From e22a334b782e5434cc1858eeb2f90c0148ff802d Mon Sep 17 00:00:00 2001 From: drh Date: Tue, 22 Apr 2003 20:30:37 +0000 Subject: [PATCH] Update the authorizer API so that it reports the database that table and indices belong to and so that it reports when actions are taken in response to a trigger. (CVS 928) FossilOrigin-Name: c675a5504138f34cae6def782b5d3add2c67d2bc --- manifest | 44 ++-- manifest.uuid | 2 +- src/auth.c | 31 ++- src/build.c | 60 +++--- src/copy.c | 9 +- src/delete.c | 7 +- src/expr.c | 19 +- src/insert.c | 7 +- src/pragma.c | 4 +- src/select.c | 4 +- src/sqlite.h.in | 9 +- src/sqliteInt.h | 19 +- src/tclsqlite.c | 144 ++++++++++++- src/test1.c | 124 +---------- src/trigger.c | 12 +- src/update.c | 4 +- test/auth.test | 491 +++++++++++++++++++++++--------------------- test/tclsqlite.test | 4 +- 18 files changed, 541 insertions(+), 453 deletions(-) diff --git a/manifest b/manifest index 47faae40d1..837b63fe1a 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Check\sfor\sreadline\slibs\snow\sadds\sappropriate\scurses\sor\stermcap\slib\swhen\sneeded\s(CVS\s927) -D 2003-04-22T08:04:49 +C Update\sthe\sauthorizer\sAPI\sso\sthat\sit\sreports\sthe\sdatabase\sthat\stable\sand\nindices\sbelong\sto\sand\sso\sthat\sit\sreports\swhen\sactions\sare\staken\sin\sresponse\nto\sa\strigger.\s(CVS\s928) +D 2003-04-22T20:30:38 F Makefile.in 004acec253ecdde985c8ecd5b7c9accdb210378f F Makefile.linux-gcc b86a99c493a5bfb402d1d9178dcdc4bd4b32f906 F README f1de682fbbd94899d50aca13d387d1b3fd3be2dd @@ -20,19 +20,19 @@ F spec.template 238f7db425a78dc1bb7682e56e3834c7270a3f5e F sqlite.1 83f4a9d37bdf2b7ef079a82d54eaf2e3509ee6ea F sqlite.pc.in 30552343140c53304c2a658c080fbe810cd09ca2 F src/attach.c 7ebc7487de43e357a64226f8abef81f2669f2183 -F src/auth.c 2dd558dba4d8ffbed25fe1644e9af242f389f3e9 +F src/auth.c 7b0a72a649989461d36eced6ff1214f32af436c5 F src/btree.c b9487cceb9ea78af9cbae9def34114902f511736 F src/btree.h 529c98cb0715c62214544fbbe50b946f99a85540 F src/btree_rb.c 97375d44bc2cf93b6312acd0f3276177c20e77bb -F src/build.c 90fc1b15d5e69316ffb979a11052ba6743e9b556 -F src/copy.c 8699e571994934c78f70761a1458d7b9e9e75073 -F src/delete.c af65b26d9d13abbf63fdc4e97b88d26c700b04bb +F src/build.c d5a26baeffa5bc49b4b7009a7723c6ab7e1b02d9 +F src/copy.c 6bafc19598daef79d80d16214260611d758a53a1 +F src/delete.c c5c26039cfdf1eadabff698eb329e3880189795e F src/encode.c faf03741efe921755ec371cf4a6984536de00042 -F src/expr.c 3c0ff6b7b34d483ea03fb86c66f28b929542c782 +F src/expr.c 46e2bb93abd6c70e67c8cdc5d92fdcd0b95498f3 F src/func.c 882c3ed5a02be18cd904715c7ec62947a34a3605 F src/hash.c 4fc39feb7b7711f6495ee9f2159559bedb043e1f F src/hash.h cd0433998bc1a3759d244e1637fe5a3c13b53bf8 -F src/insert.c ae9ffb52b0c4218e3f00f611acfc600fd082dac4 +F src/insert.c 350167db53b779a8d402d00ec5153410a8003931 F src/main.c d6a7f78ec5269c7ced3380908a7ff04508aa2f8e F src/md5.c fe4f9c9c6f71dfc26af8da63e4d04489b1430565 F src/os.c 7274951ed6894f383cb889342267ded07caf339b @@ -40,23 +40,23 @@ F src/os.h aa52f0c9da321ff6134d19f2ca959e18e33615d0 F src/pager.c df4c81350cbd80c1ab48341ae0768ba78d99ad49 F src/pager.h e3702f7d384921f6cd5ce0b3ed589185433e9f6c F src/parse.y 15ae47e7dd84304c1c6ae9205558405127977541 -F src/pragma.c aef327bd597e15f0d31f45b042bd2797cca65039 +F src/pragma.c 3b1e8da84304d5efa1db5802c67261335b663327 F src/printf.c fc5fdef6e92ad205005263661fe9716f55a49f3e F src/random.c 19e8e00fe0df32a742f115773f57651be327cabe -F src/select.c 07140aaf5f2e209dd7bf8a681401a412ce16dc04 +F src/select.c 92a66f0122f321688569e108feceaf74f5f4e63a F src/shell.c a0b7043713713ff45f666ce6b3c03a64109a8bb5 F src/shell.tcl 27ecbd63dd88396ad16d81ab44f73e6c0ea9d20e -F src/sqlite.h.in f49c2cdec7d24cb03e496a1ca519e16306495ee1 -F src/sqliteInt.h 331d92aa826c5230247d97818b291f38aba21a11 +F src/sqlite.h.in 058574a5c0cc4cdd4826b2452f8088c9fb04ed85 +F src/sqliteInt.h b9bbf9d8ec7d5b3fd5a0a4173a3a41f54f1dff6e F src/table.c eed2098c9b577aa17f8abe89313a9c4413f57d63 -F src/tclsqlite.c 7a072c3c8ba9796edc25e5ffa62b68558134e192 -F src/test1.c 7ad4e6308dde0bf5a0f0775ce20cb2ec37a328f8 +F src/tclsqlite.c 1ca3b70aaa8564f89900909c28b991b95bf3fc70 +F src/test1.c 4484806861a3099670188a09e12f858ec65aa56c F src/test2.c 5014337d8576b731cce5b5a14bec4f0daf432700 F src/test3.c 30985ebdfaf3ee1462a9b0652d3efbdc8d9798f5 F src/threadtest.c d641a5219e718e18a1a80a50eb9bb549f451f42e F src/tokenize.c 067d1a477a94af7712ca74e09aaa6bd0f7299527 -F src/trigger.c c461789fb90df04b4c43b0d07a7aede8f453d9bc -F src/update.c 803c13ad967850fb18443394e0a5c2b0f0d7ce6f +F src/trigger.c 21ad1677bb0f0625348a01e92d1e0c6d794185a1 +F src/update.c 3301448786205a7ec2d035c7cb7bd8ae5128c2b0 F src/util.c 87635cfdfffa056a8d3147719357aa442374f78c F src/vacuum.c e24781e38db36d1c9f578b6b3613bf0989ebd63c F src/vdbe.c d453e8c95c9fac5a5e067c5c58243b3ae75699fc @@ -64,7 +64,7 @@ F src/vdbe.h 985c24f312d10f9ef8f9a8b8ea62fcdf68e82f21 F src/where.c c0709e5cf402f30026b597dce9dc3e74f1d07f8e F test/all.test 569a92a8ee88f5300c057cc4a8f50fbbc69a3242 F test/attach.test b311c83e370e6b22b79a8279317039440ce64862 -F test/auth.test 8128cd750830cba01b7fd0fba8ddfa1722ea6291 +F test/auth.test d25a76f21494b61483787caa7b28c713bc7c7c7f F test/bigfile.test 1cd8256d4619c39bea48147d344f348823e78678 F test/bigrow.test 8ab252dba108f12ad64e337b0f2ff31a807ac578 F test/btree.test 1e3463c7838e7e71bbf37c9c6e45beee9c8975ba @@ -116,7 +116,7 @@ F test/sort.test ba07b107c16070208e6aab3cadea66ba079d85ba F test/subselect.test f0fea8cf9f386d416d64d152e3c65f9116d0f50f F test/table.test 371a1fc1c470982b2f68f9732f903a5d96f949c4 F test/tableapi.test 3c80421a889e1d106df16e5800fa787f0d2914a6 -F test/tclsqlite.test 62773bcb94f7d7b69f1ab05c0ae07a22c737440f +F test/tclsqlite.test 42b8f01461a73e9921a3dfaa6d34e28e54441dcc F test/temptable.test 6feff1960c707e924d5462356c5303943dac4a8e F test/tester.tcl d7a5835edaf118539241145d8188f0822b673488 F test/trans.test 75e7a171b5d2d94ee56766459113e2ad0e5f809d @@ -165,7 +165,7 @@ F www/speed.tcl cb4c10a722614aea76d2c51f32ee43400d5951be F www/sqlite.tcl ae3dcfb077e53833b59d4fcc94d8a12c50a44098 F www/tclsqlite.tcl 1db15abeb446aad0caf0b95b8b9579720e4ea331 F www/vdbe.tcl 2013852c27a02a091d39a766bc87cff329f21218 -P 58ddd587b0f5d565ae3b0ba3a1fa5c20d459f3fc -R 56bc5369df13f5ed3e79edd9e52598e8 -U paul -Z 46984dea9f9baae2ea78dc3185931bfa +P 393dd91c252531bb5abfe424b86a5f7eb20edcfc +R 6eac04a1271ebdc92908dc18c218ec20 +U drh +Z 926b6500299b68262d64ec3146410e0c diff --git a/manifest.uuid b/manifest.uuid index 2cc2843131..05605c2ba3 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -393dd91c252531bb5abfe424b86a5f7eb20edcfc \ No newline at end of file +c675a5504138f34cae6def782b5d3add2c67d2bc \ No newline at end of file diff --git a/src/auth.c b/src/auth.c index b47e657efa..47b6600a5e 100644 --- a/src/auth.c +++ b/src/auth.c @@ -14,7 +14,7 @@ ** systems that do not need this facility may omit it by recompiling ** the library with -DSQLITE_OMIT_AUTHORIZATION=1 ** -** $Id: auth.c,v 1.5 2003/04/16 20:24:52 drh Exp $ +** $Id: auth.c,v 1.6 2003/04/22 20:30:38 drh Exp $ */ #include "sqliteInt.h" @@ -52,7 +52,7 @@ */ int sqlite_set_authorizer( sqlite *db, - int (*xAuth)(void*,int,const char*,const char*), + int (*xAuth)(void*,int,const char*,const char*,const char*,const char*), void *pArg ){ db->xAuth = xAuth; @@ -94,7 +94,12 @@ void sqliteAuthRead( Table *pTab; /* The table being read */ const char *zCol; /* Name of the column of the table */ int iSrc; /* Index in pTabList->a[] of table being read */ + const char *zDBase; /* Name of database being accessed */ + const char *zTrig; /* Name of the trigger doing the accessing */ + TriggerStack *pStack; /* The stack of current triggers */ + pStack = pParse->trigStack; + zTrig = pStack ? pStack->pTrigger->name : 0; if( db->xAuth==0 ) return; assert( pExpr->op==TK_COLUMN ); iSrc = pExpr->iTable - base; @@ -104,7 +109,6 @@ void sqliteAuthRead( /* This must be an attempt to read the NEW or OLD pseudo-tables ** of a trigger. */ - TriggerStack *pStack = pParse->trigStack; assert( pStack!=0 ); assert( pExpr->iTable==pStack->newIdx || pExpr->iTable==pStack->oldIdx ); pTab = pStack->pTab; @@ -119,12 +123,19 @@ void sqliteAuthRead( }else{ zCol = "ROWID"; } - rc = db->xAuth(db->pAuthArg, SQLITE_READ, pTab->zName, zCol); + assert( pExpr->iDb>=0 && pExpr->iDbnDb ); + zDBase = db->aDb[pExpr->iDb].zName; + rc = db->xAuth(db->pAuthArg, SQLITE_READ, pTab->zName, zCol, zDBase, zTrig); if( rc==SQLITE_IGNORE ){ pExpr->op = TK_NULL; }else if( rc==SQLITE_DENY ){ - sqliteSetString(&pParse->zErrMsg,"access to ", - pTab->zName, ".", zCol, " is prohibited", 0); + if( db->nDb>2 || pExpr->iDb!=0 ){ + sqliteSetString(&pParse->zErrMsg,"access to ", zDBase, ".", + pTab->zName, ".", zCol, " is prohibited", 0); + }else{ + sqliteSetString(&pParse->zErrMsg,"access to ", pTab->zName, ".", + zCol, " is prohibited", 0); + } pParse->nErr++; pParse->rc = SQLITE_AUTH; }else if( rc!=SQLITE_OK ){ @@ -142,14 +153,18 @@ int sqliteAuthCheck( Parse *pParse, int code, const char *zArg1, - const char *zArg2 + const char *zArg2, + const char *zArg3 ){ sqlite *db = pParse->db; int rc; + const char *zTrigName; + if( db->xAuth==0 ){ return SQLITE_OK; } - rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2); + zTrigName = pParse->trigStack ? pParse->trigStack->pTrigger->name : 0; + rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2, zArg3, zTrigName); if( rc==SQLITE_DENY ){ sqliteSetString(&pParse->zErrMsg, "not authorized", 0); pParse->rc = SQLITE_AUTH; diff --git a/src/build.c b/src/build.c index 730d78269f..27cf944270 100644 --- a/src/build.c +++ b/src/build.c @@ -23,7 +23,7 @@ ** ROLLBACK ** PRAGMA ** -** $Id: build.c,v 1.148 2003/04/21 18:48:46 drh Exp $ +** $Id: build.c,v 1.149 2003/04/22 20:30:38 drh Exp $ */ #include "sqliteInt.h" #include @@ -453,12 +453,13 @@ void sqliteStartTable( if( pParse->iDb==1 ) isTemp = 1; #ifndef SQLITE_OMIT_AUTHORIZATION assert( (isTemp & 1)==isTemp ); - if( sqliteAuthCheck(pParse, SQLITE_INSERT, SCHEMA_TABLE(isTemp), 0) ){ - sqliteFree(zName); - return; - } { int code; + char *zDb = isTemp ? "temp" : "main"; + if( sqliteAuthCheck(pParse, SQLITE_INSERT, SCHEMA_TABLE(isTemp), 0, zDb) ){ + sqliteFree(zName); + return; + } if( isView ){ if( isTemp ){ code = SQLITE_CREATE_TEMP_VIEW; @@ -472,7 +473,7 @@ void sqliteStartTable( code = SQLITE_CREATE_TABLE; } } - if( sqliteAuthCheck(pParse, code, zName, 0) ){ + if( sqliteAuthCheck(pParse, code, zName, 0, zDb) ){ sqliteFree(zName); return; } @@ -1218,12 +1219,15 @@ void sqliteDropTable(Parse *pParse, Token *pName, int isView){ pTable = sqliteTableFromToken(pParse, pName); if( pTable==0 ) return; iDb = pTable->iDb; + assert( iDb>=0 && iDbnDb ); #ifndef SQLITE_OMIT_AUTHORIZATION - if( sqliteAuthCheck(pParse, SQLITE_DELETE, SCHEMA_TABLE(pTable->iDb),0)){ - return; - } { int code; + const char *zTab = SCHEMA_TABLE(pTable->iDb); + const char *zDb = db->aDb[pTable->iDb].zName; + if( sqliteAuthCheck(pParse, SQLITE_DELETE, zTab, 0, zDb)){ + return; + } if( isView ){ if( iDb==1 ){ code = SQLITE_DROP_TEMP_VIEW; @@ -1237,10 +1241,10 @@ void sqliteDropTable(Parse *pParse, Token *pName, int isView){ code = SQLITE_DROP_TABLE; } } - if( sqliteAuthCheck(pParse, code, pTable->zName, 0) ){ + if( sqliteAuthCheck(pParse, code, pTable->zName, 0, zDb) ){ return; } - if( sqliteAuthCheck(pParse, SQLITE_DELETE, pTable->zName, 0) ){ + if( sqliteAuthCheck(pParse, SQLITE_DELETE, pTable->zName, 0, zDb) ){ return; } } @@ -1600,15 +1604,19 @@ void sqliteCreateIndex( /* Check for authorization to create an index. */ #ifndef SQLITE_OMIT_AUTHORIZATION - assert( isTemp==0 || isTemp==1 ); - assert( pTab->iDb==pParse->iDb || isTemp==1 ); - if( sqliteAuthCheck(pParse, SQLITE_INSERT, SCHEMA_TABLE(isTemp), 0) ){ - goto exit_create_index; - } - i = SQLITE_CREATE_INDEX; - if( isTemp ) i = SQLITE_CREATE_TEMP_INDEX; - if( sqliteAuthCheck(pParse, i, zName, pTab->zName) ){ - goto exit_create_index; + { + const char *zDb = db->aDb[pTab->iDb].zName; + + assert( isTemp==0 || isTemp==1 ); + assert( pTab->iDb==pParse->iDb || isTemp==1 ); + if( sqliteAuthCheck(pParse, SQLITE_INSERT, SCHEMA_TABLE(isTemp), 0, zDb) ){ + goto exit_create_index; + } + i = SQLITE_CREATE_INDEX; + if( isTemp ) i = SQLITE_CREATE_TEMP_INDEX; + if( sqliteAuthCheck(pParse, i, zName, pTab->zName, zDb) ){ + goto exit_create_index; + } } #endif @@ -1813,11 +1821,13 @@ void sqliteDropIndex(Parse *pParse, SrcList *pName){ { int code = SQLITE_DROP_INDEX; Table *pTab = pIndex->pTable; - if( sqliteAuthCheck(pParse, SQLITE_DELETE, SCHEMA_TABLE(pIndex->iDb), 0) ){ + const char *zDb = db->aDb[pIndex->iDb].zName; + const char *zTab = SCHEMA_TABLE(pIndex->iDb); + if( sqliteAuthCheck(pParse, SQLITE_DELETE, zTab, 0, zDb) ){ goto exit_drop_index; } if( pIndex->iDb ) code = SQLITE_DROP_TEMP_INDEX; - if( sqliteAuthCheck(pParse, code, pIndex->zName, pTab->zName) ){ + if( sqliteAuthCheck(pParse, code, pIndex->zName, pTab->zName, zDb) ){ goto exit_drop_index; } } @@ -2035,7 +2045,7 @@ void sqliteBeginTransaction(Parse *pParse, int onError){ if( pParse==0 || (db=pParse->db)==0 || db->aDb[0].pBt==0 ) return; if( pParse->nErr || sqlite_malloc_failed ) return; - if( sqliteAuthCheck(pParse, SQLITE_TRANSACTION, "BEGIN", 0) ) return; + if( sqliteAuthCheck(pParse, SQLITE_TRANSACTION, "BEGIN", 0, 0) ) return; if( db->flags & SQLITE_InTrans ){ sqliteErrorMsg(pParse, "cannot start a transaction within a transaction"); return; @@ -2053,7 +2063,7 @@ void sqliteCommitTransaction(Parse *pParse){ if( pParse==0 || (db=pParse->db)==0 || db->aDb[0].pBt==0 ) return; if( pParse->nErr || sqlite_malloc_failed ) return; - if( sqliteAuthCheck(pParse, SQLITE_TRANSACTION, "COMMIT", 0) ) return; + if( sqliteAuthCheck(pParse, SQLITE_TRANSACTION, "COMMIT", 0, 0) ) return; if( (db->flags & SQLITE_InTrans)==0 ){ sqliteErrorMsg(pParse, "cannot commit - no transaction is active"); return; @@ -2072,7 +2082,7 @@ void sqliteRollbackTransaction(Parse *pParse){ if( pParse==0 || (db=pParse->db)==0 || db->aDb[0].pBt==0 ) return; if( pParse->nErr || sqlite_malloc_failed ) return; - if( sqliteAuthCheck(pParse, SQLITE_TRANSACTION, "ROLLBACK", 0) ) return; + if( sqliteAuthCheck(pParse, SQLITE_TRANSACTION, "ROLLBACK", 0, 0) ) return; if( (db->flags & SQLITE_InTrans)==0 ){ sqliteErrorMsg(pParse, "cannot rollback - no transaction is active"); return; diff --git a/src/copy.c b/src/copy.c index 076b0a4781..69711dca6d 100644 --- a/src/copy.c +++ b/src/copy.c @@ -11,7 +11,7 @@ ************************************************************************* ** This file contains code used to implement the COPY command. ** -** $Id: copy.c,v 1.2 2003/04/15 19:22:23 drh Exp $ +** $Id: copy.c,v 1.3 2003/04/22 20:30:39 drh Exp $ */ #include "sqliteInt.h" @@ -39,6 +39,7 @@ void sqliteCopy( int addr, end; Index *pIdx; char *zFile = 0; + const char *zDb; sqlite *db = pParse->db; @@ -48,8 +49,10 @@ void sqliteCopy( if( pTab==0 || sqliteIsReadOnly(pParse, pTab) ) goto copy_cleanup; zFile = sqliteStrNDup(pFilename->z, pFilename->n); sqliteDequote(zFile); - if( sqliteAuthCheck(pParse, SQLITE_INSERT, pTab->zName, zFile) - || sqliteAuthCheck(pParse, SQLITE_COPY, pTab->zName, zFile) ){ + assert( pTab->iDb>=0 && pTab->iDbnDb ); + zDb = db->aDb[pTab->iDb].zName; + if( sqliteAuthCheck(pParse, SQLITE_INSERT, pTab->zName, 0, zDb) + || sqliteAuthCheck(pParse, SQLITE_COPY, pTab->zName, zFile, zDb) ){ goto copy_cleanup; } v = sqliteGetVdbe(pParse); diff --git a/src/delete.c b/src/delete.c index 9d88de4af5..8899e717cf 100644 --- a/src/delete.c +++ b/src/delete.c @@ -12,7 +12,7 @@ ** This file contains C code routines that are called by the parser ** to handle DELETE FROM statements. ** -** $Id: delete.c,v 1.52 2003/04/17 22:57:53 drh Exp $ +** $Id: delete.c,v 1.53 2003/04/22 20:30:39 drh Exp $ */ #include "sqliteInt.h" @@ -58,6 +58,7 @@ void sqliteDeleteFrom( ){ Vdbe *v; /* The virtual database engine */ Table *pTab; /* The table from which records will be deleted */ + const char *zDb; /* Name of database holding pTab */ int end, addr; /* A couple addresses of generated code */ int i; /* Loop counter */ WhereInfo *pWInfo; /* Information about the WHERE clause */ @@ -97,7 +98,9 @@ void sqliteDeleteFrom( } if( sqliteIsReadOnly(pParse, pTab) ) goto delete_from_cleanup; assert( pTab->pSelect==0 ); /* This table is not a view */ - if( sqliteAuthCheck(pParse, SQLITE_DELETE, pTab->zName, 0) ){ + assert( pTab->iDbnDb ); + zDb = db->aDb[pTab->iDb].zName; + if( sqliteAuthCheck(pParse, SQLITE_DELETE, pTab->zName, 0, zDb) ){ goto delete_from_cleanup; } diff --git a/src/expr.c b/src/expr.c index 059b7bbe75..90f00f3aa0 100644 --- a/src/expr.c +++ b/src/expr.c @@ -12,7 +12,7 @@ ** This file contains routines used for analyzing expressions and ** for generating VDBE code that evaluates expressions in SQLite. ** -** $Id: expr.c,v 1.93 2003/04/19 17:27:25 drh Exp $ +** $Id: expr.c,v 1.94 2003/04/22 20:30:39 drh Exp $ */ #include "sqliteInt.h" #include @@ -432,6 +432,8 @@ int sqliteExprResolveIds( int cnt = 0; /* Number of matches */ int i; /* Loop counter */ char *z; + int iDb = -1; + assert( pExpr->token.z ); z = sqliteStrNDup(pExpr->token.z, pExpr->token.n); sqliteDequote(z); @@ -440,11 +442,13 @@ int sqliteExprResolveIds( int j; Table *pTab = pTabList->a[i].pTab; if( pTab==0 ) continue; + iDb = pTab->iDb; assert( pTab->nCol>0 ); for(j=0; jnCol; j++){ if( sqliteStrICmp(pTab->aCol[j].zName, z)==0 ){ cnt++; pExpr->iTable = i + base; + pExpr->iDb = pTab->iDb; if( j==pTab->iPKey ){ /* Substitute the record number for the INTEGER PRIMARY KEY */ pExpr->iColumn = -1; @@ -470,9 +474,10 @@ int sqliteExprResolveIds( } } } - if( cnt==0 && sqliteIsRowid(z) ){ + if( cnt==0 && iDb>=0 && sqliteIsRowid(z) ){ pExpr->iColumn = -1; pExpr->iTable = base; + pExpr->iDb = iDb; cnt = 1 + (pTabList->nSrc>1); pExpr->op = TK_COLUMN; pExpr->dataType = SQLITE_SO_NUM; @@ -544,11 +549,15 @@ int sqliteExprResolveIds( continue; } } - if( 0==(cntTab++) ) pExpr->iTable = i + base; + if( 0==(cntTab++) ){ + pExpr->iTable = i + base; + pExpr->iDb = pTab->iDb; + } for(j=0; jnCol; j++){ if( sqliteStrICmp(pTab->aCol[j].zName, zRight)==0 ){ cnt++; pExpr->iTable = i + base; + pExpr->iDb = pTab->iDb; /* Substitute the rowid (column -1) for the INTEGER PRIMARY KEY */ pExpr->iColumn = j==pTab->iPKey ? -1 : j; pExpr->dataType = pTab->aCol[j].sortOrder & SQLITE_SO_TYPEMASK; @@ -563,11 +572,15 @@ int sqliteExprResolveIds( int t = 0; if( pTriggerStack->newIdx != -1 && sqliteStrICmp("new", zLeft) == 0 ){ pExpr->iTable = pTriggerStack->newIdx; + assert( pTriggerStack->pTab ); + pExpr->iDb = pTriggerStack->pTab->iDb; cntTab++; t = 1; } if( pTriggerStack->oldIdx != -1 && sqliteStrICmp("old", zLeft) == 0 ){ pExpr->iTable = pTriggerStack->oldIdx; + assert( pTriggerStack->pTab ); + pExpr->iDb = pTriggerStack->pTab->iDb; cntTab++; t = 1; } diff --git a/src/insert.c b/src/insert.c index f7773314c8..940536f56f 100644 --- a/src/insert.c +++ b/src/insert.c @@ -12,7 +12,7 @@ ** This file contains C code routines that are called by the parser ** to handle INSERT statements in SQLite. ** -** $Id: insert.c,v 1.80 2003/04/20 17:29:24 drh Exp $ +** $Id: insert.c,v 1.81 2003/04/22 20:30:39 drh Exp $ */ #include "sqliteInt.h" @@ -93,6 +93,7 @@ void sqliteInsert( ){ Table *pTab; /* The table to insert into */ char *zTab; /* Name of the table into which we are inserting */ + const char *zDb; /* Name of the database holding this table */ int i, j, idx; /* Loop counters */ Vdbe *v; /* Generate code into this virtual machine */ Index *pIdx; /* For looping over indices of the table */ @@ -126,7 +127,9 @@ void sqliteInsert( if( pTab==0 ){ goto insert_cleanup; } - if( sqliteAuthCheck(pParse, SQLITE_INSERT, pTab->zName, 0) ){ + assert( pTab->iDbnDb ); + zDb = db->aDb[pTab->iDb].zName; + if( sqliteAuthCheck(pParse, SQLITE_INSERT, pTab->zName, 0, zDb) ){ goto insert_cleanup; } diff --git a/src/pragma.c b/src/pragma.c index 1466cc1b64..6b26048447 100644 --- a/src/pragma.c +++ b/src/pragma.c @@ -11,7 +11,7 @@ ************************************************************************* ** This file contains code used to implement the PRAGMA command. ** -** $Id: pragma.c,v 1.3 2003/04/15 01:19:49 drh Exp $ +** $Id: pragma.c,v 1.4 2003/04/22 20:30:39 drh Exp $ */ #include "sqliteInt.h" #include @@ -107,7 +107,7 @@ void sqlitePragma(Parse *pParse, Token *pLeft, Token *pRight, int minusFlag){ zRight = sqliteStrNDup(pRight->z, pRight->n); sqliteDequote(zRight); } - if( sqliteAuthCheck(pParse, SQLITE_PRAGMA, zLeft, zRight) ){ + if( sqliteAuthCheck(pParse, SQLITE_PRAGMA, zLeft, zRight, 0) ){ sqliteFree(zLeft); sqliteFree(zRight); return; diff --git a/src/select.c b/src/select.c index 3aef002cce..f311fa7654 100644 --- a/src/select.c +++ b/src/select.c @@ -12,7 +12,7 @@ ** This file contains C code routines that are called by the parser ** to handle SELECT statements in SQLite. ** -** $Id: select.c,v 1.132 2003/04/17 22:57:54 drh Exp $ +** $Id: select.c,v 1.133 2003/04/22 20:30:39 drh Exp $ */ #include "sqliteInt.h" @@ -1917,7 +1917,7 @@ int sqliteSelect( int rc = 1; /* Value to return from this function */ if( sqlite_malloc_failed || pParse->nErr || p==0 ) return 1; - if( sqliteAuthCheck(pParse, SQLITE_SELECT, 0, 0) ) return 1; + if( sqliteAuthCheck(pParse, SQLITE_SELECT, 0, 0, 0) ) return 1; /* If there is are a sequence of queries, do the earlier ones first. */ diff --git a/src/sqlite.h.in b/src/sqlite.h.in index 7d9e12b8c6..377b9f5424 100644 --- a/src/sqlite.h.in +++ b/src/sqlite.h.in @@ -12,7 +12,7 @@ ** This header file defines the interface that the SQLite library ** presents to client programs. ** -** @(#) $Id: sqlite.h.in,v 1.44 2003/04/03 15:46:04 drh Exp $ +** @(#) $Id: sqlite.h.in,v 1.45 2003/04/22 20:30:39 drh Exp $ */ #ifndef _SQLITE_H_ #define _SQLITE_H_ @@ -513,7 +513,7 @@ int sqlite_aggregate_count(sqlite_func*); */ int sqlite_set_authorizer( sqlite*, - int (*xAuth)(void*,int,const char*,const char*), + int (*xAuth)(void*,int,const char*,const char*,const char*,const char*), void *pUserData ); @@ -522,7 +522,10 @@ int sqlite_set_authorizer( ** be one of the values below. These values signify what kind of operation ** is to be authorized. The 3rd and 4th parameters to the authorization ** function will be parameters or NULL depending on which of the following -** codes is used as the second parameter. +** codes is used as the second parameter. The 5th parameter is the name +** of the database ("main", "temp", etc.) if applicable. The 6th parameter +** is the name of the trigger that is responsible for the access attempt, +** or NULL if this access attempt is directly from input SQL code. ** ** Arg-3 Arg-4 */ diff --git a/src/sqliteInt.h b/src/sqliteInt.h index 135523ada2..c95a56710e 100644 --- a/src/sqliteInt.h +++ b/src/sqliteInt.h @@ -11,7 +11,7 @@ ************************************************************************* ** Internal interface definitions for SQLite. ** -** @(#) $Id: sqliteInt.h,v 1.177 2003/04/21 18:48:47 drh Exp $ +** @(#) $Id: sqliteInt.h,v 1.178 2003/04/22 20:30:39 drh Exp $ */ #include "config.h" #include "sqlite.h" @@ -105,6 +105,9 @@ #ifndef UINT8_TYPE # define UINT8_TYPE unsigned char #endif +#ifndef INT8_TYPE +# define INT8_TYPE signed char +#endif #ifndef INTPTR_TYPE # if SQLITE_PTR_SZ==4 # define INTPTR_TYPE int @@ -115,6 +118,7 @@ typedef UINT32_TYPE u32; /* 4-byte unsigned integer */ typedef UINT16_TYPE u16; /* 2-byte unsigned integer */ typedef UINT8_TYPE u8; /* 1-byte unsigned integer */ +typedef INT8_TYPE i8; /* 1-byte signed integer */ typedef INTPTR_TYPE ptr; /* Big enough to hold a pointer */ typedef unsigned INTPTR_TYPE uptr; /* Big enough to hold a pointer */ @@ -290,7 +294,8 @@ struct sqlite { void *pTraceArg; /* Argument to the trace function */ #endif #ifndef SQLITE_OMIT_AUTHORIZATION - int (*xAuth)(void*,int,const char*,const char*); /* Access Auth function */ + int (*xAuth)(void*,int,const char*,const char*,const char*,const char*); + /* Access authorization function */ void *pAuthArg; /* 1st argument to the access auth function */ #endif }; @@ -580,7 +585,8 @@ struct Token { struct Expr { u8 op; /* Operation performed by this node */ u8 dataType; /* Either SQLITE_SO_TEXT or SQLITE_SO_NUM */ - u16 flags; /* Various flags. See below */ + i8 iDb; /* Database referenced by this expression */ + u8 flags; /* Various flags. See below */ Expr *pLeft, *pRight; /* Left and right subnodes */ ExprList *pList; /* A list of expressions used as function arguments ** or in " IN (zCommit ){ Tcl_Free(pDb->zCommit); } + if( pDb->zAuth ){ + Tcl_Free(pDb->zAuth); + } Tcl_Free((char*)pDb); } @@ -351,6 +355,76 @@ static void tclSqlFunc(sqlite_func *context, int argc, const char **argv){ sqlite_set_result_string(context, Tcl_GetStringResult(p->interp), -1); } } +#ifndef SQLITE_OMIT_AUTHORIZATION +/* +** This is the authentication function. It appends the authentication +** type code and the two arguments to zCmd[] then invokes the result +** on the interpreter. The reply is examined to determine if the +** authentication fails or succeeds. +*/ +static int auth_callback( + void *pArg, + int code, + const char *zArg1, + const char *zArg2, + const char *zArg3, + const char *zArg4 +){ + char *zCode; + Tcl_DString str; + int rc; + const char *zReply; + SqliteDb *pDb = (SqliteDb*)pArg; + + switch( code ){ + case SQLITE_COPY : zCode="SQLITE_COPY"; break; + case SQLITE_CREATE_INDEX : zCode="SQLITE_CREATE_INDEX"; break; + case SQLITE_CREATE_TABLE : zCode="SQLITE_CREATE_TABLE"; break; + case SQLITE_CREATE_TEMP_INDEX : zCode="SQLITE_CREATE_TEMP_INDEX"; break; + case SQLITE_CREATE_TEMP_TABLE : zCode="SQLITE_CREATE_TEMP_TABLE"; break; + case SQLITE_CREATE_TEMP_TRIGGER: zCode="SQLITE_CREATE_TEMP_TRIGGER"; break; + case SQLITE_CREATE_TEMP_VIEW : zCode="SQLITE_CREATE_TEMP_VIEW"; break; + case SQLITE_CREATE_TRIGGER : zCode="SQLITE_CREATE_TRIGGER"; break; + case SQLITE_CREATE_VIEW : zCode="SQLITE_CREATE_VIEW"; break; + case SQLITE_DELETE : zCode="SQLITE_DELETE"; break; + case SQLITE_DROP_INDEX : zCode="SQLITE_DROP_INDEX"; break; + case SQLITE_DROP_TABLE : zCode="SQLITE_DROP_TABLE"; break; + case SQLITE_DROP_TEMP_INDEX : zCode="SQLITE_DROP_TEMP_INDEX"; break; + case SQLITE_DROP_TEMP_TABLE : zCode="SQLITE_DROP_TEMP_TABLE"; break; + case SQLITE_DROP_TEMP_TRIGGER : zCode="SQLITE_DROP_TEMP_TRIGGER"; break; + case SQLITE_DROP_TEMP_VIEW : zCode="SQLITE_DROP_TEMP_VIEW"; break; + case SQLITE_DROP_TRIGGER : zCode="SQLITE_DROP_TRIGGER"; break; + case SQLITE_DROP_VIEW : zCode="SQLITE_DROP_VIEW"; break; + case SQLITE_INSERT : zCode="SQLITE_INSERT"; break; + case SQLITE_PRAGMA : zCode="SQLITE_PRAGMA"; break; + case SQLITE_READ : zCode="SQLITE_READ"; break; + case SQLITE_SELECT : zCode="SQLITE_SELECT"; break; + case SQLITE_TRANSACTION : zCode="SQLITE_TRANSACTION"; break; + case SQLITE_UPDATE : zCode="SQLITE_UPDATE"; break; + default : zCode="????"; break; + } + Tcl_DStringInit(&str); + Tcl_DStringAppend(&str, pDb->zAuth, -1); + Tcl_DStringAppendElement(&str, zCode); + Tcl_DStringAppendElement(&str, zArg1 ? zArg1 : ""); + Tcl_DStringAppendElement(&str, zArg2 ? zArg2 : ""); + Tcl_DStringAppendElement(&str, zArg3 ? zArg3 : ""); + Tcl_DStringAppendElement(&str, zArg4 ? zArg4 : ""); + rc = Tcl_GlobalEval(pDb->interp, Tcl_DStringValue(&str)); + Tcl_DStringFree(&str); + zReply = Tcl_GetStringResult(pDb->interp); + if( strcmp(zReply,"SQLITE_OK")==0 ){ + rc = SQLITE_OK; + }else if( strcmp(zReply,"SQLITE_DENY")==0 ){ + rc = SQLITE_DENY; + }else if( strcmp(zReply,"SQLITE_IGNORE")==0 ){ + rc = SQLITE_IGNORE; + }else{ + rc = 999; + } + return rc; +} +#endif /* SQLITE_OMIT_AUTHORIZATION */ /* ** The "sqlite" command below creates a new Tcl command for each @@ -369,16 +443,17 @@ static int DbObjCmd(void *cd, Tcl_Interp *interp, int objc,Tcl_Obj *const*objv){ SqliteDb *pDb = (SqliteDb*)cd; int choice; static const char *DB_strs[] = { - "begin_hook", "busy", "changes", - "close", "commit_hook", "complete", - "errorcode", "eval", "function", - "last_insert_rowid", "timeout", 0 + "authorizer", "begin_hook", "busy", + "changes", "close", "commit_hook", + "complete", "errorcode", "eval", + "function", "last_insert_rowid", "timeout", + 0 }; enum DB_enum { - DB_BEGIN_HOOK, DB_BUSY, DB_CHANGES, - DB_CLOSE, DB_COMMIT_HOOK, DB_COMPLETE, - DB_ERRORCODE, DB_EVAL, DB_FUNCTION, - DB_LAST_INSERT_ROWID, DB_TIMEOUT, + DB_AUTHORIZER, DB_BEGIN_HOOK, DB_BUSY, + DB_CHANGES, DB_CLOSE, DB_COMMIT_HOOK, + DB_COMPLETE, DB_ERRORCODE, DB_EVAL, + DB_FUNCTION, DB_LAST_INSERT_ROWID,DB_TIMEOUT, }; if( objc<2 ){ @@ -391,6 +466,57 @@ static int DbObjCmd(void *cd, Tcl_Interp *interp, int objc,Tcl_Obj *const*objv){ switch( (enum DB_enum)choice ){ + /* $db authorizer ?CALLBACK? + ** + ** Invoke the given callback to authorize each SQL operation as it is + ** compiled. 5 arguments are appended to the callback before it is + ** invoked: + ** + ** (1) The authorization type (ex: SQLITE_CREATE_TABLE, SQLITE_INSERT, ...) + ** (2) First descriptive name (depends on authorization type) + ** (3) Second descriptive name + ** (4) Name of the database (ex: "main", "temp") + ** (5) Name of trigger that is doing the access + ** + ** The callback should return on of the following strings: SQLITE_OK, + ** SQLITE_IGNORE, or SQLITE_DENY. Any other return value is an error. + ** + ** If this method is invoked with no arguments, the current authorization + ** callback string is returned. + */ + case DB_AUTHORIZER: { + if( objc>3 ){ + Tcl_WrongNumArgs(interp, 2, objv, "?CALLBACK?"); + }else if( objc==2 ){ + if( pDb->zBegin ){ + Tcl_AppendResult(interp, pDb->zAuth, 0); + } + }else{ + char *zAuth; + int len; + if( pDb->zAuth ){ + Tcl_Free(pDb->zAuth); + } + zAuth = Tcl_GetStringFromObj(objv[2], &len); + if( zAuth && len>0 ){ + pDb->zAuth = Tcl_Alloc( len + 1 ); + strcpy(pDb->zAuth, zAuth); + }else{ + pDb->zAuth = 0; + } +#ifndef SQLITE_OMIT_AUTHORIZATION + if( pDb->zAuth ){ + pDb->interp = interp; + sqlite_set_authorizer(pDb->db, auth_callback, pDb); + }else{ + sqlite_set_authorizer(pDb->db, 0, 0); + } +#endif + } + break; + } + + /* $db begin_callback ?CALLBACK? ** ** Invoke the given callback at the beginning of every SQL transaction. diff --git a/src/test1.c b/src/test1.c index 402b2c222f..92ce28cd67 100644 --- a/src/test1.c +++ b/src/test1.c @@ -13,7 +13,7 @@ ** is not included in the SQLite library. It is used for automated ** testing of the SQLite library. ** -** $Id: test1.c,v 1.22 2003/02/16 22:21:32 drh Exp $ +** $Id: test1.c,v 1.23 2003/04/22 20:30:40 drh Exp $ */ #include "sqliteInt.h" #include "tcl.h" @@ -588,125 +588,6 @@ static int sqlite_datatypes( return TCL_OK; } -#ifndef SQLITE_OMIT_AUTHORIZATION -/* -** Information used by the authentication function. -*/ -typedef struct AuthInfo AuthInfo; -struct AuthInfo { - Tcl_Interp *interp; /* Interpreter to use */ - int nCmd; /* Number of characters in zCmd[] */ - char zCmd[500]; /* Command to invoke */ -}; - -/* -** We create a single static authenticator. This won't work in a -** multi-threaded environment, but the test fixture is not multithreaded. -** And be making it static, we don't have to worry about deallocating -** after a test in order to void memory leaks. -*/ -static AuthInfo authInfo; - -/* -** This is the authentication function. It appends the authentication -** type code and the two arguments to zCmd[] then invokes the result -** on the interpreter. The reply is examined to determine if the -** authentication fails or succeeds. -*/ -static int auth_callback( - void *NotUsed, - int code, - const char *zArg1, - const char *zArg2 -){ - char *zCode; - Tcl_DString str; - int rc; - const char *zReply; - switch( code ){ - case SQLITE_COPY : zCode="SQLITE_COPY"; break; - case SQLITE_CREATE_INDEX : zCode="SQLITE_CREATE_INDEX"; break; - case SQLITE_CREATE_TABLE : zCode="SQLITE_CREATE_TABLE"; break; - case SQLITE_CREATE_TEMP_INDEX : zCode="SQLITE_CREATE_TEMP_INDEX"; break; - case SQLITE_CREATE_TEMP_TABLE : zCode="SQLITE_CREATE_TEMP_TABLE"; break; - case SQLITE_CREATE_TEMP_TRIGGER: zCode="SQLITE_CREATE_TEMP_TRIGGER"; break; - case SQLITE_CREATE_TEMP_VIEW : zCode="SQLITE_CREATE_TEMP_VIEW"; break; - case SQLITE_CREATE_TRIGGER : zCode="SQLITE_CREATE_TRIGGER"; break; - case SQLITE_CREATE_VIEW : zCode="SQLITE_CREATE_VIEW"; break; - case SQLITE_DELETE : zCode="SQLITE_DELETE"; break; - case SQLITE_DROP_INDEX : zCode="SQLITE_DROP_INDEX"; break; - case SQLITE_DROP_TABLE : zCode="SQLITE_DROP_TABLE"; break; - case SQLITE_DROP_TEMP_INDEX : zCode="SQLITE_DROP_TEMP_INDEX"; break; - case SQLITE_DROP_TEMP_TABLE : zCode="SQLITE_DROP_TEMP_TABLE"; break; - case SQLITE_DROP_TEMP_TRIGGER : zCode="SQLITE_DROP_TEMP_TRIGGER"; break; - case SQLITE_DROP_TEMP_VIEW : zCode="SQLITE_DROP_TEMP_VIEW"; break; - case SQLITE_DROP_TRIGGER : zCode="SQLITE_DROP_TRIGGER"; break; - case SQLITE_DROP_VIEW : zCode="SQLITE_DROP_VIEW"; break; - case SQLITE_INSERT : zCode="SQLITE_INSERT"; break; - case SQLITE_PRAGMA : zCode="SQLITE_PRAGMA"; break; - case SQLITE_READ : zCode="SQLITE_READ"; break; - case SQLITE_SELECT : zCode="SQLITE_SELECT"; break; - case SQLITE_TRANSACTION : zCode="SQLITE_TRANSACTION"; break; - case SQLITE_UPDATE : zCode="SQLITE_UPDATE"; break; - default : zCode="????"; break; - } - Tcl_DStringInit(&str); - Tcl_DStringAppend(&str, authInfo.zCmd, -1); - Tcl_DStringAppendElement(&str, zCode); - Tcl_DStringAppendElement(&str, zArg1 ? zArg1 : ""); - Tcl_DStringAppendElement(&str, zArg2 ? zArg2 : ""); - rc = Tcl_GlobalEval(authInfo.interp, Tcl_DStringValue(&str)); - Tcl_DStringFree(&str); - zReply = Tcl_GetStringResult(authInfo.interp); - if( strcmp(zReply,"SQLITE_OK")==0 ){ - rc = SQLITE_OK; - }else if( strcmp(zReply,"SQLITE_DENY")==0 ){ - rc = SQLITE_DENY; - }else if( strcmp(zReply,"SQLITE_IGNORE")==0 ){ - rc = SQLITE_IGNORE; - }else{ - rc = 999; - } - return rc; -} - -/* -** This routine creates a new authenticator. It fills in the zCmd[] -** field of the authentication function state variable and then registers -** the authentication function with the SQLite library. -*/ -static int test_set_authorizer( - void *NotUsed, - Tcl_Interp *interp, /* The TCL interpreter that invoked this command */ - int argc, /* Number of arguments */ - char **argv /* Text of each argument */ -){ - sqlite *db; - char *zCmd; - if( argc!=3 ){ - Tcl_AppendResult(interp, "wrong # args: should be \"", argv[0], - " DB CALLBACK\"", 0); - return TCL_ERROR; - } - if( getDbPointer(interp, argv[1], &db) ) return TCL_ERROR; - zCmd = argv[2]; - if( zCmd[0]==0 ){ - sqlite_set_authorizer(db, 0, 0); - return TCL_OK; - } - if( strlen(zCmd)>sizeof(authInfo.zCmd) ){ - Tcl_AppendResult(interp, "command too big", 0); - return TCL_ERROR; - } - authInfo.interp = interp; - authInfo.nCmd = strlen(zCmd); - strcpy(authInfo.zCmd, zCmd); - sqlite_set_authorizer(db, auth_callback, 0); - return TCL_OK; -} -#endif /* SQLITE_OMIT_AUTHORIZATION */ - - /* ** Usage: sqlite_compile DB SQL TAILVAR ** @@ -878,9 +759,6 @@ int Sqlitetest1_Init(Tcl_Interp *interp){ { "sqlite_register_test_function", (Tcl_CmdProc*)test_register_func }, { "sqlite_abort", (Tcl_CmdProc*)sqlite_abort }, { "sqlite_datatypes", (Tcl_CmdProc*)sqlite_datatypes }, -#ifndef SQLITE_OMIT_AUTHORIZATION - { "sqlite_set_authorizer", (Tcl_CmdProc*)test_set_authorizer }, -#endif #ifdef MEMORY_DEBUG { "sqlite_malloc_fail", (Tcl_CmdProc*)sqlite_malloc_fail }, { "sqlite_malloc_stat", (Tcl_CmdProc*)sqlite_malloc_stat }, diff --git a/src/trigger.c b/src/trigger.c index 7124add968..a2fc91f518 100644 --- a/src/trigger.c +++ b/src/trigger.c @@ -98,11 +98,13 @@ void sqliteBeginTrigger( #ifndef SQLITE_OMIT_AUTHORIZATION { int code = SQLITE_CREATE_TRIGGER; + const char *zDb = db->aDb[tab->iDb].zName; + const char *zDbTrig = isTemp ? db->aDb[1].zName : zDb; if( tab->iDb==1 || isTemp ) code = SQLITE_CREATE_TEMP_TRIGGER; - if( sqliteAuthCheck(pParse, code, zName, tab->zName) ){ + if( sqliteAuthCheck(pParse, code, zName, tab->zName, zDbTrig) ){ goto trigger_cleanup; } - if( sqliteAuthCheck(pParse, SQLITE_INSERT, SCHEMA_TABLE(tab->iDb), 0)){ + if( sqliteAuthCheck(pParse, SQLITE_INSERT, SCHEMA_TABLE(tab->iDb), 0, zDb)){ goto trigger_cleanup; } } @@ -397,9 +399,11 @@ void sqliteDropTrigger(Parse *pParse, SrcList *pName, int nested){ #ifndef SQLITE_OMIT_AUTHORIZATION { int code = SQLITE_DROP_TRIGGER; + const char *zDb = db->aDb[pTrigger->iDb].zName; + const char *zTab = SCHEMA_TABLE(pTrigger->iDb); if( pTrigger->iDb ) code = SQLITE_DROP_TEMP_TRIGGER; - if( sqliteAuthCheck(pParse, code, pTrigger->name, pTable->zName) || - sqliteAuthCheck(pParse, SQLITE_DELETE, SCHEMA_TABLE(pTrigger->iDb),0) ){ + if( sqliteAuthCheck(pParse, code, pTrigger->name, pTable->zName, zDb) || + sqliteAuthCheck(pParse, SQLITE_DELETE, zTab, 0, zDb) ){ goto drop_trigger_cleanup; } } diff --git a/src/update.c b/src/update.c index b77e1bb0ce..d320033f67 100644 --- a/src/update.c +++ b/src/update.c @@ -12,7 +12,7 @@ ** This file contains C code routines that are called by the parser ** to handle UPDATE statements. ** -** $Id: update.c,v 1.61 2003/04/20 17:29:24 drh Exp $ +** $Id: update.c,v 1.62 2003/04/22 20:30:40 drh Exp $ */ #include "sqliteInt.h" @@ -139,7 +139,7 @@ void sqliteUpdate( { int rc; rc = sqliteAuthCheck(pParse, SQLITE_UPDATE, pTab->zName, - pTab->aCol[j].zName); + pTab->aCol[j].zName, db->aDb[pTab->iDb].zName); if( rc==SQLITE_DENY ){ goto update_cleanup; }else if( rc==SQLITE_IGNORE ){ diff --git a/test/auth.test b/test/auth.test index 4fd48daaaa..e003c88c09 100644 --- a/test/auth.test +++ b/test/auth.test @@ -12,24 +12,25 @@ # focus of this script is testing the ATTACH and DETACH commands # and related functionality. # -# $Id: auth.test,v 1.7 2003/04/16 20:24:52 drh Exp $ +# $Id: auth.test,v 1.8 2003/04/22 20:30:40 drh Exp $ # set testdir [file dirname $argv0] source $testdir/tester.tcl -if {[info command sqlite_set_authorizer]!=""} { +# disable this test if the SQLITE_OMIT_AUTHORIZATION macro is +# defined during compilation. do_test auth-1.1.1 { db close set ::DB [sqlite db test.db] - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { return SQLITE_DENY } return SQLITE_OK } - sqlite_set_authorizer $::DB ::auth + db authorizer ::auth catchsql {CREATE TABLE t1(a,b,c)} } {1 {not authorized}} do_test auth-1.1.2 { @@ -39,9 +40,9 @@ do_test auth-1.2 { execsql {SELECT name FROM sqlite_master} } {} do_test auth-1.3.1 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_TABLE"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -53,13 +54,13 @@ do_test auth-1.3.2 { } {23} do_test auth-1.3.3 { set ::authargs -} {t1 {}} +} {t1 {} main {}} do_test auth-1.4 { execsql {SELECT name FROM sqlite_master} } {} do_test auth-1.5 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { return SQLITE_DENY } @@ -71,9 +72,9 @@ do_test auth-1.6 { execsql {SELECT name FROM sqlite_temp_master} } {} do_test auth-1.7.1 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_TEMP_TABLE"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -82,13 +83,13 @@ do_test auth-1.7.1 { } {1 {not authorized}} do_test auth-1.7.2 { set ::authargs -} {t1 {}} +} {t1 {} temp {}} do_test auth-1.8 { execsql {SELECT name FROM sqlite_temp_master} } {} do_test auth-1.9 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { return SQLITE_IGNORE } @@ -100,9 +101,9 @@ do_test auth-1.10 { execsql {SELECT name FROM sqlite_master} } {} do_test auth-1.11 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_TABLE"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK @@ -113,7 +114,7 @@ do_test auth-1.12 { execsql {SELECT name FROM sqlite_master} } {} do_test auth-1.13 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { return SQLITE_IGNORE } @@ -125,9 +126,9 @@ do_test auth-1.14 { execsql {SELECT name FROM sqlite_temp_master} } {} do_test auth-1.15 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_TEMP_TABLE"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK @@ -139,9 +140,9 @@ do_test auth-1.16 { } {} do_test auth-1.17 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_TABLE"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -153,9 +154,9 @@ do_test auth-1.18 { } {t1} do_test auth-1.19.1 { set ::authargs {} - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_TEMP_TABLE"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -170,9 +171,9 @@ do_test auth-1.20 { } {t2} do_test auth-1.21.1 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_TABLE"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -181,14 +182,14 @@ do_test auth-1.21.1 { } {1 {not authorized}} do_test auth-1.21.2 { set ::authargs -} {t2 {}} +} {t2 {} main {}} do_test auth-1.22 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.23.1 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_TABLE"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK @@ -197,15 +198,15 @@ do_test auth-1.23.1 { } {0 {}} do_test auth-1.23.2 { set ::authargs -} {t2 {}} +} {t2 {} main {}} do_test auth-1.24 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.25 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_TEMP_TABLE"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -216,9 +217,9 @@ do_test auth-1.26 { execsql {SELECT name FROM sqlite_temp_master} } {t1} do_test auth-1.27 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_TEMP_TABLE"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK @@ -230,7 +231,7 @@ do_test auth-1.28 { } {t1} do_test auth-1.29 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="t2"} { return SQLITE_DENY } @@ -242,7 +243,7 @@ do_test auth-1.30 { execsql {SELECT * FROM t2} } {} do_test auth-1.31 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="t2"} { return SQLITE_IGNORE } @@ -254,7 +255,7 @@ do_test auth-1.32 { execsql {SELECT * FROM t2} } {} do_test auth-1.33 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="t1"} { return SQLITE_IGNORE } @@ -267,7 +268,7 @@ do_test auth-1.34 { } {1 2 3} do_test auth-1.35 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} { return SQLITE_DENY } @@ -276,7 +277,7 @@ do_test auth-1.35 { catchsql {SELECT * FROM t2} } {1 {access to t2.b is prohibited}} do_test auth-1.36 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} { return SQLITE_IGNORE } @@ -285,7 +286,7 @@ do_test auth-1.36 { catchsql {SELECT * FROM t2} } {0 {1 {} 3}} do_test auth-1.37 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} { return SQLITE_IGNORE } @@ -294,7 +295,7 @@ do_test auth-1.37 { catchsql {SELECT * FROM t2 WHERE b=2} } {0 {}} do_test auth-1.38 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="a"} { return SQLITE_IGNORE } @@ -303,7 +304,7 @@ do_test auth-1.38 { catchsql {SELECT * FROM t2 WHERE b=2} } {0 {{} 2 3}} do_test auth-1.39 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} { return SQLITE_IGNORE } @@ -312,7 +313,7 @@ do_test auth-1.39 { catchsql {SELECT * FROM t2 WHERE b IS NULL} } {0 {1 {} 3}} do_test auth-1.40 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} { return SQLITE_DENY } @@ -322,7 +323,7 @@ do_test auth-1.40 { } {1 {access to t2.b is prohibited}} do_test auth-1.41 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} { return SQLITE_DENY } @@ -334,7 +335,7 @@ do_test auth-1.42 { execsql {SELECT * FROM t2} } {11 2 3} do_test auth-1.43 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} { return SQLITE_DENY } @@ -346,7 +347,7 @@ do_test auth-1.44 { execsql {SELECT * FROM t2} } {11 2 3} do_test auth-1.45 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} { return SQLITE_IGNORE } @@ -359,7 +360,7 @@ do_test auth-1.46 { } {11 2 33} do_test auth-1.47 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="t2"} { return SQLITE_DENY } @@ -371,7 +372,7 @@ do_test auth-1.48 { execsql {SELECT * FROM t2} } {11 2 33} do_test auth-1.49 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="t2"} { return SQLITE_IGNORE } @@ -384,7 +385,7 @@ do_test auth-1.50 { } {11 2 33} do_test auth-1.51 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_SELECT"} { return SQLITE_DENY } @@ -393,7 +394,7 @@ do_test auth-1.51 { catchsql {SELECT * FROM t2} } {1 {not authorized}} do_test auth-1.52 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_SELECT"} { return SQLITE_IGNORE } @@ -402,7 +403,7 @@ do_test auth-1.52 { catchsql {SELECT * FROM t2} } {0 {}} do_test auth-1.53 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_SELECT"} { return SQLITE_OK } @@ -415,9 +416,9 @@ set f [open data1.txt w] puts $f "7:8:9" close $f do_test auth-1.54 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_COPY"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -426,14 +427,14 @@ do_test auth-1.54 { } {1 {not authorized}} do_test auth-1.55 { set ::authargs -} {t2 data1.txt} +} {t2 data1.txt main {}} do_test auth-1.56 { execsql {SELECT * FROM t2} } {11 2 33} do_test auth-1.57 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_COPY"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK @@ -442,14 +443,14 @@ do_test auth-1.57 { } {0 {}} do_test auth-1.58 { set ::authargs -} {t2 data1.txt} +} {t2 data1.txt main {}} do_test auth-1.59 { execsql {SELECT * FROM t2} } {11 2 33} do_test auth-1.60 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_COPY"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_OK } return SQLITE_OK @@ -458,13 +459,13 @@ do_test auth-1.60 { } {0 {}} do_test auth-1.61 { set ::authargs -} {t2 data1.txt} +} {t2 data1.txt main {}} do_test auth-1.62 { execsql {SELECT * FROM t2} } {11 2 33 7 8 9} do_test auth-1.63 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { return SQLITE_DENY } @@ -476,7 +477,7 @@ do_test auth-1.64 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.65 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="t2"} { return SQLITE_DENY } @@ -488,7 +489,7 @@ do_test auth-1.66 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.67 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { return SQLITE_DENY } @@ -500,7 +501,7 @@ do_test auth-1.68 { execsql {SELECT name FROM sqlite_temp_master} } {t1} do_test auth-1.69 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="t1"} { return SQLITE_DENY } @@ -513,7 +514,7 @@ do_test auth-1.70 { } {t1} do_test auth-1.71 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { return SQLITE_IGNORE } @@ -525,7 +526,7 @@ do_test auth-1.72 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.73 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="t2"} { return SQLITE_IGNORE } @@ -537,7 +538,7 @@ do_test auth-1.74 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.75 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { return SQLITE_IGNORE } @@ -549,7 +550,7 @@ do_test auth-1.76 { execsql {SELECT name FROM sqlite_temp_master} } {t1} do_test auth-1.77 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="t1"} { return SQLITE_IGNORE } @@ -562,9 +563,9 @@ do_test auth-1.78 { } {t1} do_test auth-1.79 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_VIEW"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -573,14 +574,14 @@ do_test auth-1.79 { } {1 {not authorized}} do_test auth-1.80 { set ::authargs -} {v1 {}} +} {v1 {} main {}} do_test auth-1.81 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.82 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_VIEW"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK @@ -589,15 +590,15 @@ do_test auth-1.82 { } {0 {}} do_test auth-1.83 { set ::authargs -} {v1 {}} +} {v1 {} main {}} do_test auth-1.84 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.85 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_TEMP_VIEW"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -606,14 +607,14 @@ do_test auth-1.85 { } {1 {not authorized}} do_test auth-1.86 { set ::authargs -} {v1 {}} +} {v1 {} temp {}} do_test auth-1.87 { execsql {SELECT name FROM sqlite_temp_master} } {t1} do_test auth-1.88 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_TEMP_VIEW"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK @@ -622,13 +623,13 @@ do_test auth-1.88 { } {0 {}} do_test auth-1.89 { set ::authargs -} {v1 {}} +} {v1 {} temp {}} do_test auth-1.90 { execsql {SELECT name FROM sqlite_temp_master} } {t1} do_test auth-1.91 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { return SQLITE_DENY } @@ -640,7 +641,7 @@ do_test auth-1.92 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.93 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { return SQLITE_IGNORE } @@ -653,7 +654,7 @@ do_test auth-1.94 { } {t2} do_test auth-1.95 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { return SQLITE_DENY } @@ -665,7 +666,7 @@ do_test auth-1.96 { execsql {SELECT name FROM sqlite_temp_master} } {t1} do_test auth-1.97 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { return SQLITE_IGNORE } @@ -678,7 +679,7 @@ do_test auth-1.98 { } {t1} do_test auth-1.99 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { return SQLITE_DENY } @@ -693,9 +694,9 @@ do_test auth-1.100 { execsql {SELECT name FROM sqlite_master} } {t2 v2} do_test auth-1.101 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_VIEW"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -704,12 +705,12 @@ do_test auth-1.101 { } {1 {not authorized}} do_test auth-1.102 { set ::authargs -} {v2 {}} +} {v2 {} main {}} do_test auth-1.103 { execsql {SELECT name FROM sqlite_master} } {t2 v2} do_test auth-1.104 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { return SQLITE_IGNORE } @@ -721,9 +722,9 @@ do_test auth-1.105 { execsql {SELECT name FROM sqlite_master} } {t2 v2} do_test auth-1.106 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_VIEW"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK @@ -732,14 +733,14 @@ do_test auth-1.106 { } {0 {}} do_test auth-1.107 { set ::authargs -} {v2 {}} +} {v2 {} main {}} do_test auth-1.108 { execsql {SELECT name FROM sqlite_master} } {t2 v2} do_test auth-1.109 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_VIEW"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_OK } return SQLITE_OK @@ -748,14 +749,14 @@ do_test auth-1.109 { } {0 {}} do_test auth-1.110 { set ::authargs -} {v2 {}} +} {v2 {} main {}} do_test auth-1.111 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.112 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { return SQLITE_DENY } @@ -770,9 +771,9 @@ do_test auth-1.113 { execsql {SELECT name FROM sqlite_temp_master} } {t1 v1} do_test auth-1.114 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_TEMP_VIEW"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -781,12 +782,12 @@ do_test auth-1.114 { } {1 {not authorized}} do_test auth-1.115 { set ::authargs -} {v1 {}} +} {v1 {} temp {}} do_test auth-1.116 { execsql {SELECT name FROM sqlite_temp_master} } {t1 v1} do_test auth-1.117 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { return SQLITE_IGNORE } @@ -798,9 +799,9 @@ do_test auth-1.118 { execsql {SELECT name FROM sqlite_temp_master} } {t1 v1} do_test auth-1.119 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_TEMP_VIEW"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK @@ -809,14 +810,14 @@ do_test auth-1.119 { } {0 {}} do_test auth-1.120 { set ::authargs -} {v1 {}} +} {v1 {} temp {}} do_test auth-1.121 { execsql {SELECT name FROM sqlite_temp_master} } {t1 v1} do_test auth-1.122 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_TEMP_VIEW"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_OK } return SQLITE_OK @@ -825,15 +826,15 @@ do_test auth-1.122 { } {0 {}} do_test auth-1.123 { set ::authargs -} {v1 {}} +} {v1 {} temp {}} do_test auth-1.124 { execsql {SELECT name FROM sqlite_temp_master} } {t1} do_test auth-1.125 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_TRIGGER"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -846,12 +847,12 @@ do_test auth-1.125 { } {1 {not authorized}} do_test auth-1.126 { set ::authargs -} {r2 t2} +} {r2 t2 main {}} do_test auth-1.127 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.128 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { return SQLITE_DENY } @@ -867,9 +868,9 @@ do_test auth-1.129 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.130 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_TRIGGER"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK @@ -882,12 +883,12 @@ do_test auth-1.130 { } {0 {}} do_test auth-1.131 { set ::authargs -} {r2 t2} +} {r2 t2 main {}} do_test auth-1.132 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.133 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { return SQLITE_IGNORE } @@ -903,30 +904,51 @@ do_test auth-1.134 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.135 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_TRIGGER"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_OK } return SQLITE_OK } catchsql { - CREATE TRIGGER r2 DELETE on t2 BEGIN - SELECT NULL; + CREATE TABLE tx(id); + CREATE TRIGGER r2 AFTER INSERT ON t2 BEGIN + INSERT INTO tx VALUES(NEW.rowid); END; } } {0 {}} -do_test auth-1.136 { +do_test auth-1.136.1 { set ::authargs -} {r2 t2} +} {r2 t2 main {}} +do_test auth-1.136.2 { + execsql { + SELECT name FROM sqlite_master WHERE type='trigger' + } +} {r2} +do_test auth-1.136.3 { + proc auth {code arg1 arg2 arg3 arg4} { + lappend ::authargs $code $arg1 $arg2 $arg3 $arg4 + return SQLITE_OK + } + set ::authargs {} + execsql { + INSERT INTO t2 VALUES(1,2,3); + } + set ::authargs +} {SQLITE_INSERT t2 {} main {} SQLITE_INSERT tx {} main r2 SQLITE_READ t2 ROWID main r2} +do_test auth-1.136.4 { + execsql { + SELECT * FROM tx; + } +} {3} do_test auth-1.137 { execsql {SELECT name FROM sqlite_master} -} {t2 r2} - +} {t2 tx r2} do_test auth-1.138 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -939,12 +961,12 @@ do_test auth-1.138 { } {1 {not authorized}} do_test auth-1.139 { set ::authargs -} {r1 t1} +} {r1 t1 temp {}} do_test auth-1.140 { execsql {SELECT name FROM sqlite_temp_master} } {t1} do_test auth-1.141 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { return SQLITE_DENY } @@ -960,9 +982,9 @@ do_test auth-1.142 { execsql {SELECT name FROM sqlite_temp_master} } {t1} do_test auth-1.143 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK @@ -975,12 +997,12 @@ do_test auth-1.143 { } {0 {}} do_test auth-1.144 { set ::authargs -} {r1 t1} +} {r1 t1 temp {}} do_test auth-1.145 { execsql {SELECT name FROM sqlite_temp_master} } {t1} do_test auth-1.146 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { return SQLITE_IGNORE } @@ -996,9 +1018,9 @@ do_test auth-1.147 { execsql {SELECT name FROM sqlite_temp_master} } {t1} do_test auth-1.148 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_OK } return SQLITE_OK @@ -1011,13 +1033,13 @@ do_test auth-1.148 { } {0 {}} do_test auth-1.149 { set ::authargs -} {r1 t1} +} {r1 t1 temp {}} do_test auth-1.150 { execsql {SELECT name FROM sqlite_temp_master} } {t1 r1} do_test auth-1.151 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { return SQLITE_DENY } @@ -1027,11 +1049,11 @@ do_test auth-1.151 { } {1 {not authorized}} do_test auth-1.152 { execsql {SELECT name FROM sqlite_master} -} {t2 r2} +} {t2 tx r2} do_test auth-1.153 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_TRIGGER"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -1040,12 +1062,12 @@ do_test auth-1.153 { } {1 {not authorized}} do_test auth-1.154 { set ::authargs -} {r2 t2} +} {r2 t2 main {}} do_test auth-1.155 { execsql {SELECT name FROM sqlite_master} -} {t2 r2} +} {t2 tx r2} do_test auth-1.156 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { return SQLITE_IGNORE } @@ -1055,11 +1077,11 @@ do_test auth-1.156 { } {0 {}} do_test auth-1.157 { execsql {SELECT name FROM sqlite_master} -} {t2 r2} +} {t2 tx r2} do_test auth-1.158 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_TRIGGER"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK @@ -1068,14 +1090,14 @@ do_test auth-1.158 { } {0 {}} do_test auth-1.159 { set ::authargs -} {r2 t2} +} {r2 t2 main {}} do_test auth-1.160 { execsql {SELECT name FROM sqlite_master} -} {t2 r2} +} {t2 tx r2} do_test auth-1.161 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_TRIGGER"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_OK } return SQLITE_OK @@ -1084,13 +1106,17 @@ do_test auth-1.161 { } {0 {}} do_test auth-1.162 { set ::authargs -} {r2 t2} +} {r2 t2 main {}} do_test auth-1.163 { - execsql {SELECT name FROM sqlite_master} + execsql { + DROP TABLE tx; + DELETE FROM t2 WHERE a=1 AND b=2 AND c=3; + SELECT name FROM sqlite_master; + } } {t2} do_test auth-1.164 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { return SQLITE_DENY } @@ -1102,9 +1128,9 @@ do_test auth-1.165 { execsql {SELECT name FROM sqlite_temp_master} } {t1 r1} do_test auth-1.166 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_TEMP_TRIGGER"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -1113,12 +1139,12 @@ do_test auth-1.166 { } {1 {not authorized}} do_test auth-1.167 { set ::authargs -} {r1 t1} +} {r1 t1 temp {}} do_test auth-1.168 { execsql {SELECT name FROM sqlite_temp_master} } {t1 r1} do_test auth-1.169 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { return SQLITE_IGNORE } @@ -1130,9 +1156,9 @@ do_test auth-1.170 { execsql {SELECT name FROM sqlite_temp_master} } {t1 r1} do_test auth-1.171 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_TEMP_TRIGGER"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK @@ -1141,14 +1167,14 @@ do_test auth-1.171 { } {0 {}} do_test auth-1.172 { set ::authargs -} {r1 t1} +} {r1 t1 temp {}} do_test auth-1.173 { execsql {SELECT name FROM sqlite_temp_master} } {t1 r1} do_test auth-1.174 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_TEMP_TRIGGER"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_OK } return SQLITE_OK @@ -1157,15 +1183,15 @@ do_test auth-1.174 { } {0 {}} do_test auth-1.175 { set ::authargs -} {r1 t1} +} {r1 t1 temp {}} do_test auth-1.176 { execsql {SELECT name FROM sqlite_temp_master} } {t1} do_test auth-1.177 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_INDEX"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -1174,12 +1200,12 @@ do_test auth-1.177 { } {1 {not authorized}} do_test auth-1.178 { set ::authargs -} {i2 t2} +} {i2 t2 main {}} do_test auth-1.179 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.180 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { return SQLITE_DENY } @@ -1191,9 +1217,9 @@ do_test auth-1.181 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.182 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_INDEX"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK @@ -1202,12 +1228,12 @@ do_test auth-1.182 { } {0 {}} do_test auth-1.183 { set ::authargs -} {i2 t2} +} {i2 t2 main {}} do_test auth-1.184 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.185 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { return SQLITE_IGNORE } @@ -1219,9 +1245,9 @@ do_test auth-1.186 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.187 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_INDEX"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_OK } return SQLITE_OK @@ -1230,15 +1256,15 @@ do_test auth-1.187 { } {0 {}} do_test auth-1.188 { set ::authargs -} {i2 t2} +} {i2 t2 main {}} do_test auth-1.189 { execsql {SELECT name FROM sqlite_master} } {t2 i2} do_test auth-1.190 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_TEMP_INDEX"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -1247,12 +1273,12 @@ do_test auth-1.190 { } {1 {not authorized}} do_test auth-1.191 { set ::authargs -} {i1 t1} +} {i1 t1 temp {}} do_test auth-1.192 { execsql {SELECT name FROM sqlite_temp_master} } {t1} do_test auth-1.193 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { return SQLITE_DENY } @@ -1264,9 +1290,9 @@ do_test auth-1.194 { execsql {SELECT name FROM sqlite_temp_master} } {t1} do_test auth-1.195 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_TEMP_INDEX"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK @@ -1275,12 +1301,12 @@ do_test auth-1.195 { } {0 {}} do_test auth-1.196 { set ::authargs -} {i1 t1} +} {i1 t1 temp {}} do_test auth-1.197 { execsql {SELECT name FROM sqlite_temp_master} } {t1} do_test auth-1.198 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { return SQLITE_IGNORE } @@ -1292,9 +1318,9 @@ do_test auth-1.199 { execsql {SELECT name FROM sqlite_temp_master} } {t1} do_test auth-1.200 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_CREATE_TEMP_INDEX"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_OK } return SQLITE_OK @@ -1303,13 +1329,13 @@ do_test auth-1.200 { } {0 {}} do_test auth-1.201 { set ::authargs -} {i1 t1} +} {i1 t1 temp {}} do_test auth-1.202 { execsql {SELECT name FROM sqlite_temp_master} } {t1 i1} do_test auth-1.203 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { return SQLITE_DENY } @@ -1321,9 +1347,9 @@ do_test auth-1.204 { execsql {SELECT name FROM sqlite_master} } {t2 i2} do_test auth-1.205 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_INDEX"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -1332,12 +1358,12 @@ do_test auth-1.205 { } {1 {not authorized}} do_test auth-1.206 { set ::authargs -} {i2 t2} +} {i2 t2 main {}} do_test auth-1.207 { execsql {SELECT name FROM sqlite_master} } {t2 i2} do_test auth-1.208 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { return SQLITE_IGNORE } @@ -1349,9 +1375,9 @@ do_test auth-1.209 { execsql {SELECT name FROM sqlite_master} } {t2 i2} do_test auth-1.210 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_INDEX"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK @@ -1360,14 +1386,14 @@ do_test auth-1.210 { } {0 {}} do_test auth-1.211 { set ::authargs -} {i2 t2} +} {i2 t2 main {}} do_test auth-1.212 { execsql {SELECT name FROM sqlite_master} } {t2 i2} do_test auth-1.213 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_INDEX"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_OK } return SQLITE_OK @@ -1376,13 +1402,13 @@ do_test auth-1.213 { } {0 {}} do_test auth-1.214 { set ::authargs -} {i2 t2} +} {i2 t2 main {}} do_test auth-1.215 { execsql {SELECT name FROM sqlite_master} } {t2} do_test auth-1.216 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { return SQLITE_DENY } @@ -1394,9 +1420,9 @@ do_test auth-1.217 { execsql {SELECT name FROM sqlite_temp_master} } {t1 i1} do_test auth-1.218 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_TEMP_INDEX"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -1405,12 +1431,12 @@ do_test auth-1.218 { } {1 {not authorized}} do_test auth-1.219 { set ::authargs -} {i1 t1} +} {i1 t1 temp {}} do_test auth-1.220 { execsql {SELECT name FROM sqlite_temp_master} } {t1 i1} do_test auth-1.221 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { return SQLITE_IGNORE } @@ -1422,9 +1448,9 @@ do_test auth-1.222 { execsql {SELECT name FROM sqlite_temp_master} } {t1 i1} do_test auth-1.223 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_TEMP_INDEX"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK @@ -1433,14 +1459,14 @@ do_test auth-1.223 { } {0 {}} do_test auth-1.224 { set ::authargs -} {i1 t1} +} {i1 t1 temp {}} do_test auth-1.225 { execsql {SELECT name FROM sqlite_temp_master} } {t1 i1} do_test auth-1.226 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_DROP_TEMP_INDEX"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_OK } return SQLITE_OK @@ -1449,15 +1475,15 @@ do_test auth-1.226 { } {0 {}} do_test auth-1.227 { set ::authargs -} {i1 t1} +} {i1 t1 temp {}} do_test auth-1.228 { execsql {SELECT name FROM sqlite_temp_master} } {t1} do_test auth-1.229 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_PRAGMA"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -1466,14 +1492,14 @@ do_test auth-1.229 { } {1 {not authorized}} do_test auth-1.230 { set ::authargs -} {full_column_names on} +} {full_column_names on {} {}} do_test auth-1.231 { execsql2 {SELECT a FROM t2} } {a 11 a 7} do_test auth-1.232 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_PRAGMA"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_IGNORE } return SQLITE_OK @@ -1482,14 +1508,14 @@ do_test auth-1.232 { } {0 {}} do_test auth-1.233 { set ::authargs -} {full_column_names on} +} {full_column_names on {} {}} do_test auth-1.234 { execsql2 {SELECT a FROM t2} } {a 11 a 7} do_test auth-1.235 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_PRAGMA"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_OK } return SQLITE_OK @@ -1500,9 +1526,9 @@ do_test auth-1.236 { execsql2 {SELECT a FROM t2} } {t2.a 11 t2.a 7} do_test auth-1.237 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_PRAGMA"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_OK } return SQLITE_OK @@ -1511,15 +1537,15 @@ do_test auth-1.237 { } {0 {}} do_test auth-1.238 { set ::authargs -} {full_column_names OFF} +} {full_column_names OFF {} {}} do_test auth-1.239 { execsql2 {SELECT a FROM t2} } {a 11 a 7} do_test auth-1.240 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_TRANSACTION"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -1528,11 +1554,11 @@ do_test auth-1.240 { } {1 {not authorized}} do_test auth-1.241 { set ::authargs -} {BEGIN {}} +} {BEGIN {} {} {}} do_test auth-1.242 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_TRANSACTION" && $arg1!="BEGIN"} { - set ::authargs [list $arg1 $arg2] + set ::authargs [list $arg1 $arg2 $arg3 $arg4] return SQLITE_DENY } return SQLITE_OK @@ -1541,7 +1567,7 @@ do_test auth-1.242 { } {1 {not authorized}} do_test auth-1.243 { set ::authargs -} {COMMIT {}} +} {COMMIT {} {} {}} do_test auth-1.244 { execsql {SELECT * FROM t2} } {11 2 33 7 8 9 44 55 66} @@ -1550,15 +1576,15 @@ do_test auth-1.245 { } {1 {not authorized}} do_test auth-1.246 { set ::authargs -} {ROLLBACK {}} +} {ROLLBACK {} {} {}} do_test auth-1.247 { catchsql {END TRANSACTION} } {1 {not authorized}} do_test auth-1.248 { set ::authargs -} {COMMIT {}} +} {COMMIT {} {} {}} do_test auth-1.249 { - sqlite_set_authorizer $::DB {} + db authorizer {} catchsql {ROLLBACK} } {0 {}} do_test auth-1.250 { @@ -1566,13 +1592,13 @@ do_test auth-1.250 { } {11 2 33 7 8 9} do_test auth-2.1 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} { return SQLITE_DENY } return SQLITE_OK } - sqlite_set_authorizer $::DB ::auth + db authorizer ::auth execsql {CREATE TABLE t3(x INTEGER PRIMARY KEY, y, z)} catchsql {SELECT * FROM t3} } {1 {access to t3.x is prohibited}} @@ -1586,7 +1612,7 @@ do_test auth-2.3 { catchsql {SELECT OID,y,z FROM t3} } {1 {access to t3.x is prohibited}} do_test auth-2.4 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} { return SQLITE_IGNORE } @@ -1599,7 +1625,7 @@ do_test auth-2.5 { catchsql {SELECT rowid,y,z FROM t3} } {0 {{} 55 66}} do_test auth-2.6 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="ROWID"} { return SQLITE_IGNORE } @@ -1611,7 +1637,7 @@ do_test auth-2.7 { catchsql {SELECT ROWID,y,z FROM t3} } {0 {44 55 66}} do_test auth-2.8 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} { return SQLITE_IGNORE } @@ -1620,7 +1646,7 @@ do_test auth-2.8 { catchsql {SELECT ROWID,b,c FROM t2} } {0 {{} 2 33 {} 8 9}} do_test auth-2.9.1 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} { return bogus } @@ -1632,7 +1658,7 @@ do_test auth-2.9.2 { db errorcode } {21} do_test auth-2.10 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_SELECT"} { return bogus } @@ -1641,7 +1667,7 @@ do_test auth-2.10 { catchsql {SELECT ROWID,b,c FROM t2} } {1 {illegal return value (1) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY}} do_test auth-2.11 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg2=="a"} { return SQLITE_IGNORE } @@ -1650,7 +1676,7 @@ do_test auth-2.11 { catchsql {SELECT * FROM t2, t3} } {0 {{} 2 33 44 55 66 {} 8 9 44 55 66}} do_test auth-2.11 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg2=="x"} { return SQLITE_IGNORE } @@ -1662,7 +1688,7 @@ do_test auth-2.11 { # Make sure the OLD and NEW pseudo-tables of a trigger get authorized. # do_test auth-3.1 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { return SQLITE_OK } execsql { @@ -1675,7 +1701,7 @@ do_test auth-3.1 { } } {11 12 2 2 33 33 7 8 8 8 9 9} do_test auth-3.2 { - proc auth {code arg1 arg2} { + proc auth {code arg1 arg2 arg3 arg4} { if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="c"} { return SQLITE_IGNORE } @@ -1688,6 +1714,5 @@ do_test auth-3.2 { } } {12 112 2 2 {} {} 8 108 8 8 {} {}} -} ;# End of the "if( db command exists )" finish_test diff --git a/test/tclsqlite.test b/test/tclsqlite.test index 14bf1f347a..987eda6bcb 100644 --- a/test/tclsqlite.test +++ b/test/tclsqlite.test @@ -15,7 +15,7 @@ # interface is pretty well tested. This file contains some addition # tests for fringe issues that the main test suite does not cover. # -# $Id: tclsqlite.test,v 1.11 2003/04/03 15:46:05 drh Exp $ +# $Id: tclsqlite.test,v 1.12 2003/04/22 20:30:40 drh Exp $ set testdir [file dirname $argv0] source $testdir/tester.tcl @@ -29,7 +29,7 @@ do_test tcl-1.1 { do_test tcl-1.2 { set v [catch {db bogus} msg] lappend v $msg -} {1 {bad option "bogus": must be begin_hook, busy, changes, close, commit_hook, complete, errorcode, eval, function, last_insert_rowid, or timeout}} +} {1 {bad option "bogus": must be authorizer, begin_hook, busy, changes, close, commit_hook, complete, errorcode, eval, function, last_insert_rowid, or timeout}} do_test tcl-1.3 { execsql {CREATE TABLE t1(a int, b int)} execsql {INSERT INTO t1 VALUES(10,20)}