1 {not authorized}}
1234: do_test auth-1.181 {
1235: execsql {SELECT name FROM sqlite_master}
1236: } {t2}
1237: do_test auth-1.182 {
1238: proc auth {code arg1 arg2 arg3 arg4} {
1239: if {$code=="SQLITE_CREATE_INDEX"} {
1240: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1241: return SQLITE_IGNORE
1242: }
1243: return SQLITE_OK
1244: }
1245: catchsql {CREATE INDEX i2 ON t2(b)}
1246: } {0 {}}
1247: do_test auth-1.183 {
1248: set ::authargs
1249: } {i2 t2 main {}}
1250: do_test auth-1.184 {
1251: execsql {SELECT name FROM sqlite_master}
1252: } {t2}
1253: do_test auth-1.185 {
1254: proc auth {code arg1 arg2 arg3 arg4} {
1255: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
1256: return SQLITE_IGNORE
1257: }
1258: return SQLITE_OK
1259: }
1260: catchsql {CREATE INDEX i2 ON t2(b)}
1261: } {0 {}}
1262: do_test auth-1.186 {
1263: execsql {SELECT name FROM sqlite_master}
1264: } {t2}
1265: do_test auth-1.187 {
1266: proc auth {code arg1 arg2 arg3 arg4} {
1267: if {$code=="SQLITE_CREATE_INDEX"} {
1268: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1269: return SQLITE_OK
1270: }
1271: return SQLITE_OK
1272: }
1273: catchsql {CREATE INDEX i2 ON t2(a)}
1274: } {0 {}}
1275: do_test auth-1.188 {
1276: set ::authargs
1277: } {i2 t2 main {}}
1278: do_test auth-1.189 {
1279: execsql {SELECT name FROM sqlite_master}
1280: } {t2 i2}
1281:
1282: ifcapable tempdb {
1283: do_test auth-1.190 {
1284: proc auth {code arg1 arg2 arg3 arg4} {
1285: if {$code=="SQLITE_CREATE_TEMP_INDEX"} {
1286: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1287: return SQLITE_DENY
1288: }
1289: return SQLITE_OK
1290: }
1291: catchsql {CREATE INDEX i1 ON t1(a)}
1292: } {1 {not authorized}}
1293: do_test auth-1.191 {
1294: set ::authargs
1295: } {i1 t1 temp {}}
1296: do_test auth-1.192 {
1297: execsql {SELECT name FROM sqlite_temp_master}
1298: } {t1}
1299: do_test auth-1.193 {
1300: proc auth {code arg1 arg2 arg3 arg4} {
1301: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
1302: return SQLITE_DENY
1303: }
1304: return SQLITE_OK
1305: }
1306: catchsql {CREATE INDEX i1 ON t1(b)}
1307: } {1 {not authorized}}
1308: do_test auth-1.194 {
1309: execsql {SELECT name FROM sqlite_temp_master}
1310: } {t1}
1311: do_test auth-1.195 {
1312: proc auth {code arg1 arg2 arg3 arg4} {
1313: if {$code=="SQLITE_CREATE_TEMP_INDEX"} {
1314: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1315: return SQLITE_IGNORE
1316: }
1317: return SQLITE_OK
1318: }
1319: catchsql {CREATE INDEX i1 ON t1(b)}
1320: } {0 {}}
1321: do_test auth-1.196 {
1322: set ::authargs
1323: } {i1 t1 temp {}}
1324: do_test auth-1.197 {
1325: execsql {SELECT name FROM sqlite_temp_master}
1326: } {t1}
1327: do_test auth-1.198 {
1328: proc auth {code arg1 arg2 arg3 arg4} {
1329: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
1330: return SQLITE_IGNORE
1331: }
1332: return SQLITE_OK
1333: }
1334: catchsql {CREATE INDEX i1 ON t1(c)}
1335: } {0 {}}
1336: do_test auth-1.199 {
1337: execsql {SELECT name FROM sqlite_temp_master}
1338: } {t1}
1339: do_test auth-1.200 {
1340: proc auth {code arg1 arg2 arg3 arg4} {
1341: if {$code=="SQLITE_CREATE_TEMP_INDEX"} {
1342: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1343: return SQLITE_OK
1344: }
1345: return SQLITE_OK
1346: }
1347: catchsql {CREATE INDEX i1 ON t1(a)}
1348: } {0 {}}
1349: do_test auth-1.201 {
1350: set ::authargs
1351: } {i1 t1 temp {}}
1352: do_test auth-1.202 {
1353: execsql {SELECT name FROM sqlite_temp_master}
1354: } {t1 i1}
1355: }
1356:
1357: do_test auth-1.203 {
1358: proc auth {code arg1 arg2 arg3 arg4} {
1359: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
1360: return SQLITE_DENY
1361: }
1362: return SQLITE_OK
1363: }
1364: catchsql {DROP INDEX i2}
1365: } {1 {not authorized}}
1366: do_test auth-1.204 {
1367: execsql {SELECT name FROM sqlite_master}
1368: } {t2 i2}
1369: do_test auth-1.205 {
1370: proc auth {code arg1 arg2 arg3 arg4} {
1371: if {$code=="SQLITE_DROP_INDEX"} {
1372: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1373: return SQLITE_DENY
1374: }
1375: return SQLITE_OK
1376: }
1377: catchsql {DROP INDEX i2}
1378: } {1 {not authorized}}
1379: do_test auth-1.206 {
1380: set ::authargs
1381: } {i2 t2 main {}}
1382: do_test auth-1.207 {
1383: execsql {SELECT name FROM sqlite_master}
1384: } {t2 i2}
1385: do_test auth-1.208 {
1386: proc auth {code arg1 arg2 arg3 arg4} {
1387: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
1388: return SQLITE_IGNORE
1389: }
1390: return SQLITE_OK
1391: }
1392: catchsql {DROP INDEX i2}
1393: } {0 {}}
1394: do_test auth-1.209 {
1395: execsql {SELECT name FROM sqlite_master}
1396: } {t2 i2}
1397: do_test auth-1.210 {
1398: proc auth {code arg1 arg2 arg3 arg4} {
1399: if {$code=="SQLITE_DROP_INDEX"} {
1400: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1401: return SQLITE_IGNORE
1402: }
1403: return SQLITE_OK
1404: }
1405: catchsql {DROP INDEX i2}
1406: } {0 {}}
1407: do_test auth-1.211 {
1408: set ::authargs
1409: } {i2 t2 main {}}
1410: do_test auth-1.212 {
1411: execsql {SELECT name FROM sqlite_master}
1412: } {t2 i2}
1413: do_test auth-1.213 {
1414: proc auth {code arg1 arg2 arg3 arg4} {
1415: if {$code=="SQLITE_DROP_INDEX"} {
1416: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1417: return SQLITE_OK
1418: }
1419: return SQLITE_OK
1420: }
1421: catchsql {DROP INDEX i2}
1422: } {0 {}}
1423: do_test auth-1.214 {
1424: set ::authargs
1425: } {i2 t2 main {}}
1426: do_test auth-1.215 {
1427: execsql {SELECT name FROM sqlite_master}
1428: } {t2}
1429:
1430: ifcapable tempdb {
1431: do_test auth-1.216 {
1432: proc auth {code arg1 arg2 arg3 arg4} {
1433: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
1434: return SQLITE_DENY
1435: }
1436: return SQLITE_OK
1437: }
1438: catchsql {DROP INDEX i1}
1439: } {1 {not authorized}}
1440: do_test auth-1.217 {
1441: execsql {SELECT name FROM sqlite_temp_master}
1442: } {t1 i1}
1443: do_test auth-1.218 {
1444: proc auth {code arg1 arg2 arg3 arg4} {
1445: if {$code=="SQLITE_DROP_TEMP_INDEX"} {
1446: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1447: return SQLITE_DENY
1448: }
1449: return SQLITE_OK
1450: }
1451: catchsql {DROP INDEX i1}
1452: } {1 {not authorized}}
1453: do_test auth-1.219 {
1454: set ::authargs
1455: } {i1 t1 temp {}}
1456: do_test auth-1.220 {
1457: execsql {SELECT name FROM sqlite_temp_master}
1458: } {t1 i1}
1459: do_test auth-1.221 {
1460: proc auth {code arg1 arg2 arg3 arg4} {
1461: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
1462: return SQLITE_IGNORE
1463: }
1464: return SQLITE_OK
1465: }
1466: catchsql {DROP INDEX i1}
1467: } {0 {}}
1468: do_test auth-1.222 {
1469: execsql {SELECT name FROM sqlite_temp_master}
1470: } {t1 i1}
1471: do_test auth-1.223 {
1472: proc auth {code arg1 arg2 arg3 arg4} {
1473: if {$code=="SQLITE_DROP_TEMP_INDEX"} {
1474: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1475: return SQLITE_IGNORE
1476: }
1477: return SQLITE_OK
1478: }
1479: catchsql {DROP INDEX i1}
1480: } {0 {}}
1481: do_test auth-1.224 {
1482: set ::authargs
1483: } {i1 t1 temp {}}
1484: do_test auth-1.225 {
1485: execsql {SELECT name FROM sqlite_temp_master}
1486: } {t1 i1}
1487: do_test auth-1.226 {
1488: proc auth {code arg1 arg2 arg3 arg4} {
1489: if {$code=="SQLITE_DROP_TEMP_INDEX"} {
1490: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1491: return SQLITE_OK
1492: }
1493: return SQLITE_OK
1494: }
1495: catchsql {DROP INDEX i1}
1496: } {0 {}}
1497: do_test auth-1.227 {
1498: set ::authargs
1499: } {i1 t1 temp {}}
1500: do_test auth-1.228 {
1501: execsql {SELECT name FROM sqlite_temp_master}
1502: } {t1}
1503: }
1504:
1505: do_test auth-1.229 {
1506: proc auth {code arg1 arg2 arg3 arg4} {
1507: if {$code=="SQLITE_PRAGMA"} {
1508: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1509: return SQLITE_DENY
1510: }
1511: return SQLITE_OK
1512: }
1513: catchsql {PRAGMA full_column_names=on}
1514: } {1 {not authorized}}
1515: do_test auth-1.230 {
1516: set ::authargs
1517: } {full_column_names on {} {}}
1518: do_test auth-1.231 {
1519: execsql2 {SELECT a FROM t2}
1520: } {a 11 a 7}
1521: do_test auth-1.232 {
1522: proc auth {code arg1 arg2 arg3 arg4} {
1523: if {$code=="SQLITE_PRAGMA"} {
1524: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1525: return SQLITE_IGNORE
1526: }
1527: return SQLITE_OK
1528: }
1529: catchsql {PRAGMA full_column_names=on}
1530: } {0 {}}
1531: do_test auth-1.233 {
1532: set ::authargs
1533: } {full_column_names on {} {}}
1534: do_test auth-1.234 {
1535: execsql2 {SELECT a FROM t2}
1536: } {a 11 a 7}
1537: do_test auth-1.235 {
1538: proc auth {code arg1 arg2 arg3 arg4} {
1539: if {$code=="SQLITE_PRAGMA"} {
1540: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1541: return SQLITE_OK
1542: }
1543: return SQLITE_OK
1544: }
1545: catchsql {PRAGMA full_column_names=on}
1546: } {0 {}}
1547: do_test auth-1.236 {
1548: execsql2 {SELECT a FROM t2}
1549: } {t2.a 11 t2.a 7}
1550: do_test auth-1.237 {
1551: proc auth {code arg1 arg2 arg3 arg4} {
1552: if {$code=="SQLITE_PRAGMA"} {
1553: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1554: return SQLITE_OK
1555: }
1556: return SQLITE_OK
1557: }
1558: catchsql {PRAGMA full_column_names=OFF}
1559: } {0 {}}
1560: do_test auth-1.238 {
1561: set ::authargs
1562: } {full_column_names OFF {} {}}
1563: do_test auth-1.239 {
1564: execsql2 {SELECT a FROM t2}
1565: } {a 11 a 7}
1566:
1567: do_test auth-1.240 {
1568: proc auth {code arg1 arg2 arg3 arg4} {
1569: if {$code=="SQLITE_TRANSACTION"} {
1570: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1571: return SQLITE_DENY
1572: }
1573: return SQLITE_OK
1574: }
1575: catchsql {BEGIN}
1576: } {1 {not authorized}}
1577: do_test auth-1.241 {
1578: set ::authargs
1579: } {BEGIN {} {} {}}
1580: do_test auth-1.242 {
1581: proc auth {code arg1 arg2 arg3 arg4} {
1582: if {$code=="SQLITE_TRANSACTION" && $arg1!="BEGIN"} {
1583: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1584: return SQLITE_DENY
1585: }
1586: return SQLITE_OK
1587: }
1588: catchsql {BEGIN; INSERT INTO t2 VALUES(44,55,66); COMMIT}
1589: } {1 {not authorized}}
1590: do_test auth-1.243 {
1591: set ::authargs
1592: } {COMMIT {} {} {}}
1593: do_test auth-1.244 {
1594: execsql {SELECT * FROM t2}
1595: } {11 2 33 7 8 9 44 55 66}
1596: do_test auth-1.245 {
1597: catchsql {ROLLBACK}
1598: } {1 {not authorized}}
1599: do_test auth-1.246 {
1600: set ::authargs
1601: } {ROLLBACK {} {} {}}
1602: do_test auth-1.247 {
1603: catchsql {END TRANSACTION}
1604: } {1 {not authorized}}
1605: do_test auth-1.248 {
1606: set ::authargs
1607: } {COMMIT {} {} {}}
1608: do_test auth-1.249 {
1609: db authorizer {}
1610: catchsql {ROLLBACK}
1611: } {0 {}}
1612: do_test auth-1.250 {
1613: execsql {SELECT * FROM t2}
1614: } {11 2 33 7 8 9}
1615:
1616: # ticket #340 - authorization for ATTACH and DETACH.
1617: #
1618: ifcapable attach {
1619: do_test auth-1.251 {
1620: db authorizer ::auth
1621: proc auth {code arg1 arg2 arg3 arg4} {
1622: if {$code=="SQLITE_ATTACH"} {
1623: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1624: }
1625: return SQLITE_OK
1626: }
1627: catchsql {
1628: ATTACH DATABASE ':memory:' AS test1
1629: }
1630: } {0 {}}
1631: do_test auth-1.252a {
1632: set ::authargs
1633: } {:memory: {} {} {}}
1634: do_test auth-1.252b {
1635: db eval {DETACH test1}
1636: set ::attachfilename :memory:
1637: db eval {ATTACH $::attachfilename AS test1}
1638: set ::authargs
1639: } {{} {} {} {}}
1640: do_test auth-1.252c {
1641: db eval {DETACH test1}
1642: db eval {ATTACH ':mem' || 'ory:' AS test1}
1643: set ::authargs
1644: } {{} {} {} {}}
1645: do_test auth-1.253 {
1646: catchsql {DETACH DATABASE test1}
1647: proc auth {code arg1 arg2 arg3 arg4} {
1648: if {$code=="SQLITE_ATTACH"} {
1649: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1650: return SQLITE_DENY
1651: }
1652: return SQLITE_OK
1653: }
1654: catchsql {
1655: ATTACH DATABASE ':memory:' AS test1;
1656: }
1657: } {1 {not authorized}}
1658: do_test auth-1.254 {
1659: lindex [execsql {PRAGMA database_list}] 7
1660: } {}
1661: do_test auth-1.255 {
1662: catchsql {DETACH DATABASE test1}
1663: proc auth {code arg1 arg2 arg3 arg4} {
1664: if {$code=="SQLITE_ATTACH"} {
1665: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1666: return SQLITE_IGNORE
1667: }
1668: return SQLITE_OK
1669: }
1670: catchsql {
1671: ATTACH DATABASE ':memory:' AS test1;
1672: }
1673: } {0 {}}
1674: do_test auth-1.256 {
1675: lindex [execsql {PRAGMA database_list}] 7
1676: } {}
1677: do_test auth-1.257 {
1678: proc auth {code arg1 arg2 arg3 arg4} {
1679: if {$code=="SQLITE_DETACH"} {
1680: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1681: return SQLITE_OK
1682: }
1683: return SQLITE_OK
1684: }
1685: execsql {ATTACH DATABASE ':memory:' AS test1}
1686: catchsql {
1687: DETACH DATABASE test1;
1688: }
1689: } {0 {}}
1690: do_test auth-1.258 {
1691: lindex [execsql {PRAGMA database_list}] 7
1692: } {}
1693: do_test auth-1.259 {
1694: execsql {ATTACH DATABASE ':memory:' AS test1}
1695: proc auth {code arg1 arg2 arg3 arg4} {
1696: if {$code=="SQLITE_DETACH"} {
1697: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1698: return SQLITE_IGNORE
1699: }
1700: return SQLITE_OK
1701: }
1702: catchsql {
1703: DETACH DATABASE test1;
1704: }
1705: } {0 {}}
1706: ifcapable tempdb {
1707: ifcapable schema_pragmas {
1708: do_test auth-1.260 {
1709: lindex [execsql {PRAGMA database_list}] 7
1710: } {test1}
1711: } ;# ifcapable schema_pragmas
1712: do_test auth-1.261 {
1713: proc auth {code arg1 arg2 arg3 arg4} {
1714: if {$code=="SQLITE_DETACH"} {
1715: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1716: return SQLITE_DENY
1717: }
1718: return SQLITE_OK
1719: }
1720: catchsql {
1721: DETACH DATABASE test1;
1722: }
1723: } {1 {not authorized}}
1724: ifcapable schema_pragmas {
1725: do_test auth-1.262 {
1726: lindex [execsql {PRAGMA database_list}] 7
1727: } {test1}
1728: } ;# ifcapable schema_pragmas
1729: db authorizer {}
1730: execsql {DETACH DATABASE test1}
1731: db authorizer ::auth
1732:
1733: # Authorization for ALTER TABLE. These tests are omitted if the library
1734: # was built without ALTER TABLE support.
1735: ifcapable altertable {
1736:
1737: do_test auth-1.263 {
1738: proc auth {code arg1 arg2 arg3 arg4} {
1739: if {$code=="SQLITE_ALTER_TABLE"} {
1740: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1741: return SQLITE_OK
1742: }
1743: return SQLITE_OK
1744: }
1745: catchsql {
1746: ALTER TABLE t1 RENAME TO t1x
1747: }
1748: } {0 {}}
1749: do_test auth-1.264 {
1750: execsql {SELECT name FROM sqlite_temp_master WHERE type='table'}
1751: } {t1x}
1752: do_test auth-1.265 {
1753: set authargs
1754: } {temp t1 {} {}}
1755: do_test auth-1.266 {
1756: proc auth {code arg1 arg2 arg3 arg4} {
1757: if {$code=="SQLITE_ALTER_TABLE"} {
1758: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1759: return SQLITE_IGNORE
1760: }
1761: return SQLITE_OK
1762: }
1763: catchsql {
1764: ALTER TABLE t1x RENAME TO t1
1765: }
1766: } {0 {}}
1767: do_test auth-1.267 {
1768: execsql {SELECT name FROM sqlite_temp_master WHERE type='table'}
1769: } {t1x}
1770: do_test auth-1.268 {
1771: set authargs
1772: } {temp t1x {} {}}
1773: do_test auth-1.269 {
1774: proc auth {code arg1 arg2 arg3 arg4} {
1775: if {$code=="SQLITE_ALTER_TABLE"} {
1776: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1777: return SQLITE_DENY
1778: }
1779: return SQLITE_OK
1780: }
1781: catchsql {
1782: ALTER TABLE t1x RENAME TO t1
1783: }
1784: } {1 {not authorized}}
1785: do_test auth-1.270 {
1786: execsql {SELECT name FROM sqlite_temp_master WHERE type='table'}
1787: } {t1x}
1788:
1789: do_test auth-1.271 {
1790: set authargs
1791: } {temp t1x {} {}}
1792: } ;# ifcapable altertable
1793:
1794: } else {
1795: db authorizer {}
1796: db eval {
1797: DETACH DATABASE test1;
1798: }
1799: }
1800: }
1801:
1802: ifcapable altertable {
1803: db authorizer {}
1804: catchsql {ALTER TABLE t1x RENAME TO t1}
1805: db authorizer ::auth
1806: do_test auth-1.272 {
1807: proc auth {code arg1 arg2 arg3 arg4} {
1808: if {$code=="SQLITE_ALTER_TABLE"} {
1809: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1810: return SQLITE_OK
1811: }
1812: return SQLITE_OK
1813: }
1814: catchsql {
1815: ALTER TABLE t2 RENAME TO t2x
1816: }
1817: } {0 {}}
1818: do_test auth-1.273 {
1819: execsql {SELECT name FROM sqlite_master WHERE type='table'}
1820: } {t2x}
1821: do_test auth-1.274 {
1822: set authargs
1823: } {main t2 {} {}}
1824: do_test auth-1.275 {
1825: proc auth {code arg1 arg2 arg3 arg4} {
1826: if {$code=="SQLITE_ALTER_TABLE"} {
1827: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1828: return SQLITE_IGNORE
1829: }
1830: return SQLITE_OK
1831: }
1832: catchsql {
1833: ALTER TABLE t2x RENAME TO t2
1834: }
1835: } {0 {}}
1836: do_test auth-1.276 {
1837: execsql {SELECT name FROM sqlite_master WHERE type='table'}
1838: } {t2x}
1839: do_test auth-1.277 {
1840: set authargs
1841: } {main t2x {} {}}
1842: do_test auth-1.278 {
1843: proc auth {code arg1 arg2 arg3 arg4} {
1844: if {$code=="SQLITE_ALTER_TABLE"} {
1845: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1846: return SQLITE_DENY
1847: }
1848: return SQLITE_OK
1849: }
1850: catchsql {
1851: ALTER TABLE t2x RENAME TO t2
1852: }
1853: } {1 {not authorized}}
1854: do_test auth-1.279 {
1855: execsql {SELECT name FROM sqlite_master WHERE type='table'}
1856: } {t2x}
1857: do_test auth-1.280 {
1858: set authargs
1859: } {main t2x {} {}}
1860: db authorizer {}
1861: catchsql {ALTER TABLE t2x RENAME TO t2}
1862:
1863: } ;# ifcapable altertable
1864:
1865: # Test the authorization callbacks for the REINDEX command.
1866: ifcapable reindex {
1867:
1868: proc auth {code args} {
1869: if {$code=="SQLITE_REINDEX"} {
1870: set ::authargs [concat $::authargs $args]
1871: }
1872: return SQLITE_OK
1873: }
1874: db authorizer auth
1875: do_test auth-1.281 {
1876: execsql {
1877: CREATE TABLE t3(a PRIMARY KEY, b, c);
1878: CREATE INDEX t3_idx1 ON t3(c COLLATE BINARY);
1879: CREATE INDEX t3_idx2 ON t3(b COLLATE NOCASE);
1880: }
1881: } {}
1882: do_test auth-1.282 {
1883: set ::authargs {}
1884: execsql {
1885: REINDEX t3_idx1;
1886: }
1887: set ::authargs
1888: } {t3_idx1 {} main {}}
1889: do_test auth-1.283 {
1890: set ::authargs {}
1891: execsql {
1892: REINDEX BINARY;
1893: }
1894: set ::authargs
1895: } {t3_idx1 {} main {} sqlite_autoindex_t3_1 {} main {}}
1896: do_test auth-1.284 {
1897: set ::authargs {}
1898: execsql {
1899: REINDEX NOCASE;
1900: }
1901: set ::authargs
1902: } {t3_idx2 {} main {}}
1903: do_test auth-1.285 {
1904: set ::authargs {}
1905: execsql {
1906: REINDEX t3;
1907: }
1908: set ::authargs
1909: } {t3_idx2 {} main {} t3_idx1 {} main {} sqlite_autoindex_t3_1 {} main {}}
1910: do_test auth-1.286 {
1911: execsql {
1912: DROP TABLE t3;
1913: }
1914: } {}
1915: ifcapable tempdb {
1916: do_test auth-1.287 {
1917: execsql {
1918: CREATE TEMP TABLE t3(a PRIMARY KEY, b, c);
1919: CREATE INDEX t3_idx1 ON t3(c COLLATE BINARY);
1920: CREATE INDEX t3_idx2 ON t3(b COLLATE NOCASE);
1921: }
1922: } {}
1923: do_test auth-1.288 {
1924: set ::authargs {}
1925: execsql {
1926: REINDEX temp.t3_idx1;
1927: }
1928: set ::authargs
1929: } {t3_idx1 {} temp {}}
1930: do_test auth-1.289 {
1931: set ::authargs {}
1932: execsql {
1933: REINDEX BINARY;
1934: }
1935: set ::authargs
1936: } {t3_idx1 {} temp {} sqlite_autoindex_t3_1 {} temp {}}
1937: do_test auth-1.290 {
1938: set ::authargs {}
1939: execsql {
1940: REINDEX NOCASE;
1941: }
1942: set ::authargs
1943: } {t3_idx2 {} temp {}}
1944: do_test auth-1.291 {
1945: set ::authargs {}
1946: execsql {
1947: REINDEX temp.t3;
1948: }
1949: set ::authargs
1950: } {t3_idx2 {} temp {} t3_idx1 {} temp {} sqlite_autoindex_t3_1 {} temp {}}
1951: proc auth {code args} {
1952: if {$code=="SQLITE_REINDEX"} {
1953: set ::authargs [concat $::authargs $args]
1954: return SQLITE_DENY
1955: }
1956: return SQLITE_OK
1957: }
1958: do_test auth-1.292 {
1959: set ::authargs {}
1960: catchsql {
1961: REINDEX temp.t3;
1962: }
1963: } {1 {not authorized}}
1964: do_test auth-1.293 {
1965: execsql {
1966: DROP TABLE t3;
1967: }
1968: } {}
1969: }
1970:
1971: } ;# ifcapable reindex
1972:
1973: ifcapable analyze {
1974: proc auth {code args} {
1975: if {$code=="SQLITE_ANALYZE"} {
1976: set ::authargs [concat $::authargs $args]
1977: }
1978: return SQLITE_OK
1979: }
1980: do_test auth-1.294 {
1981: set ::authargs {}
1982: execsql {
1983: CREATE TABLE t4(a,b,c);
1984: CREATE INDEX t4i1 ON t4(a);
1985: CREATE INDEX t4i2 ON t4(b,a,c);
1986: INSERT INTO t4 VALUES(1,2,3);
1987: ANALYZE;
1988: }
1989: set ::authargs
1990: } {t4 {} main {} t2 {} main {}}
1991: do_test auth-1.295 {
1992: execsql {
1993: SELECT count(*) FROM sqlite_stat1;
1994: }
1995: } 3
1996: proc auth {code args} {
1997: if {$code=="SQLITE_ANALYZE"} {
1998: set ::authargs [concat $::authargs $args]
1999: return SQLITE_DENY
2000: }
2001: return SQLITE_OK
2002: }
2003: do_test auth-1.296 {
2004: set ::authargs {}
2005: catchsql {
2006: ANALYZE;
2007: }
2008: } {1 {not authorized}}
2009: do_test auth-1.297 {
2010: execsql {
2011: SELECT count(*) FROM sqlite_stat1;
2012: }
2013: } 3
2014: } ;# ifcapable analyze
2015:
2016:
2017: # Authorization for ALTER TABLE ADD COLUMN.
2018: # These tests are omitted if the library
2019: # was built without ALTER TABLE support.
2020: ifcapable {altertable} {
2021: do_test auth-1.300 {
2022: execsql {CREATE TABLE t5(x)}
2023: proc auth {code arg1 arg2 arg3 arg4} {
2024: if {$code=="SQLITE_ALTER_TABLE"} {
2025: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
2026: return SQLITE_OK
2027: }
2028: return SQLITE_OK
2029: }
2030: catchsql {
2031: ALTER TABLE t5 ADD COLUMN new_col_1;
2032: }
2033: } {0 {}}
2034: do_test auth-1.301 {
2035: set x [execsql {SELECT sql FROM sqlite_master WHERE name='t5'}]
2036: regexp new_col_1 $x
2037: } {1}
2038: do_test auth-1.302 {
2039: set authargs
2040: } {main t5 {} {}}
2041: do_test auth-1.303 {
2042: proc auth {code arg1 arg2 arg3 arg4} {
2043: if {$code=="SQLITE_ALTER_TABLE"} {
2044: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
2045: return SQLITE_IGNORE
2046: }
2047: return SQLITE_OK
2048: }
2049: catchsql {
2050: ALTER TABLE t5 ADD COLUMN new_col_2;
2051: }
2052: } {0 {}}
2053: do_test auth-1.304 {
2054: set x [execsql {SELECT sql FROM sqlite_master WHERE name='t5'}]
2055: regexp new_col_2 $x
2056: } {0}
2057: do_test auth-1.305 {
2058: set authargs
2059: } {main t5 {} {}}
2060: do_test auth-1.306 {
2061: proc auth {code arg1 arg2 arg3 arg4} {
2062: if {$code=="SQLITE_ALTER_TABLE"} {
2063: set ::authargs [list $arg1 $arg2 $arg3 $arg4]
2064: return SQLITE_DENY
2065: }
2066: return SQLITE_OK
2067: }
2068: catchsql {
2069: ALTER TABLE t5 ADD COLUMN new_col_3
2070: }
2071: } {1 {not authorized}}
2072: do_test auth-1.307 {
2073: set x [execsql {SELECT sql FROM sqlite_temp_master WHERE type='t5'}]
2074: regexp new_col_3 $x
2075: } {0}
2076:
2077: do_test auth-1.308 {
2078: set authargs
2079: } {main t5 {} {}}
2080: execsql {DROP TABLE t5}
2081: } ;# ifcapable altertable
2082:
2083: do_test auth-2.1 {
2084: proc auth {code arg1 arg2 arg3 arg4} {
2085: if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} {
2086: return SQLITE_DENY
2087: }
2088: return SQLITE_OK
2089: }
2090: db authorizer ::auth
2091: execsql {CREATE TABLE t3(x INTEGER PRIMARY KEY, y, z)}
2092: catchsql {SELECT * FROM t3}
2093: } {1 {access to t3.x is prohibited}}
2094: do_test auth-2.1 {
2095: catchsql {SELECT y,z FROM t3}
2096: } {0 {}}
2097: do_test auth-2.2 {
2098: catchsql {SELECT ROWID,y,z FROM t3}
2099: } {1 {access to t3.x is prohibited}}
2100: do_test auth-2.3 {
2101: catchsql {SELECT OID,y,z FROM t3}
2102: } {1 {access to t3.x is prohibited}}
2103: do_test auth-2.4 {
2104: proc auth {code arg1 arg2 arg3 arg4} {
2105: if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} {
2106: return SQLITE_IGNORE
2107: }
2108: return SQLITE_OK
2109: }
2110: execsql {INSERT INTO t3 VALUES(44,55,66)}
2111: catchsql {SELECT * FROM t3}
2112: } {0 {{} 55 66}}
2113: do_test auth-2.5 {
2114: catchsql {SELECT rowid,y,z FROM t3}
2115: } {0 {{} 55 66}}
2116: do_test auth-2.6 {
2117: proc auth {code arg1 arg2 arg3 arg4} {
2118: if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="ROWID"} {
2119: return SQLITE_IGNORE
2120: }
2121: return SQLITE_OK
2122: }
2123: catchsql {SELECT * FROM t3}
2124: } {0 {44 55 66}}
2125: do_test auth-2.7 {
2126: catchsql {SELECT ROWID,y,z FROM t3}
2127: } {0 {44 55 66}}
2128: do_test auth-2.8 {
2129: proc auth {code arg1 arg2 arg3 arg4} {
2130: if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} {
2131: return SQLITE_IGNORE
2132: }
2133: return SQLITE_OK
2134: }
2135: catchsql {SELECT ROWID,b,c FROM t2}
2136: } {0 {{} 2 33 {} 8 9}}
2137: do_test auth-2.9.1 {
2138: # We have to flush the cache here in case the Tcl interface tries to
2139: # reuse a statement compiled with sqlite3_prepare_v2(). In this case,
2140: # the first error encountered is an SQLITE_SCHEMA error. Then, when
2141: # trying to recompile the statement, the authorization error is encountered.
2142: # If we do not flush the cache, the correct error message is returned, but
2143: # the error code is SQLITE_SCHEMA, not SQLITE_ERROR as required by the test
2144: # case after this one.
2145: #
2146: db cache flush
2147:
2148: proc auth {code arg1 arg2 arg3 arg4} {
2149: if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} {
2150: return bogus
2151: }
2152: return SQLITE_OK
2153: }
2154: catchsql {SELECT ROWID,b,c FROM t2}
2155: } {1 {authorizer malfunction}}
2156: do_test auth-2.9.2 {
2157: db errorcode
2158: } {1}
2159: do_test auth-2.10 {
2160: proc auth {code arg1 arg2 arg3 arg4} {
2161: if {$code=="SQLITE_SELECT"} {
2162: return bogus
2163: }
2164: return SQLITE_OK
2165: }
2166: catchsql {SELECT ROWID,b,c FROM t2}
2167: } {1 {authorizer malfunction}}
2168: do_test auth-2.11.1 {
2169: proc auth {code arg1 arg2 arg3 arg4} {
2170: if {$code=="SQLITE_READ" && $arg2=="a"} {
2171: return SQLITE_IGNORE
2172: }
2173: return SQLITE_OK
2174: }
2175: catchsql {SELECT * FROM t2, t3}
2176: } {0 {{} 2 33 44 55 66 {} 8 9 44 55 66}}
2177: do_test auth-2.11.2 {
2178: proc auth {code arg1 arg2 arg3 arg4} {
2179: if {$code=="SQLITE_READ" && $arg2=="x"} {
2180: return SQLITE_IGNORE
2181: }
2182: return SQLITE_OK
2183: }
2184: catchsql {SELECT * FROM t2, t3}
2185: } {0 {11 2 33 {} 55 66 7 8 9 {} 55 66}}
2186:
2187: # Make sure the OLD and NEW pseudo-tables of a trigger get authorized.
2188: #
2189: ifcapable trigger {
2190: do_test auth-3.1 {
2191: proc auth {code arg1 arg2 arg3 arg4} {
2192: return SQLITE_OK
2193: }
2194: execsql {
2195: CREATE TABLE tx(a1,a2,b1,b2,c1,c2);
2196: CREATE TRIGGER r1 AFTER UPDATE ON t2 FOR EACH ROW BEGIN
2197: INSERT INTO tx VALUES(OLD.a,NEW.a,OLD.b,NEW.b,OLD.c,NEW.c);
2198: END;
2199: UPDATE t2 SET a=a+1;
2200: SELECT * FROM tx;
2201: }
2202: } {11 12 2 2 33 33 7 8 8 8 9 9}
2203: do_test auth-3.2 {
2204: proc auth {code arg1 arg2 arg3 arg4} {
2205: if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="c"} {
2206: return SQLITE_IGNORE
2207: }
2208: return SQLITE_OK
2209: }
2210: execsql {
2211: DELETE FROM tx;
2212: UPDATE t2 SET a=a+100;
2213: SELECT * FROM tx;
2214: }
2215: } {12 112 2 2 {} {} 8 108 8 8 {} {}}
2216: } ;# ifcapable trigger
2217:
2218: # Make sure the names of views and triggers are passed on on arg4.
2219: #
2220: ifcapable trigger {
2221: do_test auth-4.1 {
2222: proc auth {code arg1 arg2 arg3 arg4} {
2223: lappend ::authargs $code $arg1 $arg2 $arg3 $arg4
2224: return SQLITE_OK
2225: }
2226: set authargs {}
2227: execsql {
2228: UPDATE t2 SET a=a+1;
2229: }
2230: set authargs
2231: } [list \
2232: SQLITE_READ t2 a main {} \
2233: SQLITE_UPDATE t2 a main {} \
2234: SQLITE_INSERT tx {} main r1 \
2235: SQLITE_READ t2 a main r1 \
2236: SQLITE_READ t2 a main r1 \
2237: SQLITE_READ t2 b main r1 \
2238: SQLITE_READ t2 b main r1 \
2239: SQLITE_READ t2 c main r1 \
2240: SQLITE_READ t2 c main r1]
2241: }
2242:
2243: ifcapable {view && trigger} {
2244: do_test auth-4.2 {
2245: execsql {
2246: CREATE VIEW v1 AS SELECT a+b AS x FROM t2;
2247: CREATE TABLE v1chng(x1,x2);
2248: CREATE TRIGGER r2 INSTEAD OF UPDATE ON v1 BEGIN
2249: INSERT INTO v1chng VALUES(OLD.x,NEW.x);
2250: END;
2251: SELECT * FROM v1;
2252: }
2253: } {115 117}
2254: do_test auth-4.3 {
2255: set authargs {}
2256: execsql {
2257: UPDATE v1 SET x=1 WHERE x=117
2258: }
2259: set authargs
2260: } [list \
2261: SQLITE_UPDATE v1 x main {} \
2262: SQLITE_SELECT {} {} {} v1 \
2263: SQLITE_READ t2 a main v1 \
2264: SQLITE_READ t2 b main v1 \
2265: SQLITE_SELECT {} {} {} {} \
2266: SQLITE_READ v1 x main v1 \
2267: SQLITE_INSERT v1chng {} main r2 \
2268: SQLITE_READ v1 x main r2 \
2269: SQLITE_READ v1 x main r2 \
2270: ]
2271:
2272: do_test auth-4.4 {
2273: execsql {
2274: CREATE TRIGGER r3 INSTEAD OF DELETE ON v1 BEGIN
2275: INSERT INTO v1chng VALUES(OLD.x,NULL);
2276: END;
2277: SELECT * FROM v1;
2278: }
2279: } {115 117}
2280: do_test auth-4.5 {
2281: set authargs {}
2282: execsql {
2283: DELETE FROM v1 WHERE x=117
2284: }
2285: set authargs
2286: } [list \
2287: SQLITE_DELETE v1 {} main {} \
2288: SQLITE_SELECT {} {} {} v1 \
2289: SQLITE_READ t2 a main v1 \
2290: SQLITE_READ t2 b main v1 \
2291: SQLITE_SELECT {} {} {} {} \
2292: SQLITE_READ v1 x main v1 \
2293: SQLITE_INSERT v1chng {} main r3 \
2294: SQLITE_READ v1 x main r3 \
2295: ]
2296:
2297: } ;# ifcapable view && trigger
2298:
2299: # Ticket #1338: Make sure authentication works in the presence of an AS
2300: # clause.
2301: #
2302: do_test auth-5.1 {
2303: proc auth {code arg1 arg2 arg3 arg4} {
2304: return SQLITE_OK
2305: }
2306: execsql {
2307: SELECT count(a) AS cnt FROM t4 ORDER BY cnt
2308: }
2309: } {1}
2310:
2311: # Ticket #1607
2312: #
2313: ifcapable compound&&subquery {
2314: ifcapable trigger {
2315: execsql {
2316: DROP TABLE tx;
2317: }
2318: ifcapable view {
2319: execsql {
2320: DROP TABLE v1chng;
2321: }
2322: }
2323: }
2324: ifcapable stat3 {
2325: set stat3 "sqlite_stat3 "
2326: } else {
2327: set stat3 ""
2328: }
2329: do_test auth-5.2 {
2330: execsql {
2331: SELECT name FROM (
2332: SELECT * FROM sqlite_master UNION ALL SELECT * FROM sqlite_temp_master)
2333: WHERE type='table'
2334: ORDER BY name
2335: }
2336: } "sqlite_stat1 ${stat3}t1 t2 t3 t4"
2337: }
2338:
2339: # Ticket #3944
2340: #
2341: ifcapable trigger {
2342: do_test auth-5.3.1 {
2343: execsql {
2344: CREATE TABLE t5 ( x );
2345: CREATE TRIGGER t5_tr1 AFTER INSERT ON t5 BEGIN
2346: UPDATE t5 SET x = 1 WHERE NEW.x = 0;
2347: END;
2348: }
2349: } {}
2350: set ::authargs [list]
2351: proc auth {args} {
2352: eval lappend ::authargs $args
2353: return SQLITE_OK
2354: }
2355: do_test auth-5.3.2 {
2356: execsql { INSERT INTO t5 (x) values(0) }
2357: set ::authargs
2358: } [list SQLITE_INSERT t5 {} main {} \
2359: SQLITE_UPDATE t5 x main t5_tr1 \
2360: SQLITE_READ t5 x main t5_tr1 \
2361: ]
2362: do_test auth-5.3.2 {
2363: execsql { SELECT * FROM t5 }
2364: } {1}
2365: }
2366:
2367:
2368: rename proc {}
2369: rename proc_real proc
2370:
2371:
2372: finish_test
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>