From ce9b0157f0d023e43d114ad6f5ea1b672eca92ff Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Mon, 4 May 2009 01:58:31 +0000
Subject: [PATCH] Work toward cleaning up the authorizer interface.  Work is
 on-going.  This is an incremental check-in. (CVS 6598)

FossilOrigin-Name: 694662f7860179403e0cc55b45ae8afa45aa7dfb
---
 manifest        | 16 ++++++++--------
 manifest.uuid   |  2 +-
 src/auth.c      | 16 +++++++---------
 test/auth.test  |  6 +++---
 test/auth3.test |  4 ++--
 5 files changed, 21 insertions(+), 23 deletions(-)

diff --git a/manifest b/manifest
index 674023ce55..f51f80b732 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Changes\sto\sfacility\sfull\scoverage\stesting\sof\sutil.c.\s(CVS\s6597)
-D 2009-05-03T20:23:53
+C Work\stoward\scleaning\sup\sthe\sauthorizer\sinterface.\s\sWork\sis\son-going.\s\sThis\nis\san\sincremental\scheck-in.\s(CVS\s6598)
+D 2009-05-04T01:58:31
 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
 F Makefile.in 583e87706abc3026960ed759aff6371faf84c211
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -102,7 +102,7 @@ F sqlite3.pc.in ae6f59a76e862f5c561eb32a380228a02afc3cad
 F src/alter.c 8ab5824bde0a03dae5829f61557ab7c72757000a
 F src/analyze.c e239496cfb5394ac8867f1c112905ddab8d01cd9
 F src/attach.c 3b99611f04926fc69c35b1145603fc3ddb0ca967
-F src/auth.c c8b2ab5c8bad4bd90ed7c294694f48269162c627
+F src/auth.c 3aa04c55fba2b4d5905d3a1f8f24b0c2249d1921
 F src/backup.c 0082d0e5a63f04e88faee0dff0a7d63d3e92a78d
 F src/bitvec.c ef370407e03440b0852d05024fb016b14a471d3d
 F src/btmutex.c 9b899c0d8df3bd68f527b0afe03088321b696d3c
@@ -230,9 +230,9 @@ F test/attach.test 75a5d22f88e730967d68f2c9f95e786e3953d8e3
 F test/attach2.test a295d2d7061adcee5884ef4a93c7c96a82765437
 F test/attach3.test 7b92dc8e40c1ebca9732ca6f2d3fefbd46f196df
 F test/attachmalloc.test cf8cf17d183de357b1147a9baacbdfc85b940b61
-F test/auth.test 0e901aeb399f766fd58f5e19b8b9a09e2df9a341
+F test/auth.test b66c571142873cfbf9a141b807f78b93f5d11374
 F test/auth2.test ee3ba272e2b975e913afc9b041ee75706e190005
-F test/auth3.test b3308950d3839a45193cdcd0473432e33fe38b61
+F test/auth3.test a4755e6a2a2fea547ffe63c874eb569e60a28eb5
 F test/autoinc.test ab549b48b389cabd92967b86c379ec8b31fa6c16
 F test/autovacuum.test 25f891bc343a8bf5d9229e2e9ddab9f31a9ab5ec
 F test/autovacuum_ioerr2.test 598b0663074d3673a9c1bc9a16e80971313bafe6
@@ -727,7 +727,7 @@ F tool/speedtest16.c c8a9c793df96db7e4933f0852abb7a03d48f2e81
 F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
-P 46c4ec968bc22843c65744ab4a01ec7ac605567b
-R 7b0e588db84d78319007ef42e8ba55fe
+P a612299092a48b38c5f9cf430bbcaf41777cbcb3
+R 8d43b74d4371f916b497236f2944ae72
 U drh
-Z 3ad8cae0bb9ab3914b1dbd324f2667b2
+Z f912bd9e4ca5182f98f6a00c2cb86598
diff --git a/manifest.uuid b/manifest.uuid
index 07e33f213f..968d3f281d 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-a612299092a48b38c5f9cf430bbcaf41777cbcb3
\ No newline at end of file
+694662f7860179403e0cc55b45ae8afa45aa7dfb
\ No newline at end of file
diff --git a/src/auth.c b/src/auth.c
index 5630c239f5..c76520a922 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -14,7 +14,7 @@
 ** systems that do not need this facility may omit it by recompiling
 ** the library with -DSQLITE_OMIT_AUTHORIZATION=1
 **
-** $Id: auth.c,v 1.29 2007/09/18 15:55:07 drh Exp $
+** $Id: auth.c,v 1.30 2009/05/04 01:58:31 drh Exp $
 */
 #include "sqliteInt.h"
 
@@ -86,10 +86,8 @@ int sqlite3_set_authorizer(
 ** Write an error message into pParse->zErrMsg that explains that the
 ** user-supplied authorization function returned an illegal value.
 */
-static void sqliteAuthBadReturnCode(Parse *pParse, int rc){
-  sqlite3ErrorMsg(pParse, "illegal return value (%d) from the "
-    "authorization function - should be SQLITE_OK, SQLITE_IGNORE, "
-    "or SQLITE_DENY", rc);
+static void sqliteAuthBadReturnCode(Parse *pParse){
+  sqlite3ErrorMsg(pParse, "authorizer malfunction");
   pParse->rc = SQLITE_ERROR;
 }
 
@@ -118,7 +116,7 @@ void sqlite3AuthRead(
   int iDb;              /* The index of the database the expression refers to */
 
   if( db->xAuth==0 ) return;
-  if( pExpr->op!=TK_COLUMN ) return;
+  assert( pExpr->op==TK_COLUMN );
   iDb = sqlite3SchemaToIndex(pParse->db, pSchema);
   if( iDb<0 ){
     /* An attempt to read a column out of a subquery or other
@@ -128,7 +126,7 @@ void sqlite3AuthRead(
   for(iSrc=0; pTabList && iSrc<pTabList->nSrc; iSrc++){
     if( pExpr->iTable==pTabList->a[iSrc].iCursor ) break;
   }
-  if( iSrc>=0 && pTabList && iSrc<pTabList->nSrc ){
+  if( pTabList && iSrc<pTabList->nSrc ){
     pTab = pTabList->a[iSrc].pTab;
   }else if( (pStack = pParse->trigStack)!=0 ){
     /* This must be an attempt to read the NEW or OLD pseudo-tables
@@ -162,7 +160,7 @@ void sqlite3AuthRead(
     }
     pParse->rc = SQLITE_AUTH;
   }else if( rc!=SQLITE_OK ){
-    sqliteAuthBadReturnCode(pParse, rc);
+    sqliteAuthBadReturnCode(pParse);
   }
 }
 
@@ -198,7 +196,7 @@ int sqlite3AuthCheck(
     pParse->rc = SQLITE_AUTH;
   }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){
     rc = SQLITE_DENY;
-    sqliteAuthBadReturnCode(pParse, rc);
+    sqliteAuthBadReturnCode(pParse);
   }
   return rc;
 }
diff --git a/test/auth.test b/test/auth.test
index 1cb2e324c3..6942e0ddc7 100644
--- a/test/auth.test
+++ b/test/auth.test
@@ -12,7 +12,7 @@
 # focus of this script is testing the sqlite3_set_authorizer() API
 # and related functionality.
 #
-# $Id: auth.test,v 1.44 2008/10/27 15:34:33 danielk1977 Exp $
+# $Id: auth.test,v 1.45 2009/05/04 01:58:31 drh Exp $
 #
 
 set testdir [file dirname $argv0]
@@ -2141,7 +2141,7 @@ do_test auth-2.9.1 {
     return SQLITE_OK
   }
   catchsql {SELECT ROWID,b,c FROM t2}
-} {1 {illegal return value (999) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY}}
+} {1 {authorizer malfunction}}
 do_test auth-2.9.2 {
   db errorcode
 } {1}
@@ -2153,7 +2153,7 @@ do_test auth-2.10 {
     return SQLITE_OK
   }
   catchsql {SELECT ROWID,b,c FROM t2}
-} {1 {illegal return value (1) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY}}
+} {1 {authorizer malfunction}}
 do_test auth-2.11.1 {
   proc auth {code arg1 arg2 arg3 arg4} {
     if {$code=="SQLITE_READ" && $arg2=="a"} {
diff --git a/test/auth3.test b/test/auth3.test
index 0d99cac765..21e2b3b65d 100644
--- a/test/auth3.test
+++ b/test/auth3.test
@@ -12,7 +12,7 @@
 # Test that the truncate optimization is disabled if the SQLITE_DELETE
 # authorization callback returns SQLITE_IGNORE.
 #
-# $Id: auth3.test,v 1.1 2008/10/27 15:34:33 danielk1977 Exp $
+# $Id: auth3.test,v 1.2 2009/05/04 01:58:31 drh Exp $
 #
 
 set testdir [file dirname $argv0]
@@ -57,7 +57,7 @@ do_test auth3.1.2 {
 do_test auth3.1.3 {
   set ::authcode SQLITE_INVALID
   catchsql { DELETE FROM t1 }
-} {1 {illegal return value (1) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY}}
+} {1 {authorizer malfunction}}
 do_test auth3.1.4 {
   execsql { SELECT * FROM t1 }
 } {1 2 3 4 5 6}