/ Check-in [ff10d2c7]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add test cases and assert() statements to ensure that the authorizer is being called as expected from within ALTER TABLE.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: ff10d2c7de430c88167b1e6e4f5307eee5d69e22c8d24b2ef4fcb3aea25a92e1
User & Date: dan 2018-10-06 13:46:22
Context
2018-10-06
14:38
Fix the ".help -all" option in the command-line shell. check-in: aac8f1df user: drh tags: trunk
14:33
Ensure each ALTER TABLE statement makes just a single SQLITE_ALTER_TABLE call to the authorizer function. Leaf check-in: dac28547 user: dan tags: alter-auth-callbacks
13:46
Add test cases and assert() statements to ensure that the authorizer is being called as expected from within ALTER TABLE. check-in: ff10d2c7 user: dan tags: trunk
2018-10-05
15:10
Changes to geopoly to silience false-positive warnings coming out of clang. check-in: 11d9015f user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/auth.c.

   147    147     Table *pTab = 0;      /* The table being read */
   148    148     const char *zCol;     /* Name of the column of the table */
   149    149     int iSrc;             /* Index in pTabList->a[] of table being read */
   150    150     int iDb;              /* The index of the database the expression refers to */
   151    151     int iCol;             /* Index of column in table */
   152    152   
   153    153     assert( pExpr->op==TK_COLUMN || pExpr->op==TK_TRIGGER );
          154  +  assert( !IN_RENAME_OBJECT || db->xAuth==0 );
   154    155     if( db->xAuth==0 ) return;
   155    156     iDb = sqlite3SchemaToIndex(pParse->db, pSchema);
   156    157     if( iDb<0 ){
   157    158       /* An attempt to read a column out of a subquery or other
   158    159       ** temporary table. */
   159    160       return;
   160    161     }
................................................................................
   203    204   ){
   204    205     sqlite3 *db = pParse->db;
   205    206     int rc;
   206    207   
   207    208     /* Don't do any authorization checks if the database is initialising
   208    209     ** or if the parser is being invoked from within sqlite3_declare_vtab.
   209    210     */
          211  +  assert( !IN_RENAME_OBJECT || db->xAuth==0 );
   210    212     if( db->init.busy || IN_SPECIAL_PARSE ){
   211    213       return SQLITE_OK;
   212    214     }
   213    215   
   214    216     if( db->xAuth==0 ){
   215    217       return SQLITE_OK;
   216    218     }

Added test/alterauth2.test.

            1  +# 2018 October 6
            2  +#
            3  +# The author disclaims copyright to this source code.  In place of
            4  +# a legal notice, here is a blessing:
            5  +#
            6  +#    May you do good and not evil.
            7  +#    May you find forgiveness for yourself and forgive others.
            8  +#    May you share freely, never taking more than you give.
            9  +#
           10  +#*************************************************************************
           11  +#
           12  +
           13  +set testdir [file dirname $argv0]
           14  +
           15  +source $testdir/tester.tcl
           16  +
           17  +# If SQLITE_OMIT_ALTERTABLE is defined, omit this file.
           18  +ifcapable !altertable {
           19  +  finish_test
           20  +  return
           21  +}
           22  +set testprefix alterauth2
           23  +
           24  +set ::auth [list]
           25  +proc xAuth {type args} {
           26  +  lappend ::auth [concat $type [lrange $args 0 3]]
           27  +  if {$type=="SQLITE_READ" && [lindex $args 0] == "t2"} breakpoint
           28  +  return SQLITE_OK
           29  +}
           30  +db auth xAuth
           31  +
           32  +proc do_auth_test {tn sql authcode} {
           33  +  set script "
           34  +    set ::auth \[list\]
           35  +    execsql {$sql}
           36  +    lsort -unique \[set ::auth\]
           37  +  "
           38  +
           39  +  set normal [list {*}$authcode]
           40  +  uplevel [list do_test $tn $script $normal]
           41  +}
           42  +
           43  +do_execsql_test 1.0 { 
           44  +  CREATE TABLE t1(a, b, c); 
           45  +  CREATE VIEW v1 AS SELECT * FROM t1;
           46  +  CREATE TRIGGER tr1 AFTER INSERT ON t1 BEGIN
           47  +    DELETE FROM t1 WHERE a<new.a;
           48  +  END;
           49  +
           50  +  CREATE TEMP TRIGGER tr2 AFTER UPDATE OF a, b ON t1 BEGIN
           51  +    UPDATE t1 SET a=a+1 WHERE new.b<b;
           52  +  END;
           53  +}
           54  +
           55  +do_auth_test 1.1 {
           56  +  ALTER TABLE t1 RENAME TO t2;
           57  +} {
           58  +    {SQLITE_ALTER_TABLE main t1 {} {}} 
           59  +    {SQLITE_FUNCTION {} like {} {}} 
           60  +  {SQLITE_FUNCTION {} sqlite_rename_table {} {}} 
           61  +  {SQLITE_FUNCTION {} sqlite_rename_test {} {}} 
           62  +    {SQLITE_FUNCTION {} substr {} {}} 
           63  +    {SQLITE_READ sqlite_master name main {}} 
           64  +    {SQLITE_READ sqlite_master sql main {}} 
           65  +    {SQLITE_READ sqlite_master tbl_name main {}} 
           66  +    {SQLITE_READ sqlite_master type main {}} 
           67  +  {SQLITE_READ sqlite_temp_master name temp {}} 
           68  +  {SQLITE_READ sqlite_temp_master sql temp {}} 
           69  +  {SQLITE_READ sqlite_temp_master tbl_name temp {}} 
           70  +  {SQLITE_READ sqlite_temp_master type temp {}} 
           71  +  {SQLITE_SELECT {} {} {} {}} 
           72  +    {SQLITE_UPDATE sqlite_master name main {}} 
           73  +    {SQLITE_UPDATE sqlite_master sql main {}} 
           74  +    {SQLITE_UPDATE sqlite_master tbl_name main {}} 
           75  +  {SQLITE_UPDATE sqlite_temp_master sql temp {}} 
           76  +  {SQLITE_UPDATE sqlite_temp_master tbl_name temp {}}
           77  +}
           78  +
           79  +do_auth_test 1.2 {
           80  +  ALTER TABLE t2 RENAME a TO aaa;
           81  +} {
           82  +  {SQLITE_ALTER_TABLE main t2 {} {}} 
           83  +  {SQLITE_FUNCTION {} like {} {}} 
           84  +  {SQLITE_FUNCTION {} sqlite_rename_column {} {}} 
           85  +  {SQLITE_FUNCTION {} sqlite_rename_test {} {}} 
           86  +  {SQLITE_READ sqlite_master name main {}} 
           87  +  {SQLITE_READ sqlite_master sql main {}} 
           88  +  {SQLITE_READ sqlite_master tbl_name main {}} 
           89  +  {SQLITE_READ sqlite_master type main {}} 
           90  +  {SQLITE_READ sqlite_temp_master name temp {}} 
           91  +  {SQLITE_READ sqlite_temp_master sql temp {}} 
           92  +  {SQLITE_READ sqlite_temp_master type temp {}} 
           93  +  {SQLITE_SELECT {} {} {} {}} 
           94  +  {SQLITE_UPDATE sqlite_master sql main {}} 
           95  +  {SQLITE_UPDATE sqlite_temp_master sql temp {}}
           96  +}
           97  +
           98  +finish_test