*** DRAFT ***

SQLite Requirement Matrix Details
set_authorizer.html

Index Summary Markup Original


R-52892-55360-15524-03344-29674-00712-56313-40382 tcl slt th3 src

This routine registers an authorizer callback with a particular database connection, supplied in the first argument.

th3/cov1/auth01.test:23

/* IMP: R-52892-55360 */
# EVIDENCE-OF: R-52892-55360 This routine registers an authorizer
# callback with a particular database connection, supplied in the first
# argument.

R-15107-48632-28569-47708-49546-63224-06623-07526 tcl slt th3 src

The authorizer callback is invoked as SQL statements are being compiled by sqlite3_prepare() or its variants sqlite3_prepare_v2(), sqlite3_prepare_v3(), sqlite3_prepare16(), sqlite3_prepare16_v2(), and sqlite3_prepare16_v3().

/* IMP: R-15107-48632 */
# EVIDENCE-OF: R-15107-48632 The authorizer callback is invoked as SQL
# statements are being compiled by sqlite3_prepare() or its variants
# sqlite3_prepare_v2(), sqlite3_prepare_v3(), sqlite3_prepare16(),
# sqlite3_prepare16_v2(), and sqlite3_prepare16_v3().

R-17683-59594-13579-14757-04762-40863-05270-49270 tcl slt th3 src

At various points during the compilation process, as logic is being created to perform various actions, the authorizer callback is invoked to see if those actions are allowed.

/* IMP: R-17683-59594 */
# EVIDENCE-OF: R-17683-59594 At various points during the compilation
# process, as logic is being created to perform various actions, the
# authorizer callback is invoked to see if those actions are allowed.

R-31386-03131-57152-48354-62931-03354-07372-50774 tcl slt th3 src

The authorizer callback should return SQLITE_OK to allow the action, SQLITE_IGNORE to disallow the specific action but allow the SQL statement to continue to be compiled, or SQLITE_DENY to cause the entire SQL statement to be rejected with an error.

/* IMP: R-31386-03131 */
# EVIDENCE-OF: R-31386-03131 The authorizer callback should return
# SQLITE_OK to allow the action, SQLITE_IGNORE to disallow the specific
# action but allow the SQL statement to continue to be compiled, or
# SQLITE_DENY to cause the entire SQL statement to be rejected with an
# error.

R-64962-58611-23755-17940-51440-03163-56069-63868 tcl slt th3 src

If the authorizer callback returns any value other than SQLITE_IGNORE, SQLITE_OK, or SQLITE_DENY then the sqlite3_prepare_v2() or equivalent call that triggered the authorizer will fail with an error message.

tcl/auth3.test:56   th3/cov1/auth01.test:308

/* IMP: R-64962-58611 */
# EVIDENCE-OF: R-64962-58611 If the authorizer callback returns any
# value other than SQLITE_IGNORE, SQLITE_OK, or SQLITE_DENY then the
# sqlite3_prepare_v2() or equivalent call that triggered the authorizer
# will fail with an error message.

R-04452-49349-54233-41206-52506-27116-05869-21475 tcl slt th3 src

When the callback returns SQLITE_DENY, the sqlite3_prepare_v2() or equivalent call that triggered the authorizer will fail with an error message explaining that access is denied.

tcl/auth.test:71   th3/cov1/auth01.test:35

/* IMP: R-04452-49349 */
# EVIDENCE-OF: R-04452-49349 When the callback returns SQLITE_DENY, the
# sqlite3_prepare_v2() or equivalent call that triggered the authorizer
# will fail with an error message explaining that access is denied.

R-38590-62769-37174-11350-15307-56847-39156-23447 tcl slt th3 src

The first parameter to the authorizer callback is a copy of the third parameter to the sqlite3_set_authorizer() interface.

src/tclsqlite.c:1105   th3/th3util.c:993

/* IMP: R-38590-62769 */
# EVIDENCE-OF: R-38590-62769 The first parameter to the authorizer
# callback is a copy of the third parameter to the
# sqlite3_set_authorizer() interface.

R-56518-44310-03576-50973-10041-44259-32136-55602 tcl slt th3 src

The second parameter to the callback is an integer action code that specifies the particular action to be authorized.

src/tclsqlite.c:1112   th3/th3util.c:1003

/* IMP: R-56518-44310 */
# EVIDENCE-OF: R-56518-44310 The second parameter to the callback is an
# integer action code that specifies the particular action to be
# authorized.

R-43249-19882-52899-37517-44560-32908-46536-34852 tcl slt th3 src

The third through sixth parameters to the callback are either NULL pointers or zero-terminated strings that contain additional details about the action to be authorized.

src/auth.c:215   th3/cov1/auth05.test:32

/* IMP: R-43249-19882 */
# EVIDENCE-OF: R-43249-19882 The third through sixth parameters to the
# callback are either NULL pointers or zero-terminated strings that
# contain additional details about the action to be authorized.

R-38392-49970-12862-30349-17432-31139-60846-54763 tcl slt th3 src

If the action code is SQLITE_READ and the callback returns SQLITE_IGNORE then the prepared statement statement is constructed to substitute a NULL value in place of the table column that would have been read if SQLITE_OK had been returned.

tcl/auth.test:326   th3/cov1/auth01.test:129

/* IMP: R-38392-49970 */
# EVIDENCE-OF: R-38392-49970 If the action code is SQLITE_READ and the
# callback returns SQLITE_IGNORE then the prepared statement statement
# is constructed to substitute a NULL value in place of the table column
# that would have been read if SQLITE_OK had been returned.

R-31520-16302-20553-09634-49353-53000-23080-58537 tcl slt th3 src

When a table is referenced by a SELECT but no column values are extracted from that table (for example in a query like "SELECT count(*) FROM tab") then the SQLITE_READ authorizer callback is invoked once for that table with a column name that is an empty string.

tcl/auth.test:2627   th3/cov1/auth01.test:283

/* IMP: R-31520-16302 */
# EVIDENCE-OF: R-31520-16302 When a table is referenced by a SELECT but
# no column values are extracted from that table (for example in a query
# like "SELECT count(*) FROM tab") then the SQLITE_READ authorizer
# callback is invoked once for that table with a column name that is an
# empty string.

R-17228-37124-21945-03605-09770-36410-30558-62639 tcl slt th3 src

If the action code is SQLITE_DELETE and the callback returns SQLITE_IGNORE then the DELETE operation proceeds but the truncate optimization is disabled and all rows are deleted individually.

src/delete.c:455   th3/cov1/delete05.test:77

/* IMP: R-17228-37124 */
# EVIDENCE-OF: R-17228-37124 If the action code is SQLITE_DELETE and the
# callback returns SQLITE_IGNORE then the DELETE operation proceeds but
# the truncate optimization is disabled and all rows are deleted
# individually.

R-03993-24285-31190-14311-07438-62351-52230-47181 tcl slt th3 src

Only a single authorizer can be in place on a database connection at a time. Each call to sqlite3_set_authorizer overrides the previous call.

tcl/auth.test:47   th3/cov1/auth01.test:238

/* IMP: R-03993-24285 */
# EVIDENCE-OF: R-03993-24285 Only a single authorizer can be in place on
# a database connection at a time. Each call to sqlite3_set_authorizer
# overrides the previous call.

R-52112-44167-29557-32082-32253-19519-12143-63610 tcl slt th3 src

Disable the authorizer by installing a NULL callback.

tcl/auth.test:1638   th3/cov1/auth01.test:254

/* IMP: R-52112-44167 */
# EVIDENCE-OF: R-52112-44167 Disable the authorizer by installing a NULL
# callback.

R-45052-47506-16194-46831-63738-43272-24543-14451 tcl slt th3 src

When sqlite3_prepare_v2() is used to prepare a statement, the statement might be re-prepared during sqlite3_step() due to a schema change.

/* IMP: R-45052-47506 */
# EVIDENCE-OF: R-45052-47506 When sqlite3_prepare_v2() is used to
# prepare a statement, the statement might be re-prepared during
# sqlite3_step() due to a schema change.

R-13091-00020-15519-35390-14824-01225-60609-32585 tcl slt th3 src

Note that the authorizer callback is invoked only during sqlite3_prepare() or its variants.

/* IMP: R-13091-00020 */
# EVIDENCE-OF: R-13091-00020 Note that the authorizer callback is
# invoked only during sqlite3_prepare() or its variants.