SQLite: Check-in [ff10d2c7]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview

Comment:	Add test cases and assert() statements to ensure that the authorizer is being called as expected from within ALTER TABLE.
Downloads:	Tarball \| ZIP archive \| SQL archive
Timelines:	family \| ancestors \| descendants \| both \| trunk
Files:	files \| file ages \| folders
SHA3-256:	ff10d2c7de430c88167b1e6e4f5307eee5d69e22c8d24b2ef4fcb3aea25a92e1
User & Date:	dan 2018-10-06 13:46:22

Context

2018-10-06
14:38		Fix the ".help -all" option in the command-line shell. (check-in: aac8f1df user: drh tags: trunk)
14:33		Ensure each ALTER TABLE statement makes just a single SQLITE_ALTER_TABLE call to the authorizer function. (Leaf check-in: dac28547 user: dan tags: alter-auth-callbacks)
13:46		Add test cases and assert() statements to ensure that the authorizer is being called as expected from within ALTER TABLE. (check-in: ff10d2c7 user: dan tags: trunk)
2018-10-05
15:10		Changes to geopoly to silience false-positive warnings coming out of clang. (check-in: 11d9015f user: drh tags: trunk)

Changes

Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/auth.c.

   147    147     Table *pTab = 0;      /* The table being read */
   148    148     const char *zCol;     /* Name of the column of the table */
   149    149     int iSrc;             /* Index in pTabList->a[] of table being read */
   150    150     int iDb;              /* The index of the database the expression refers to */
   151    151     int iCol;             /* Index of column in table */
   152    152   
   153    153     assert( pExpr->op==TK_COLUMN || pExpr->op==TK_TRIGGER );
          154  +  assert( !IN_RENAME_OBJECT || db->xAuth==0 );
   154    155     if( db->xAuth==0 ) return;
   155    156     iDb = sqlite3SchemaToIndex(pParse->db, pSchema);
   156    157     if( iDb<0 ){
   157    158       /* An attempt to read a column out of a subquery or other
   158    159       ** temporary table. */
   159    160       return;
   160    161     }
................................................................................
   203    204   ){
   204    205     sqlite3 *db = pParse->db;
   205    206     int rc;
   206    207   
   207    208     /* Don't do any authorization checks if the database is initialising
   208    209     ** or if the parser is being invoked from within sqlite3_declare_vtab.
   209    210     */
          211  +  assert( !IN_RENAME_OBJECT || db->xAuth==0 );
   210    212     if( db->init.busy || IN_SPECIAL_PARSE ){
   211    213       return SQLITE_OK;
   212    214     }
   213    215   
   214    216     if( db->xAuth==0 ){
   215    217       return SQLITE_OK;
   216    218     }

Added test/alterauth2.test.

class="diffln"> 1 +# 2018 October 6 2 +# 3 +# The author disclaims copyright to this source code. In place of 4 +# a legal notice, here is a blessing: 5 +# 6 +# May you do good and not evil. 7 +# May you find forgiveness for yourself and forgive others. 8 +# May you share freely, never taking more than you give. 9 +# 10 +#************************************************************************* 11 +# 12 + 13 +set testdir [file dirname $argv0] 14 + 15 +source $testdir/tester.tcl 16 + 17 +# If SQLITE_OMIT_ALTERTABLE is defined, omit this file. 18 +ifcapable !altertable { 19 + finish_test 20 + return 21 +} 22 +set testprefix alterauth2 23 + 24 +set ::auth [list] 25 +proc xAuth {type args} { 26 + lappend ::auth [concat $type [lrange $args 0 3]] 27 + if {$type=="SQLITE_READ" && [lindex $args 0] == "t2"} breakpoint 28 + return SQLITE_OK 29 +} 30 +db auth xAuth 31 + 32 +proc do_auth_test {tn sql authcode} { 33 + set script " 34 + set ::auth \[list\] 35 + execsql {$sql} 36 + lsort -unique \[set ::auth\] 37 + " 38 + 39 + set normal [list {*}$authcode] 40 + uplevel [list do_test $tn $script $normal] 41 +} 42 + 43 +do_execsql_test 1.0 { 44 + CREATE TABLE t1(a, b, c); 45 + CREATE VIEW v1 AS SELECT * FROM t1; 46 + CREATE TRIGGER tr1 AFTER INSERT ON t1 BEGIN 47 + DELETE FROM t1 WHERE a<new.a; 48 + END; 49 + 50 + CREATE TEMP TRIGGER tr2 AFTER UPDATE OF a, b ON t1 BEGIN 51 + UPDATE t1 SET a=a+1 WHERE new.b<b; 52 + END; 53 +} 54 + 55 +do_auth_test 1.1 { 56 + ALTER TABLE t1 RENAME TO t2; 57 +} { 58 + {SQLITE_ALTER_TABLE main t1 {} {}} 59 + {SQLITE_FUNCTION {} like {} {}} 60 + {SQLITE_FUNCTION {} sqlite_rename_table {} {}} 61 + {SQLITE_FUNCTION {} sqlite_rename_test {} {}} 62 + {SQLITE_FUNCTION {} substr {} {}} 63 + {SQLITE_READ sqlite_master name main {}} 64 + {SQLITE_READ sqlite_master sql main {}} 65 + {SQLITE_READ sqlite_master tbl_name main {}} 66 + {SQLITE_READ sqlite_master type main {}} 67 + {SQLITE_READ sqlite_temp_master name temp {}} 68 + {SQLITE_READ sqlite_temp_master sql temp {}} 69 + {SQLITE_READ sqlite_temp_master tbl_name temp {}} 70 + {SQLITE_READ sqlite_temp_master type temp {}} 71 + {SQLITE_SELECT {} {} {} {}} 72 + {SQLITE_UPDATE sqlite_master name main {}} 73 + {SQLITE_UPDATE sqlite_master sql main {}} 74 + {SQLITE_UPDATE sqlite_master tbl_name main {}} 75 + {SQLITE_UPDATE sqlite_temp_master sql temp {}} 76 + {SQLITE_UPDATE sqlite_temp_master tbl_name temp {}} 77 +} 78 + 79 +do_auth_test 1.2 { 80 + ALTER TABLE t2 RENAME a TO aaa; 81 +} { 82 + {SQLITE_ALTER_TABLE main t2 {} {}} 83 + {SQLITE_FUNCTION {} like {} {}} 84 + {SQLITE_FUNCTION {} sqlite_rename_column {} {}} 85 + {SQLITE_FUNCTION {} sqlite_rename_test {} {}} 86 + {SQLITE_READ sqlite_master name main {}} 87 + {SQLITE_READ sqlite_master sql main {}} 88 + {SQLITE_READ sqlite_master tbl_name main {}} 89 + {SQLITE_READ sqlite_master type main {}} 90 + {SQLITE_READ sqlite_temp_master name temp {}} 91 + {SQLITE_READ sqlite_temp_master sql temp {}} 92 + {SQLITE_READ sqlite_temp_master type temp {}} 93 + {SQLITE_SELECT {} {} {} {}} 94 + {SQLITE_UPDATE sqlite_master sql main {}} 95 + {SQLITE_UPDATE sqlite_temp_master sql temp {}} 96 +} 97 + 98 +finish_test