sl@0: # 2003 April 4 sl@0: # sl@0: # The author disclaims copyright to this source code. In place of sl@0: # a legal notice, here is a blessing: sl@0: # sl@0: # May you do good and not evil. sl@0: # May you find forgiveness for yourself and forgive others. sl@0: # May you share freely, never taking more than you give. sl@0: # sl@0: #*********************************************************************** sl@0: # This file implements regression tests for SQLite library. The sl@0: # focus of this script is testing the sqlite3_set_authorizer() API sl@0: # and related functionality. sl@0: # sl@0: # $Id: auth.test,v 1.43 2008/07/02 13:13:52 danielk1977 Exp $ sl@0: # sl@0: sl@0: set testdir [file dirname $argv0] sl@0: source $testdir/tester.tcl sl@0: sl@0: # disable this test if the SQLITE_OMIT_AUTHORIZATION macro is sl@0: # defined during compilation. sl@0: if {[catch {db auth {}} msg]} { sl@0: finish_test sl@0: return sl@0: } sl@0: sl@0: rename proc proc_real sl@0: proc_real proc {name arguments script} { sl@0: proc_real $name $arguments $script sl@0: if {$name=="auth"} { sl@0: db authorizer ::auth sl@0: } sl@0: } sl@0: sl@0: do_test auth-1.1.1 { sl@0: db close sl@0: set ::DB [sqlite3 db test.db] sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: db authorizer ::auth sl@0: catchsql {CREATE TABLE t1(a,b,c)} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.1.2 { sl@0: db errorcode sl@0: } {23} sl@0: do_test auth-1.1.3 { sl@0: db authorizer sl@0: } {::auth} sl@0: do_test auth-1.1.4 { sl@0: # Ticket #896. sl@0: catchsql { sl@0: SELECT x; sl@0: } sl@0: } {1 {no such column: x}} sl@0: do_test auth-1.2 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {} sl@0: do_test auth-1.3.1 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE TABLE t1(a,b,c)} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.3.2 { sl@0: db errorcode sl@0: } {23} sl@0: do_test auth-1.3.3 { sl@0: set ::authargs sl@0: } {t1 {} main {}} sl@0: do_test auth-1.4 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {} sl@0: sl@0: ifcapable tempdb { sl@0: do_test auth-1.5 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE TEMP TABLE t1(a,b,c)} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.6 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {} sl@0: do_test auth-1.7.1 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_TEMP_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE TEMP TABLE t1(a,b,c)} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.7.2 { sl@0: set ::authargs sl@0: } {t1 {} temp {}} sl@0: do_test auth-1.8 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {} sl@0: } sl@0: sl@0: do_test auth-1.9 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE TABLE t1(a,b,c)} sl@0: } {0 {}} sl@0: do_test auth-1.10 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {} sl@0: do_test auth-1.11 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE TABLE t1(a,b,c)} sl@0: } {0 {}} sl@0: do_test auth-1.12 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {} sl@0: sl@0: ifcapable tempdb { sl@0: do_test auth-1.13 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE TEMP TABLE t1(a,b,c)} sl@0: } {0 {}} sl@0: do_test auth-1.14 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {} sl@0: do_test auth-1.15 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_TEMP_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE TEMP TABLE t1(a,b,c)} sl@0: } {0 {}} sl@0: do_test auth-1.16 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {} sl@0: sl@0: do_test auth-1.17 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE TEMP TABLE t1(a,b,c)} sl@0: } {0 {}} sl@0: do_test auth-1.18 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: } sl@0: sl@0: do_test auth-1.19.1 { sl@0: set ::authargs {} sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_TEMP_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE TABLE t2(a,b,c)} sl@0: } {0 {}} sl@0: do_test auth-1.19.2 { sl@0: set ::authargs sl@0: } {} sl@0: do_test auth-1.20 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: sl@0: do_test auth-1.21.1 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TABLE t2} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.21.2 { sl@0: set ::authargs sl@0: } {t2 {} main {}} sl@0: do_test auth-1.22 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: do_test auth-1.23.1 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TABLE t2} sl@0: } {0 {}} sl@0: do_test auth-1.23.2 { sl@0: set ::authargs sl@0: } {t2 {} main {}} sl@0: do_test auth-1.24 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: sl@0: ifcapable tempdb { sl@0: do_test auth-1.25 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_TEMP_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TABLE t1} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.26 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: do_test auth-1.27 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_TEMP_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TABLE t1} sl@0: } {0 {}} sl@0: do_test auth-1.28 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: } sl@0: sl@0: do_test auth-1.29 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="t2"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {INSERT INTO t2 VALUES(1,2,3)} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.30 { sl@0: execsql {SELECT * FROM t2} sl@0: } {} sl@0: do_test auth-1.31 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="t2"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {INSERT INTO t2 VALUES(1,2,3)} sl@0: } {0 {}} sl@0: do_test auth-1.32 { sl@0: execsql {SELECT * FROM t2} sl@0: } {} sl@0: do_test auth-1.33 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="t1"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {INSERT INTO t2 VALUES(1,2,3)} sl@0: } {0 {}} sl@0: do_test auth-1.34 { sl@0: execsql {SELECT * FROM t2} sl@0: } {1 2 3} sl@0: sl@0: do_test auth-1.35.1 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {SELECT * FROM t2} sl@0: } {1 {access to t2.b is prohibited}} sl@0: ifcapable attach { sl@0: do_test auth-1.35.2 { sl@0: execsql {ATTACH DATABASE 'test.db' AS two} sl@0: catchsql {SELECT * FROM two.t2} sl@0: } {1 {access to two.t2.b is prohibited}} sl@0: execsql {DETACH DATABASE two} sl@0: } sl@0: do_test auth-1.36 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {SELECT * FROM t2} sl@0: } {0 {1 {} 3}} sl@0: do_test auth-1.37 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {SELECT * FROM t2 WHERE b=2} sl@0: } {0 {}} sl@0: do_test auth-1.38 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="a"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {SELECT * FROM t2 WHERE b=2} sl@0: } {0 {{} 2 3}} sl@0: do_test auth-1.39 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {SELECT * FROM t2 WHERE b IS NULL} sl@0: } {0 {1 {} 3}} sl@0: do_test auth-1.40 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {SELECT a,c FROM t2 WHERE b IS NULL} sl@0: } {1 {access to t2.b is prohibited}} sl@0: sl@0: do_test auth-1.41 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {UPDATE t2 SET a=11} sl@0: } {0 {}} sl@0: do_test auth-1.42 { sl@0: execsql {SELECT * FROM t2} sl@0: } {11 2 3} sl@0: do_test auth-1.43 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {UPDATE t2 SET b=22, c=33} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.44 { sl@0: execsql {SELECT * FROM t2} sl@0: } {11 2 3} sl@0: do_test auth-1.45 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {UPDATE t2 SET b=22, c=33} sl@0: } {0 {}} sl@0: do_test auth-1.46 { sl@0: execsql {SELECT * FROM t2} sl@0: } {11 2 33} sl@0: sl@0: do_test auth-1.47 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="t2"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DELETE FROM t2 WHERE a=11} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.48 { sl@0: execsql {SELECT * FROM t2} sl@0: } {11 2 33} sl@0: do_test auth-1.49 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="t2"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DELETE FROM t2 WHERE a=11} sl@0: } {0 {}} sl@0: do_test auth-1.50 { sl@0: execsql {SELECT * FROM t2} sl@0: } {11 2 33} sl@0: sl@0: do_test auth-1.51 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_SELECT"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {SELECT * FROM t2} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.52 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_SELECT"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {SELECT * FROM t2} sl@0: } {0 {}} sl@0: do_test auth-1.53 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_SELECT"} { sl@0: return SQLITE_OK sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {SELECT * FROM t2} sl@0: } {0 {11 2 33}} sl@0: sl@0: # Update for version 3: There used to be a handful of test here that sl@0: # tested the authorisation callback with the COPY command. The following sl@0: # test makes the same database modifications as they used to. sl@0: do_test auth-1.54 { sl@0: execsql {INSERT INTO t2 VALUES(7, 8, 9);} sl@0: } {} sl@0: do_test auth-1.55 { sl@0: execsql {SELECT * FROM t2} sl@0: } {11 2 33 7 8 9} sl@0: sl@0: do_test auth-1.63 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TABLE t2} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.64 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: do_test auth-1.65 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="t2"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TABLE t2} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.66 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: sl@0: ifcapable tempdb { sl@0: do_test auth-1.67 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TABLE t1} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.68 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: do_test auth-1.69 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="t1"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TABLE t1} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.70 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: } sl@0: sl@0: do_test auth-1.71 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TABLE t2} sl@0: } {0 {}} sl@0: do_test auth-1.72 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: do_test auth-1.73 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="t2"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TABLE t2} sl@0: } {0 {}} sl@0: do_test auth-1.74 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: sl@0: ifcapable tempdb { sl@0: do_test auth-1.75 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TABLE t1} sl@0: } {0 {}} sl@0: do_test auth-1.76 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: do_test auth-1.77 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="t1"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TABLE t1} sl@0: } {0 {}} sl@0: do_test auth-1.78 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: } sl@0: sl@0: # Test cases auth-1.79 to auth-1.124 test creating and dropping views. sl@0: # Omit these if the library was compiled with views omitted. sl@0: ifcapable view { sl@0: do_test auth-1.79 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_VIEW"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.80 { sl@0: set ::authargs sl@0: } {v1 {} main {}} sl@0: do_test auth-1.81 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: do_test auth-1.82 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_VIEW"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2} sl@0: } {0 {}} sl@0: do_test auth-1.83 { sl@0: set ::authargs sl@0: } {v1 {} main {}} sl@0: do_test auth-1.84 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: sl@0: ifcapable tempdb { sl@0: do_test auth-1.85 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_TEMP_VIEW"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.86 { sl@0: set ::authargs sl@0: } {v1 {} temp {}} sl@0: do_test auth-1.87 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: do_test auth-1.88 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_TEMP_VIEW"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2} sl@0: } {0 {}} sl@0: do_test auth-1.89 { sl@0: set ::authargs sl@0: } {v1 {} temp {}} sl@0: do_test auth-1.90 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: } sl@0: sl@0: do_test auth-1.91 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.92 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: do_test auth-1.93 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2} sl@0: } {0 {}} sl@0: do_test auth-1.94 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: sl@0: ifcapable tempdb { sl@0: do_test auth-1.95 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.96 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: do_test auth-1.97 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2} sl@0: } {0 {}} sl@0: do_test auth-1.98 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: } sl@0: sl@0: do_test auth-1.99 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: CREATE VIEW v2 AS SELECT a+1,b+1 FROM t2; sl@0: DROP VIEW v2 sl@0: } sl@0: } {1 {not authorized}} sl@0: do_test auth-1.100 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2 v2} sl@0: do_test auth-1.101 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_VIEW"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP VIEW v2} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.102 { sl@0: set ::authargs sl@0: } {v2 {} main {}} sl@0: do_test auth-1.103 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2 v2} sl@0: do_test auth-1.104 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP VIEW v2} sl@0: } {0 {}} sl@0: do_test auth-1.105 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2 v2} sl@0: do_test auth-1.106 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_VIEW"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP VIEW v2} sl@0: } {0 {}} sl@0: do_test auth-1.107 { sl@0: set ::authargs sl@0: } {v2 {} main {}} sl@0: do_test auth-1.108 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2 v2} sl@0: do_test auth-1.109 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_VIEW"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_OK sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP VIEW v2} sl@0: } {0 {}} sl@0: do_test auth-1.110 { sl@0: set ::authargs sl@0: } {v2 {} main {}} sl@0: do_test auth-1.111 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: sl@0: sl@0: ifcapable tempdb { sl@0: do_test auth-1.112 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: CREATE TEMP VIEW v1 AS SELECT a+1,b+1 FROM t1; sl@0: DROP VIEW v1 sl@0: } sl@0: } {1 {not authorized}} sl@0: do_test auth-1.113 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1 v1} sl@0: do_test auth-1.114 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_TEMP_VIEW"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP VIEW v1} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.115 { sl@0: set ::authargs sl@0: } {v1 {} temp {}} sl@0: do_test auth-1.116 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1 v1} sl@0: do_test auth-1.117 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP VIEW v1} sl@0: } {0 {}} sl@0: do_test auth-1.118 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1 v1} sl@0: do_test auth-1.119 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_TEMP_VIEW"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP VIEW v1} sl@0: } {0 {}} sl@0: do_test auth-1.120 { sl@0: set ::authargs sl@0: } {v1 {} temp {}} sl@0: do_test auth-1.121 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1 v1} sl@0: do_test auth-1.122 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_TEMP_VIEW"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_OK sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP VIEW v1} sl@0: } {0 {}} sl@0: do_test auth-1.123 { sl@0: set ::authargs sl@0: } {v1 {} temp {}} sl@0: do_test auth-1.124 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: } sl@0: } ;# ifcapable view sl@0: sl@0: # Test cases auth-1.125 to auth-1.176 test creating and dropping triggers. sl@0: # Omit these if the library was compiled with triggers omitted. sl@0: # sl@0: ifcapable trigger&&tempdb { sl@0: do_test auth-1.125 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_TRIGGER"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: CREATE TRIGGER r2 DELETE on t2 BEGIN sl@0: SELECT NULL; sl@0: END; sl@0: } sl@0: } {1 {not authorized}} sl@0: do_test auth-1.126 { sl@0: set ::authargs sl@0: } {r2 t2 main {}} sl@0: do_test auth-1.127 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: do_test auth-1.128 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: CREATE TRIGGER r2 DELETE on t2 BEGIN sl@0: SELECT NULL; sl@0: END; sl@0: } sl@0: } {1 {not authorized}} sl@0: do_test auth-1.129 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: do_test auth-1.130 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_TRIGGER"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: CREATE TRIGGER r2 DELETE on t2 BEGIN sl@0: SELECT NULL; sl@0: END; sl@0: } sl@0: } {0 {}} sl@0: do_test auth-1.131 { sl@0: set ::authargs sl@0: } {r2 t2 main {}} sl@0: do_test auth-1.132 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: do_test auth-1.133 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: CREATE TRIGGER r2 DELETE on t2 BEGIN sl@0: SELECT NULL; sl@0: END; sl@0: } sl@0: } {0 {}} sl@0: do_test auth-1.134 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: do_test auth-1.135 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_TRIGGER"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_OK sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: CREATE TABLE tx(id); sl@0: CREATE TRIGGER r2 AFTER INSERT ON t2 BEGIN sl@0: INSERT INTO tx VALUES(NEW.rowid); sl@0: END; sl@0: } sl@0: } {0 {}} sl@0: do_test auth-1.136.1 { sl@0: set ::authargs sl@0: } {r2 t2 main {}} sl@0: do_test auth-1.136.2 { sl@0: execsql { sl@0: SELECT name FROM sqlite_master WHERE type='trigger' sl@0: } sl@0: } {r2} sl@0: do_test auth-1.136.3 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: lappend ::authargs $code $arg1 $arg2 $arg3 $arg4 sl@0: return SQLITE_OK sl@0: } sl@0: set ::authargs {} sl@0: execsql { sl@0: INSERT INTO t2 VALUES(1,2,3); sl@0: } sl@0: set ::authargs sl@0: } {SQLITE_INSERT t2 {} main {} SQLITE_INSERT tx {} main r2 SQLITE_READ t2 ROWID main r2} sl@0: do_test auth-1.136.4 { sl@0: execsql { sl@0: SELECT * FROM tx; sl@0: } sl@0: } {3} sl@0: do_test auth-1.137 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2 tx r2} sl@0: do_test auth-1.138 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: CREATE TRIGGER r1 DELETE on t1 BEGIN sl@0: SELECT NULL; sl@0: END; sl@0: } sl@0: } {1 {not authorized}} sl@0: do_test auth-1.139 { sl@0: set ::authargs sl@0: } {r1 t1 temp {}} sl@0: do_test auth-1.140 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: do_test auth-1.141 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: CREATE TRIGGER r1 DELETE on t1 BEGIN sl@0: SELECT NULL; sl@0: END; sl@0: } sl@0: } {1 {not authorized}} sl@0: do_test auth-1.142 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: do_test auth-1.143 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: CREATE TRIGGER r1 DELETE on t1 BEGIN sl@0: SELECT NULL; sl@0: END; sl@0: } sl@0: } {0 {}} sl@0: do_test auth-1.144 { sl@0: set ::authargs sl@0: } {r1 t1 temp {}} sl@0: do_test auth-1.145 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: do_test auth-1.146 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: CREATE TRIGGER r1 DELETE on t1 BEGIN sl@0: SELECT NULL; sl@0: END; sl@0: } sl@0: } {0 {}} sl@0: do_test auth-1.147 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: do_test auth-1.148 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_OK sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: CREATE TRIGGER r1 DELETE on t1 BEGIN sl@0: SELECT NULL; sl@0: END; sl@0: } sl@0: } {0 {}} sl@0: do_test auth-1.149 { sl@0: set ::authargs sl@0: } {r1 t1 temp {}} sl@0: do_test auth-1.150 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1 r1} sl@0: sl@0: do_test auth-1.151 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TRIGGER r2} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.152 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2 tx r2} sl@0: do_test auth-1.153 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_TRIGGER"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TRIGGER r2} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.154 { sl@0: set ::authargs sl@0: } {r2 t2 main {}} sl@0: do_test auth-1.155 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2 tx r2} sl@0: do_test auth-1.156 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TRIGGER r2} sl@0: } {0 {}} sl@0: do_test auth-1.157 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2 tx r2} sl@0: do_test auth-1.158 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_TRIGGER"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TRIGGER r2} sl@0: } {0 {}} sl@0: do_test auth-1.159 { sl@0: set ::authargs sl@0: } {r2 t2 main {}} sl@0: do_test auth-1.160 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2 tx r2} sl@0: do_test auth-1.161 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_TRIGGER"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_OK sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TRIGGER r2} sl@0: } {0 {}} sl@0: do_test auth-1.162 { sl@0: set ::authargs sl@0: } {r2 t2 main {}} sl@0: do_test auth-1.163 { sl@0: execsql { sl@0: DROP TABLE tx; sl@0: DELETE FROM t2 WHERE a=1 AND b=2 AND c=3; sl@0: SELECT name FROM sqlite_master; sl@0: } sl@0: } {t2} sl@0: sl@0: do_test auth-1.164 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TRIGGER r1} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.165 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1 r1} sl@0: do_test auth-1.166 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_TEMP_TRIGGER"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TRIGGER r1} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.167 { sl@0: set ::authargs sl@0: } {r1 t1 temp {}} sl@0: do_test auth-1.168 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1 r1} sl@0: do_test auth-1.169 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TRIGGER r1} sl@0: } {0 {}} sl@0: do_test auth-1.170 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1 r1} sl@0: do_test auth-1.171 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_TEMP_TRIGGER"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TRIGGER r1} sl@0: } {0 {}} sl@0: do_test auth-1.172 { sl@0: set ::authargs sl@0: } {r1 t1 temp {}} sl@0: do_test auth-1.173 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1 r1} sl@0: do_test auth-1.174 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_TEMP_TRIGGER"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_OK sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP TRIGGER r1} sl@0: } {0 {}} sl@0: do_test auth-1.175 { sl@0: set ::authargs sl@0: } {r1 t1 temp {}} sl@0: do_test auth-1.176 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: } ;# ifcapable trigger sl@0: sl@0: do_test auth-1.177 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_INDEX"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE INDEX i2 ON t2(a)} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.178 { sl@0: set ::authargs sl@0: } {i2 t2 main {}} sl@0: do_test auth-1.179 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: do_test auth-1.180 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE INDEX i2 ON t2(a)} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.181 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: do_test auth-1.182 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_INDEX"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE INDEX i2 ON t2(b)} sl@0: } {0 {}} sl@0: do_test auth-1.183 { sl@0: set ::authargs sl@0: } {i2 t2 main {}} sl@0: do_test auth-1.184 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: do_test auth-1.185 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE INDEX i2 ON t2(b)} sl@0: } {0 {}} sl@0: do_test auth-1.186 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: do_test auth-1.187 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_INDEX"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_OK sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE INDEX i2 ON t2(a)} sl@0: } {0 {}} sl@0: do_test auth-1.188 { sl@0: set ::authargs sl@0: } {i2 t2 main {}} sl@0: do_test auth-1.189 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2 i2} sl@0: sl@0: ifcapable tempdb { sl@0: do_test auth-1.190 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_TEMP_INDEX"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE INDEX i1 ON t1(a)} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.191 { sl@0: set ::authargs sl@0: } {i1 t1 temp {}} sl@0: do_test auth-1.192 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: do_test auth-1.193 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE INDEX i1 ON t1(b)} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.194 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: do_test auth-1.195 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_TEMP_INDEX"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE INDEX i1 ON t1(b)} sl@0: } {0 {}} sl@0: do_test auth-1.196 { sl@0: set ::authargs sl@0: } {i1 t1 temp {}} sl@0: do_test auth-1.197 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: do_test auth-1.198 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE INDEX i1 ON t1(c)} sl@0: } {0 {}} sl@0: do_test auth-1.199 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: do_test auth-1.200 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_CREATE_TEMP_INDEX"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_OK sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {CREATE INDEX i1 ON t1(a)} sl@0: } {0 {}} sl@0: do_test auth-1.201 { sl@0: set ::authargs sl@0: } {i1 t1 temp {}} sl@0: do_test auth-1.202 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1 i1} sl@0: } sl@0: sl@0: do_test auth-1.203 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP INDEX i2} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.204 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2 i2} sl@0: do_test auth-1.205 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_INDEX"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP INDEX i2} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.206 { sl@0: set ::authargs sl@0: } {i2 t2 main {}} sl@0: do_test auth-1.207 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2 i2} sl@0: do_test auth-1.208 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP INDEX i2} sl@0: } {0 {}} sl@0: do_test auth-1.209 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2 i2} sl@0: do_test auth-1.210 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_INDEX"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP INDEX i2} sl@0: } {0 {}} sl@0: do_test auth-1.211 { sl@0: set ::authargs sl@0: } {i2 t2 main {}} sl@0: do_test auth-1.212 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2 i2} sl@0: do_test auth-1.213 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_INDEX"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_OK sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP INDEX i2} sl@0: } {0 {}} sl@0: do_test auth-1.214 { sl@0: set ::authargs sl@0: } {i2 t2 main {}} sl@0: do_test auth-1.215 { sl@0: execsql {SELECT name FROM sqlite_master} sl@0: } {t2} sl@0: sl@0: ifcapable tempdb { sl@0: do_test auth-1.216 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP INDEX i1} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.217 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1 i1} sl@0: do_test auth-1.218 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_TEMP_INDEX"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP INDEX i1} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.219 { sl@0: set ::authargs sl@0: } {i1 t1 temp {}} sl@0: do_test auth-1.220 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1 i1} sl@0: do_test auth-1.221 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP INDEX i1} sl@0: } {0 {}} sl@0: do_test auth-1.222 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1 i1} sl@0: do_test auth-1.223 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_TEMP_INDEX"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP INDEX i1} sl@0: } {0 {}} sl@0: do_test auth-1.224 { sl@0: set ::authargs sl@0: } {i1 t1 temp {}} sl@0: do_test auth-1.225 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1 i1} sl@0: do_test auth-1.226 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DROP_TEMP_INDEX"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_OK sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {DROP INDEX i1} sl@0: } {0 {}} sl@0: do_test auth-1.227 { sl@0: set ::authargs sl@0: } {i1 t1 temp {}} sl@0: do_test auth-1.228 { sl@0: execsql {SELECT name FROM sqlite_temp_master} sl@0: } {t1} sl@0: } sl@0: sl@0: do_test auth-1.229 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_PRAGMA"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {PRAGMA full_column_names=on} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.230 { sl@0: set ::authargs sl@0: } {full_column_names on {} {}} sl@0: do_test auth-1.231 { sl@0: execsql2 {SELECT a FROM t2} sl@0: } {a 11 a 7} sl@0: do_test auth-1.232 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_PRAGMA"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {PRAGMA full_column_names=on} sl@0: } {0 {}} sl@0: do_test auth-1.233 { sl@0: set ::authargs sl@0: } {full_column_names on {} {}} sl@0: do_test auth-1.234 { sl@0: execsql2 {SELECT a FROM t2} sl@0: } {a 11 a 7} sl@0: do_test auth-1.235 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_PRAGMA"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_OK sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {PRAGMA full_column_names=on} sl@0: } {0 {}} sl@0: do_test auth-1.236 { sl@0: execsql2 {SELECT a FROM t2} sl@0: } {t2.a 11 t2.a 7} sl@0: do_test auth-1.237 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_PRAGMA"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_OK sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {PRAGMA full_column_names=OFF} sl@0: } {0 {}} sl@0: do_test auth-1.238 { sl@0: set ::authargs sl@0: } {full_column_names OFF {} {}} sl@0: do_test auth-1.239 { sl@0: execsql2 {SELECT a FROM t2} sl@0: } {a 11 a 7} sl@0: sl@0: do_test auth-1.240 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_TRANSACTION"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {BEGIN} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.241 { sl@0: set ::authargs sl@0: } {BEGIN {} {} {}} sl@0: do_test auth-1.242 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_TRANSACTION" && $arg1!="BEGIN"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {BEGIN; INSERT INTO t2 VALUES(44,55,66); COMMIT} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.243 { sl@0: set ::authargs sl@0: } {COMMIT {} {} {}} sl@0: do_test auth-1.244 { sl@0: execsql {SELECT * FROM t2} sl@0: } {11 2 33 7 8 9 44 55 66} sl@0: do_test auth-1.245 { sl@0: catchsql {ROLLBACK} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.246 { sl@0: set ::authargs sl@0: } {ROLLBACK {} {} {}} sl@0: do_test auth-1.247 { sl@0: catchsql {END TRANSACTION} sl@0: } {1 {not authorized}} sl@0: do_test auth-1.248 { sl@0: set ::authargs sl@0: } {COMMIT {} {} {}} sl@0: do_test auth-1.249 { sl@0: db authorizer {} sl@0: catchsql {ROLLBACK} sl@0: } {0 {}} sl@0: do_test auth-1.250 { sl@0: execsql {SELECT * FROM t2} sl@0: } {11 2 33 7 8 9} sl@0: sl@0: # ticket #340 - authorization for ATTACH and DETACH. sl@0: # sl@0: ifcapable attach { sl@0: do_test auth-1.251 { sl@0: db authorizer ::auth sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_ATTACH"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: ATTACH DATABASE ':memory:' AS test1 sl@0: } sl@0: } {0 {}} sl@0: do_test auth-1.252 { sl@0: set ::authargs sl@0: } {:memory: {} {} {}} sl@0: do_test auth-1.253 { sl@0: catchsql {DETACH DATABASE test1} sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_ATTACH"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: ATTACH DATABASE ':memory:' AS test1; sl@0: } sl@0: } {1 {not authorized}} sl@0: do_test auth-1.254 { sl@0: lindex [execsql {PRAGMA database_list}] 7 sl@0: } {} sl@0: do_test auth-1.255 { sl@0: catchsql {DETACH DATABASE test1} sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_ATTACH"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: ATTACH DATABASE ':memory:' AS test1; sl@0: } sl@0: } {0 {}} sl@0: do_test auth-1.256 { sl@0: lindex [execsql {PRAGMA database_list}] 7 sl@0: } {} sl@0: do_test auth-1.257 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DETACH"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_OK sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: execsql {ATTACH DATABASE ':memory:' AS test1} sl@0: catchsql { sl@0: DETACH DATABASE test1; sl@0: } sl@0: } {0 {}} sl@0: do_test auth-1.258 { sl@0: lindex [execsql {PRAGMA database_list}] 7 sl@0: } {} sl@0: do_test auth-1.259 { sl@0: execsql {ATTACH DATABASE ':memory:' AS test1} sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DETACH"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: DETACH DATABASE test1; sl@0: } sl@0: } {0 {}} sl@0: ifcapable tempdb { sl@0: ifcapable schema_pragmas { sl@0: do_test auth-1.260 { sl@0: lindex [execsql {PRAGMA database_list}] 7 sl@0: } {test1} sl@0: } ;# ifcapable schema_pragmas sl@0: do_test auth-1.261 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_DETACH"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: DETACH DATABASE test1; sl@0: } sl@0: } {1 {not authorized}} sl@0: ifcapable schema_pragmas { sl@0: do_test auth-1.262 { sl@0: lindex [execsql {PRAGMA database_list}] 7 sl@0: } {test1} sl@0: } ;# ifcapable schema_pragmas sl@0: db authorizer {} sl@0: execsql {DETACH DATABASE test1} sl@0: db authorizer ::auth sl@0: sl@0: # Authorization for ALTER TABLE. These tests are omitted if the library sl@0: # was built without ALTER TABLE support. sl@0: ifcapable altertable { sl@0: sl@0: do_test auth-1.263 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_ALTER_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_OK sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: ALTER TABLE t1 RENAME TO t1x sl@0: } sl@0: } {0 {}} sl@0: do_test auth-1.264 { sl@0: execsql {SELECT name FROM sqlite_temp_master WHERE type='table'} sl@0: } {t1x} sl@0: do_test auth-1.265 { sl@0: set authargs sl@0: } {temp t1 {} {}} sl@0: do_test auth-1.266 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_ALTER_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: ALTER TABLE t1x RENAME TO t1 sl@0: } sl@0: } {0 {}} sl@0: do_test auth-1.267 { sl@0: execsql {SELECT name FROM sqlite_temp_master WHERE type='table'} sl@0: } {t1x} sl@0: do_test auth-1.268 { sl@0: set authargs sl@0: } {temp t1x {} {}} sl@0: do_test auth-1.269 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_ALTER_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: ALTER TABLE t1x RENAME TO t1 sl@0: } sl@0: } {1 {not authorized}} sl@0: do_test auth-1.270 { sl@0: execsql {SELECT name FROM sqlite_temp_master WHERE type='table'} sl@0: } {t1x} sl@0: sl@0: do_test auth-1.271 { sl@0: set authargs sl@0: } {temp t1x {} {}} sl@0: } ;# ifcapable altertable sl@0: sl@0: } else { sl@0: db authorizer {} sl@0: db eval { sl@0: DETACH DATABASE test1; sl@0: } sl@0: } sl@0: } sl@0: sl@0: ifcapable altertable { sl@0: db authorizer {} sl@0: catchsql {ALTER TABLE t1x RENAME TO t1} sl@0: db authorizer ::auth sl@0: do_test auth-1.272 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_ALTER_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_OK sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: ALTER TABLE t2 RENAME TO t2x sl@0: } sl@0: } {0 {}} sl@0: do_test auth-1.273 { sl@0: execsql {SELECT name FROM sqlite_master WHERE type='table'} sl@0: } {t2x} sl@0: do_test auth-1.274 { sl@0: set authargs sl@0: } {main t2 {} {}} sl@0: do_test auth-1.275 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_ALTER_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: ALTER TABLE t2x RENAME TO t2 sl@0: } sl@0: } {0 {}} sl@0: do_test auth-1.276 { sl@0: execsql {SELECT name FROM sqlite_master WHERE type='table'} sl@0: } {t2x} sl@0: do_test auth-1.277 { sl@0: set authargs sl@0: } {main t2x {} {}} sl@0: do_test auth-1.278 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_ALTER_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: ALTER TABLE t2x RENAME TO t2 sl@0: } sl@0: } {1 {not authorized}} sl@0: do_test auth-1.279 { sl@0: execsql {SELECT name FROM sqlite_master WHERE type='table'} sl@0: } {t2x} sl@0: do_test auth-1.280 { sl@0: set authargs sl@0: } {main t2x {} {}} sl@0: db authorizer {} sl@0: catchsql {ALTER TABLE t2x RENAME TO t2} sl@0: sl@0: } ;# ifcapable altertable sl@0: sl@0: # Test the authorization callbacks for the REINDEX command. sl@0: ifcapable reindex { sl@0: sl@0: proc auth {code args} { sl@0: if {$code=="SQLITE_REINDEX"} { sl@0: set ::authargs [concat $::authargs $args] sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: db authorizer auth sl@0: do_test auth-1.281 { sl@0: execsql { sl@0: CREATE TABLE t3(a PRIMARY KEY, b, c); sl@0: CREATE INDEX t3_idx1 ON t3(c COLLATE BINARY); sl@0: CREATE INDEX t3_idx2 ON t3(b COLLATE NOCASE); sl@0: } sl@0: } {} sl@0: do_test auth-1.282 { sl@0: set ::authargs {} sl@0: execsql { sl@0: REINDEX t3_idx1; sl@0: } sl@0: set ::authargs sl@0: } {t3_idx1 {} main {}} sl@0: do_test auth-1.283 { sl@0: set ::authargs {} sl@0: execsql { sl@0: REINDEX BINARY; sl@0: } sl@0: set ::authargs sl@0: } {t3_idx1 {} main {} sqlite_autoindex_t3_1 {} main {}} sl@0: do_test auth-1.284 { sl@0: set ::authargs {} sl@0: execsql { sl@0: REINDEX NOCASE; sl@0: } sl@0: set ::authargs sl@0: } {t3_idx2 {} main {}} sl@0: do_test auth-1.285 { sl@0: set ::authargs {} sl@0: execsql { sl@0: REINDEX t3; sl@0: } sl@0: set ::authargs sl@0: } {t3_idx2 {} main {} t3_idx1 {} main {} sqlite_autoindex_t3_1 {} main {}} sl@0: do_test auth-1.286 { sl@0: execsql { sl@0: DROP TABLE t3; sl@0: } sl@0: } {} sl@0: ifcapable tempdb { sl@0: do_test auth-1.287 { sl@0: execsql { sl@0: CREATE TEMP TABLE t3(a PRIMARY KEY, b, c); sl@0: CREATE INDEX t3_idx1 ON t3(c COLLATE BINARY); sl@0: CREATE INDEX t3_idx2 ON t3(b COLLATE NOCASE); sl@0: } sl@0: } {} sl@0: do_test auth-1.288 { sl@0: set ::authargs {} sl@0: execsql { sl@0: REINDEX temp.t3_idx1; sl@0: } sl@0: set ::authargs sl@0: } {t3_idx1 {} temp {}} sl@0: do_test auth-1.289 { sl@0: set ::authargs {} sl@0: execsql { sl@0: REINDEX BINARY; sl@0: } sl@0: set ::authargs sl@0: } {t3_idx1 {} temp {} sqlite_autoindex_t3_1 {} temp {}} sl@0: do_test auth-1.290 { sl@0: set ::authargs {} sl@0: execsql { sl@0: REINDEX NOCASE; sl@0: } sl@0: set ::authargs sl@0: } {t3_idx2 {} temp {}} sl@0: do_test auth-1.291 { sl@0: set ::authargs {} sl@0: execsql { sl@0: REINDEX temp.t3; sl@0: } sl@0: set ::authargs sl@0: } {t3_idx2 {} temp {} t3_idx1 {} temp {} sqlite_autoindex_t3_1 {} temp {}} sl@0: proc auth {code args} { sl@0: if {$code=="SQLITE_REINDEX"} { sl@0: set ::authargs [concat $::authargs $args] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: do_test auth-1.292 { sl@0: set ::authargs {} sl@0: catchsql { sl@0: REINDEX temp.t3; sl@0: } sl@0: } {1 {not authorized}} sl@0: do_test auth-1.293 { sl@0: execsql { sl@0: DROP TABLE t3; sl@0: } sl@0: } {} sl@0: } sl@0: sl@0: } ;# ifcapable reindex sl@0: sl@0: ifcapable analyze { sl@0: proc auth {code args} { sl@0: if {$code=="SQLITE_ANALYZE"} { sl@0: set ::authargs [concat $::authargs $args] sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: do_test auth-1.294 { sl@0: set ::authargs {} sl@0: execsql { sl@0: CREATE TABLE t4(a,b,c); sl@0: CREATE INDEX t4i1 ON t4(a); sl@0: CREATE INDEX t4i2 ON t4(b,a,c); sl@0: INSERT INTO t4 VALUES(1,2,3); sl@0: ANALYZE; sl@0: } sl@0: set ::authargs sl@0: } {t4 {} main {}} sl@0: do_test auth-1.295 { sl@0: execsql { sl@0: SELECT count(*) FROM sqlite_stat1; sl@0: } sl@0: } 2 sl@0: proc auth {code args} { sl@0: if {$code=="SQLITE_ANALYZE"} { sl@0: set ::authargs [concat $::authargs $args] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: do_test auth-1.296 { sl@0: set ::authargs {} sl@0: catchsql { sl@0: ANALYZE; sl@0: } sl@0: } {1 {not authorized}} sl@0: do_test auth-1.297 { sl@0: execsql { sl@0: SELECT count(*) FROM sqlite_stat1; sl@0: } sl@0: } 2 sl@0: } ;# ifcapable analyze sl@0: sl@0: sl@0: # Authorization for ALTER TABLE ADD COLUMN. sl@0: # These tests are omitted if the library sl@0: # was built without ALTER TABLE support. sl@0: ifcapable {altertable} { sl@0: do_test auth-1.300 { sl@0: execsql {CREATE TABLE t5(x)} sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_ALTER_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_OK sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: ALTER TABLE t5 ADD COLUMN new_col_1; sl@0: } sl@0: } {0 {}} sl@0: do_test auth-1.301 { sl@0: set x [execsql {SELECT sql FROM sqlite_master WHERE name='t5'}] sl@0: regexp new_col_1 $x sl@0: } {1} sl@0: do_test auth-1.302 { sl@0: set authargs sl@0: } {main t5 {} {}} sl@0: do_test auth-1.303 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_ALTER_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: ALTER TABLE t5 ADD COLUMN new_col_2; sl@0: } sl@0: } {0 {}} sl@0: do_test auth-1.304 { sl@0: set x [execsql {SELECT sql FROM sqlite_master WHERE name='t5'}] sl@0: regexp new_col_2 $x sl@0: } {0} sl@0: do_test auth-1.305 { sl@0: set authargs sl@0: } {main t5 {} {}} sl@0: do_test auth-1.306 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_ALTER_TABLE"} { sl@0: set ::authargs [list $arg1 $arg2 $arg3 $arg4] sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql { sl@0: ALTER TABLE t5 ADD COLUMN new_col_3 sl@0: } sl@0: } {1 {not authorized}} sl@0: do_test auth-1.307 { sl@0: set x [execsql {SELECT sql FROM sqlite_temp_master WHERE type='t5'}] sl@0: regexp new_col_3 $x sl@0: } {0} sl@0: sl@0: do_test auth-1.308 { sl@0: set authargs sl@0: } {main t5 {} {}} sl@0: execsql {DROP TABLE t5} sl@0: } ;# ifcapable altertable sl@0: sl@0: do_test auth-2.1 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} { sl@0: return SQLITE_DENY sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: db authorizer ::auth sl@0: execsql {CREATE TABLE t3(x INTEGER PRIMARY KEY, y, z)} sl@0: catchsql {SELECT * FROM t3} sl@0: } {1 {access to t3.x is prohibited}} sl@0: do_test auth-2.1 { sl@0: catchsql {SELECT y,z FROM t3} sl@0: } {0 {}} sl@0: do_test auth-2.2 { sl@0: catchsql {SELECT ROWID,y,z FROM t3} sl@0: } {1 {access to t3.x is prohibited}} sl@0: do_test auth-2.3 { sl@0: catchsql {SELECT OID,y,z FROM t3} sl@0: } {1 {access to t3.x is prohibited}} sl@0: do_test auth-2.4 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: execsql {INSERT INTO t3 VALUES(44,55,66)} sl@0: catchsql {SELECT * FROM t3} sl@0: } {0 {{} 55 66}} sl@0: do_test auth-2.5 { sl@0: catchsql {SELECT rowid,y,z FROM t3} sl@0: } {0 {{} 55 66}} sl@0: do_test auth-2.6 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="ROWID"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {SELECT * FROM t3} sl@0: } {0 {44 55 66}} sl@0: do_test auth-2.7 { sl@0: catchsql {SELECT ROWID,y,z FROM t3} sl@0: } {0 {44 55 66}} sl@0: do_test auth-2.8 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {SELECT ROWID,b,c FROM t2} sl@0: } {0 {{} 2 33 {} 8 9}} sl@0: do_test auth-2.9.1 { sl@0: # We have to flush the cache here in case the Tcl interface tries to sl@0: # reuse a statement compiled with sqlite3_prepare_v2(). In this case, sl@0: # the first error encountered is an SQLITE_SCHEMA error. Then, when sl@0: # trying to recompile the statement, the authorization error is encountered. sl@0: # If we do not flush the cache, the correct error message is returned, but sl@0: # the error code is SQLITE_SCHEMA, not SQLITE_ERROR as required by the test sl@0: # case after this one. sl@0: # sl@0: db cache flush sl@0: sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} { sl@0: return bogus sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {SELECT ROWID,b,c FROM t2} sl@0: } {1 {illegal return value (999) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY}} sl@0: do_test auth-2.9.2 { sl@0: db errorcode sl@0: } {1} sl@0: do_test auth-2.10 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_SELECT"} { sl@0: return bogus sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {SELECT ROWID,b,c FROM t2} sl@0: } {1 {illegal return value (1) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY}} sl@0: do_test auth-2.11.1 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_READ" && $arg2=="a"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {SELECT * FROM t2, t3} sl@0: } {0 {{} 2 33 44 55 66 {} 8 9 44 55 66}} sl@0: do_test auth-2.11.2 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_READ" && $arg2=="x"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: catchsql {SELECT * FROM t2, t3} sl@0: } {0 {11 2 33 {} 55 66 7 8 9 {} 55 66}} sl@0: sl@0: # Make sure the OLD and NEW pseudo-tables of a trigger get authorized. sl@0: # sl@0: ifcapable trigger { sl@0: do_test auth-3.1 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: return SQLITE_OK sl@0: } sl@0: execsql { sl@0: CREATE TABLE tx(a1,a2,b1,b2,c1,c2); sl@0: CREATE TRIGGER r1 AFTER UPDATE ON t2 FOR EACH ROW BEGIN sl@0: INSERT INTO tx VALUES(OLD.a,NEW.a,OLD.b,NEW.b,OLD.c,NEW.c); sl@0: END; sl@0: UPDATE t2 SET a=a+1; sl@0: SELECT * FROM tx; sl@0: } sl@0: } {11 12 2 2 33 33 7 8 8 8 9 9} sl@0: do_test auth-3.2 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="c"} { sl@0: return SQLITE_IGNORE sl@0: } sl@0: return SQLITE_OK sl@0: } sl@0: execsql { sl@0: DELETE FROM tx; sl@0: UPDATE t2 SET a=a+100; sl@0: SELECT * FROM tx; sl@0: } sl@0: } {12 112 2 2 {} {} 8 108 8 8 {} {}} sl@0: } ;# ifcapable trigger sl@0: sl@0: # Make sure the names of views and triggers are passed on on arg4. sl@0: # sl@0: ifcapable trigger { sl@0: do_test auth-4.1 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: lappend ::authargs $code $arg1 $arg2 $arg3 $arg4 sl@0: return SQLITE_OK sl@0: } sl@0: set authargs {} sl@0: execsql { sl@0: UPDATE t2 SET a=a+1; sl@0: } sl@0: set authargs sl@0: } [list \ sl@0: SQLITE_READ t2 a main {} \ sl@0: SQLITE_UPDATE t2 a main {} \ sl@0: SQLITE_INSERT tx {} main r1 \ sl@0: SQLITE_READ t2 a main r1 \ sl@0: SQLITE_READ t2 a main r1 \ sl@0: SQLITE_READ t2 b main r1 \ sl@0: SQLITE_READ t2 b main r1 \ sl@0: SQLITE_READ t2 c main r1 \ sl@0: SQLITE_READ t2 c main r1] sl@0: } sl@0: sl@0: ifcapable {view && trigger} { sl@0: do_test auth-4.2 { sl@0: execsql { sl@0: CREATE VIEW v1 AS SELECT a+b AS x FROM t2; sl@0: CREATE TABLE v1chng(x1,x2); sl@0: CREATE TRIGGER r2 INSTEAD OF UPDATE ON v1 BEGIN sl@0: INSERT INTO v1chng VALUES(OLD.x,NEW.x); sl@0: END; sl@0: SELECT * FROM v1; sl@0: } sl@0: } {115 117} sl@0: do_test auth-4.3 { sl@0: set authargs {} sl@0: execsql { sl@0: UPDATE v1 SET x=1 WHERE x=117 sl@0: } sl@0: set authargs sl@0: } [list \ sl@0: SQLITE_UPDATE v1 x main {} \ sl@0: SQLITE_INSERT v1chng {} main r2 \ sl@0: SQLITE_READ v1 x main r2 \ sl@0: SQLITE_READ v1 x main r2 \ sl@0: SQLITE_SELECT {} {} {} v1 \ sl@0: SQLITE_READ t2 a main v1 \ sl@0: SQLITE_READ t2 b main v1 \ sl@0: SQLITE_SELECT {} {} {} {} \ sl@0: SQLITE_READ v1 x main v1 \ sl@0: ] sl@0: do_test auth-4.4 { sl@0: execsql { sl@0: CREATE TRIGGER r3 INSTEAD OF DELETE ON v1 BEGIN sl@0: INSERT INTO v1chng VALUES(OLD.x,NULL); sl@0: END; sl@0: SELECT * FROM v1; sl@0: } sl@0: } {115 117} sl@0: do_test auth-4.5 { sl@0: set authargs {} sl@0: execsql { sl@0: DELETE FROM v1 WHERE x=117 sl@0: } sl@0: set authargs sl@0: } [list \ sl@0: SQLITE_DELETE v1 {} main {} \ sl@0: SQLITE_INSERT v1chng {} main r3 \ sl@0: SQLITE_READ v1 x main r3 \ sl@0: SQLITE_SELECT {} {} {} v1 \ sl@0: SQLITE_READ t2 a main v1 \ sl@0: SQLITE_READ t2 b main v1 \ sl@0: SQLITE_SELECT {} {} {} {} \ sl@0: SQLITE_READ v1 x main v1 \ sl@0: ] sl@0: sl@0: } ;# ifcapable view && trigger sl@0: sl@0: # Ticket #1338: Make sure authentication works in the presence of an AS sl@0: # clause. sl@0: # sl@0: do_test auth-5.1 { sl@0: proc auth {code arg1 arg2 arg3 arg4} { sl@0: return SQLITE_OK sl@0: } sl@0: execsql { sl@0: SELECT count(a) AS cnt FROM t4 ORDER BY cnt sl@0: } sl@0: } {1} sl@0: sl@0: # Ticket #1607 sl@0: # sl@0: ifcapable compound&&subquery { sl@0: ifcapable trigger { sl@0: execsql { sl@0: DROP TABLE tx; sl@0: } sl@0: ifcapable view { sl@0: execsql { sl@0: DROP TABLE v1chng; sl@0: } sl@0: } sl@0: } sl@0: do_test auth-5.2 { sl@0: execsql { sl@0: SELECT name FROM ( sl@0: SELECT * FROM sqlite_master UNION ALL SELECT * FROM sqlite_temp_master) sl@0: WHERE type='table' sl@0: ORDER BY name sl@0: } sl@0: } {sqlite_stat1 t1 t2 t3 t4} sl@0: } sl@0: sl@0: sl@0: rename proc {} sl@0: rename proc_real proc sl@0: sl@0: sl@0: finish_test