| blob | 2487e568b25a84c2855933cf0873cb3784ad8717 |
1 # 2003 April 4
2 #
3 # The author disclaims copyright to this source code. In place of
4 # a legal notice, here is a blessing:
5 #
6 # May you do good and not evil.
7 # May you find forgiveness for yourself and forgive others.
8 # May you share freely, never taking more than you give.
9 #
10 #***********************************************************************
11 # This file implements regression tests for SQLite library. The
12 # focus of this script is testing the sqlite3_set_authorizer() API
13 # and related functionality.
14 #
15 # $Id: auth.test,v 1.46 2009/07/02 18:40:35 danielk1977 Exp $
16 #
18 set testdir [file dirname $argv0]
19 source $testdir/tester.tcl
21 # disable this test if the SQLITE_OMIT_AUTHORIZATION macro is
22 # defined during compilation.
23 if {[catch {db auth {}} msg]} {
24 finish_test
25 return
26 }
28 rename proc proc_real
29 proc_real proc {name arguments script} {
30 proc_real $name $arguments $script
31 if {$name=="auth"} {
32 db authorizer ::auth
33 }
34 }
36 do_test auth-1.1.1 {
37 db close
38 set ::DB [sqlite3 db test.db]
39 proc authx {code arg1 arg2 arg3 arg4 args} {return SQLITE_DENY}
40 proc auth {code arg1 arg2 arg3 arg4 args} {
41 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
42 return SQLITE_DENY
43 }
44 return SQLITE_OK
45 }
46 db authorizer ::authx
47 # EVIDENCE-OF: R-03993-24285 Only a single authorizer can be in place on
48 # a database connection at a time. Each call to sqlite3_set_authorizer
49 # overrides the previous call.
50 #
51 # The authx authorizer above is overridden by the auth authorizer below
52 # authx is never invoked.
53 db authorizer ::auth
54 catchsql {CREATE TABLE t1(a,b,c)}
55 } {1 {not authorized}}
56 do_test auth-1.1.2 {
57 db errorcode
58 } {23}
59 do_test auth-1.1.3 {
60 db authorizer
61 } {::auth}
62 do_test auth-1.1.4 {
63 # Ticket #896.
64 catchsql {
65 SELECT x;
66 }
67 } {1 {no such column: x}}
68 do_test auth-1.2 {
69 execsql {SELECT name FROM sqlite_master}
70 } {}
71 # EVIDENCE-OF: R-04452-49349 When the callback returns SQLITE_DENY, the
72 # sqlite3_prepare_v2() or equivalent call that triggered the authorizer
73 # will fail with an error message explaining that access is denied.
74 do_test auth-1.3.1 {
75 proc auth {code arg1 arg2 arg3 arg4 args} {
76 if {$code=="SQLITE_CREATE_TABLE"} {
77 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
78 return SQLITE_DENY
79 }
80 return SQLITE_OK
81 }
82 catchsql {CREATE TABLE t1(a,b,c)}
83 } {1 {not authorized}}
84 do_test auth-1.3.2 {
85 db errorcode
86 } {23}
87 do_test auth-1.3.3 {
88 set ::authargs
89 } {t1 {} main {}}
90 do_test auth-1.4 {
91 execsql {SELECT name FROM sqlite_master}
92 } {}
94 ifcapable tempdb {
95 do_test auth-1.5 {
96 proc auth {code arg1 arg2 arg3 arg4 args} {
97 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
98 return SQLITE_DENY
99 }
100 return SQLITE_OK
101 }
102 catchsql {CREATE TEMP TABLE t1(a,b,c)}
103 } {1 {not authorized}}
104 do_test auth-1.6 {
105 execsql {SELECT name FROM temp.sqlite_master}
106 } {}
107 do_test auth-1.7.1 {
108 proc auth {code arg1 arg2 arg3 arg4 args} {
109 if {$code=="SQLITE_CREATE_TEMP_TABLE"} {
110 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
111 return SQLITE_DENY
112 }
113 return SQLITE_OK
114 }
115 catchsql {CREATE TEMP TABLE t1(a,b,c)}
116 } {1 {not authorized}}
117 do_test auth-1.7.2 {
118 set ::authargs
119 } {t1 {} temp {}}
120 do_test auth-1.8 {
121 execsql {SELECT name FROM sqlite_temp_master}
122 } {}
123 }
125 do_test auth-1.9 {
126 proc auth {code arg1 arg2 arg3 arg4 args} {
127 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
128 return SQLITE_IGNORE
129 }
130 return SQLITE_OK
131 }
132 catchsql {CREATE TABLE t1(a,b,c)}
133 } {0 {}}
134 do_test auth-1.10 {
135 execsql {SELECT name FROM sqlite_master}
136 } {}
137 do_test auth-1.11 {
138 proc auth {code arg1 arg2 arg3 arg4 args} {
139 if {$code=="SQLITE_CREATE_TABLE"} {
140 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
141 return SQLITE_IGNORE
142 }
143 return SQLITE_OK
144 }
145 catchsql {CREATE TABLE t1(a,b,c)}
146 } {0 {}}
147 do_test auth-1.12 {
148 execsql {SELECT name FROM sqlite_master}
149 } {}
151 ifcapable tempdb {
152 do_test auth-1.13 {
153 proc auth {code arg1 arg2 arg3 arg4 args} {
154 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
155 return SQLITE_IGNORE
156 }
157 return SQLITE_OK
158 }
159 catchsql {CREATE TEMP TABLE t1(a,b,c)}
160 } {0 {}}
161 do_test auth-1.14 {
162 execsql {SELECT name FROM temp.sqlite_master}
163 } {}
164 do_test auth-1.15 {
165 proc auth {code arg1 arg2 arg3 arg4 args} {
166 if {$code=="SQLITE_CREATE_TEMP_TABLE"} {
167 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
168 return SQLITE_IGNORE
169 }
170 return SQLITE_OK
171 }
172 catchsql {CREATE TEMP TABLE t1(a,b,c)}
173 } {0 {}}
174 do_test auth-1.16 {
175 execsql {SELECT name FROM sqlite_temp_master}
176 } {}
178 do_test auth-1.17 {
179 proc auth {code arg1 arg2 arg3 arg4 args} {
180 if {$code=="SQLITE_CREATE_TABLE"} {
181 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
182 return SQLITE_DENY
183 }
184 return SQLITE_OK
185 }
186 catchsql {CREATE TEMP TABLE t1(a,b,c)}
187 } {0 {}}
188 do_test auth-1.18 {
189 execsql {SELECT name FROM sqlite_temp_master}
190 } {t1}
191 }
193 do_test auth-1.19.1 {
194 set ::authargs {}
195 proc auth {code arg1 arg2 arg3 arg4 args} {
196 if {$code=="SQLITE_CREATE_TEMP_TABLE"} {
197 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
198 return SQLITE_DENY
199 }
200 return SQLITE_OK
201 }
202 catchsql {CREATE TABLE t2(a,b,c)}
203 } {0 {}}
204 do_test auth-1.19.2 {
205 set ::authargs
206 } {}
207 do_test auth-1.20 {
208 execsql {SELECT name FROM sqlite_master}
209 } {t2}
211 do_test auth-1.21.1 {
212 proc auth {code arg1 arg2 arg3 arg4 args} {
213 if {$code=="SQLITE_DROP_TABLE"} {
214 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
215 return SQLITE_DENY
216 }
217 return SQLITE_OK
218 }
219 catchsql {DROP TABLE t2}
220 } {1 {not authorized}}
221 do_test auth-1.21.2 {
222 set ::authargs
223 } {t2 {} main {}}
224 do_test auth-1.22 {
225 execsql {SELECT name FROM sqlite_master}
226 } {t2}
227 do_test auth-1.23.1 {
228 proc auth {code arg1 arg2 arg3 arg4 args} {
229 if {$code=="SQLITE_DROP_TABLE"} {
230 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
231 return SQLITE_IGNORE
232 }
233 return SQLITE_OK
234 }
235 catchsql {DROP TABLE t2}
236 } {0 {}}
237 do_test auth-1.23.2 {
238 set ::authargs
239 } {t2 {} main {}}
240 do_test auth-1.24 {
241 execsql {SELECT name FROM sqlite_master}
242 } {t2}
244 ifcapable tempdb {
245 do_test auth-1.25 {
246 proc auth {code arg1 arg2 arg3 arg4 args} {
247 if {$code=="SQLITE_DROP_TEMP_TABLE"} {
248 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
249 return SQLITE_DENY
250 }
251 return SQLITE_OK
252 }
253 catchsql {DROP TABLE t1}
254 } {1 {not authorized}}
255 do_test auth-1.26 {
256 execsql {SELECT name FROM sqlite_temp_master}
257 } {t1}
258 do_test auth-1.27 {
259 proc auth {code arg1 arg2 arg3 arg4 args} {
260 if {$code=="SQLITE_DROP_TEMP_TABLE"} {
261 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
262 return SQLITE_IGNORE
263 }
264 return SQLITE_OK
265 }
266 catchsql {DROP TABLE t1}
267 } {0 {}}
268 do_test auth-1.28 {
269 execsql {SELECT name FROM sqlite_temp_master}
270 } {t1}
271 }
273 do_test auth-1.29 {
274 proc auth {code arg1 arg2 arg3 arg4 args} {
275 if {$code=="SQLITE_INSERT" && $arg1=="t2"} {
276 return SQLITE_DENY
277 }
278 return SQLITE_OK
279 }
280 catchsql {INSERT INTO t2 VALUES(1,2,3)}
281 } {1 {not authorized}}
282 do_test auth-1.30 {
283 execsql {SELECT * FROM t2}
284 } {}
285 do_test auth-1.31 {
286 proc auth {code arg1 arg2 arg3 arg4 args} {
287 if {$code=="SQLITE_INSERT" && $arg1=="t2"} {
288 return SQLITE_IGNORE
289 }
290 return SQLITE_OK
291 }
292 catchsql {INSERT INTO t2 VALUES(1,2,3)}
293 } {0 {}}
294 do_test auth-1.32 {
295 execsql {SELECT * FROM t2}
296 } {}
297 do_test auth-1.33 {
298 proc auth {code arg1 arg2 arg3 arg4 args} {
299 if {$code=="SQLITE_INSERT" && $arg1=="t1"} {
300 return SQLITE_IGNORE
301 }
302 return SQLITE_OK
303 }
304 catchsql {INSERT INTO t2 VALUES(1,2,3)}
305 } {0 {}}
306 do_test auth-1.34 {
307 execsql {SELECT * FROM t2}
308 } {1 2 3}
310 do_test auth-1.35.1 {
311 proc auth {code arg1 arg2 arg3 arg4 args} {
312 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
313 return SQLITE_DENY
314 }
315 return SQLITE_OK
316 }
317 catchsql {SELECT * FROM t2}
318 } {1 {access to t2.b is prohibited}}
319 ifcapable attach {
320 do_test auth-1.35.2 {
321 execsql {ATTACH DATABASE 'test.db' AS two}
322 catchsql {SELECT * FROM two.t2}
323 } {1 {access to two.t2.b is prohibited}}
324 execsql {DETACH DATABASE two}
325 }
326 # EVIDENCE-OF: R-38392-49970 If the action code is SQLITE_READ and the
327 # callback returns SQLITE_IGNORE then the prepared statement statement
328 # is constructed to substitute a NULL value in place of the table column
329 # that would have been read if SQLITE_OK had been returned.
330 do_test auth-1.36 {
331 proc auth {code arg1 arg2 arg3 arg4 args} {
332 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
333 return SQLITE_IGNORE
334 }
335 return SQLITE_OK
336 }
337 catchsql {SELECT * FROM t2}
338 } {0 {1 {} 3}}
339 do_test auth-1.37 {
340 proc auth {code arg1 arg2 arg3 arg4 args} {
341 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
342 return SQLITE_IGNORE
343 }
344 return SQLITE_OK
345 }
346 catchsql {SELECT * FROM t2 WHERE b=2}
347 } {0 {}}
348 do_test auth-1.38 {
349 proc auth {code arg1 arg2 arg3 arg4 args} {
350 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="a"} {
351 return SQLITE_IGNORE
352 }
353 return SQLITE_OK
354 }
355 catchsql {SELECT * FROM t2 WHERE b=2}
356 } {0 {{} 2 3}}
357 do_test auth-1.39 {
358 proc auth {code arg1 arg2 arg3 arg4 args} {
359 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
360 return SQLITE_IGNORE
361 }
362 return SQLITE_OK
363 }
364 catchsql {SELECT * FROM t2 WHERE b IS NULL}
365 } {0 {1 {} 3}}
366 do_test auth-1.40 {
367 proc auth {code arg1 arg2 arg3 arg4 args} {
368 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} {
369 return SQLITE_DENY
370 }
371 return SQLITE_OK
372 }
373 catchsql {SELECT a,c FROM t2 WHERE b IS NULL}
374 } {1 {access to t2.b is prohibited}}
376 do_test auth-1.41 {
377 proc auth {code arg1 arg2 arg3 arg4 args} {
378 if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} {
379 return SQLITE_DENY
380 }
381 return SQLITE_OK
382 }
383 catchsql {UPDATE t2 SET a=11}
384 } {0 {}}
385 do_test auth-1.42 {
386 execsql {SELECT * FROM t2}
387 } {11 2 3}
388 do_test auth-1.43 {
389 proc auth {code arg1 arg2 arg3 arg4 args} {
390 if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} {
391 return SQLITE_DENY
392 }
393 return SQLITE_OK
394 }
395 catchsql {UPDATE t2 SET b=22, c=33}
396 } {1 {not authorized}}
397 do_test auth-1.44 {
398 execsql {SELECT * FROM t2}
399 } {11 2 3}
400 do_test auth-1.45 {
401 proc auth {code arg1 arg2 arg3 arg4 args} {
402 if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} {
403 return SQLITE_IGNORE
404 }
405 return SQLITE_OK
406 }
407 catchsql {UPDATE t2 SET b=22, c=33}
408 } {0 {}}
409 do_test auth-1.46 {
410 execsql {SELECT * FROM t2}
411 } {11 2 33}
413 do_test auth-1.47 {
414 proc auth {code arg1 arg2 arg3 arg4 args} {
415 if {$code=="SQLITE_DELETE" && $arg1=="t2"} {
416 return SQLITE_DENY
417 }
418 return SQLITE_OK
419 }
420 catchsql {DELETE FROM t2 WHERE a=11}
421 } {1 {not authorized}}
422 do_test auth-1.48 {
423 execsql {SELECT * FROM t2}
424 } {11 2 33}
425 do_test auth-1.49 {
426 proc auth {code arg1 arg2 arg3 arg4 args} {
427 if {$code=="SQLITE_DELETE" && $arg1=="t2"} {
428 return SQLITE_IGNORE
429 }
430 return SQLITE_OK
431 }
432 catchsql {DELETE FROM t2 WHERE a=11}
433 } {0 {}}
434 do_test auth-1.50 {
435 execsql {SELECT * FROM t2}
436 } {}
437 do_test auth-1.50.2 {
438 execsql {INSERT INTO t2 VALUES(11, 2, 33)}
439 } {}
441 do_test auth-1.51 {
442 proc auth {code arg1 arg2 arg3 arg4 args} {
443 if {$code=="SQLITE_SELECT"} {
444 return SQLITE_DENY
445 }
446 return SQLITE_OK
447 }
448 catchsql {SELECT * FROM t2}
449 } {1 {not authorized}}
450 do_test auth-1.52 {
451 proc auth {code arg1 arg2 arg3 arg4 args} {
452 if {$code=="SQLITE_SELECT"} {
453 return SQLITE_IGNORE
454 }
455 return SQLITE_OK
456 }
457 catchsql {SELECT * FROM t2}
458 } {0 {}}
459 do_test auth-1.53 {
460 proc auth {code arg1 arg2 arg3 arg4 args} {
461 if {$code=="SQLITE_SELECT"} {
462 return SQLITE_OK
463 }
464 return SQLITE_OK
465 }
466 catchsql {SELECT * FROM t2}
467 } {0 {11 2 33}}
469 # Update for version 3: There used to be a handful of test here that
470 # tested the authorisation callback with the COPY command. The following
471 # test makes the same database modifications as they used to.
472 do_test auth-1.54 {
473 execsql {INSERT INTO t2 VALUES(7, 8, 9);}
474 } {}
475 do_test auth-1.55 {
476 execsql {SELECT * FROM t2}
477 } {11 2 33 7 8 9}
479 do_test auth-1.63 {
480 proc auth {code arg1 arg2 arg3 arg4 args} {
481 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
482 return SQLITE_DENY
483 }
484 return SQLITE_OK
485 }
486 catchsql {DROP TABLE t2}
487 } {1 {not authorized}}
488 do_test auth-1.64 {
489 execsql {SELECT name FROM sqlite_master}
490 } {t2}
491 do_test auth-1.65 {
492 proc auth {code arg1 arg2 arg3 arg4 args} {
493 if {$code=="SQLITE_DELETE" && $arg1=="t2"} {
494 return SQLITE_DENY
495 }
496 return SQLITE_OK
497 }
498 catchsql {DROP TABLE t2}
499 } {1 {not authorized}}
500 do_test auth-1.66 {
501 execsql {SELECT name FROM sqlite_master}
502 } {t2}
504 ifcapable tempdb {
505 do_test auth-1.67 {
506 proc auth {code arg1 arg2 arg3 arg4 args} {
507 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
508 return SQLITE_DENY
509 }
510 return SQLITE_OK
511 }
512 catchsql {DROP TABLE t1}
513 } {1 {not authorized}}
514 do_test auth-1.68 {
515 execsql {SELECT name FROM sqlite_temp_master}
516 } {t1}
517 do_test auth-1.69 {
518 proc auth {code arg1 arg2 arg3 arg4 args} {
519 if {$code=="SQLITE_DELETE" && $arg1=="t1"} {
520 return SQLITE_DENY
521 }
522 return SQLITE_OK
523 }
524 catchsql {DROP TABLE t1}
525 } {1 {not authorized}}
526 do_test auth-1.70 {
527 execsql {SELECT name FROM sqlite_temp_master}
528 } {t1}
529 }
531 do_test auth-1.71 {
532 proc auth {code arg1 arg2 arg3 arg4 args} {
533 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
534 return SQLITE_IGNORE
535 }
536 return SQLITE_OK
537 }
538 catchsql {DROP TABLE t2}
539 } {0 {}}
540 do_test auth-1.72 {
541 execsql {SELECT name FROM sqlite_master}
542 } {t2}
543 do_test auth-1.73 {
544 proc auth {code arg1 arg2 arg3 arg4 args} {
545 if {$code=="SQLITE_DELETE" && $arg1=="t2"} {
546 return SQLITE_IGNORE
547 }
548 return SQLITE_OK
549 }
550 catchsql {DROP TABLE t2}
551 } {0 {}}
552 do_test auth-1.74 {
553 execsql {SELECT name FROM sqlite_master}
554 } {t2}
556 ifcapable tempdb {
557 do_test auth-1.75 {
558 proc auth {code arg1 arg2 arg3 arg4 args} {
559 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
560 return SQLITE_IGNORE
561 }
562 return SQLITE_OK
563 }
564 catchsql {DROP TABLE t1}
565 } {0 {}}
566 do_test auth-1.76 {
567 execsql {SELECT name FROM sqlite_temp_master}
568 } {t1}
569 do_test auth-1.77 {
570 proc auth {code arg1 arg2 arg3 arg4 args} {
571 if {$code=="SQLITE_DELETE" && $arg1=="t1"} {
572 return SQLITE_IGNORE
573 }
574 return SQLITE_OK
575 }
576 catchsql {DROP TABLE t1}
577 } {0 {}}
578 do_test auth-1.78 {
579 execsql {SELECT name FROM temp.sqlite_master}
580 } {t1}
581 }
583 # Test cases auth-1.79 to auth-1.124 test creating and dropping views.
584 # Omit these if the library was compiled with views omitted.
585 ifcapable view {
586 do_test auth-1.79 {
587 proc auth {code arg1 arg2 arg3 arg4 args} {
588 if {$code=="SQLITE_CREATE_VIEW"} {
589 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
590 return SQLITE_DENY
591 }
592 return SQLITE_OK
593 }
594 catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2}
595 } {1 {not authorized}}
596 do_test auth-1.80 {
597 set ::authargs
598 } {v1 {} main {}}
599 do_test auth-1.81 {
600 execsql {SELECT name FROM sqlite_master}
601 } {t2}
602 do_test auth-1.82 {
603 proc auth {code arg1 arg2 arg3 arg4 args} {
604 if {$code=="SQLITE_CREATE_VIEW"} {
605 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
606 return SQLITE_IGNORE
607 }
608 return SQLITE_OK
609 }
610 catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2}
611 } {0 {}}
612 do_test auth-1.83 {
613 set ::authargs
614 } {v1 {} main {}}
615 do_test auth-1.84 {
616 execsql {SELECT name FROM sqlite_master}
617 } {t2}
619 ifcapable tempdb {
620 do_test auth-1.85 {
621 proc auth {code arg1 arg2 arg3 arg4 args} {
622 if {$code=="SQLITE_CREATE_TEMP_VIEW"} {
623 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
624 return SQLITE_DENY
625 }
626 return SQLITE_OK
627 }
628 catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2}
629 } {1 {not authorized}}
630 do_test auth-1.86 {
631 set ::authargs
632 } {v1 {} temp {}}
633 do_test auth-1.87 {
634 execsql {SELECT name FROM sqlite_temp_master}
635 } {t1}
636 do_test auth-1.88 {
637 proc auth {code arg1 arg2 arg3 arg4 args} {
638 if {$code=="SQLITE_CREATE_TEMP_VIEW"} {
639 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
640 return SQLITE_IGNORE
641 }
642 return SQLITE_OK
643 }
644 catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2}
645 } {0 {}}
646 do_test auth-1.89 {
647 set ::authargs
648 } {v1 {} temp {}}
649 do_test auth-1.90 {
650 execsql {SELECT name FROM temp.sqlite_master}
651 } {t1}
652 }
654 do_test auth-1.91 {
655 proc auth {code arg1 arg2 arg3 arg4 args} {
656 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
657 return SQLITE_DENY
658 }
659 return SQLITE_OK
660 }
661 catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2}
662 } {1 {not authorized}}
663 do_test auth-1.92 {
664 execsql {SELECT name FROM sqlite_master}
665 } {t2}
666 do_test auth-1.93 {
667 proc auth {code arg1 arg2 arg3 arg4 args} {
668 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
669 return SQLITE_IGNORE
670 }
671 return SQLITE_OK
672 }
673 catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2}
674 } {0 {}}
675 do_test auth-1.94 {
676 execsql {SELECT name FROM sqlite_master}
677 } {t2}
679 ifcapable tempdb {
680 do_test auth-1.95 {
681 proc auth {code arg1 arg2 arg3 arg4 args} {
682 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
683 return SQLITE_DENY
684 }
685 return SQLITE_OK
686 }
687 catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2}
688 } {1 {not authorized}}
689 do_test auth-1.96 {
690 execsql {SELECT name FROM sqlite_temp_master}
691 } {t1}
692 do_test auth-1.97 {
693 proc auth {code arg1 arg2 arg3 arg4 args} {
694 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
695 return SQLITE_IGNORE
696 }
697 return SQLITE_OK
698 }
699 catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2}
700 } {0 {}}
701 do_test auth-1.98 {
702 execsql {SELECT name FROM sqlite_temp_master}
703 } {t1}
704 }
706 do_test auth-1.99 {
707 proc auth {code arg1 arg2 arg3 arg4 args} {
708 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
709 return SQLITE_DENY
710 }
711 return SQLITE_OK
712 }
713 catchsql {
714 CREATE VIEW v2 AS SELECT a+1,b+1 FROM t2;
715 DROP VIEW v2
716 }
717 } {1 {not authorized}}
718 do_test auth-1.100 {
719 execsql {SELECT name FROM sqlite_master}
720 } {t2 v2}
721 do_test auth-1.101 {
722 proc auth {code arg1 arg2 arg3 arg4 args} {
723 if {$code=="SQLITE_DROP_VIEW"} {
724 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
725 return SQLITE_DENY
726 }
727 return SQLITE_OK
728 }
729 catchsql {DROP VIEW v2}
730 } {1 {not authorized}}
731 do_test auth-1.102 {
732 set ::authargs
733 } {v2 {} main {}}
734 do_test auth-1.103 {
735 execsql {SELECT name FROM sqlite_master}
736 } {t2 v2}
737 do_test auth-1.104 {
738 proc auth {code arg1 arg2 arg3 arg4 args} {
739 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
740 return SQLITE_IGNORE
741 }
742 return SQLITE_OK
743 }
744 catchsql {DROP VIEW v2}
745 } {0 {}}
746 do_test auth-1.105 {
747 execsql {SELECT name FROM sqlite_master}
748 } {t2 v2}
749 do_test auth-1.106 {
750 proc auth {code arg1 arg2 arg3 arg4 args} {
751 if {$code=="SQLITE_DROP_VIEW"} {
752 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
753 return SQLITE_IGNORE
754 }
755 return SQLITE_OK
756 }
757 catchsql {DROP VIEW v2}
758 } {0 {}}
759 do_test auth-1.107 {
760 set ::authargs
761 } {v2 {} main {}}
762 do_test auth-1.108 {
763 execsql {SELECT name FROM sqlite_master}
764 } {t2 v2}
765 do_test auth-1.109 {
766 proc auth {code arg1 arg2 arg3 arg4 args} {
767 if {$code=="SQLITE_DROP_VIEW"} {
768 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
769 return SQLITE_OK
770 }
771 return SQLITE_OK
772 }
773 catchsql {DROP VIEW v2}
774 } {0 {}}
775 do_test auth-1.110 {
776 set ::authargs
777 } {v2 {} main {}}
778 do_test auth-1.111 {
779 execsql {SELECT name FROM sqlite_master}
780 } {t2}
783 ifcapable tempdb {
784 do_test auth-1.112 {
785 proc auth {code arg1 arg2 arg3 arg4 args} {
786 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
787 return SQLITE_DENY
788 }
789 return SQLITE_OK
790 }
791 catchsql {
792 CREATE TEMP VIEW v1 AS SELECT a+1,b+1 FROM t1;
793 DROP VIEW v1
794 }
795 } {1 {not authorized}}
796 do_test auth-1.113 {
797 execsql {SELECT name FROM temp.sqlite_master}
798 } {t1 v1}
799 do_test auth-1.114 {
800 proc auth {code arg1 arg2 arg3 arg4 args} {
801 if {$code=="SQLITE_DROP_TEMP_VIEW"} {
802 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
803 return SQLITE_DENY
804 }
805 return SQLITE_OK
806 }
807 catchsql {DROP VIEW v1}
808 } {1 {not authorized}}
809 do_test auth-1.115 {
810 set ::authargs
811 } {v1 {} temp {}}
812 do_test auth-1.116 {
813 execsql {SELECT name FROM sqlite_temp_master}
814 } {t1 v1}
815 do_test auth-1.117 {
816 proc auth {code arg1 arg2 arg3 arg4 args} {
817 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
818 return SQLITE_IGNORE
819 }
820 return SQLITE_OK
821 }
822 catchsql {DROP VIEW v1}
823 } {0 {}}
824 do_test auth-1.118 {
825 execsql {SELECT name FROM sqlite_temp_master}
826 } {t1 v1}
827 do_test auth-1.119 {
828 proc auth {code arg1 arg2 arg3 arg4 args} {
829 if {$code=="SQLITE_DROP_TEMP_VIEW"} {
830 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
831 return SQLITE_IGNORE
832 }
833 return SQLITE_OK
834 }
835 catchsql {DROP VIEW v1}
836 } {0 {}}
837 do_test auth-1.120 {
838 set ::authargs
839 } {v1 {} temp {}}
840 do_test auth-1.121 {
841 execsql {SELECT name FROM temp.sqlite_master}
842 } {t1 v1}
843 do_test auth-1.122 {
844 proc auth {code arg1 arg2 arg3 arg4 args} {
845 if {$code=="SQLITE_DROP_TEMP_VIEW"} {
846 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
847 return SQLITE_OK
848 }
849 return SQLITE_OK
850 }
851 catchsql {DROP VIEW v1}
852 } {0 {}}
853 do_test auth-1.123 {
854 set ::authargs
855 } {v1 {} temp {}}
856 do_test auth-1.124 {
857 execsql {SELECT name FROM sqlite_temp_master}
858 } {t1}
859 }
860 } ;# ifcapable view
862 # Test cases auth-1.125 to auth-1.176 test creating and dropping triggers.
863 # Omit these if the library was compiled with triggers omitted.
864 #
865 ifcapable trigger&&tempdb {
866 do_test auth-1.125 {
867 proc auth {code arg1 arg2 arg3 arg4 args} {
868 if {$code=="SQLITE_CREATE_TRIGGER"} {
869 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
870 return SQLITE_DENY
871 }
872 return SQLITE_OK
873 }
874 catchsql {
875 CREATE TRIGGER r2 DELETE on t2 BEGIN
876 SELECT NULL;
877 END;
878 }
879 } {1 {not authorized}}
880 do_test auth-1.126 {
881 set ::authargs
882 } {r2 t2 main {}}
883 do_test auth-1.127 {
884 execsql {SELECT name FROM sqlite_master}
885 } {t2}
886 do_test auth-1.128 {
887 proc auth {code arg1 arg2 arg3 arg4 args} {
888 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
889 return SQLITE_DENY
890 }
891 return SQLITE_OK
892 }
893 catchsql {
894 CREATE TRIGGER r2 DELETE on t2 BEGIN
895 SELECT NULL;
896 END;
897 }
898 } {1 {not authorized}}
899 do_test auth-1.129 {
900 execsql {SELECT name FROM sqlite_master}
901 } {t2}
902 do_test auth-1.130 {
903 proc auth {code arg1 arg2 arg3 arg4 args} {
904 if {$code=="SQLITE_CREATE_TRIGGER"} {
905 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
906 return SQLITE_IGNORE
907 }
908 return SQLITE_OK
909 }
910 catchsql {
911 CREATE TRIGGER r2 DELETE on t2 BEGIN
912 SELECT NULL;
913 END;
914 }
915 } {0 {}}
916 do_test auth-1.131 {
917 set ::authargs
918 } {r2 t2 main {}}
919 do_test auth-1.132 {
920 execsql {SELECT name FROM sqlite_master}
921 } {t2}
922 do_test auth-1.133 {
923 proc auth {code arg1 arg2 arg3 arg4 args} {
924 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
925 return SQLITE_IGNORE
926 }
927 return SQLITE_OK
928 }
929 catchsql {
930 CREATE TRIGGER r2 DELETE on t2 BEGIN
931 SELECT NULL;
932 END;
933 }
934 } {0 {}}
935 do_test auth-1.134 {
936 execsql {SELECT name FROM sqlite_master}
937 } {t2}
938 do_test auth-1.135 {
939 proc auth {code arg1 arg2 arg3 arg4 args} {
940 if {$code=="SQLITE_CREATE_TRIGGER"} {
941 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
942 return SQLITE_OK
943 }
944 return SQLITE_OK
945 }
946 catchsql {
947 CREATE TABLE tx(id);
948 CREATE TRIGGER r2 AFTER INSERT ON t2 BEGIN
949 INSERT INTO tx VALUES(NEW.rowid);
950 END;
951 }
952 } {0 {}}
953 do_test auth-1.136.1 {
954 set ::authargs
955 } {r2 t2 main {}}
956 do_test auth-1.136.2 {
957 execsql {
958 SELECT name FROM sqlite_master WHERE type='trigger'
959 }
960 } {r2}
961 do_test auth-1.136.3 {
962 proc auth {code arg1 arg2 arg3 arg4 args} {
963 lappend ::authargs $code $arg1 $arg2 $arg3 $arg4
964 return SQLITE_OK
965 }
966 set ::authargs {}
967 execsql {
968 INSERT INTO t2 VALUES(1,2,3);
969 }
970 set ::authargs
971 } {SQLITE_INSERT t2 {} main {} SQLITE_INSERT tx {} main r2 SQLITE_READ t2 ROWID main r2}
972 do_test auth-1.136.4 {
973 execsql {
974 SELECT * FROM tx;
975 }
976 } {3}
977 do_test auth-1.137 {
978 execsql {SELECT name FROM sqlite_master}
979 } {t2 tx r2}
980 do_test auth-1.138 {
981 proc auth {code arg1 arg2 arg3 arg4 args} {
982 if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} {
983 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
984 return SQLITE_DENY
985 }
986 return SQLITE_OK
987 }
988 catchsql {
989 CREATE TRIGGER r1 DELETE on t1 BEGIN
990 SELECT NULL;
991 END;
992 }
993 } {1 {not authorized}}
994 do_test auth-1.139 {
995 set ::authargs
996 } {r1 t1 temp {}}
997 do_test auth-1.140 {
998 execsql {SELECT name FROM temp.sqlite_master}
999 } {t1}
1000 do_test auth-1.141 {
1001 proc auth {code arg1 arg2 arg3 arg4 args} {
1002 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
1003 return SQLITE_DENY
1004 }
1005 return SQLITE_OK
1006 }
1007 catchsql {
1008 CREATE TRIGGER r1 DELETE on t1 BEGIN
1009 SELECT NULL;
1010 END;
1011 }
1012 } {1 {not authorized}}
1013 do_test auth-1.142 {
1014 execsql {SELECT name FROM sqlite_temp_master}
1015 } {t1}
1016 do_test auth-1.143 {
1017 proc auth {code arg1 arg2 arg3 arg4 args} {
1018 if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} {
1019 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1020 return SQLITE_IGNORE
1021 }
1022 return SQLITE_OK
1023 }
1024 catchsql {
1025 CREATE TRIGGER r1 DELETE on t1 BEGIN
1026 SELECT NULL;
1027 END;
1028 }
1029 } {0 {}}
1030 do_test auth-1.144 {
1031 set ::authargs
1032 } {r1 t1 temp {}}
1033 do_test auth-1.145 {
1034 execsql {SELECT name FROM temp.sqlite_master}
1035 } {t1}
1036 do_test auth-1.146 {
1037 proc auth {code arg1 arg2 arg3 arg4 args} {
1038 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
1039 return SQLITE_IGNORE
1040 }
1041 return SQLITE_OK
1042 }
1043 catchsql {
1044 CREATE TRIGGER r1 DELETE on t1 BEGIN
1045 SELECT NULL;
1046 END;
1047 }
1048 } {0 {}}
1049 do_test auth-1.147 {
1050 execsql {SELECT name FROM sqlite_temp_master}
1051 } {t1}
1052 do_test auth-1.148 {
1053 proc auth {code arg1 arg2 arg3 arg4 args} {
1054 if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} {
1055 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1056 return SQLITE_OK
1057 }
1058 return SQLITE_OK
1059 }
1060 catchsql {
1061 CREATE TRIGGER r1 DELETE on t1 BEGIN
1062 SELECT NULL;
1063 END;
1064 }
1065 } {0 {}}
1066 do_test auth-1.149 {
1067 set ::authargs
1068 } {r1 t1 temp {}}
1069 do_test auth-1.150 {
1070 execsql {SELECT name FROM temp.sqlite_master}
1071 } {t1 r1}
1073 do_test auth-1.151 {
1074 proc auth {code arg1 arg2 arg3 arg4 args} {
1075 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
1076 return SQLITE_DENY
1077 }
1078 return SQLITE_OK
1079 }
1080 catchsql {DROP TRIGGER r2}
1081 } {1 {not authorized}}
1082 do_test auth-1.152 {
1083 execsql {SELECT name FROM sqlite_master}
1084 } {t2 tx r2}
1085 do_test auth-1.153 {
1086 proc auth {code arg1 arg2 arg3 arg4 args} {
1087 if {$code=="SQLITE_DROP_TRIGGER"} {
1088 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1089 return SQLITE_DENY
1090 }
1091 return SQLITE_OK
1092 }
1093 catchsql {DROP TRIGGER r2}
1094 } {1 {not authorized}}
1095 do_test auth-1.154 {
1096 set ::authargs
1097 } {r2 t2 main {}}
1098 do_test auth-1.155 {
1099 execsql {SELECT name FROM sqlite_master}
1100 } {t2 tx r2}
1101 do_test auth-1.156 {
1102 proc auth {code arg1 arg2 arg3 arg4 args} {
1103 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
1104 return SQLITE_IGNORE
1105 }
1106 return SQLITE_OK
1107 }
1108 catchsql {DROP TRIGGER r2}
1109 } {0 {}}
1110 do_test auth-1.157 {
1111 execsql {SELECT name FROM sqlite_master}
1112 } {t2 tx r2}
1113 do_test auth-1.158 {
1114 proc auth {code arg1 arg2 arg3 arg4 args} {
1115 if {$code=="SQLITE_DROP_TRIGGER"} {
1116 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1117 return SQLITE_IGNORE
1118 }
1119 return SQLITE_OK
1120 }
1121 catchsql {DROP TRIGGER r2}
1122 } {0 {}}
1123 do_test auth-1.159 {
1124 set ::authargs
1125 } {r2 t2 main {}}
1126 do_test auth-1.160 {
1127 execsql {SELECT name FROM sqlite_master}
1128 } {t2 tx r2}
1129 do_test auth-1.161 {
1130 proc auth {code arg1 arg2 arg3 arg4 args} {
1131 if {$code=="SQLITE_DROP_TRIGGER"} {
1132 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1133 return SQLITE_OK
1134 }
1135 return SQLITE_OK
1136 }
1137 catchsql {DROP TRIGGER r2}
1138 } {0 {}}
1139 do_test auth-1.162 {
1140 set ::authargs
1141 } {r2 t2 main {}}
1142 do_test auth-1.163 {
1143 execsql {
1144 DROP TABLE tx;
1145 DELETE FROM t2 WHERE a=1 AND b=2 AND c=3;
1146 SELECT name FROM sqlite_master;
1147 }
1148 } {t2}
1150 do_test auth-1.164 {
1151 proc auth {code arg1 arg2 arg3 arg4 args} {
1152 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
1153 return SQLITE_DENY
1154 }
1155 return SQLITE_OK
1156 }
1157 catchsql {DROP TRIGGER r1}
1158 } {1 {not authorized}}
1159 do_test auth-1.165 {
1160 execsql {SELECT name FROM temp.sqlite_master}
1161 } {t1 r1}
1162 do_test auth-1.166 {
1163 proc auth {code arg1 arg2 arg3 arg4 args} {
1164 if {$code=="SQLITE_DROP_TEMP_TRIGGER"} {
1165 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1166 return SQLITE_DENY
1167 }
1168 return SQLITE_OK
1169 }
1170 catchsql {DROP TRIGGER r1}
1171 } {1 {not authorized}}
1172 do_test auth-1.167 {
1173 set ::authargs
1174 } {r1 t1 temp {}}
1175 do_test auth-1.168 {
1176 execsql {SELECT name FROM sqlite_temp_master}
1177 } {t1 r1}
1178 do_test auth-1.169 {
1179 proc auth {code arg1 arg2 arg3 arg4 args} {
1180 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
1181 return SQLITE_IGNORE
1182 }
1183 return SQLITE_OK
1184 }
1185 catchsql {DROP TRIGGER r1}
1186 } {0 {}}
1187 do_test auth-1.170 {
1188 execsql {SELECT name FROM temp.sqlite_master}
1189 } {t1 r1}
1190 do_test auth-1.171 {
1191 proc auth {code arg1 arg2 arg3 arg4 args} {
1192 if {$code=="SQLITE_DROP_TEMP_TRIGGER"} {
1193 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1194 return SQLITE_IGNORE
1195 }
1196 return SQLITE_OK
1197 }
1198 catchsql {DROP TRIGGER r1}
1199 } {0 {}}
1200 do_test auth-1.172 {
1201 set ::authargs
1202 } {r1 t1 temp {}}
1203 do_test auth-1.173 {
1204 execsql {SELECT name FROM sqlite_temp_master}
1205 } {t1 r1}
1206 do_test auth-1.174 {
1207 proc auth {code arg1 arg2 arg3 arg4 args} {
1208 if {$code=="SQLITE_DROP_TEMP_TRIGGER"} {
1209 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1210 return SQLITE_OK
1211 }
1212 return SQLITE_OK
1213 }
1214 catchsql {DROP TRIGGER r1}
1215 } {0 {}}
1216 do_test auth-1.175 {
1217 set ::authargs
1218 } {r1 t1 temp {}}
1219 do_test auth-1.176 {
1220 execsql {SELECT name FROM temp.sqlite_master}
1221 } {t1}
1222 } ;# ifcapable trigger
1224 do_test auth-1.177 {
1225 proc auth {code arg1 arg2 arg3 arg4 args} {
1226 if {$code=="SQLITE_CREATE_INDEX"} {
1227 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1228 return SQLITE_DENY
1229 }
1230 return SQLITE_OK
1231 }
1232 catchsql {CREATE INDEX i2 ON t2(a)}
1233 } {1 {not authorized}}
1234 do_test auth-1.178 {
1235 set ::authargs
1236 } {i2 t2 main {}}
1237 do_test auth-1.179 {
1238 execsql {SELECT name FROM sqlite_master}
1239 } {t2}
1240 do_test auth-1.180 {
1241 proc auth {code arg1 arg2 arg3 arg4 args} {
1242 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
1243 return SQLITE_DENY
1244 }
1245 return SQLITE_OK
1246 }
1247 catchsql {CREATE INDEX i2 ON t2(a)}
1248 } {1 {not authorized}}
1249 do_test auth-1.181 {
1250 execsql {SELECT name FROM sqlite_master}
1251 } {t2}
1252 do_test auth-1.182 {
1253 proc auth {code arg1 arg2 arg3 arg4 args} {
1254 if {$code=="SQLITE_CREATE_INDEX"} {
1255 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1256 return SQLITE_IGNORE
1257 }
1258 return SQLITE_OK
1259 }
1260 catchsql {CREATE INDEX i2 ON t2(b)}
1261 } {0 {}}
1262 do_test auth-1.183 {
1263 set ::authargs
1264 } {i2 t2 main {}}
1265 do_test auth-1.184 {
1266 execsql {SELECT name FROM sqlite_master}
1267 } {t2}
1268 do_test auth-1.185 {
1269 proc auth {code arg1 arg2 arg3 arg4 args} {
1270 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} {
1271 return SQLITE_IGNORE
1272 }
1273 return SQLITE_OK
1274 }
1275 catchsql {CREATE INDEX i2 ON t2(b)}
1276 } {0 {}}
1277 do_test auth-1.186 {
1278 execsql {SELECT name FROM sqlite_master}
1279 } {t2}
1280 do_test auth-1.187 {
1281 proc auth {code arg1 arg2 arg3 arg4 args} {
1282 if {$code=="SQLITE_CREATE_INDEX"} {
1283 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1284 return SQLITE_OK
1285 }
1286 return SQLITE_OK
1287 }
1288 catchsql {CREATE INDEX i2 ON t2(a)}
1289 } {0 {}}
1290 do_test auth-1.188 {
1291 set ::authargs
1292 } {i2 t2 main {}}
1293 do_test auth-1.189 {
1294 execsql {SELECT name FROM sqlite_master}
1295 } {t2 i2}
1297 ifcapable tempdb {
1298 do_test auth-1.190 {
1299 proc auth {code arg1 arg2 arg3 arg4 args} {
1300 if {$code=="SQLITE_CREATE_TEMP_INDEX"} {
1301 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1302 return SQLITE_DENY
1303 }
1304 return SQLITE_OK
1305 }
1306 catchsql {CREATE INDEX i1 ON t1(a)}
1307 } {1 {not authorized}}
1308 do_test auth-1.191 {
1309 set ::authargs
1310 } {i1 t1 temp {}}
1311 do_test auth-1.192 {
1312 execsql {SELECT name FROM sqlite_temp_master}
1313 } {t1}
1314 do_test auth-1.193 {
1315 proc auth {code arg1 arg2 arg3 arg4 args} {
1316 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
1317 return SQLITE_DENY
1318 }
1319 return SQLITE_OK
1320 }
1321 catchsql {CREATE INDEX i1 ON t1(b)}
1322 } {1 {not authorized}}
1323 do_test auth-1.194 {
1324 execsql {SELECT name FROM temp.sqlite_master}
1325 } {t1}
1326 do_test auth-1.195 {
1327 proc auth {code arg1 arg2 arg3 arg4 args} {
1328 if {$code=="SQLITE_CREATE_TEMP_INDEX"} {
1329 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1330 return SQLITE_IGNORE
1331 }
1332 return SQLITE_OK
1333 }
1334 catchsql {CREATE INDEX i1 ON t1(b)}
1335 } {0 {}}
1336 do_test auth-1.196 {
1337 set ::authargs
1338 } {i1 t1 temp {}}
1339 do_test auth-1.197 {
1340 execsql {SELECT name FROM sqlite_temp_master}
1341 } {t1}
1342 do_test auth-1.198 {
1343 proc auth {code arg1 arg2 arg3 arg4 args} {
1344 if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} {
1345 return SQLITE_IGNORE
1346 }
1347 return SQLITE_OK
1348 }
1349 catchsql {CREATE INDEX i1 ON t1(c)}
1350 } {0 {}}
1351 do_test auth-1.199 {
1352 execsql {SELECT name FROM sqlite_temp_master}
1353 } {t1}
1354 do_test auth-1.200 {
1355 proc auth {code arg1 arg2 arg3 arg4 args} {
1356 if {$code=="SQLITE_CREATE_TEMP_INDEX"} {
1357 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1358 return SQLITE_OK
1359 }
1360 return SQLITE_OK
1361 }
1362 catchsql {CREATE INDEX i1 ON t1(a)}
1363 } {0 {}}
1364 do_test auth-1.201 {
1365 set ::authargs
1366 } {i1 t1 temp {}}
1367 do_test auth-1.202 {
1368 execsql {SELECT name FROM temp.sqlite_master}
1369 } {t1 i1}
1370 }
1372 do_test auth-1.203 {
1373 proc auth {code arg1 arg2 arg3 arg4 args} {
1374 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
1375 return SQLITE_DENY
1376 }
1377 return SQLITE_OK
1378 }
1379 catchsql {DROP INDEX i2}
1380 } {1 {not authorized}}
1381 do_test auth-1.204 {
1382 execsql {SELECT name FROM sqlite_master}
1383 } {t2 i2}
1384 do_test auth-1.205 {
1385 proc auth {code arg1 arg2 arg3 arg4 args} {
1386 if {$code=="SQLITE_DROP_INDEX"} {
1387 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1388 return SQLITE_DENY
1389 }
1390 return SQLITE_OK
1391 }
1392 catchsql {DROP INDEX i2}
1393 } {1 {not authorized}}
1394 do_test auth-1.206 {
1395 set ::authargs
1396 } {i2 t2 main {}}
1397 do_test auth-1.207 {
1398 execsql {SELECT name FROM sqlite_master}
1399 } {t2 i2}
1400 do_test auth-1.208 {
1401 proc auth {code arg1 arg2 arg3 arg4 args} {
1402 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} {
1403 return SQLITE_IGNORE
1404 }
1405 return SQLITE_OK
1406 }
1407 catchsql {DROP INDEX i2}
1408 } {0 {}}
1409 do_test auth-1.209 {
1410 execsql {SELECT name FROM sqlite_master}
1411 } {t2 i2}
1412 do_test auth-1.210 {
1413 proc auth {code arg1 arg2 arg3 arg4 args} {
1414 if {$code=="SQLITE_DROP_INDEX"} {
1415 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1416 return SQLITE_IGNORE
1417 }
1418 return SQLITE_OK
1419 }
1420 catchsql {DROP INDEX i2}
1421 } {0 {}}
1422 do_test auth-1.211 {
1423 set ::authargs
1424 } {i2 t2 main {}}
1425 do_test auth-1.212 {
1426 execsql {SELECT name FROM sqlite_master}
1427 } {t2 i2}
1428 do_test auth-1.213 {
1429 proc auth {code arg1 arg2 arg3 arg4 args} {
1430 if {$code=="SQLITE_DROP_INDEX"} {
1431 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1432 return SQLITE_OK
1433 }
1434 return SQLITE_OK
1435 }
1436 catchsql {DROP INDEX i2}
1437 } {0 {}}
1438 do_test auth-1.214 {
1439 set ::authargs
1440 } {i2 t2 main {}}
1441 do_test auth-1.215 {
1442 execsql {SELECT name FROM sqlite_master}
1443 } {t2}
1445 ifcapable tempdb {
1446 do_test auth-1.216 {
1447 proc auth {code arg1 arg2 arg3 arg4 args} {
1448 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
1449 return SQLITE_DENY
1450 }
1451 return SQLITE_OK
1452 }
1453 catchsql {DROP INDEX i1}
1454 } {1 {not authorized}}
1455 do_test auth-1.217 {
1456 execsql {SELECT name FROM sqlite_temp_master}
1457 } {t1 i1}
1458 do_test auth-1.218 {
1459 proc auth {code arg1 arg2 arg3 arg4 args} {
1460 if {$code=="SQLITE_DROP_TEMP_INDEX"} {
1461 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1462 return SQLITE_DENY
1463 }
1464 return SQLITE_OK
1465 }
1466 catchsql {DROP INDEX i1}
1467 } {1 {not authorized}}
1468 do_test auth-1.219 {
1469 set ::authargs
1470 } {i1 t1 temp {}}
1471 do_test auth-1.220 {
1472 execsql {SELECT name FROM sqlite_temp_master}
1473 } {t1 i1}
1474 do_test auth-1.221 {
1475 proc auth {code arg1 arg2 arg3 arg4 args} {
1476 if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} {
1477 return SQLITE_IGNORE
1478 }
1479 return SQLITE_OK
1480 }
1481 catchsql {DROP INDEX i1}
1482 } {0 {}}
1483 do_test auth-1.222 {
1484 execsql {SELECT name FROM temp.sqlite_master}
1485 } {t1 i1}
1486 do_test auth-1.223 {
1487 proc auth {code arg1 arg2 arg3 arg4 args} {
1488 if {$code=="SQLITE_DROP_TEMP_INDEX"} {
1489 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1490 return SQLITE_IGNORE
1491 }
1492 return SQLITE_OK
1493 }
1494 catchsql {DROP INDEX i1}
1495 } {0 {}}
1496 do_test auth-1.224 {
1497 set ::authargs
1498 } {i1 t1 temp {}}
1499 do_test auth-1.225 {
1500 execsql {SELECT name FROM temp.sqlite_master}
1501 } {t1 i1}
1502 do_test auth-1.226 {
1503 proc auth {code arg1 arg2 arg3 arg4 args} {
1504 if {$code=="SQLITE_DROP_TEMP_INDEX"} {
1505 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1506 return SQLITE_OK
1507 }
1508 return SQLITE_OK
1509 }
1510 catchsql {DROP INDEX i1}
1511 } {0 {}}
1512 do_test auth-1.227 {
1513 set ::authargs
1514 } {i1 t1 temp {}}
1515 do_test auth-1.228 {
1516 execsql {SELECT name FROM temp.sqlite_master}
1517 } {t1}
1518 }
1520 do_test auth-1.229 {
1521 proc auth {code arg1 arg2 arg3 arg4 args} {
1522 if {$code=="SQLITE_PRAGMA"} {
1523 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1524 return SQLITE_DENY
1525 }
1526 return SQLITE_OK
1527 }
1528 catchsql {PRAGMA full_column_names=on}
1529 } {1 {not authorized}}
1530 do_test auth-1.230 {
1531 set ::authargs
1532 } {full_column_names on {} {}}
1533 do_test auth-1.231 {
1534 execsql2 {SELECT a FROM t2}
1535 } {a 11 a 7}
1536 do_test auth-1.232 {
1537 proc auth {code arg1 arg2 arg3 arg4 args} {
1538 if {$code=="SQLITE_PRAGMA"} {
1539 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1540 return SQLITE_IGNORE
1541 }
1542 return SQLITE_OK
1543 }
1544 catchsql {PRAGMA full_column_names=on}
1545 } {0 {}}
1546 do_test auth-1.233 {
1547 set ::authargs
1548 } {full_column_names on {} {}}
1549 do_test auth-1.234 {
1550 execsql2 {SELECT a FROM t2}
1551 } {a 11 a 7}
1552 do_test auth-1.235 {
1553 proc auth {code arg1 arg2 arg3 arg4 args} {
1554 if {$code=="SQLITE_PRAGMA"} {
1555 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1556 return SQLITE_OK
1557 }
1558 return SQLITE_OK
1559 }
1560 catchsql {PRAGMA full_column_names=on}
1561 } {0 {}}
1562 do_test auth-1.236 {
1563 execsql2 {SELECT a FROM t2}
1564 } {t2.a 11 t2.a 7}
1565 do_test auth-1.237 {
1566 proc auth {code arg1 arg2 arg3 arg4 args} {
1567 if {$code=="SQLITE_PRAGMA"} {
1568 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1569 return SQLITE_OK
1570 }
1571 return SQLITE_OK
1572 }
1573 catchsql {PRAGMA full_column_names=OFF}
1574 } {0 {}}
1575 do_test auth-1.238 {
1576 set ::authargs
1577 } {full_column_names OFF {} {}}
1578 do_test auth-1.239 {
1579 execsql2 {SELECT a FROM t2}
1580 } {a 11 a 7}
1582 do_test auth-1.240 {
1583 proc auth {code arg1 arg2 arg3 arg4 args} {
1584 if {$code=="SQLITE_TRANSACTION"} {
1585 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1586 return SQLITE_DENY
1587 }
1588 return SQLITE_OK
1589 }
1590 catchsql {BEGIN}
1591 } {1 {not authorized}}
1592 do_test auth-1.241 {
1593 set ::authargs
1594 } {BEGIN {} {} {}}
1595 do_test auth-1.242 {
1596 proc auth {code arg1 arg2 arg3 arg4 args} {
1597 if {$code=="SQLITE_TRANSACTION" && $arg1!="BEGIN"} {
1598 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1599 return SQLITE_DENY
1600 }
1601 return SQLITE_OK
1602 }
1603 catchsql {BEGIN; INSERT INTO t2 VALUES(44,55,66); COMMIT}
1604 } {1 {not authorized}}
1605 do_test auth-1.243 {
1606 set ::authargs
1607 } {COMMIT {} {} {}}
1608 do_test auth-1.244 {
1609 execsql {SELECT * FROM t2}
1610 } {11 2 33 7 8 9 44 55 66}
1611 do_test auth-1.245 {
1612 catchsql {ROLLBACK}
1613 } {1 {not authorized}}
1614 do_test auth-1.246 {
1615 set ::authargs
1616 } {ROLLBACK {} {} {}}
1617 do_test auth-1.247 {
1618 catchsql {END TRANSACTION}
1619 } {1 {not authorized}}
1620 do_test auth-1.248 {
1621 set ::authargs
1622 } {COMMIT {} {} {}}
1623 do_test auth-1.249 {
1624 # EVIDENCE-OF: R-52112-44167 Disable the authorizer by installing a NULL
1625 # callback.
1626 db authorizer {}
1627 catchsql {ROLLBACK}
1628 } {0 {}}
1629 do_test auth-1.250 {
1630 execsql {SELECT * FROM t2}
1631 } {11 2 33 7 8 9}
1633 # ticket #340 - authorization for ATTACH and DETACH.
1634 #
1635 ifcapable attach {
1636 do_test auth-1.251 {
1637 db authorizer ::auth
1638 proc auth {code arg1 arg2 arg3 arg4 args} {
1639 if {$code=="SQLITE_ATTACH"} {
1640 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1641 }
1642 return SQLITE_OK
1643 }
1644 catchsql {
1645 ATTACH DATABASE ':memory:' AS test1
1646 }
1647 } {0 {}}
1648 do_test auth-1.252a {
1649 set ::authargs
1650 } {:memory: {} {} {}}
1651 do_test auth-1.252b {
1652 db eval {DETACH test1}
1653 set ::attachfilename :memory:
1654 db eval {ATTACH $::attachfilename AS test1}
1655 set ::authargs
1656 } {{} {} {} {}}
1657 do_test auth-1.252c {
1658 db eval {DETACH test1}
1659 db eval {ATTACH ':mem' || 'ory:' AS test1}
1660 set ::authargs
1661 } {{} {} {} {}}
1662 do_test auth-1.253 {
1663 catchsql {DETACH DATABASE test1}
1664 proc auth {code arg1 arg2 arg3 arg4 args} {
1665 if {$code=="SQLITE_ATTACH"} {
1666 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1667 return SQLITE_DENY
1668 }
1669 return SQLITE_OK
1670 }
1671 catchsql {
1672 ATTACH DATABASE ':memory:' AS test1;
1673 }
1674 } {1 {not authorized}}
1675 do_test auth-1.254 {
1676 lindex [execsql {PRAGMA database_list}] 7
1677 } {}
1678 do_test auth-1.255 {
1679 catchsql {DETACH DATABASE test1}
1680 proc auth {code arg1 arg2 arg3 arg4 args} {
1681 if {$code=="SQLITE_ATTACH"} {
1682 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1683 return SQLITE_IGNORE
1684 }
1685 return SQLITE_OK
1686 }
1687 catchsql {
1688 ATTACH DATABASE ':memory:' AS test1;
1689 }
1690 } {0 {}}
1691 do_test auth-1.256 {
1692 lindex [execsql {PRAGMA database_list}] 7
1693 } {}
1694 do_test auth-1.257 {
1695 proc auth {code arg1 arg2 arg3 arg4 args} {
1696 if {$code=="SQLITE_DETACH"} {
1697 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1698 return SQLITE_OK
1699 }
1700 return SQLITE_OK
1701 }
1702 execsql {ATTACH DATABASE ':memory:' AS test1}
1703 catchsql {
1704 DETACH DATABASE test1;
1705 }
1706 } {0 {}}
1707 do_test auth-1.258 {
1708 lindex [execsql {PRAGMA database_list}] 7
1709 } {}
1710 do_test auth-1.259 {
1711 execsql {ATTACH DATABASE ':memory:' AS test1}
1712 proc auth {code arg1 arg2 arg3 arg4 args} {
1713 if {$code=="SQLITE_DETACH"} {
1714 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1715 return SQLITE_IGNORE
1716 }
1717 return SQLITE_OK
1718 }
1719 catchsql {
1720 DETACH DATABASE test1;
1721 }
1722 } {0 {}}
1723 ifcapable tempdb {
1724 ifcapable schema_pragmas {
1725 do_test auth-1.260 {
1726 lindex [execsql {PRAGMA database_list}] 7
1727 } {test1}
1728 } ;# ifcapable schema_pragmas
1729 do_test auth-1.261 {
1730 proc auth {code arg1 arg2 arg3 arg4 args} {
1731 if {$code=="SQLITE_DETACH"} {
1732 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1733 return SQLITE_DENY
1734 }
1735 return SQLITE_OK
1736 }
1737 catchsql {
1738 DETACH DATABASE test1;
1739 }
1740 } {1 {not authorized}}
1741 ifcapable schema_pragmas {
1742 do_test auth-1.262 {
1743 lindex [execsql {PRAGMA database_list}] 7
1744 } {test1}
1745 } ;# ifcapable schema_pragmas
1746 db authorizer {}
1747 execsql {DETACH DATABASE test1}
1748 db authorizer ::auth
1750 # Authorization for ALTER TABLE. These tests are omitted if the library
1751 # was built without ALTER TABLE support.
1752 ifcapable altertable {
1754 do_test auth-1.263 {
1755 proc auth {code arg1 arg2 arg3 arg4 args} {
1756 if {$code=="SQLITE_ALTER_TABLE"} {
1757 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1758 return SQLITE_OK
1759 }
1760 return SQLITE_OK
1761 }
1762 catchsql {
1763 ALTER TABLE t1 RENAME TO t1x
1764 }
1765 } {0 {}}
1766 do_test auth-1.264 {
1767 execsql {SELECT name FROM sqlite_temp_master WHERE type='table'}
1768 } {t1x}
1769 do_test auth-1.265 {
1770 set authargs
1771 } {temp t1 {} {}}
1772 do_test auth-1.266 {
1773 proc auth {code arg1 arg2 arg3 arg4 args} {
1774 if {$code=="SQLITE_ALTER_TABLE"} {
1775 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1776 return SQLITE_IGNORE
1777 }
1778 return SQLITE_OK
1779 }
1780 catchsql {
1781 ALTER TABLE t1x RENAME TO t1
1782 }
1783 } {0 {}}
1784 do_test auth-1.267 {
1785 execsql {SELECT name FROM temp.sqlite_master WHERE type='table'}
1786 } {t1x}
1787 do_test auth-1.268 {
1788 set authargs
1789 } {temp t1x {} {}}
1790 do_test auth-1.269 {
1791 proc auth {code arg1 arg2 arg3 arg4 args} {
1792 if {$code=="SQLITE_ALTER_TABLE"} {
1793 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1794 return SQLITE_DENY
1795 }
1796 return SQLITE_OK
1797 }
1798 catchsql {
1799 ALTER TABLE t1x RENAME TO t1
1800 }
1801 } {1 {not authorized}}
1802 do_test auth-1.270 {
1803 execsql {SELECT name FROM sqlite_temp_master WHERE type='table'}
1804 } {t1x}
1806 do_test auth-1.271 {
1807 set authargs
1808 } {temp t1x {} {}}
1809 } ;# ifcapable altertable
1811 } else {
1812 db authorizer {}
1813 db eval {
1814 DETACH DATABASE test1;
1815 }
1816 }
1817 }
1819 ifcapable altertable {
1820 db authorizer {}
1821 catchsql {ALTER TABLE t1x RENAME TO t1}
1822 db authorizer ::auth
1823 do_test auth-1.272 {
1824 proc auth {code arg1 arg2 arg3 arg4 args} {
1825 if {$code=="SQLITE_ALTER_TABLE"} {
1826 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1827 return SQLITE_OK
1828 }
1829 return SQLITE_OK
1830 }
1831 catchsql {
1832 ALTER TABLE t2 RENAME TO t2x
1833 }
1834 } {0 {}}
1835 do_test auth-1.273 {
1836 execsql {SELECT name FROM sqlite_master WHERE type='table'}
1837 } {t2x}
1838 do_test auth-1.274 {
1839 set authargs
1840 } {main t2 {} {}}
1841 do_test auth-1.275 {
1842 proc auth {code arg1 arg2 arg3 arg4 args} {
1843 if {$code=="SQLITE_ALTER_TABLE"} {
1844 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1845 return SQLITE_IGNORE
1846 }
1847 return SQLITE_OK
1848 }
1849 catchsql {
1850 ALTER TABLE t2x RENAME TO t2
1851 }
1852 } {0 {}}
1853 do_test auth-1.276 {
1854 execsql {SELECT name FROM sqlite_master WHERE type='table'}
1855 } {t2x}
1856 do_test auth-1.277 {
1857 set authargs
1858 } {main t2x {} {}}
1859 do_test auth-1.278 {
1860 proc auth {code arg1 arg2 arg3 arg4 args} {
1861 if {$code=="SQLITE_ALTER_TABLE"} {
1862 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
1863 return SQLITE_DENY
1864 }
1865 return SQLITE_OK
1866 }
1867 catchsql {
1868 ALTER TABLE t2x RENAME TO t2
1869 }
1870 } {1 {not authorized}}
1871 do_test auth-1.279 {
1872 execsql {SELECT name FROM sqlite_master WHERE type='table'}
1873 } {t2x}
1874 do_test auth-1.280 {
1875 set authargs
1876 } {main t2x {} {}}
1877 db authorizer {}
1878 catchsql {ALTER TABLE t2x RENAME TO t2}
1880 } ;# ifcapable altertable
1882 # Test the authorization callbacks for the REINDEX command.
1883 ifcapable reindex {
1885 proc auth {code args} {
1886 if {$code=="SQLITE_REINDEX"} {
1887 set ::authargs [concat $::authargs [lrange $args 0 3]]
1888 }
1889 return SQLITE_OK
1890 }
1891 db authorizer auth
1892 do_test auth-1.281 {
1893 execsql {
1894 CREATE TABLE t3(a PRIMARY KEY, b, c);
1895 CREATE INDEX t3_idx1 ON t3(c COLLATE BINARY);
1896 CREATE INDEX t3_idx2 ON t3(b COLLATE NOCASE);
1897 }
1898 } {}
1899 do_test auth-1.282 {
1900 set ::authargs {}
1901 execsql {
1902 REINDEX t3_idx1;
1903 }
1904 set ::authargs
1905 } {t3_idx1 {} main {}}
1906 do_test auth-1.283 {
1907 set ::authargs {}
1908 execsql {
1909 REINDEX BINARY;
1910 }
1911 set ::authargs
1912 } {t3_idx1 {} main {} sqlite_autoindex_t3_1 {} main {}}
1913 do_test auth-1.284 {
1914 set ::authargs {}
1915 execsql {
1916 REINDEX NOCASE;
1917 }
1918 set ::authargs
1919 } {t3_idx2 {} main {}}
1920 do_test auth-1.285 {
1921 set ::authargs {}
1922 execsql {
1923 REINDEX t3;
1924 }
1925 set ::authargs
1926 } {t3_idx2 {} main {} t3_idx1 {} main {} sqlite_autoindex_t3_1 {} main {}}
1927 do_test auth-1.286 {
1928 execsql {
1929 DROP TABLE t3;
1930 }
1931 } {}
1932 ifcapable tempdb {
1933 do_test auth-1.287 {
1934 execsql {
1935 CREATE TEMP TABLE t3(a PRIMARY KEY, b, c);
1936 CREATE INDEX t3_idx1 ON t3(c COLLATE BINARY);
1937 CREATE INDEX t3_idx2 ON t3(b COLLATE NOCASE);
1938 }
1939 } {}
1940 do_test auth-1.288 {
1941 set ::authargs {}
1942 execsql {
1943 REINDEX temp.t3_idx1;
1944 }
1945 set ::authargs
1946 } {t3_idx1 {} temp {}}
1947 do_test auth-1.289 {
1948 set ::authargs {}
1949 execsql {
1950 REINDEX BINARY;
1951 }
1952 set ::authargs
1953 } {t3_idx1 {} temp {} sqlite_autoindex_t3_1 {} temp {}}
1954 do_test auth-1.290 {
1955 set ::authargs {}
1956 execsql {
1957 REINDEX NOCASE;
1958 }
1959 set ::authargs
1960 } {t3_idx2 {} temp {}}
1961 do_test auth-1.291 {
1962 set ::authargs {}
1963 execsql {
1964 REINDEX temp.t3;
1965 }
1966 set ::authargs
1967 } {t3_idx2 {} temp {} t3_idx1 {} temp {} sqlite_autoindex_t3_1 {} temp {}}
1968 proc auth {code args} {
1969 if {$code=="SQLITE_REINDEX"} {
1970 set ::authargs [concat $::authargs [lrange $args 0 3]]
1971 return SQLITE_DENY
1972 }
1973 return SQLITE_OK
1974 }
1975 do_test auth-1.292 {
1976 set ::authargs {}
1977 catchsql {
1978 REINDEX temp.t3;
1979 }
1980 } {1 {not authorized}}
1981 do_test auth-1.293 {
1982 execsql {
1983 DROP TABLE t3;
1984 }
1985 } {}
1986 }
1988 } ;# ifcapable reindex
1990 ifcapable analyze {
1991 proc auth {code args} {
1992 if {$code=="SQLITE_ANALYZE"} {
1993 set ::authargs [concat $::authargs [lrange $args 0 3]]
1994 }
1995 return SQLITE_OK
1996 }
1997 do_test auth-1.294 {
1998 set ::authargs {}
1999 execsql {
2000 CREATE TABLE t4(a,b,c);
2001 CREATE INDEX t4i1 ON t4(a);
2002 CREATE INDEX t4i2 ON t4(b,a,c);
2003 INSERT INTO t4 VALUES(1,2,3);
2004 ANALYZE;
2005 }
2006 set ::authargs
2007 } {t4 {} main {} t2 {} main {}}
2008 do_test auth-1.295 {
2009 execsql {
2010 SELECT count(*) FROM sqlite_stat1;
2011 }
2012 } 3
2013 proc auth {code args} {
2014 if {$code=="SQLITE_ANALYZE"} {
2015 set ::authargs [concat $::authargs $args]
2016 return SQLITE_DENY
2017 }
2018 return SQLITE_OK
2019 }
2020 do_test auth-1.296 {
2021 set ::authargs {}
2022 catchsql {
2023 ANALYZE;
2024 }
2025 } {1 {not authorized}}
2026 do_test auth-1.297 {
2027 execsql {
2028 SELECT count(*) FROM sqlite_stat1;
2029 }
2030 } 3
2031 } ;# ifcapable analyze
2034 # Authorization for ALTER TABLE ADD COLUMN.
2035 # These tests are omitted if the library
2036 # was built without ALTER TABLE support.
2037 ifcapable {altertable} {
2038 do_test auth-1.300 {
2039 execsql {CREATE TABLE t5(x)}
2040 proc auth {code arg1 arg2 arg3 arg4 args} {
2041 if {$code=="SQLITE_ALTER_TABLE"} {
2042 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
2043 return SQLITE_OK
2044 }
2045 return SQLITE_OK
2046 }
2047 catchsql {
2048 ALTER TABLE t5 ADD COLUMN new_col_1;
2049 }
2050 } {0 {}}
2051 do_test auth-1.301 {
2052 set x [execsql {SELECT sql FROM sqlite_master WHERE name='t5'}]
2053 regexp new_col_1 $x
2054 } {1}
2055 do_test auth-1.302 {
2056 set authargs
2057 } {main t5 {} {}}
2058 do_test auth-1.303 {
2059 proc auth {code arg1 arg2 arg3 arg4 args} {
2060 if {$code=="SQLITE_ALTER_TABLE"} {
2061 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
2062 return SQLITE_IGNORE
2063 }
2064 return SQLITE_OK
2065 }
2066 catchsql {
2067 ALTER TABLE t5 ADD COLUMN new_col_2;
2068 }
2069 } {0 {}}
2070 do_test auth-1.304 {
2071 set x [execsql {SELECT sql FROM sqlite_master WHERE name='t5'}]
2072 regexp new_col_2 $x
2073 } {0}
2074 do_test auth-1.305 {
2075 set authargs
2076 } {main t5 {} {}}
2077 do_test auth-1.306 {
2078 proc auth {code arg1 arg2 arg3 arg4 args} {
2079 if {$code=="SQLITE_ALTER_TABLE"} {
2080 set ::authargs [list $arg1 $arg2 $arg3 $arg4]
2081 return SQLITE_DENY
2082 }
2083 return SQLITE_OK
2084 }
2085 catchsql {
2086 ALTER TABLE t5 ADD COLUMN new_col_3
2087 }
2088 } {1 {not authorized}}
2089 do_test auth-1.307 {
2090 set x [execsql {SELECT sql FROM temp.sqlite_master WHERE type='t5'}]
2091 regexp new_col_3 $x
2092 } {0}
2094 do_test auth-1.308 {
2095 set authargs
2096 } {main t5 {} {}}
2097 execsql {DROP TABLE t5}
2098 } ;# ifcapable altertable
2100 ifcapable {cte} {
2101 do_test auth-1.310 {
2102 proc auth {code arg1 arg2 arg3 arg4 args} {
2103 if {$code=="SQLITE_RECURSIVE"} {
2104 return SQLITE_DENY
2105 }
2106 return SQLITE_OK
2107 }
2108 db eval {
2109 DROP TABLE IF EXISTS t1;
2110 CREATE TABLE t1(a,b);
2111 INSERT INTO t1 VALUES(1,2),(3,4),(5,6);
2112 }
2113 } {}
2114 do_catchsql_test auth-1.311 {
2115 WITH
2116 auth1311(x,y) AS (SELECT a+b, b-a FROM t1)
2117 SELECT * FROM auth1311 ORDER BY x;
2118 } {0 {3 1 7 1 11 1}}
2119 do_catchsql_test auth-1.312 {
2120 WITH RECURSIVE
2121 auth1312(x,y) AS (SELECT a+b, b-a FROM t1)
2122 SELECT x, y FROM auth1312 ORDER BY x;
2123 } {0 {3 1 7 1 11 1}}
2124 do_catchsql_test auth-1.313 {
2125 WITH RECURSIVE
2126 auth1313(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM auth1313 WHERE x<5)
2127 SELECT * FROM t1;
2128 } {0 {1 2 3 4 5 6}}
2129 do_catchsql_test auth-1.314 {
2130 WITH RECURSIVE
2131 auth1314(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM auth1314 WHERE x<5)
2132 SELECT * FROM t1 LEFT JOIN auth1314;
2133 } {1 {not authorized}}
2134 } ;# ifcapable cte
2136 do_test auth-2.1 {
2137 proc auth {code arg1 arg2 arg3 arg4 args} {
2138 if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} {
2139 return SQLITE_DENY
2140 }
2141 return SQLITE_OK
2142 }
2143 db authorizer ::auth
2144 execsql {CREATE TABLE t3(x INTEGER PRIMARY KEY, y, z)}
2145 catchsql {SELECT * FROM t3}
2146 } {1 {access to t3.x is prohibited}}
2147 do_test auth-2.1 {
2148 catchsql {SELECT y,z FROM t3}
2149 } {0 {}}
2150 do_test auth-2.2 {
2151 catchsql {SELECT ROWID,y,z FROM t3}
2152 } {1 {access to t3.x is prohibited}}
2153 do_test auth-2.3 {
2154 catchsql {SELECT OID,y,z FROM t3}
2155 } {1 {access to t3.x is prohibited}}
2156 do_test auth-2.4 {
2157 proc auth {code arg1 arg2 arg3 arg4 args} {
2158 if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} {
2159 return SQLITE_IGNORE
2160 }
2161 return SQLITE_OK
2162 }
2163 execsql {INSERT INTO t3 VALUES(44,55,66)}
2164 catchsql {SELECT * FROM t3}
2165 } {0 {{} 55 66}}
2166 do_test auth-2.5 {
2167 catchsql {SELECT rowid,y,z FROM t3}
2168 } {0 {{} 55 66}}
2169 do_test auth-2.6 {
2170 proc auth {code arg1 arg2 arg3 arg4 args} {
2171 if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="ROWID"} {
2172 return SQLITE_IGNORE
2173 }
2174 return SQLITE_OK
2175 }
2176 catchsql {SELECT * FROM t3}
2177 } {0 {44 55 66}}
2178 do_test auth-2.7 {
2179 catchsql {SELECT ROWID,y,z FROM t3}
2180 } {0 {44 55 66}}
2181 do_test auth-2.8 {
2182 proc auth {code arg1 arg2 arg3 arg4 args} {
2183 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} {
2184 return SQLITE_IGNORE
2185 }
2186 return SQLITE_OK
2187 }
2188 catchsql {SELECT ROWID,b,c FROM t2}
2189 } {0 {{} 2 33 {} 8 9}}
2190 do_test auth-2.9.1 {
2191 # We have to flush the cache here in case the Tcl interface tries to
2192 # reuse a statement compiled with sqlite3_prepare_v2(). In this case,
2193 # the first error encountered is an SQLITE_SCHEMA error. Then, when
2194 # trying to recompile the statement, the authorization error is encountered.
2195 # If we do not flush the cache, the correct error message is returned, but
2196 # the error code is SQLITE_SCHEMA, not SQLITE_ERROR as required by the test
2197 # case after this one.
2198 #
2199 db cache flush
2201 proc auth {code arg1 arg2 arg3 arg4 args} {
2202 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} {
2203 return bogus
2204 }
2205 return SQLITE_OK
2206 }
2207 catchsql {SELECT ROWID,b,c FROM t2}
2208 } {1 {authorizer malfunction}}
2209 do_test auth-2.9.2 {
2210 db errorcode
2211 } {1}
2212 do_test auth-2.10 {
2213 proc auth {code arg1 arg2 arg3 arg4 args} {
2214 if {$code=="SQLITE_SELECT"} {
2215 return bogus
2216 }
2217 return SQLITE_OK
2218 }
2219 catchsql {SELECT ROWID,b,c FROM t2}
2220 } {1 {authorizer malfunction}}
2221 do_test auth-2.11.1 {
2222 proc auth {code arg1 arg2 arg3 arg4 args} {
2223 if {$code=="SQLITE_READ" && $arg2=="a"} {
2224 return SQLITE_IGNORE
2225 }
2226 return SQLITE_OK
2227 }
2228 catchsql {SELECT * FROM t2, t3}
2229 } {0 {{} 2 33 44 55 66 {} 8 9 44 55 66}}
2230 do_test auth-2.11.2 {
2231 proc auth {code arg1 arg2 arg3 arg4 args} {
2232 if {$code=="SQLITE_READ" && $arg2=="x"} {
2233 return SQLITE_IGNORE
2234 }
2235 return SQLITE_OK
2236 }
2237 catchsql {SELECT * FROM t2, t3}
2238 } {0 {11 2 33 {} 55 66 7 8 9 {} 55 66}}
2240 # Make sure the OLD and NEW pseudo-tables of a trigger get authorized.
2241 #
2242 ifcapable trigger {
2243 do_test auth-3.1 {
2244 proc auth {code arg1 arg2 arg3 arg4 args} {
2245 return SQLITE_OK
2246 }
2247 execsql {
2248 CREATE TABLE tx(a1,a2,b1,b2,c1,c2);
2249 CREATE TRIGGER r1 AFTER UPDATE ON t2 FOR EACH ROW BEGIN
2250 INSERT INTO tx VALUES(OLD.a,NEW.a,OLD.b,NEW.b,OLD.c,NEW.c);
2251 END;
2252 UPDATE t2 SET a=a+1;
2253 SELECT * FROM tx;
2254 }
2255 } {11 12 2 2 33 33 7 8 8 8 9 9}
2256 do_test auth-3.2 {
2257 proc auth {code arg1 arg2 arg3 arg4 args} {
2258 if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="c"} {
2259 return SQLITE_IGNORE
2260 }
2261 return SQLITE_OK
2262 }
2263 execsql {
2264 DELETE FROM tx;
2265 UPDATE t2 SET a=a+100;
2266 SELECT * FROM tx;
2267 }
2268 } {12 112 2 2 {} {} 8 108 8 8 {} {}}
2269 } ;# ifcapable trigger
2271 # Make sure the names of views and triggers are passed on on arg4.
2272 #
2273 ifcapable trigger {
2274 do_test auth-4.1 {
2275 proc auth {code arg1 arg2 arg3 arg4 args} {
2276 lappend ::authargs $code $arg1 $arg2 $arg3 $arg4
2277 return SQLITE_OK
2278 }
2279 set authargs {}
2280 execsql {
2281 UPDATE t2 SET a=a+1;
2282 }
2283 set authargs
2284 } [list \
2285 SQLITE_READ t2 a main {} \
2286 SQLITE_UPDATE t2 a main {} \
2287 SQLITE_INSERT tx {} main r1 \
2288 SQLITE_READ t2 a main r1 \
2289 SQLITE_READ t2 a main r1 \
2290 SQLITE_READ t2 b main r1 \
2291 SQLITE_READ t2 b main r1 \
2292 SQLITE_READ t2 c main r1 \
2293 SQLITE_READ t2 c main r1]
2294 }
2296 ifcapable {view && trigger} {
2297 do_test auth-4.2 {
2298 execsql {
2299 CREATE VIEW v1 AS SELECT a+b AS x FROM t2;
2300 CREATE TABLE v1chng(x1,x2);
2301 CREATE TRIGGER r2 INSTEAD OF UPDATE ON v1 BEGIN
2302 INSERT INTO v1chng VALUES(OLD.x,NEW.x);
2303 END;
2304 SELECT * FROM v1;
2305 }
2306 } {115 117}
2307 do_test auth-4.3 {
2308 set authargs {}
2309 execsql {
2310 UPDATE v1 SET x=1 WHERE x=117
2311 }
2312 set authargs
2313 } [list \
2314 SQLITE_UPDATE v1 x main {} \
2315 SQLITE_SELECT {} {} {} v1 \
2316 SQLITE_READ t2 a main v1 \
2317 SQLITE_READ t2 b main v1 \
2318 SQLITE_READ v1 x main v1 \
2319 SQLITE_READ v1 x main v1 \
2320 SQLITE_SELECT {} {} {} v1 \
2321 SQLITE_READ v1 x main v1 \
2322 SQLITE_INSERT v1chng {} main r2 \
2323 SQLITE_READ v1 x main r2 \
2324 SQLITE_READ v1 x main r2 \
2325 ]
2327 do_test auth-4.4 {
2328 execsql {
2329 CREATE TRIGGER r3 INSTEAD OF DELETE ON v1 BEGIN
2330 INSERT INTO v1chng VALUES(OLD.x,NULL);
2331 END;
2332 SELECT * FROM v1;
2333 }
2334 } {115 117}
2335 do_test auth-4.5 {
2336 set authargs {}
2337 execsql {
2338 DELETE FROM v1 WHERE x=117
2339 }
2340 set authargs
2341 } [list \
2342 SQLITE_DELETE v1 {} main {} \
2343 SQLITE_SELECT {} {} {} v1 \
2344 SQLITE_READ t2 a main v1 \
2345 SQLITE_READ t2 b main v1 \
2346 SQLITE_READ v1 x main v1 \
2347 SQLITE_READ v1 x main v1 \
2348 SQLITE_SELECT {} {} {} v1 \
2349 SQLITE_READ v1 x main v1 \
2350 SQLITE_INSERT v1chng {} main r3 \
2351 SQLITE_READ v1 x main r3 \
2352 ]
2354 } ;# ifcapable view && trigger
2356 # Ticket #1338: Make sure authentication works in the presence of an AS
2357 # clause.
2358 #
2359 do_test auth-5.1 {
2360 proc auth {code arg1 arg2 arg3 arg4 args} {
2361 return SQLITE_OK
2362 }
2363 execsql {
2364 SELECT count(a) AS cnt FROM t4 ORDER BY cnt
2365 }
2366 } {1}
2368 # Ticket #1607
2369 #
2370 ifcapable compound&&subquery {
2371 ifcapable trigger {
2372 execsql {
2373 DROP TABLE tx;
2374 }
2375 ifcapable view {
2376 execsql {
2377 DROP TABLE v1chng;
2378 }
2379 }
2380 }
2381 ifcapable stat4 {
2382 set stat4 "sqlite_stat4 "
2383 } else {
2384 ifcapable stat3 {
2385 set stat4 "sqlite_stat3 "
2386 } else {
2387 set stat4 ""
2388 }
2389 }
2390 do_test auth-5.2 {
2391 execsql {
2392 SELECT name FROM (
2393 SELECT * FROM sqlite_master UNION ALL SELECT * FROM temp.sqlite_master)
2394 WHERE type='table'
2395 ORDER BY name
2396 }
2397 } "sqlite_stat1 ${stat4}t1 t2 t3 t4"
2398 }
2400 # Ticket #3944
2401 #
2402 ifcapable trigger {
2403 do_test auth-5.3.1 {
2404 execsql {
2405 CREATE TABLE t5 ( x );
2406 CREATE TRIGGER t5_tr1 AFTER INSERT ON t5 BEGIN
2407 UPDATE t5 SET x = 1 WHERE NEW.x = 0;
2408 END;
2409 }
2410 } {}
2411 set ::authargs [list]
2412 proc auth {args} {
2413 eval lappend ::authargs [lrange $args 0 4]
2414 return SQLITE_OK
2415 }
2416 do_test auth-5.3.2 {
2417 execsql { INSERT INTO t5 (x) values(0) }
2418 set ::authargs
2419 } [list SQLITE_INSERT t5 {} main {} \
2420 SQLITE_UPDATE t5 x main t5_tr1 \
2421 SQLITE_READ t5 x main t5_tr1 \
2422 ]
2423 do_test auth-5.3.2 {
2424 execsql { SELECT * FROM t5 }
2425 } {1}
2426 }
2428 # Ticket [0eb70d77cb05bb22720]: Invalid pointer passsed to the authorizer
2429 # callback when updating a ROWID.
2430 #
2431 do_test auth-6.1 {
2432 execsql {
2433 CREATE TABLE t6(a,b,c,d,e,f,g,h);
2434 INSERT INTO t6 VALUES(1,2,3,4,5,6,7,8);
2435 }
2436 } {}
2437 set ::authargs [list]
2438 proc auth {args} {
2439 eval lappend ::authargs [lrange $args 0 4]
2440 return SQLITE_OK
2441 }
2442 do_test auth-6.2 {
2443 execsql {UPDATE t6 SET rowID=rowID+100}
2444 set ::authargs
2445 } [list SQLITE_READ t6 ROWID main {} \
2446 SQLITE_UPDATE t6 ROWID main {} \
2447 ]
2448 do_test auth-6.3 {
2449 execsql {SELECT rowid, * FROM t6}
2450 } {101 1 2 3 4 5 6 7 8}
2452 #-------------------------------------------------------------------------
2453 # Test that view names are included as zArg4.
2454 #
2455 do_execsql_test auth-7.1 {
2456 CREATE TABLE t7(a, b, c);
2457 CREATE VIEW v7 AS SELECT * FROM t7;
2458 } {}
2459 set ::authargs [list]
2460 proc auth {args} {
2461 eval lappend ::authargs [lrange $args 0 4]
2462 return SQLITE_OK
2463 }
2465 do_test auth-7.2 {
2466 execsql {SELECT a, c FROM v7}
2467 set ::authargs
2468 } [list \
2469 SQLITE_SELECT {} {} {} {} \
2470 SQLITE_READ t7 a main v7 \
2471 SQLITE_READ t7 b main v7 \
2472 SQLITE_READ t7 c main v7 \
2473 SQLITE_READ v7 a main {} \
2474 SQLITE_READ v7 c main {} \
2475 SQLITE_SELECT {} {} {} v7 \
2476 ]
2478 set ::authargs [list]
2479 do_test auth-7.3 {
2480 execsql {SELECT a, c FROM t7}
2481 set ::authargs
2482 } [list \
2483 SQLITE_SELECT {} {} {} {} \
2484 SQLITE_READ t7 a main {} \
2485 SQLITE_READ t7 c main {} \
2486 ]
2488 set ::authargs [list]
2489 do_test auth-7.4 {
2490 execsql {SELECT a, c FROM t7 AS v7}
2491 set ::authargs
2492 } [list \
2493 SQLITE_SELECT {} {} {} {} \
2494 SQLITE_READ t7 a main {} \
2495 SQLITE_READ t7 c main {} \
2496 ]
2498 # If a table is referenced but no columns are read from the table,
2499 # that causes a single SQLITE_READ authorization with a NULL column
2500 # name.
2501 #
2502 # EVIDENCE-OF: R-31520-16302 When a table is referenced by a SELECT but
2503 # no column values are extracted from that table (for example in a query
2504 # like "SELECT count(*) FROM tab") then the SQLITE_READ authorizer
2505 # callback is invoked once for that table with a column name that is an
2506 # empty string.
2507 #
2508 set ::authargs [list]
2509 do_test auth-8.1 {
2510 execsql {SELECT count(*) FROM t7}
2511 set ::authargs
2512 } [list \
2513 SQLITE_SELECT {} {} {} {} \
2514 SQLITE_FUNCTION {} count {} {} \
2515 SQLITE_READ t7 {} {} {} \
2516 ]
2517 set ::authargs [list]
2519 do_test auth-8.2 {
2520 execsql {SELECT t6.a FROM t6, t7}
2521 set ::authargs
2522 } [list \
2523 SQLITE_SELECT {} {} {} {} \
2524 SQLITE_READ t6 a main {} \
2525 SQLITE_READ t7 {} {} {} \
2526 ]
2528 # Test also that if SQLITE_DENY is returned from an SQLITE_READ authorizer
2529 # invocation with no column name specified, compilation fails.
2530 #
2531 set ::authargs [list]
2532 proc auth {op a b c d} {
2533 lappend ::authargs $op $a $b $c $d
2534 if {$op == "SQLITE_READ"} { return "SQLITE_DENY" }
2535 return "SQLITE_OK"
2536 }
2537 set ::authargs [list]
2538 do_catchsql_test auth-8.3 {
2539 SELECT count(*) FROM t7
2540 } {1 {not authorized}}
2541 do_test auth-8.4 {
2542 set ::authargs
2543 } [list \
2544 SQLITE_SELECT {} {} {} {} \
2545 SQLITE_FUNCTION {} count {} {} \
2546 SQLITE_READ t7 {} {} {} \
2547 ]
2550 rename proc {}
2551 rename proc_real proc
2552 finish_test