3 # The author disclaims copyright to this source code. In place of
4 # a legal notice, here is a blessing:
6 # May you do good and not evil.
7 # May you find forgiveness for yourself and forgive others.
8 # May you share freely, never taking more than you give.
10 #***********************************************************************
11 # This file implements regression tests for SQLite library. The
12 # focus of this script is testing the sqlite3_set_authorizer() API
13 # and related functionality.
15 # $Id: auth.test,v 1.43 2008/07/02 13:13:52 danielk1977 Exp $
18 set testdir [file dirname $argv0]
19 source $testdir/tester.tcl
21 # disable this test if the SQLITE_OMIT_AUTHORIZATION macro is
22 # defined during compilation.
23 if {[catch {db auth {}} msg]} {
29 proc_real proc {name arguments script} {
30 proc_real $name $arguments $script
38 set ::DB [sqlite3 db test.db]
39 proc auth {code arg1 arg2 arg3 arg4} {
40 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
46 catchsql {CREATE TABLE t1(a,b,c)}
47 } {1 {not authorized}}
59 } {1 {no such column: x}}
61 execsql {SELECT name FROM sqlite_master}
64 proc auth {code arg1 arg2 arg3 arg4} {
65 if {$code=="SQLITE_CREATE_TABLE"} {
66 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
71 catchsql {CREATE TABLE t1(a,b,c)}
72 } {1 {not authorized}}
80 execsql {SELECT name FROM sqlite_master}
85 proc auth {code arg1 arg2 arg3 arg4} {
86 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
91 catchsql {CREATE TEMP TABLE t1(a,b,c)}
92 } {1 {not authorized}}
94 execsql {SELECT name FROM sqlite_temp_master}
97 proc auth {code arg1 arg2 arg3 arg4} {
98 if {$code=="SQLITE_CREATE_TEMP_TABLE"} {
99 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
104 catchsql {CREATE TEMP TABLE t1(a,b,c)}
105 } {1 {not authorized}}
110 execsql {SELECT name FROM sqlite_temp_master}
115 proc auth {code arg1 arg2 arg3 arg4} {
116 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
121 catchsql {CREATE TABLE t1(a,b,c)}
124 execsql {SELECT name FROM sqlite_master}
127 proc auth {code arg1 arg2 arg3 arg4} {
128 if {$code=="SQLITE_CREATE_TABLE"} {
129 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
134 catchsql {CREATE TABLE t1(a,b,c)}
137 execsql {SELECT name FROM sqlite_master}
142 proc auth {code arg1 arg2 arg3 arg4} {
143 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
148 catchsql {CREATE TEMP TABLE t1(a,b,c)}
151 execsql {SELECT name FROM sqlite_temp_master}
154 proc auth {code arg1 arg2 arg3 arg4} {
155 if {$code=="SQLITE_CREATE_TEMP_TABLE"} {
156 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
161 catchsql {CREATE TEMP TABLE t1(a,b,c)}
164 execsql {SELECT name FROM sqlite_temp_master}
168 proc auth {code arg1 arg2 arg3 arg4} {
169 if {$code=="SQLITE_CREATE_TABLE"} {
170 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
175 catchsql {CREATE TEMP TABLE t1(a,b,c)}
178 execsql {SELECT name FROM sqlite_temp_master}
182 do_test auth-1.19.1 {
184 proc auth {code arg1 arg2 arg3 arg4} {
185 if {$code=="SQLITE_CREATE_TEMP_TABLE"} {
186 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
191 catchsql {CREATE TABLE t2(a,b,c)}
193 do_test auth-1.19.2 {
197 execsql {SELECT name FROM sqlite_master}
200 do_test auth-1.21.1 {
201 proc auth {code arg1 arg2 arg3 arg4} {
202 if {$code=="SQLITE_DROP_TABLE"} {
203 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
208 catchsql {DROP TABLE t2}
209 } {1 {not authorized}}
210 do_test auth-1.21.2 {
214 execsql {SELECT name FROM sqlite_master}
216 do_test auth-1.23.1 {
217 proc auth {code arg1 arg2 arg3 arg4} {
218 if {$code=="SQLITE_DROP_TABLE"} {
219 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
224 catchsql {DROP TABLE t2}
226 do_test auth-1.23.2 {
230 execsql {SELECT name FROM sqlite_master}
235 proc auth {code arg1 arg2 arg3 arg4} {
236 if {$code=="SQLITE_DROP_TEMP_TABLE"} {
237 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
242 catchsql {DROP TABLE t1}
243 } {1 {not authorized}}
245 execsql {SELECT name FROM sqlite_temp_master}
248 proc auth {code arg1 arg2 arg3 arg4} {
249 if {$code=="SQLITE_DROP_TEMP_TABLE"} {
250 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
255 catchsql {DROP TABLE t1}
258 execsql {SELECT name FROM sqlite_temp_master}
263 proc auth {code arg1 arg2 arg3 arg4} {
264 if {$code=="SQLITE_INSERT" && $arg1=="t2"} {
269 catchsql {INSERT INTO t2 VALUES(1,2,3)}
270 } {1 {not authorized}}
272 execsql {SELECT * FROM t2}
275 proc auth {code arg1 arg2 arg3 arg4} {
276 if {$code=="SQLITE_INSERT" && $arg1=="t2"} {
281 catchsql {INSERT INTO t2 VALUES(1,2,3)}
284 execsql {SELECT * FROM t2}
287 proc auth {code arg1 arg2 arg3 arg4} {
288 if {$code=="SQLITE_INSERT" && $arg1=="t1"} {
293 catchsql {INSERT INTO t2 VALUES(1,2,3)}
296 execsql {SELECT * FROM t2}
299 do_test auth-1.35.1 {
300 proc auth {code arg1 arg2 arg3 arg4} {
301 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
306 catchsql {SELECT * FROM t2}
307 } {1 {access to t2.b is prohibited}}
309 do_test auth-1.35.2 {
310 execsql {ATTACH DATABASE 'test.db' AS two}
311 catchsql {SELECT * FROM two.t2}
312 } {1 {access to two.t2.b is prohibited}}
313 execsql {DETACH DATABASE two}
316 proc auth {code arg1 arg2 arg3 arg4} {
317 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
322 catchsql {SELECT * FROM t2}
325 proc auth {code arg1 arg2 arg3 arg4} {
326 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
331 catchsql {SELECT * FROM t2 WHERE b=2}
334 proc auth {code arg1 arg2 arg3 arg4} {
335 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="a"} {
340 catchsql {SELECT * FROM t2 WHERE b=2}
343 proc auth {code arg1 arg2 arg3 arg4} {
344 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
349 catchsql {SELECT * FROM t2 WHERE b IS NULL}
352 proc auth {code arg1 arg2 arg3 arg4} {
353 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
358 catchsql {SELECT a,c FROM t2 WHERE b IS NULL}
359 } {1 {access to t2.b is prohibited}}
362 proc auth {code arg1 arg2 arg3 arg4} {
363 if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} {
368 catchsql {UPDATE t2 SET a=11}
371 execsql {SELECT * FROM t2}
374 proc auth {code arg1 arg2 arg3 arg4} {
375 if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} {
380 catchsql {UPDATE t2 SET b=22, c=33}
381 } {1 {not authorized}}
383 execsql {SELECT * FROM t2}
386 proc auth {code arg1 arg2 arg3 arg4} {
387 if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} {
392 catchsql {UPDATE t2 SET b=22, c=33}
395 execsql {SELECT * FROM t2}
399 proc auth {code arg1 arg2 arg3 arg4} {
400 if {$code=="SQLITE_DELETE" && $arg1=="t2"} {
405 catchsql {DELETE FROM t2 WHERE a=11}
406 } {1 {not authorized}}
408 execsql {SELECT * FROM t2}
411 proc auth {code arg1 arg2 arg3 arg4} {
412 if {$code=="SQLITE_DELETE" && $arg1=="t2"} {
417 catchsql {DELETE FROM t2 WHERE a=11}
420 execsql {SELECT * FROM t2}
424 proc auth {code arg1 arg2 arg3 arg4} {
425 if {$code=="SQLITE_SELECT"} {
430 catchsql {SELECT * FROM t2}
431 } {1 {not authorized}}
433 proc auth {code arg1 arg2 arg3 arg4} {
434 if {$code=="SQLITE_SELECT"} {
439 catchsql {SELECT * FROM t2}
442 proc auth {code arg1 arg2 arg3 arg4} {
443 if {$code=="SQLITE_SELECT"} {
448 catchsql {SELECT * FROM t2}
451 # Update for version 3: There used to be a handful of test here that
452 # tested the authorisation callback with the COPY command. The following
453 # test makes the same database modifications as they used to.
455 execsql {INSERT INTO t2 VALUES(7, 8, 9);}
458 execsql {SELECT * FROM t2}
462 proc auth {code arg1 arg2 arg3 arg4} {
463 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
468 catchsql {DROP TABLE t2}
469 } {1 {not authorized}}
471 execsql {SELECT name FROM sqlite_master}
474 proc auth {code arg1 arg2 arg3 arg4} {
475 if {$code=="SQLITE_DELETE" && $arg1=="t2"} {
480 catchsql {DROP TABLE t2}
481 } {1 {not authorized}}
483 execsql {SELECT name FROM sqlite_master}
488 proc auth {code arg1 arg2 arg3 arg4} {
489 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
494 catchsql {DROP TABLE t1}
495 } {1 {not authorized}}
497 execsql {SELECT name FROM sqlite_temp_master}
500 proc auth {code arg1 arg2 arg3 arg4} {
501 if {$code=="SQLITE_DELETE" && $arg1=="t1"} {
506 catchsql {DROP TABLE t1}
507 } {1 {not authorized}}
509 execsql {SELECT name FROM sqlite_temp_master}
514 proc auth {code arg1 arg2 arg3 arg4} {
515 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
520 catchsql {DROP TABLE t2}
523 execsql {SELECT name FROM sqlite_master}
526 proc auth {code arg1 arg2 arg3 arg4} {
527 if {$code=="SQLITE_DELETE" && $arg1=="t2"} {
532 catchsql {DROP TABLE t2}
535 execsql {SELECT name FROM sqlite_master}
540 proc auth {code arg1 arg2 arg3 arg4} {
541 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
546 catchsql {DROP TABLE t1}
549 execsql {SELECT name FROM sqlite_temp_master}
552 proc auth {code arg1 arg2 arg3 arg4} {
553 if {$code=="SQLITE_DELETE" && $arg1=="t1"} {
558 catchsql {DROP TABLE t1}
561 execsql {SELECT name FROM sqlite_temp_master}
565 # Test cases auth-1.79 to auth-1.124 test creating and dropping views.
566 # Omit these if the library was compiled with views omitted.
569 proc auth {code arg1 arg2 arg3 arg4} {
570 if {$code=="SQLITE_CREATE_VIEW"} {
571 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
576 catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2}
577 } {1 {not authorized}}
582 execsql {SELECT name FROM sqlite_master}
585 proc auth {code arg1 arg2 arg3 arg4} {
586 if {$code=="SQLITE_CREATE_VIEW"} {
587 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
592 catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2}
598 execsql {SELECT name FROM sqlite_master}
603 proc auth {code arg1 arg2 arg3 arg4} {
604 if {$code=="SQLITE_CREATE_TEMP_VIEW"} {
605 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
610 catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2}
611 } {1 {not authorized}}
616 execsql {SELECT name FROM sqlite_temp_master}
619 proc auth {code arg1 arg2 arg3 arg4} {
620 if {$code=="SQLITE_CREATE_TEMP_VIEW"} {
621 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
626 catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2}
632 execsql {SELECT name FROM sqlite_temp_master}
637 proc auth {code arg1 arg2 arg3 arg4} {
638 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
643 catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2}
644 } {1 {not authorized}}
646 execsql {SELECT name FROM sqlite_master}
649 proc auth {code arg1 arg2 arg3 arg4} {
650 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
655 catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2}
658 execsql {SELECT name FROM sqlite_master}
663 proc auth {code arg1 arg2 arg3 arg4} {
664 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
669 catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2}
670 } {1 {not authorized}}
672 execsql {SELECT name FROM sqlite_temp_master}
675 proc auth {code arg1 arg2 arg3 arg4} {
676 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
681 catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2}
684 execsql {SELECT name FROM sqlite_temp_master}
689 proc auth {code arg1 arg2 arg3 arg4} {
690 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
696 CREATE VIEW v2 AS SELECT a+1,b+1 FROM t2;
699 } {1 {not authorized}}
701 execsql {SELECT name FROM sqlite_master}
704 proc auth {code arg1 arg2 arg3 arg4} {
705 if {$code=="SQLITE_DROP_VIEW"} {
706 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
711 catchsql {DROP VIEW v2}
712 } {1 {not authorized}}
717 execsql {SELECT name FROM sqlite_master}
720 proc auth {code arg1 arg2 arg3 arg4} {
721 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
726 catchsql {DROP VIEW v2}
729 execsql {SELECT name FROM sqlite_master}
732 proc auth {code arg1 arg2 arg3 arg4} {
733 if {$code=="SQLITE_DROP_VIEW"} {
734 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
739 catchsql {DROP VIEW v2}
745 execsql {SELECT name FROM sqlite_master}
748 proc auth {code arg1 arg2 arg3 arg4} {
749 if {$code=="SQLITE_DROP_VIEW"} {
750 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
755 catchsql {DROP VIEW v2}
761 execsql {SELECT name FROM sqlite_master}
767 proc auth {code arg1 arg2 arg3 arg4} {
768 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
774 CREATE TEMP VIEW v1 AS SELECT a+1,b+1 FROM t1;
777 } {1 {not authorized}}
779 execsql {SELECT name FROM sqlite_temp_master}
782 proc auth {code arg1 arg2 arg3 arg4} {
783 if {$code=="SQLITE_DROP_TEMP_VIEW"} {
784 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
789 catchsql {DROP VIEW v1}
790 } {1 {not authorized}}
795 execsql {SELECT name FROM sqlite_temp_master}
798 proc auth {code arg1 arg2 arg3 arg4} {
799 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
804 catchsql {DROP VIEW v1}
807 execsql {SELECT name FROM sqlite_temp_master}
810 proc auth {code arg1 arg2 arg3 arg4} {
811 if {$code=="SQLITE_DROP_TEMP_VIEW"} {
812 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
817 catchsql {DROP VIEW v1}
823 execsql {SELECT name FROM sqlite_temp_master}
826 proc auth {code arg1 arg2 arg3 arg4} {
827 if {$code=="SQLITE_DROP_TEMP_VIEW"} {
828 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
833 catchsql {DROP VIEW v1}
839 execsql {SELECT name FROM sqlite_temp_master}
844 # Test cases auth-1.125 to auth-1.176 test creating and dropping triggers.
845 # Omit these if the library was compiled with triggers omitted.
847 ifcapable trigger&&tempdb {
849 proc auth {code arg1 arg2 arg3 arg4} {
850 if {$code=="SQLITE_CREATE_TRIGGER"} {
851 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
857 CREATE TRIGGER r2 DELETE on t2 BEGIN
861 } {1 {not authorized}}
866 execsql {SELECT name FROM sqlite_master}
869 proc auth {code arg1 arg2 arg3 arg4} {
870 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
876 CREATE TRIGGER r2 DELETE on t2 BEGIN
880 } {1 {not authorized}}
882 execsql {SELECT name FROM sqlite_master}
885 proc auth {code arg1 arg2 arg3 arg4} {
886 if {$code=="SQLITE_CREATE_TRIGGER"} {
887 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
893 CREATE TRIGGER r2 DELETE on t2 BEGIN
902 execsql {SELECT name FROM sqlite_master}
905 proc auth {code arg1 arg2 arg3 arg4} {
906 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
912 CREATE TRIGGER r2 DELETE on t2 BEGIN
918 execsql {SELECT name FROM sqlite_master}
921 proc auth {code arg1 arg2 arg3 arg4} {
922 if {$code=="SQLITE_CREATE_TRIGGER"} {
923 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
930 CREATE TRIGGER r2 AFTER INSERT ON t2 BEGIN
931 INSERT INTO tx VALUES(NEW.rowid);
935 do_test auth-1.136.1 {
938 do_test auth-1.136.2 {
940 SELECT name FROM sqlite_master WHERE type='trigger'
943 do_test auth-1.136.3 {
944 proc auth {code arg1 arg2 arg3 arg4} {
945 lappend ::authargs $code $arg1 $arg2 $arg3 $arg4
950 INSERT INTO t2 VALUES(1,2,3);
953 } {SQLITE_INSERT t2 {} main {} SQLITE_INSERT tx {} main r2 SQLITE_READ t2 ROWID main r2}
954 do_test auth-1.136.4 {
960 execsql {SELECT name FROM sqlite_master}
963 proc auth {code arg1 arg2 arg3 arg4} {
964 if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} {
965 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
971 CREATE TRIGGER r1 DELETE on t1 BEGIN
975 } {1 {not authorized}}
980 execsql {SELECT name FROM sqlite_temp_master}
983 proc auth {code arg1 arg2 arg3 arg4} {
984 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
990 CREATE TRIGGER r1 DELETE on t1 BEGIN
994 } {1 {not authorized}}
996 execsql {SELECT name FROM sqlite_temp_master}
999 proc auth {code arg1 arg2 arg3 arg4} {
1000 if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} {
1001 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1002 return SQLITE_IGNORE
1007 CREATE TRIGGER r1 DELETE on t1 BEGIN
1012 do_test auth-1.144 {
1015 do_test auth-1.145 {
1016 execsql {SELECT name FROM sqlite_temp_master}
1018 do_test auth-1.146 {
1019 proc auth {code arg1 arg2 arg3 arg4} {
1020 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
1021 return SQLITE_IGNORE
1026 CREATE TRIGGER r1 DELETE on t1 BEGIN
1031 do_test auth-1.147 {
1032 execsql {SELECT name FROM sqlite_temp_master}
1034 do_test auth-1.148 {
1035 proc auth {code arg1 arg2 arg3 arg4} {
1036 if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} {
1037 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1043 CREATE TRIGGER r1 DELETE on t1 BEGIN
1048 do_test auth-1.149 {
1051 do_test auth-1.150 {
1052 execsql {SELECT name FROM sqlite_temp_master}
1055 do_test auth-1.151 {
1056 proc auth {code arg1 arg2 arg3 arg4} {
1057 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
1062 catchsql {DROP TRIGGER r2}
1063 } {1 {not authorized}}
1064 do_test auth-1.152 {
1065 execsql {SELECT name FROM sqlite_master}
1067 do_test auth-1.153 {
1068 proc auth {code arg1 arg2 arg3 arg4} {
1069 if {$code=="SQLITE_DROP_TRIGGER"} {
1070 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1075 catchsql {DROP TRIGGER r2}
1076 } {1 {not authorized}}
1077 do_test auth-1.154 {
1080 do_test auth-1.155 {
1081 execsql {SELECT name FROM sqlite_master}
1083 do_test auth-1.156 {
1084 proc auth {code arg1 arg2 arg3 arg4} {
1085 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
1086 return SQLITE_IGNORE
1090 catchsql {DROP TRIGGER r2}
1092 do_test auth-1.157 {
1093 execsql {SELECT name FROM sqlite_master}
1095 do_test auth-1.158 {
1096 proc auth {code arg1 arg2 arg3 arg4} {
1097 if {$code=="SQLITE_DROP_TRIGGER"} {
1098 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1099 return SQLITE_IGNORE
1103 catchsql {DROP TRIGGER r2}
1105 do_test auth-1.159 {
1108 do_test auth-1.160 {
1109 execsql {SELECT name FROM sqlite_master}
1111 do_test auth-1.161 {
1112 proc auth {code arg1 arg2 arg3 arg4} {
1113 if {$code=="SQLITE_DROP_TRIGGER"} {
1114 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1119 catchsql {DROP TRIGGER r2}
1121 do_test auth-1.162 {
1124 do_test auth-1.163 {
1127 DELETE FROM t2 WHERE a=1 AND b=2 AND c=3;
1128 SELECT name FROM sqlite_master;
1132 do_test auth-1.164 {
1133 proc auth {code arg1 arg2 arg3 arg4} {
1134 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
1139 catchsql {DROP TRIGGER r1}
1140 } {1 {not authorized}}
1141 do_test auth-1.165 {
1142 execsql {SELECT name FROM sqlite_temp_master}
1144 do_test auth-1.166 {
1145 proc auth {code arg1 arg2 arg3 arg4} {
1146 if {$code=="SQLITE_DROP_TEMP_TRIGGER"} {
1147 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1152 catchsql {DROP TRIGGER r1}
1153 } {1 {not authorized}}
1154 do_test auth-1.167 {
1157 do_test auth-1.168 {
1158 execsql {SELECT name FROM sqlite_temp_master}
1160 do_test auth-1.169 {
1161 proc auth {code arg1 arg2 arg3 arg4} {
1162 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
1163 return SQLITE_IGNORE
1167 catchsql {DROP TRIGGER r1}
1169 do_test auth-1.170 {
1170 execsql {SELECT name FROM sqlite_temp_master}
1172 do_test auth-1.171 {
1173 proc auth {code arg1 arg2 arg3 arg4} {
1174 if {$code=="SQLITE_DROP_TEMP_TRIGGER"} {
1175 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1176 return SQLITE_IGNORE
1180 catchsql {DROP TRIGGER r1}
1182 do_test auth-1.172 {
1185 do_test auth-1.173 {
1186 execsql {SELECT name FROM sqlite_temp_master}
1188 do_test auth-1.174 {
1189 proc auth {code arg1 arg2 arg3 arg4} {
1190 if {$code=="SQLITE_DROP_TEMP_TRIGGER"} {
1191 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1196 catchsql {DROP TRIGGER r1}
1198 do_test auth-1.175 {
1201 do_test auth-1.176 {
1202 execsql {SELECT name FROM sqlite_temp_master}
1204 } ;# ifcapable trigger
1206 do_test auth-1.177 {
1207 proc auth {code arg1 arg2 arg3 arg4} {
1208 if {$code=="SQLITE_CREATE_INDEX"} {
1209 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1214 catchsql {CREATE INDEX i2 ON t2(a)}
1215 } {1 {not authorized}}
1216 do_test auth-1.178 {
1219 do_test auth-1.179 {
1220 execsql {SELECT name FROM sqlite_master}
1222 do_test auth-1.180 {
1223 proc auth {code arg1 arg2 arg3 arg4} {
1224 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
1229 catchsql {CREATE INDEX i2 ON t2(a)}
1230 } {1 {not authorized}}
1231 do_test auth-1.181 {
1232 execsql {SELECT name FROM sqlite_master}
1234 do_test auth-1.182 {
1235 proc auth {code arg1 arg2 arg3 arg4} {
1236 if {$code=="SQLITE_CREATE_INDEX"} {
1237 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1238 return SQLITE_IGNORE
1242 catchsql {CREATE INDEX i2 ON t2(b)}
1244 do_test auth-1.183 {
1247 do_test auth-1.184 {
1248 execsql {SELECT name FROM sqlite_master}
1250 do_test auth-1.185 {
1251 proc auth {code arg1 arg2 arg3 arg4} {
1252 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
1253 return SQLITE_IGNORE
1257 catchsql {CREATE INDEX i2 ON t2(b)}
1259 do_test auth-1.186 {
1260 execsql {SELECT name FROM sqlite_master}
1262 do_test auth-1.187 {
1263 proc auth {code arg1 arg2 arg3 arg4} {
1264 if {$code=="SQLITE_CREATE_INDEX"} {
1265 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1270 catchsql {CREATE INDEX i2 ON t2(a)}
1272 do_test auth-1.188 {
1275 do_test auth-1.189 {
1276 execsql {SELECT name FROM sqlite_master}
1280 do_test auth-1.190 {
1281 proc auth {code arg1 arg2 arg3 arg4} {
1282 if {$code=="SQLITE_CREATE_TEMP_INDEX"} {
1283 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1288 catchsql {CREATE INDEX i1 ON t1(a)}
1289 } {1 {not authorized}}
1290 do_test auth-1.191 {
1293 do_test auth-1.192 {
1294 execsql {SELECT name FROM sqlite_temp_master}
1296 do_test auth-1.193 {
1297 proc auth {code arg1 arg2 arg3 arg4} {
1298 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
1303 catchsql {CREATE INDEX i1 ON t1(b)}
1304 } {1 {not authorized}}
1305 do_test auth-1.194 {
1306 execsql {SELECT name FROM sqlite_temp_master}
1308 do_test auth-1.195 {
1309 proc auth {code arg1 arg2 arg3 arg4} {
1310 if {$code=="SQLITE_CREATE_TEMP_INDEX"} {
1311 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1312 return SQLITE_IGNORE
1316 catchsql {CREATE INDEX i1 ON t1(b)}
1318 do_test auth-1.196 {
1321 do_test auth-1.197 {
1322 execsql {SELECT name FROM sqlite_temp_master}
1324 do_test auth-1.198 {
1325 proc auth {code arg1 arg2 arg3 arg4} {
1326 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
1327 return SQLITE_IGNORE
1331 catchsql {CREATE INDEX i1 ON t1(c)}
1333 do_test auth-1.199 {
1334 execsql {SELECT name FROM sqlite_temp_master}
1336 do_test auth-1.200 {
1337 proc auth {code arg1 arg2 arg3 arg4} {
1338 if {$code=="SQLITE_CREATE_TEMP_INDEX"} {
1339 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1344 catchsql {CREATE INDEX i1 ON t1(a)}
1346 do_test auth-1.201 {
1349 do_test auth-1.202 {
1350 execsql {SELECT name FROM sqlite_temp_master}
1354 do_test auth-1.203 {
1355 proc auth {code arg1 arg2 arg3 arg4} {
1356 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
1361 catchsql {DROP INDEX i2}
1362 } {1 {not authorized}}
1363 do_test auth-1.204 {
1364 execsql {SELECT name FROM sqlite_master}
1366 do_test auth-1.205 {
1367 proc auth {code arg1 arg2 arg3 arg4} {
1368 if {$code=="SQLITE_DROP_INDEX"} {
1369 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1374 catchsql {DROP INDEX i2}
1375 } {1 {not authorized}}
1376 do_test auth-1.206 {
1379 do_test auth-1.207 {
1380 execsql {SELECT name FROM sqlite_master}
1382 do_test auth-1.208 {
1383 proc auth {code arg1 arg2 arg3 arg4} {
1384 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
1385 return SQLITE_IGNORE
1389 catchsql {DROP INDEX i2}
1391 do_test auth-1.209 {
1392 execsql {SELECT name FROM sqlite_master}
1394 do_test auth-1.210 {
1395 proc auth {code arg1 arg2 arg3 arg4} {
1396 if {$code=="SQLITE_DROP_INDEX"} {
1397 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1398 return SQLITE_IGNORE
1402 catchsql {DROP INDEX i2}
1404 do_test auth-1.211 {
1407 do_test auth-1.212 {
1408 execsql {SELECT name FROM sqlite_master}
1410 do_test auth-1.213 {
1411 proc auth {code arg1 arg2 arg3 arg4} {
1412 if {$code=="SQLITE_DROP_INDEX"} {
1413 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1418 catchsql {DROP INDEX i2}
1420 do_test auth-1.214 {
1423 do_test auth-1.215 {
1424 execsql {SELECT name FROM sqlite_master}
1428 do_test auth-1.216 {
1429 proc auth {code arg1 arg2 arg3 arg4} {
1430 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
1435 catchsql {DROP INDEX i1}
1436 } {1 {not authorized}}
1437 do_test auth-1.217 {
1438 execsql {SELECT name FROM sqlite_temp_master}
1440 do_test auth-1.218 {
1441 proc auth {code arg1 arg2 arg3 arg4} {
1442 if {$code=="SQLITE_DROP_TEMP_INDEX"} {
1443 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1448 catchsql {DROP INDEX i1}
1449 } {1 {not authorized}}
1450 do_test auth-1.219 {
1453 do_test auth-1.220 {
1454 execsql {SELECT name FROM sqlite_temp_master}
1456 do_test auth-1.221 {
1457 proc auth {code arg1 arg2 arg3 arg4} {
1458 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
1459 return SQLITE_IGNORE
1463 catchsql {DROP INDEX i1}
1465 do_test auth-1.222 {
1466 execsql {SELECT name FROM sqlite_temp_master}
1468 do_test auth-1.223 {
1469 proc auth {code arg1 arg2 arg3 arg4} {
1470 if {$code=="SQLITE_DROP_TEMP_INDEX"} {
1471 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1472 return SQLITE_IGNORE
1476 catchsql {DROP INDEX i1}
1478 do_test auth-1.224 {
1481 do_test auth-1.225 {
1482 execsql {SELECT name FROM sqlite_temp_master}
1484 do_test auth-1.226 {
1485 proc auth {code arg1 arg2 arg3 arg4} {
1486 if {$code=="SQLITE_DROP_TEMP_INDEX"} {
1487 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1492 catchsql {DROP INDEX i1}
1494 do_test auth-1.227 {
1497 do_test auth-1.228 {
1498 execsql {SELECT name FROM sqlite_temp_master}
1502 do_test auth-1.229 {
1503 proc auth {code arg1 arg2 arg3 arg4} {
1504 if {$code=="SQLITE_PRAGMA"} {
1505 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1510 catchsql {PRAGMA full_column_names=on}
1511 } {1 {not authorized}}
1512 do_test auth-1.230 {
1514 } {full_column_names on {} {}}
1515 do_test auth-1.231 {
1516 execsql2 {SELECT a FROM t2}
1518 do_test auth-1.232 {
1519 proc auth {code arg1 arg2 arg3 arg4} {
1520 if {$code=="SQLITE_PRAGMA"} {
1521 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1522 return SQLITE_IGNORE
1526 catchsql {PRAGMA full_column_names=on}
1528 do_test auth-1.233 {
1530 } {full_column_names on {} {}}
1531 do_test auth-1.234 {
1532 execsql2 {SELECT a FROM t2}
1534 do_test auth-1.235 {
1535 proc auth {code arg1 arg2 arg3 arg4} {
1536 if {$code=="SQLITE_PRAGMA"} {
1537 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1542 catchsql {PRAGMA full_column_names=on}
1544 do_test auth-1.236 {
1545 execsql2 {SELECT a FROM t2}
1547 do_test auth-1.237 {
1548 proc auth {code arg1 arg2 arg3 arg4} {
1549 if {$code=="SQLITE_PRAGMA"} {
1550 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1555 catchsql {PRAGMA full_column_names=OFF}
1557 do_test auth-1.238 {
1559 } {full_column_names OFF {} {}}
1560 do_test auth-1.239 {
1561 execsql2 {SELECT a FROM t2}
1564 do_test auth-1.240 {
1565 proc auth {code arg1 arg2 arg3 arg4} {
1566 if {$code=="SQLITE_TRANSACTION"} {
1567 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1573 } {1 {not authorized}}
1574 do_test auth-1.241 {
1577 do_test auth-1.242 {
1578 proc auth {code arg1 arg2 arg3 arg4} {
1579 if {$code=="SQLITE_TRANSACTION" && $arg1!="BEGIN"} {
1580 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1585 catchsql {BEGIN; INSERT INTO t2 VALUES(44,55,66); COMMIT}
1586 } {1 {not authorized}}
1587 do_test auth-1.243 {
1590 do_test auth-1.244 {
1591 execsql {SELECT * FROM t2}
1592 } {11 2 33 7 8 9 44 55 66}
1593 do_test auth-1.245 {
1595 } {1 {not authorized}}
1596 do_test auth-1.246 {
1598 } {ROLLBACK {} {} {}}
1599 do_test auth-1.247 {
1600 catchsql {END TRANSACTION}
1601 } {1 {not authorized}}
1602 do_test auth-1.248 {
1605 do_test auth-1.249 {
1609 do_test auth-1.250 {
1610 execsql {SELECT * FROM t2}
1613 # ticket #340 - authorization for ATTACH and DETACH.
1616 do_test auth-1.251 {
1617 db authorizer ::auth
1618 proc auth {code arg1 arg2 arg3 arg4} {
1619 if {$code=="SQLITE_ATTACH"} {
1620 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1625 ATTACH DATABASE ':memory:' AS test1
1628 do_test auth-1.252 {
1630 } {:memory: {} {} {}}
1631 do_test auth-1.253 {
1632 catchsql {DETACH DATABASE test1}
1633 proc auth {code arg1 arg2 arg3 arg4} {
1634 if {$code=="SQLITE_ATTACH"} {
1635 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1641 ATTACH DATABASE ':memory:' AS test1;
1643 } {1 {not authorized}}
1644 do_test auth-1.254 {
1645 lindex [execsql {PRAGMA database_list}] 7
1647 do_test auth-1.255 {
1648 catchsql {DETACH DATABASE test1}
1649 proc auth {code arg1 arg2 arg3 arg4} {
1650 if {$code=="SQLITE_ATTACH"} {
1651 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1652 return SQLITE_IGNORE
1657 ATTACH DATABASE ':memory:' AS test1;
1660 do_test auth-1.256 {
1661 lindex [execsql {PRAGMA database_list}] 7
1663 do_test auth-1.257 {
1664 proc auth {code arg1 arg2 arg3 arg4} {
1665 if {$code=="SQLITE_DETACH"} {
1666 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1671 execsql {ATTACH DATABASE ':memory:' AS test1}
1673 DETACH DATABASE test1;
1676 do_test auth-1.258 {
1677 lindex [execsql {PRAGMA database_list}] 7
1679 do_test auth-1.259 {
1680 execsql {ATTACH DATABASE ':memory:' AS test1}
1681 proc auth {code arg1 arg2 arg3 arg4} {
1682 if {$code=="SQLITE_DETACH"} {
1683 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1684 return SQLITE_IGNORE
1689 DETACH DATABASE test1;
1693 ifcapable schema_pragmas {
1694 do_test auth-1.260 {
1695 lindex [execsql {PRAGMA database_list}] 7
1697 } ;# ifcapable schema_pragmas
1698 do_test auth-1.261 {
1699 proc auth {code arg1 arg2 arg3 arg4} {
1700 if {$code=="SQLITE_DETACH"} {
1701 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1707 DETACH DATABASE test1;
1709 } {1 {not authorized}}
1710 ifcapable schema_pragmas {
1711 do_test auth-1.262 {
1712 lindex [execsql {PRAGMA database_list}] 7
1714 } ;# ifcapable schema_pragmas
1716 execsql {DETACH DATABASE test1}
1717 db authorizer ::auth
1719 # Authorization for ALTER TABLE. These tests are omitted if the library
1720 # was built without ALTER TABLE support.
1721 ifcapable altertable {
1723 do_test auth-1.263 {
1724 proc auth {code arg1 arg2 arg3 arg4} {
1725 if {$code=="SQLITE_ALTER_TABLE"} {
1726 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1732 ALTER TABLE t1 RENAME TO t1x
1735 do_test auth-1.264 {
1736 execsql {SELECT name FROM sqlite_temp_master WHERE type='table'}
1738 do_test auth-1.265 {
1741 do_test auth-1.266 {
1742 proc auth {code arg1 arg2 arg3 arg4} {
1743 if {$code=="SQLITE_ALTER_TABLE"} {
1744 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1745 return SQLITE_IGNORE
1750 ALTER TABLE t1x RENAME TO t1
1753 do_test auth-1.267 {
1754 execsql {SELECT name FROM sqlite_temp_master WHERE type='table'}
1756 do_test auth-1.268 {
1759 do_test auth-1.269 {
1760 proc auth {code arg1 arg2 arg3 arg4} {
1761 if {$code=="SQLITE_ALTER_TABLE"} {
1762 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1768 ALTER TABLE t1x RENAME TO t1
1770 } {1 {not authorized}}
1771 do_test auth-1.270 {
1772 execsql {SELECT name FROM sqlite_temp_master WHERE type='table'}
1775 do_test auth-1.271 {
1778 } ;# ifcapable altertable
1783 DETACH DATABASE test1;
1788 ifcapable altertable {
1790 catchsql {ALTER TABLE t1x RENAME TO t1}
1791 db authorizer ::auth
1792 do_test auth-1.272 {
1793 proc auth {code arg1 arg2 arg3 arg4} {
1794 if {$code=="SQLITE_ALTER_TABLE"} {
1795 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1801 ALTER TABLE t2 RENAME TO t2x
1804 do_test auth-1.273 {
1805 execsql {SELECT name FROM sqlite_master WHERE type='table'}
1807 do_test auth-1.274 {
1810 do_test auth-1.275 {
1811 proc auth {code arg1 arg2 arg3 arg4} {
1812 if {$code=="SQLITE_ALTER_TABLE"} {
1813 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1814 return SQLITE_IGNORE
1819 ALTER TABLE t2x RENAME TO t2
1822 do_test auth-1.276 {
1823 execsql {SELECT name FROM sqlite_master WHERE type='table'}
1825 do_test auth-1.277 {
1828 do_test auth-1.278 {
1829 proc auth {code arg1 arg2 arg3 arg4} {
1830 if {$code=="SQLITE_ALTER_TABLE"} {
1831 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1837 ALTER TABLE t2x RENAME TO t2
1839 } {1 {not authorized}}
1840 do_test auth-1.279 {
1841 execsql {SELECT name FROM sqlite_master WHERE type='table'}
1843 do_test auth-1.280 {
1847 catchsql {ALTER TABLE t2x RENAME TO t2}
1849 } ;# ifcapable altertable
1851 # Test the authorization callbacks for the REINDEX command.
1854 proc auth {code args} {
1855 if {$code=="SQLITE_REINDEX"} {
1856 set ::authargs [concat $::authargs $args]
1861 do_test auth-1.281 {
1863 CREATE TABLE t3(a PRIMARY KEY, b, c);
1864 CREATE INDEX t3_idx1 ON t3(c COLLATE BINARY);
1865 CREATE INDEX t3_idx2 ON t3(b COLLATE NOCASE);
1868 do_test auth-1.282 {
1874 } {t3_idx1 {} main {}}
1875 do_test auth-1.283 {
1881 } {t3_idx1 {} main {} sqlite_autoindex_t3_1 {} main {}}
1882 do_test auth-1.284 {
1888 } {t3_idx2 {} main {}}
1889 do_test auth-1.285 {
1895 } {t3_idx2 {} main {} t3_idx1 {} main {} sqlite_autoindex_t3_1 {} main {}}
1896 do_test auth-1.286 {
1902 do_test auth-1.287 {
1904 CREATE TEMP TABLE t3(a PRIMARY KEY, b, c);
1905 CREATE INDEX t3_idx1 ON t3(c COLLATE BINARY);
1906 CREATE INDEX t3_idx2 ON t3(b COLLATE NOCASE);
1909 do_test auth-1.288 {
1912 REINDEX temp.t3_idx1;
1915 } {t3_idx1 {} temp {}}
1916 do_test auth-1.289 {
1922 } {t3_idx1 {} temp {} sqlite_autoindex_t3_1 {} temp {}}
1923 do_test auth-1.290 {
1929 } {t3_idx2 {} temp {}}
1930 do_test auth-1.291 {
1936 } {t3_idx2 {} temp {} t3_idx1 {} temp {} sqlite_autoindex_t3_1 {} temp {}}
1937 proc auth {code args} {
1938 if {$code=="SQLITE_REINDEX"} {
1939 set ::authargs [concat $::authargs $args]
1944 do_test auth-1.292 {
1949 } {1 {not authorized}}
1950 do_test auth-1.293 {
1957 } ;# ifcapable reindex
1960 proc auth {code args} {
1961 if {$code=="SQLITE_ANALYZE"} {
1962 set ::authargs [concat $::authargs $args]
1966 do_test auth-1.294 {
1969 CREATE TABLE t4(a,b,c);
1970 CREATE INDEX t4i1 ON t4(a);
1971 CREATE INDEX t4i2 ON t4(b,a,c);
1972 INSERT INTO t4 VALUES(1,2,3);
1977 do_test auth-1.295 {
1979 SELECT count(*) FROM sqlite_stat1;
1982 proc auth {code args} {
1983 if {$code=="SQLITE_ANALYZE"} {
1984 set ::authargs [concat $::authargs $args]
1989 do_test auth-1.296 {
1994 } {1 {not authorized}}
1995 do_test auth-1.297 {
1997 SELECT count(*) FROM sqlite_stat1;
2000 } ;# ifcapable analyze
2003 # Authorization for ALTER TABLE ADD COLUMN.
2004 # These tests are omitted if the library
2005 # was built without ALTER TABLE support.
2006 ifcapable {altertable} {
2007 do_test auth-1.300 {
2008 execsql {CREATE TABLE t5(x)}
2009 proc auth {code arg1 arg2 arg3 arg4} {
2010 if {$code=="SQLITE_ALTER_TABLE"} {
2011 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
2017 ALTER TABLE t5 ADD COLUMN new_col_1;
2020 do_test auth-1.301 {
2021 set x [execsql {SELECT sql FROM sqlite_master WHERE name='t5'}]
2024 do_test auth-1.302 {
2027 do_test auth-1.303 {
2028 proc auth {code arg1 arg2 arg3 arg4} {
2029 if {$code=="SQLITE_ALTER_TABLE"} {
2030 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
2031 return SQLITE_IGNORE
2036 ALTER TABLE t5 ADD COLUMN new_col_2;
2039 do_test auth-1.304 {
2040 set x [execsql {SELECT sql FROM sqlite_master WHERE name='t5'}]
2043 do_test auth-1.305 {
2046 do_test auth-1.306 {
2047 proc auth {code arg1 arg2 arg3 arg4} {
2048 if {$code=="SQLITE_ALTER_TABLE"} {
2049 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
2055 ALTER TABLE t5 ADD COLUMN new_col_3
2057 } {1 {not authorized}}
2058 do_test auth-1.307 {
2059 set x [execsql {SELECT sql FROM sqlite_temp_master WHERE type='t5'}]
2063 do_test auth-1.308 {
2066 execsql {DROP TABLE t5}
2067 } ;# ifcapable altertable
2070 proc auth {code arg1 arg2 arg3 arg4} {
2071 if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} {
2076 db authorizer ::auth
2077 execsql {CREATE TABLE t3(x INTEGER PRIMARY KEY, y, z)}
2078 catchsql {SELECT * FROM t3}
2079 } {1 {access to t3.x is prohibited}}
2081 catchsql {SELECT y,z FROM t3}
2084 catchsql {SELECT ROWID,y,z FROM t3}
2085 } {1 {access to t3.x is prohibited}}
2087 catchsql {SELECT OID,y,z FROM t3}
2088 } {1 {access to t3.x is prohibited}}
2090 proc auth {code arg1 arg2 arg3 arg4} {
2091 if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} {
2092 return SQLITE_IGNORE
2096 execsql {INSERT INTO t3 VALUES(44,55,66)}
2097 catchsql {SELECT * FROM t3}
2100 catchsql {SELECT rowid,y,z FROM t3}
2103 proc auth {code arg1 arg2 arg3 arg4} {
2104 if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="ROWID"} {
2105 return SQLITE_IGNORE
2109 catchsql {SELECT * FROM t3}
2112 catchsql {SELECT ROWID,y,z FROM t3}
2115 proc auth {code arg1 arg2 arg3 arg4} {
2116 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} {
2117 return SQLITE_IGNORE
2121 catchsql {SELECT ROWID,b,c FROM t2}
2122 } {0 {{} 2 33 {} 8 9}}
2123 do_test auth-2.9.1 {
2124 # We have to flush the cache here in case the Tcl interface tries to
2125 # reuse a statement compiled with sqlite3_prepare_v2(). In this case,
2126 # the first error encountered is an SQLITE_SCHEMA error. Then, when
2127 # trying to recompile the statement, the authorization error is encountered.
2128 # If we do not flush the cache, the correct error message is returned, but
2129 # the error code is SQLITE_SCHEMA, not SQLITE_ERROR as required by the test
2130 # case after this one.
2134 proc auth {code arg1 arg2 arg3 arg4} {
2135 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} {
2140 catchsql {SELECT ROWID,b,c FROM t2}
2141 } {1 {illegal return value (999) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY}}
2142 do_test auth-2.9.2 {
2146 proc auth {code arg1 arg2 arg3 arg4} {
2147 if {$code=="SQLITE_SELECT"} {
2152 catchsql {SELECT ROWID,b,c FROM t2}
2153 } {1 {illegal return value (1) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY}}
2154 do_test auth-2.11.1 {
2155 proc auth {code arg1 arg2 arg3 arg4} {
2156 if {$code=="SQLITE_READ" && $arg2=="a"} {
2157 return SQLITE_IGNORE
2161 catchsql {SELECT * FROM t2, t3}
2162 } {0 {{} 2 33 44 55 66 {} 8 9 44 55 66}}
2163 do_test auth-2.11.2 {
2164 proc auth {code arg1 arg2 arg3 arg4} {
2165 if {$code=="SQLITE_READ" && $arg2=="x"} {
2166 return SQLITE_IGNORE
2170 catchsql {SELECT * FROM t2, t3}
2171 } {0 {11 2 33 {} 55 66 7 8 9 {} 55 66}}
2173 # Make sure the OLD and NEW pseudo-tables of a trigger get authorized.
2177 proc auth {code arg1 arg2 arg3 arg4} {
2181 CREATE TABLE tx(a1,a2,b1,b2,c1,c2);
2182 CREATE TRIGGER r1 AFTER UPDATE ON t2 FOR EACH ROW BEGIN
2183 INSERT INTO tx VALUES(OLD.a,NEW.a,OLD.b,NEW.b,OLD.c,NEW.c);
2185 UPDATE t2 SET a=a+1;
2188 } {11 12 2 2 33 33 7 8 8 8 9 9}
2190 proc auth {code arg1 arg2 arg3 arg4} {
2191 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="c"} {
2192 return SQLITE_IGNORE
2198 UPDATE t2 SET a=a+100;
2201 } {12 112 2 2 {} {} 8 108 8 8 {} {}}
2202 } ;# ifcapable trigger
2204 # Make sure the names of views and triggers are passed on on arg4.
2208 proc auth {code arg1 arg2 arg3 arg4} {
2209 lappend ::authargs $code $arg1 $arg2 $arg3 $arg4
2214 UPDATE t2 SET a=a+1;
2218 SQLITE_READ t2 a main {} \
2219 SQLITE_UPDATE t2 a main {} \
2220 SQLITE_INSERT tx {} main r1 \
2221 SQLITE_READ t2 a main r1 \
2222 SQLITE_READ t2 a main r1 \
2223 SQLITE_READ t2 b main r1 \
2224 SQLITE_READ t2 b main r1 \
2225 SQLITE_READ t2 c main r1 \
2226 SQLITE_READ t2 c main r1]
2229 ifcapable {view && trigger} {
2232 CREATE VIEW v1 AS SELECT a+b AS x FROM t2;
2233 CREATE TABLE v1chng(x1,x2);
2234 CREATE TRIGGER r2 INSTEAD OF UPDATE ON v1 BEGIN
2235 INSERT INTO v1chng VALUES(OLD.x,NEW.x);
2243 UPDATE v1 SET x=1 WHERE x=117
2247 SQLITE_UPDATE v1 x main {} \
2248 SQLITE_INSERT v1chng {} main r2 \
2249 SQLITE_READ v1 x main r2 \
2250 SQLITE_READ v1 x main r2 \
2251 SQLITE_SELECT {} {} {} v1 \
2252 SQLITE_READ t2 a main v1 \
2253 SQLITE_READ t2 b main v1 \
2254 SQLITE_SELECT {} {} {} {} \
2255 SQLITE_READ v1 x main v1 \
2259 CREATE TRIGGER r3 INSTEAD OF DELETE ON v1 BEGIN
2260 INSERT INTO v1chng VALUES(OLD.x,NULL);
2268 DELETE FROM v1 WHERE x=117
2272 SQLITE_DELETE v1 {} main {} \
2273 SQLITE_INSERT v1chng {} main r3 \
2274 SQLITE_READ v1 x main r3 \
2275 SQLITE_SELECT {} {} {} v1 \
2276 SQLITE_READ t2 a main v1 \
2277 SQLITE_READ t2 b main v1 \
2278 SQLITE_SELECT {} {} {} {} \
2279 SQLITE_READ v1 x main v1 \
2282 } ;# ifcapable view && trigger
2284 # Ticket #1338: Make sure authentication works in the presence of an AS
2288 proc auth {code arg1 arg2 arg3 arg4} {
2292 SELECT count(a) AS cnt FROM t4 ORDER BY cnt
2298 ifcapable compound&&subquery {
2312 SELECT * FROM sqlite_master UNION ALL SELECT * FROM sqlite_temp_master)
2316 } {sqlite_stat1 t1 t2 t3 t4}
2321 rename proc_real proc