Revise the sqlite_set_authorizer API to provide more detailed information

about the SQL statement being authorized. Only partially tested so far. (CVS 830) FossilOrigin-Name: 45de93f913a18026a45de6254963dbcd1b0f1a19
2025-07-29 08:01:23 +03:00 · 2003-01-13 23:27:31 +00:00
parent 1962bda764
commit e5f9c6442f
14 changed files with 331 additions and 397 deletions
--- a/test/auth.test
+++ b/test/auth.test
@ -11,7 +11,7 @@
 # This file implements regression tests for SQLite library.  The
 # focus of this script testing the sqlite_set_authorizer() API.
 #
-# $Id: auth.test,v 1.1 2003/01/12 19:33:54 drh Exp $
+# $Id: auth.test,v 1.2 2003/01/13 23:27:34 drh Exp $
 #

 set testdir [file dirname $argv0]
@ -23,7 +23,7 @@ do_test auth-1.1 {
  db close
  set ::DB [sqlite db test.db]
  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_INSERT_ROW" 
+    if {$code=="SQLITE_INSERT" 
          && [string compare -nocase $arg1 sqlite_master]==0} {
      return SQLITE_DENY
    }
@ -31,244 +31,128 @@ do_test auth-1.1 {
  }
  sqlite_set_authorizer $::DB ::auth
  catchsql {CREATE TABLE t1(a,b,c)}
-} {1 {insertion into table sqlite_master is prohibited}}
+} {1 {not authorized}}
 do_test auth-1.2 {
+  execsql {SELECT name FROM sqlite_master}
+} {}
+do_test auth-1.3 {
  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_INSERT_ROW" 
+    if {$code=="SQLITE_CREATE_TABLE"} {
+      return SQLITE_DENY
+    }
+    return SQLITE_OK
+  }
+  catchsql {CREATE TABLE t1(a,b,c)}
+} {1 {not authorized}}
+do_test auth-1.4 {
+  execsql {SELECT name FROM sqlite_master}
+} {}
+
+do_test auth-1.5 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_INSERT" 
+          && [string compare -nocase $arg1 sqlite_temp_master]==0} {
+      return SQLITE_DENY
+    }
+    return SQLITE_OK
+  }
+  catchsql {CREATE TEMP TABLE t1(a,b,c)}
+} {1 {not authorized}}
+do_test auth-1.6 {
+  execsql {SELECT name FROM sqlite_temp_master}
+} {}
+do_test auth-1.7 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_CREATE_TEMP_TABLE"} {
+      return SQLITE_DENY
+    }
+    return SQLITE_OK
+  }
+  catchsql {CREATE TEMP TABLE t1(a,b,c)}
+} {1 {not authorized}}
+do_test auth-1.8 {
+  execsql {SELECT name FROM sqlite_temp_master}
+} {}
+
+do_test auth-1.9 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_INSERT" 
          && [string compare -nocase $arg1 sqlite_master]==0} {
      return SQLITE_IGNORE
    }
    return SQLITE_OK
  }
  catchsql {CREATE TABLE t1(a,b,c)}
-} {1 {insertion into table sqlite_master is prohibited}}
-do_test auth-1.3 {
+} {0 {}}
+do_test auth-1.10 {
+  execsql {SELECT name FROM sqlite_master}
+} {}
+do_test auth-1.11 {
  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_INSERT_ROW" 
-          && [string compare -nocase $arg1 sqlite_master]==0} {
-      return SQLITE_OK
+    if {$code=="SQLITE_CREATE_TABLE"} {
+      return SQLITE_IGNORE
    }
    return SQLITE_OK
  }
  catchsql {CREATE TABLE t1(a,b,c)}
 } {0 {}}
-do_test auth-1.4 {
+do_test auth-1.12 {
  execsql {SELECT name FROM sqlite_master}
-} {t1}
-do_test auth-1.5 {
+} {}
+do_test auth-1.13 {
  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_INSERT_ROW" 
-          && [string compare -nocase $arg1 sqlite_master]==0} {
-      return BOGUS
+    if {$code=="SQLITE_INSERT" 
+          && [string compare -nocase $arg1 sqlite_temp_master]==0} {
+      return SQLITE_IGNORE
+    }
+    return SQLITE_OK
+  }
+  catchsql {CREATE TEMP TABLE t1(a,b,c)}
+} {0 {}}
+do_test auth-1.14 {
+  execsql {SELECT name FROM sqlite_temp_master}
+} {}
+do_test auth-1.15 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_CREATE_TEMP_TABLE"} {
+      return SQLITE_IGNORE
+    }
+    return SQLITE_OK
+  }
+  catchsql {CREATE TEMP TABLE t1(a,b,c)}
+} {0 {}}
+do_test auth-1.16 {
+  execsql {SELECT name FROM sqlite_temp_master}
+} {}
+
+do_test auth-1.17 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_CREATE_TABLE"} {
+      return SQLITE_DEBY
+    }
+    return SQLITE_OK
+  }
+  catchsql {CREATE TEMP TABLE t1(a,b,c)}
+} {0 {}}
+do_test auth-1.18 {
+  execsql {SELECT name FROM sqlite_temp_master}
+} {t1}
+do_test auth-1.19 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_CREATE_TEMP_TABLE"} {
+      return SQLITE_DEBY
    }
    return SQLITE_OK
  }
  catchsql {CREATE TABLE t2(a,b,c)}
-} {1 {illegal return value (1) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY}}
-do_test auth-1.6 {
-  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_DELETE_ROW" 
-          && [string compare -nocase $arg1 sqlite_master]==0} {
-      return SQLITE_DENY
-    }
-    return SQLITE_OK
-  }
-  catchsql {DROP TABLE t1}
-} {1 {deletion from table sqlite_master is prohibited}}
-do_test auth-1.7 {
-  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_DELETE_ROW" 
-          && [string compare -nocase $arg1 sqlite_master]==0} {
-      return SQLITE_IGNORE
-    }
-    return SQLITE_OK
-  }
-  catchsql {DROP TABLE t1}
-} {1 {deletion from table sqlite_master is prohibited}}
-do_test auth-1.8 {
-  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_INSERT_ROW" 
-          && [string compare -nocase $arg1 t1]==0} {
-      return SQLITE_DENY
-    }
-    return SQLITE_OK
-  }
-  catchsql {INSERT INTO t1 VALUES(1,2,3)}
-} {1 {insertion into table t1 is prohibited}}
-do_test auth-1.9 {
-  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_INSERT_ROW" 
-          && [string compare -nocase $arg1 t1]==0} {
-      return SQLITE_IGNORE
-    }
-    return SQLITE_OK
-  }
-  catchsql {INSERT INTO t1 VALUES(1,2,3)}
 } {0 {}}
-do_test auth-1.10 {
-  execsql {SELECT * FROM t1}
-} {}
-do_test auth-1.11 {
-  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_INSERT_ROW" 
-          && [string compare -nocase $arg1 t1]==0} {
-      return SQLITE_OK
-    }
-    return SQLITE_OK
-  }
-  catchsql {INSERT INTO t1 VALUES(1,2,3)}
-} {0 {}}
-do_test auth-1.12 {
-  execsql {SELECT * FROM t1}
-} {1 2 3}
-do_test auth-1.13 {
-  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_DELETE_ROW" 
-          && [string compare -nocase $arg1 t1]==0} {
-      return SQLITE_DENY
-    }
-    return SQLITE_OK
-  }
-  catchsql {DELETE FROM t1 WHERE a=1}
-} {1 {deletion from table t1 is prohibited}}
-do_test auth-1.14 {
-  execsql {SELECT * FROM t1}
-} {1 2 3}
-do_test auth-1.15 {
-  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_DELETE_ROW" 
-          && [string compare -nocase $arg1 t1]==0} {
-      return SQLITE_IGNORE
-    }
-    return SQLITE_OK
-  }
-  catchsql {DELETE FROM t1 WHERE a=1}
-} {0 {}}
-do_test auth-1.16 {
-  execsql {SELECT * FROM t1}
-} {1 2 3}
-do_test auth-1.17 {
-  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_READ_COLUMN" 
-          && [string compare -nocase $arg1 t1]==0
-          && [string compare -nocase $arg2 a]==0} {
-      return SQLITE_DENY
-    }
-    return SQLITE_OK
-  }
-  catchsql {SELECT * FROM t1}
-} {1 {access to t1.a is prohibited}}
-do_test auth-1.18 {
-  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_READ_COLUMN" 
-          && [string compare -nocase $arg1 t1]==0
-          && [string compare -nocase $arg2 a]==0} {
-      return SQLITE_IGNORE
-    }
-    return SQLITE_OK
-  }
-  catchsql {SELECT * FROM t1}
-} {0 {{} 2 3}}
-do_test auth-1.19 {
-  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_WRITE_COLUMN" 
-          && [string compare -nocase $arg1 t1]==0
-          && [string compare -nocase $arg2 a]==0} {
-      return SQLITE_DENY
-    }
-    return SQLITE_OK
-  }
-  catchsql {UPDATE t1 SET a=11 WHERE a=1}
-} {1 {changes to t1.a are prohibited}}
 do_test auth-1.20 {
-  execsql {SELECT * FROM t1}
-} {1 2 3}
-do_test auth-1.21 {
-  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_WRITE_COLUMN" 
-          && [string compare -nocase $arg1 t1]==0
-          && [string compare -nocase $arg2 a]==0} {
-      return SQLITE_DENY
-    }
-    return SQLITE_OK
-  }
-  catchsql {UPDATE t1 SET b=12 WHERE a=1}
-} {0 {}}
-do_test auth-1.22 {
-  execsql {SELECT * FROM t1}
-} {1 12 3}
-do_test auth-1.23 {
-  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_WRITE_COLUMN" 
-          && [string compare -nocase $arg1 t1]==0
-          && [string compare -nocase $arg2 a]==0} {
-      return SQLITE_IGNORE
-    }
-    return SQLITE_OK
-  }
-  catchsql {UPDATE t1 SET a=11, b=22 WHERE a=1}
-} {0 {}}
-do_test auth-1.24 {
-  execsql {SELECT * FROM t1}
-} {1 22 3}
-do_test auth-1.25 {
-  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_WRITE_COLUMN" 
-          && [string compare -nocase $arg1 t1]==0
-          && [string compare -nocase $arg2 a]==0} {
-      return SQLITE_DENY
-    }
-    return SQLITE_OK
-  }
-  catchsql {UPDATE t1 SET a=11, b=33 WHERE a=1}
-} {1 {changes to t1.a are prohibited}}
-do_test auth-1.26 {
-  execsql {SELECT * FROM t1}
-} {1 22 3}
-do_test auth-1.27 {
-  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_READ_COLUMN" 
-          && [string compare -nocase $arg1 t1]==0
-          && [string compare -nocase $arg2 a]==0} {
-      return SQLITE_DENY
-    }
-    return SQLITE_OK
-  }
-  catchsql {UPDATE t1 SET b=33, c=44 WHERE a=1}
-} {1 {access to t1.a is prohibited}}
-do_test auth-1.28 {
-  execsql {SELECT b, c FROM t1}
-} {22 3}
-do_test auth-1.29 {
-  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_READ_COLUMN" 
-          && [string compare -nocase $arg1 t1]==0
-          && [string compare -nocase $arg2 a]==0} {
-      return SQLITE_IGNORE
-    }
-    return SQLITE_OK
-  }
-  catchsql {UPDATE t1 SET b=33, c=44 WHERE a=1}
-} {0 {}}
-do_test auth-1.30 {
-  execsql {SELECT b, c FROM t1}
-} {22 3}
-do_test auth-1.31 {
-  proc auth {code arg1 arg2} {
-    if {$code=="SQLITE_READ_COLUMN" 
-          && [string compare -nocase $arg1 t1]==0
-          && [string compare -nocase $arg2 a]==0} {
-      return SQLITE_IGNORE
-    }
-    return SQLITE_OK
-  }
-  catchsql {UPDATE t1 SET b=33, c=44 WHERE a IS NULL}
-} {0 {}}
-do_test auth-1.32 {
-  execsql {SELECT b, c FROM t1}
-} {33 44}
+  execsql {SELECT name FROM sqlite_master}
+} {t2}
+
+
+

-  
 } ;# End of the "if( db command exists )"

 finish_test