SQLite

**
*************************************************************************
** This file contains code used to implement the sqlite_set_authorizer()
** API.  This facility is an optional feature of the library.  Embedded
** systems that do not need this facility may omit it by recompiling
** the library with -DSQLITE_OMIT_AUTHORIZATION=1
**
** $Id: auth.c,v 1.2 2003/01/12 19:33:53 drh Exp $
*/
#include "sqliteInt.h"

/*
** All of the code in this file may be omitted by defining a single
** macro.
*/

    zCol = pTab->aCol[pExpr->iColumn].zName;
  }else if( pTab->iPKey>=0 ){
    assert( pTab->iPKey<pTab->nCol );
    zCol = pTab->aCol[pTab->iPKey].zName;
  }else{
    zCol = "ROWID";
  }
  rc = db->xAuth(db->pAuthArg, SQLITE_READ_COLUMN, pTab->zName, zCol);
  if( rc==SQLITE_IGNORE ){
    pExpr->op = TK_NULL;
  }else if( rc==SQLITE_DENY ){
    sqliteSetString(&pParse->zErrMsg,"access to ",
        pTab->zName, ".", zCol, " is prohibited", 0);
    pParse->nErr++;
  }else if( rc!=SQLITE_OK ){
    sqliteAuthBadReturnCode(pParse, rc);
  }
}

/*
** Check the user-supplied authorization function to see if it is ok to
** delete rows from the table pTab.  Return SQLITE_OK if it is.  Return
** SQLITE_IGNORE if deletions should be silently omitted.  Return SQLITE_DENY
** if an error is to be reported.  In the last case, write the text of
** the error into pParse->zErrMsg.
*/
int sqliteAuthDelete(Parse *pParse, const char *zName, int forceError){
  sqlite *db = pParse->db;
  int rc;
  if( db->xAuth==0 ){
    return SQLITE_OK;
  }
  rc = db->xAuth(db->pAuthArg, SQLITE_DELETE_ROW, zName, "");
  if( rc==SQLITE_DENY  || (rc==SQLITE_IGNORE && forceError) ){
    sqliteSetString(&pParse->zErrMsg,"deletion from table ",
        zName, " is prohibited", 0);
    pParse->nErr++;
  }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){
    rc = SQLITE_DENY;
    sqliteAuthBadReturnCode(pParse, rc);
  }
  return rc;
}

/*
** Check the user-supplied authorization function to see if it is ok to
** insert rows from the table pTab.  Return SQLITE_OK if it is.  Return
** SQLITE_IGNORE if deletions should be silently omitted.  Return SQLITE_DENY
** if an error is to be reported.  In the last case, write the text of
** the error into pParse->zErrMsg.
*/
int sqliteAuthInsert(Parse *pParse, const char *zName, int forceError){

  sqlite *db = pParse->db;
  int rc;
  if( db->xAuth==0 ){
    return SQLITE_OK;
  }
  rc = db->xAuth(db->pAuthArg, SQLITE_INSERT_ROW, zName, "");
  if( rc==SQLITE_DENY || (rc==SQLITE_IGNORE && forceError) ){
    sqliteSetString(&pParse->zErrMsg,"insertion into table ",
        zName, " is prohibited", 0);
    pParse->nErr++;
  }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){
    rc = SQLITE_DENY;
    sqliteAuthBadReturnCode(pParse, rc);
  }
  return rc;
}

/*
** Check to see if it is ok to modify column "j" of table pTab.
** Return SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY.
*/
int sqliteAuthWrite(Parse *pParse, Table *pTab, int j){
  sqlite *db = pParse->db;
  int rc;
  if( db->xAuth==0 ) return SQLITE_OK;
  rc = db->xAuth(db->pAuthArg, SQLITE_WRITE_COLUMN,
                    pTab->zName, pTab->aCol[j].zName);
  if( rc==SQLITE_DENY ){
      sqliteSetString(&pParse->zErrMsg, "changes to ", pTab->zName,
          ".", pTab->aCol[j].zName, " are prohibited", 0);
      pParse->nErr++;
  }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){
    sqliteAuthBadReturnCode(pParse, rc);
  }
  return rc;
}

/*
** Check to see if it is ok to execute a special command such as
** COPY or VACUUM or ROLLBACK.
*/
int sqliteAuthCommand(Parse *pParse, const char *zCmd, const char *zArg1){
  sqlite *db = pParse->db;
  int rc;
  if( db->xAuth==0 ) return SQLITE_OK;
  rc = db->xAuth(db->pAuthArg, SQLITE_COMMAND, zCmd, zArg1);
  if( rc==SQLITE_DENY ){
    if( zArg1 && zArg1[0] ){
      sqliteSetString(&pParse->zErrMsg, "execution of the ", zCmd, " ", zArg1,
          " command is prohibited", 0);
    }else{
      sqliteSetString(&pParse->zErrMsg, "execution of the ", zCmd,
          " command is prohibited", 0);
    }
    pParse->nErr++;
  }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){
    sqliteAuthBadReturnCode(pParse, rc);
  }
  return rc;
}

#endif /* SQLITE_OMIT_AUTHORIZATION */

**     COPY
**     VACUUM
**     BEGIN TRANSACTION
**     COMMIT
**     ROLLBACK
**     PRAGMA
**
** $Id: build.c,v 1.120 2003/01/12 18:02:17 drh Exp $
*/
#include "sqliteInt.h"
#include <ctype.h>

/*
** This routine is called when a new SQL statement is beginning to
** be parsed.  Check to see if the schema for the database needs

**
** The new table record is initialized and put in pParse->pNewTable.
** As more of the CREATE TABLE statement is parsed, additional action
** routines will be called to add more information to this record.
** At the end of the CREATE TABLE statement, the sqliteEndTable() routine
** is called to complete the construction of the new table record.
*/
void sqliteStartTable(Parse *pParse, Token *pStart, Token *pName, int isTemp){






  Table *pTable;
  Index *pIdx;
  char *zName;
  sqlite *db = pParse->db;
  Vdbe *v;

  pParse->sFirstToken = *pStart;
  zName = sqliteTableNameFromToken(pName);
  if( zName==0 ) return;

  if( sqliteAuthInsert(pParse, SCHEMA_TABLE(isTemp), 1) ){
    return;
  }






















  /* Before trying to create a temporary table, make sure the Btree for
  ** holding temporary tables is open.
  */
  if( isTemp && db->pBeTemp==0 ){
    int rc = sqliteBtreeOpen(0, 0, MAX_PAGES, &db->pBeTemp);
    if( rc!=SQLITE_OK ){

  int isTemp         /* TRUE for a TEMPORARY view */
){
  Table *p;
  int n;
  const char *z;
  Token sEnd;

  sqliteStartTable(pParse, pBegin, pName, isTemp);
  p = pParse->pNewTable;
  if( p==0 || pParse->nErr ){
    sqliteSelectDelete(pSelect);
    return;
  }

  /* Make a copy of the entire SELECT statement that defines the view.

  Vdbe *v;
  int base;
  sqlite *db = pParse->db;

  if( pParse->nErr || sqlite_malloc_failed ) return;
  pTable = sqliteTableFromToken(pParse, pName);
  if( pTable==0 ) return;

  if( sqliteAuthDelete(pParse, SCHEMA_TABLE(pTable->isTemp), 1) ){
    return;
  }




















  if( pTable->readOnly ){
    sqliteSetString(&pParse->zErrMsg, "table ", pTable->zName, 
       " may not be dropped", 0);
    pParse->nErr++;
    return;
  }
  if( isView && pTable->pSelect==0 ){
    sqliteSetString(&pParse->zErrMsg, "use DROP TABLE to delete table ",
      pTable->zName, 0);
    pParse->nErr++;
    return;
  }
  if( !isView && pTable->pSelect ){
    sqliteSetString(&pParse->zErrMsg, "use DROP VIEW to delete view ",
      pTable->zName, 0);
    pParse->nErr++;
    return;
  }
  if( sqliteAuthDelete(pParse, pTable->zName, 1) ){
    return;
  }

  /* Generate code to remove the table from the master table
  ** on disk.
  */
  v = sqliteGetVdbe(pParse);
  if( v ){
    static VdbeOp dropTable[] = {

    goto exit_create_index;
  }
  if( pTab->pSelect ){
    sqliteSetString(&pParse->zErrMsg, "views may not be indexed", 0);
    pParse->nErr++;
    goto exit_create_index;
  }
  if( sqliteAuthInsert(pParse, SCHEMA_TABLE(pTab->isTemp), 1) ){
    goto exit_create_index;
  }

  /* If this index is created while re-reading the schema from sqlite_master
  ** but the table associated with this index is a temporary table, it can
  ** only mean that the table that this index is really associated with is
  ** one whose name is hidden behind a temporary table with the same name.
  ** Since its table has been suppressed, we need to also suppress the
  ** index.

    for(pLoop=pTab->pIndex, n=1; pLoop; pLoop=pLoop->pNext, n++){}
    sprintf(zBuf,"%d)",n);
    zName = 0;
    sqliteSetString(&zName, "(", pTab->zName, " autoindex ", zBuf, 0);
    if( zName==0 ) goto exit_create_index;
    hideName = sqliteFindIndex(db, zName)!=0;
  }














  /* If pList==0, it means this routine was called to make a primary
  ** key out of the last column added to the table under construction.
  ** So create a fake list to simulate this.
  */
  if( pList==0 ){
    nullId.z = pTab->aCol[pTab->nCol-1].zName;

  }
  if( pIndex->autoIndex ){
    sqliteSetString(&pParse->zErrMsg, "index associated with UNIQUE "
      "or PRIMARY KEY constraint cannot be dropped", 0);
    pParse->nErr++;
    return;
  }



  if( sqliteAuthDelete(pParse, SCHEMA_TABLE(pIndex->pTable->isTemp), 1) ){

    return;
  }







  /* Generate code to remove the index and from the master table */
  v = sqliteGetVdbe(pParse);
  if( v ){
    static VdbeOp dropIndex[] = {
      { OP_Rewind,     0, ADDR(9), 0}, 
      { OP_String,     0, 0,       0}, /* 1 */

  sqlite *db = pParse->db;

  zTab = sqliteTableNameFromToken(pTableName);
  if( sqlite_malloc_failed || zTab==0 ) goto copy_cleanup;
  pTab = sqliteTableNameToTable(pParse, zTab);
  sqliteFree(zTab);
  if( pTab==0 ) goto copy_cleanup;
  if( sqliteAuthInsert(pParse, zTab, 0) ){
    goto copy_cleanup;
  }
  if( sqliteAuthCommand(pParse, "COPY", zTab) ){
    goto copy_cleanup;
  }
  v = sqliteGetVdbe(pParse);
  if( v ){
    int openOp;
    sqliteBeginWriteOperation(pParse, 1, pTab->isTemp);
    addr = sqliteVdbeAddOp(v, OP_FileOpen, 0, 0);

** Begin a transaction
*/
void sqliteBeginTransaction(Parse *pParse, int onError){
  sqlite *db;

  if( pParse==0 || (db=pParse->db)==0 || db->pBe==0 ) return;
  if( pParse->nErr || sqlite_malloc_failed ) return;
  if( sqliteAuthCommand(pParse, "BEGIN", "") ) return;
  if( db->flags & SQLITE_InTrans ){
    pParse->nErr++;
    sqliteSetString(&pParse->zErrMsg, "cannot start a transaction "
       "within a transaction", 0);
    return;
  }
  sqliteBeginWriteOperation(pParse, 0, 0);
  db->flags |= SQLITE_InTrans;
  db->onError = onError;
}

/*
** Commit a transaction
*/
void sqliteCommitTransaction(Parse *pParse){
  sqlite *db;

  if( pParse==0 || (db=pParse->db)==0 || db->pBe==0 ) return;
  if( pParse->nErr || sqlite_malloc_failed ) return;
  if( sqliteAuthCommand(pParse, "COMMIT", "") ) return;
  if( (db->flags & SQLITE_InTrans)==0 ){
    pParse->nErr++;
    sqliteSetString(&pParse->zErrMsg, 
       "cannot commit - no transaction is active", 0);
    return;
  }
  db->flags &= ~SQLITE_InTrans;
  sqliteEndWriteOperation(pParse);
  db->onError = OE_Default;
}

/*
** Rollback a transaction
*/
void sqliteRollbackTransaction(Parse *pParse){
  sqlite *db;
  Vdbe *v;

  if( pParse==0 || (db=pParse->db)==0 || db->pBe==0 ) return;
  if( pParse->nErr || sqlite_malloc_failed ) return;
  if( sqliteAuthCommand(pParse, "ROLLBACK", "") ) return;
  if( (db->flags & SQLITE_InTrans)==0 ){
    pParse->nErr++;
    sqliteSetString(&pParse->zErrMsg,
       "cannot rollback - no transaction is active", 0);
    return; 
  }
  v = sqliteGetVdbe(pParse);

  if( minusFlag ){
    zRight = 0;
    sqliteSetNString(&zRight, "-", 1, pRight->z, pRight->n, 0);
  }else{
    zRight = sqliteStrNDup(pRight->z, pRight->n);
    sqliteDequote(zRight);
  }
  if( sqliteAuthCommand(pParse, "PRAGMA", zLeft) ) return;
 
  /*
  **  PRAGMA default_cache_size
  **  PRAGMA default_cache_size=N
  **
  ** The first form reports the current persistent setting for the
  ** page cache size.  The value returned is the maximum number of

**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains C code routines that are called by the parser
** to handle DELETE FROM statements.
**
** $Id: delete.c,v 1.44 2003/01/12 18:02:18 drh Exp $
*/
#include "sqliteInt.h"


/*
** Given a table name, find the corresponding table and make sure the
** table is writeable.  Generate an error and return NULL if not.  If

  int base;              /* Index of the first available table cursor */
  sqlite *db;            /* Main database structure */
  int openOp;            /* Opcode used to open a cursor to the table */

  int row_triggers_exist = 0;
  int oldIdx = -1;

  if( pParse->nErr || sqlite_malloc_failed
          || sqliteAuthCommand(pParse,"DELETE",0) ){
    pTabList = 0;
    goto delete_from_cleanup;
  }
  db = pParse->db;

  /* Check for the special case of a VIEW with one or more ON DELETE triggers 
  ** defined 

  ** an SrcList* parameter instead of just a Table* parameter.
  */
  pTabList = sqliteTableTokenToSrcList(pParse, pTableName);
  if( pTabList==0 ) goto delete_from_cleanup;
  assert( pTabList->nSrc==1 );
  pTab = pTabList->a[0].pTab;
  assert( pTab->pSelect==0 );  /* This table is not a view */

  if( sqliteAuthDelete(pParse, pTab->zName, 0) ) goto delete_from_cleanup;


  /* Allocate a cursor used to store the old.* data for a trigger.
  */
  if( row_triggers_exist ){ 
    oldIdx = pParse->nTab++;
  }

**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains C code routines that are called by the parser
** to handle INSERT statements in SQLite.
**
** $Id: insert.c,v 1.70 2003/01/12 19:33:53 drh Exp $
*/
#include "sqliteInt.h"

/*
** This routine is call to handle SQL of the following forms:
**
**    insert into TABLE (IDLIST) values(EXPRLIST)

  int iInsertBlock;     /* Address of the subroutine used to insert data */
  int iCntMem;          /* Memory cell used for the row counter */

  int row_triggers_exist = 0; /* True if there are FOR EACH ROW triggers */
  int newIdx = -1;

  if( pParse->nErr || sqlite_malloc_failed ) goto insert_cleanup;
  if( sqliteAuthCommand(pParse, "INSERT", 0) ) goto insert_cleanup;
  db = pParse->db;

  /* Locate the table into which we will be inserting new information.
  */
  zTab = sqliteTableNameFromToken(pTableName);
  if( zTab==0 ) goto insert_cleanup;
  pTab = sqliteFindTable(pParse->db, zTab);
  if( pTab==0 ){
    sqliteSetString(&pParse->zErrMsg, "no such table: ", zTab, 0);
    pParse->nErr++;
    goto insert_cleanup;
  }
  if( sqliteAuthInsert(pParse, zTab, 0) ){
    goto insert_cleanup;
  }

  /* Ensure that:
  *  (a) the table is not read-only, 
  *  (b) that if it is a view then ON INSERT triggers exist
  */

**
*************************************************************************
** This file contains SQLite's grammar for SQL.  Process this file
** using the lemon parser generator to generate C code that runs
** the parser.  Lemon will also generate a header file containing
** numeric codes for all of the tokens.
**
** @(#) $Id: parse.y,v 1.86 2003/01/07 02:47:48 drh Exp $
*/
%token_prefix TK_
%token_type {Token}
%default_type {Token}
%extra_argument {Parse *pParse}
%syntax_error {
  sqliteSetString(&pParse->zErrMsg,"syntax error",0);

cmd ::= END trans_opt.         {sqliteCommitTransaction(pParse);}
cmd ::= ROLLBACK trans_opt.    {sqliteRollbackTransaction(pParse);}

///////////////////// The CREATE TABLE statement ////////////////////////////
//
cmd ::= create_table create_table_args.
create_table ::= CREATE(X) temp(T) TABLE nm(Y). {
   sqliteStartTable(pParse,&X,&Y,T);
}
%type temp {int}
temp(A) ::= TEMP.  {A = pParse->isTemp || !pParse->initFlag;}
temp(A) ::= .      {A = pParse->isTemp;}
create_table_args ::= LP columnlist conslist_opt RP(X). {
  sqliteEndTable(pParse,&X,0);
}

**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains C code routines that are called by the parser
** to handle SELECT statements in SQLite.
**
** $Id: select.c,v 1.120 2003/01/12 18:02:18 drh Exp $
*/
#include "sqliteInt.h"


/*
** Allocate a new Select structure and return a pointer to that
** structure.

  Expr *pHaving;         /* The HAVING clause.  May be NULL */
  int isDistinct;        /* True if the DISTINCT keyword is present */
  int distinct;          /* Table to use for the distinct set */
  int base;              /* First cursor available for use */
  int rc = 1;            /* Value to return from this function */

  if( sqlite_malloc_failed || pParse->nErr || p==0 ) return 1;
  if( sqliteAuthCommand(pParse, "SELECT", 0) ) return 1;

  /* If there is are a sequence of queries, do the earlier ones first.
  */
  if( p->pPrior ){
    return multiSelect(pParse, p, eDest, iParm);
  }

**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This header file defines the interface that the SQLite library
** presents to client programs.
**
** @(#) $Id: sqlite.h.in,v 1.36 2003/01/12 18:02:18 drh Exp $
*/
#ifndef _SQLITE_H_
#define _SQLITE_H_
#include <stdarg.h>     /* Needed for the definition of va_list */

/*
** The version of the SQLite library.

** in the database.  The callback returns SQLITE_OK if access is allowed,
** SQLITE_DENY if the entire SQL statement should be aborted with an error
** and SQLITE_IGNORE if the column should be treated as a NULL value.
*/
int sqlite_set_authorizer(
  sqlite*,
  int (*xAuth)(void*,int,const char*,const char*),
  void*
);

/*
** The second parameter to the access authorization function above will
** be one of these values:





*/
#define SQLITE_READ_COLUMN   1  /* Is it OK to read the specified column?     */
#define SQLITE_WRITE_COLUMN  2  /* Is it OK to update the specified column?   */







#define SQLITE_DELETE_ROW    3  /* Is it OK to delete a row from the table?   */








#define SQLITE_INSERT_ROW    4  /* Is it OK to insert a new row in the table? */
#define SQLITE_COMMAND       5  /* Is it OK to execute a particular command?  */





/*
** The return value of the authorization function should be one of the
** following constants:
*/
/* #define SQLITE_OK  0   // Allow access (This is actually defined above) */
#define SQLITE_DENY   1   /* Abort the SQL statement with an error */

/*
** 2001 September 15
**
** The author disclaims copyright to this source code.  In place of
** a legal notice, here is a blessing:
**
**    May you do good and not evil.
**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** Internal interface definitions for SQLite.
**
** @(#) $Id: sqliteInt.h,v 1.153 2003/01/12 18:02:18 drh Exp $
*/
#include "config.h"
#include "sqlite.h"
#include "hash.h"
#include "vdbe.h"
#include "parse.h"
#include "btree.h"

void sqliteResetInternalSchema(sqlite*);
int sqliteInit(sqlite*, char**);
void sqliteBeginParse(Parse*,int);
void sqliteRollbackInternalChanges(sqlite*);
void sqliteCommitInternalChanges(sqlite*);
Table *sqliteResultSetOfSelect(Parse*,char*,Select*);
void sqliteOpenMasterTable(Vdbe *v, int);
void sqliteStartTable(Parse*,Token*,Token*,int);
void sqliteAddColumn(Parse*,Token*);
void sqliteAddNotNull(Parse*, int);
void sqliteAddPrimaryKey(Parse*, IdList*, int);
void sqliteAddColumnType(Parse*,Token*,Token*);
void sqliteAddDefaultValue(Parse*,Token*,int);
int sqliteCollateType(Parse*, Token*);
void sqliteAddCollateType(Parse*, int);

TriggerStep *sqliteTriggerDeleteStep(Token*, Expr*);
void sqliteDeleteTrigger(Trigger*);
int sqliteJoinType(Parse*, Token*, Token*, Token*);
void sqliteCreateForeignKey(Parse*, IdList*, Token*, IdList*, int);
void sqliteDeferForeignKey(Parse*, int);
#ifndef SQLITE_OMIT_AUTHORIZATION
  void sqliteAuthRead(Parse*,Expr*,SrcList*,int);
  int sqliteAuthDelete(Parse*,const char*, int);
  int sqliteAuthInsert(Parse*,const char*, int);
  int sqliteAuthCommand(Parse*,const char*,const char*);
#else
# define sqliteAuthRead(a,b,c,d)
# define sqliteAuthDelete(a,b,c)     SQLITE_OK
# define sqliteAuthInsert(a,b,c)     SQLITE_OK
# define sqliteAuthWrite(a,b,c)      SQLITE_OK
# define sqliteAuthCommand(a,b,c)    SQLITE_OK
#endif

**    May you share freely, never taking more than you give.
**
*************************************************************************
** Code for testing the printf() interface to SQLite.  This code
** is not included in the SQLite library.  It is used for automated
** testing of the SQLite library.
**
** $Id: test1.c,v 1.15 2003/01/12 18:02:19 drh Exp $
*/
#include "sqliteInt.h"
#include "tcl.h"
#include <stdlib.h>
#include <string.h>

/*

  const char *zArg2
){
  char *zCode;
  Tcl_DString str;
  int rc;
  const char *zReply;
  switch( code ){
    case SQLITE_READ_COLUMN:   zCode="SQLITE_READ_COLUMN";  break;








    case SQLITE_WRITE_COLUMN:  zCode="SQLITE_WRITE_COLUMN"; break;








    case SQLITE_INSERT_ROW:    zCode="SQLITE_INSERT_ROW";   break;
    case SQLITE_DELETE_ROW:    zCode="SQLITE_DELETE_ROW";   break;
    case SQLITE_COMMAND:       zCode="SQLITE_COMMAND";      break;



    default:                   zCode="unknown code";        break;
  }
  Tcl_DStringInit(&str);
  Tcl_DStringAppend(&str, authInfo.zCmd, -1);
  Tcl_DStringAppendElement(&str, zCode);
  Tcl_DStringAppendElement(&str, zArg1);
  Tcl_DStringAppendElement(&str, zArg2 ? zArg2 : "");
  rc = Tcl_GlobalEval(authInfo.interp, Tcl_DStringValue(&str));
  Tcl_DStringFree(&str);
  zReply = Tcl_GetStringResult(authInfo.interp);
  if( strcmp(zReply,"SQLITE_OK")==0 ){
    rc = SQLITE_OK;
  }else if( strcmp(zReply,"SQLITE_DENY")==0 ){

  int foreach,        /* One of TK_ROW or TK_STATEMENT */
  Expr *pWhen,        /* WHEN clause */
  TriggerStep *pStepList, /* The triggered program */
  Token *pAll             /* Token that describes the complete CREATE TRIGGER */
){
  Trigger *nt;
  Table   *tab;

  if( sqliteAuthCommand(pParse, "CREATE", "TRIGGER") ) goto trigger_cleanup;

  /* Check that: 
  ** 1. the trigger name does not already exist.
  ** 2. the table (or view) does exist.
  ** 3. that we are not trying to create a trigger on the sqlite_master table
  ** 4. That we are not trying to create an INSTEAD OF trigger on a table.
  ** 5. That we are not trying to create a BEFORE or AFTER trigger on a view.
  */
  {
    char *tmp_str = sqliteStrNDup(pName->z, pName->n);
    if( sqliteHashFind(&(pParse->db->trigHash), tmp_str, pName->n + 1) ){
      sqliteSetNString(&pParse->zErrMsg, "trigger ", -1,
          pName->z, pName->n, " already exists", -1, 0);
      sqliteFree(tmp_str);
      pParse->nErr++;
      goto trigger_cleanup;
    }
    sqliteFree(tmp_str);
  }
  {
    char *tmp_str = sqliteStrNDup(pTableName->z, pTableName->n);
    if( tmp_str==0 ) goto trigger_cleanup;
    tab = sqliteFindTable(pParse->db, tmp_str);
    sqliteFree(tmp_str);
    if( !tab ){

      goto trigger_cleanup;
    }
    if( !tab->pSelect && tr_tm == TK_INSTEAD ){
      sqliteSetNString(&pParse->zErrMsg, "cannot create INSTEAD OF", -1, 
	  " trigger on table: ", -1, pTableName->z, pTableName->n, 0);
      goto trigger_cleanup;
    }




    if( sqliteAuthInsert(pParse, SCHEMA_TABLE(tab->isTemp), 1) ){
      goto trigger_cleanup;
    }


  }

  if (tr_tm == TK_INSTEAD){
    tr_tm = TK_BEFORE;
  }

  /* Build the Trigger object */
  nt = (Trigger*)sqliteMalloc(sizeof(Trigger));
  if( nt==0 ) goto trigger_cleanup;
  nt->name = sqliteStrNDup(pName->z, pName->n);

  nt->table = sqliteStrNDup(pTableName->z, pTableName->n);
  if( sqlite_malloc_failed ) goto trigger_cleanup;
  nt->op = op;
  nt->tr_tm = tr_tm;
  nt->pWhen = sqliteExprDup(pWhen);
  sqliteExprDelete(pWhen);
  nt->pColumns = sqliteIdListDup(pColumns);

    sqliteFree(nt->name);
    sqliteFree(nt->table);
    sqliteFree(nt);
  }

trigger_cleanup:


  sqliteIdListDelete(pColumns);
  sqliteExprDelete(pWhen);
  sqliteDeleteTriggerStep(pStepList);
}

/*
** Make a copy of all components of the given trigger step.  This has

 */
void sqliteDropTrigger(Parse *pParse, Token *pName, int nested){
  char *zName;
  Trigger *pTrigger;
  Table   *pTable;
  Vdbe *v;

  if( sqliteAuthCommand(pParse, "DROP", "TRIGGER") ) return;
  zName = sqliteStrNDup(pName->z, pName->n);

  /* ensure that the trigger being dropped exists */
  pTrigger = sqliteHashFind(&(pParse->db->trigHash), zName, pName->n + 1); 
  if( !pTrigger ){
    sqliteSetNString(&pParse->zErrMsg, "no such trigger: ", -1,
        zName, -1, 0);
    sqliteFree(zName);
    return;
  }
  pTable = sqliteFindTable(pParse->db, pTrigger->table);
  assert(pTable);





  if( sqliteAuthDelete(pParse, SCHEMA_TABLE(pTable->isTemp), 1) ){
    sqliteFree(zName);
    return;
  }



  /*
   * If this is not an "explain", then delete the trigger structure.
   */
  if( !pParse->explain ){
    if( pTable->pTrigger == pTrigger ){
      pTable->pTrigger = pTrigger->pNext;

**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains C code routines that are called by the parser
** to handle UPDATE statements.
**
** $Id: update.c,v 1.52 2003/01/12 18:02:19 drh Exp $
*/
#include "sqliteInt.h"

/*
** Process an UPDATE statement.
*/
void sqliteUpdate(

  int row_triggers_exist = 0;

  int newIdx      = -1;  /* index of trigger "new" temp table       */
  int oldIdx      = -1;  /* index of trigger "old" temp table       */

  if( pParse->nErr || sqlite_malloc_failed ) goto update_cleanup;
  if( sqliteAuthCommand(pParse, "UPDATE", 0) ) goto update_cleanup;
  db = pParse->db;

  /* Check for the special case of a VIEW with one or more ON UPDATE triggers 
   * defined 
   */
  {
    char *zTab = sqliteTableNameFromToken(pTableName);

    if( j>=pTab->nCol ){
      sqliteSetString(&pParse->zErrMsg, "no such column: ", 
         pChanges->a[i].zName, 0);
      pParse->nErr++;
      goto update_cleanup;
    }
#ifndef SQLITE_OMIT_AUTHORIZATION






    if( sqliteAuthWrite(pParse, pTab, j)==SQLITE_IGNORE ){
      aXRef[j] = -1;

    }
#endif
  }

  /* Allocate memory for the array apIdx[] and fill it with pointers to every
  ** index that needs to be updated.  Indices only need updating if their
  ** key includes one of the columns named in pChanges or if the record

# 2003 January 12
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
# This file implements regression tests for SQLite library.  The
# focus of this script testing the sqlite_set_authorizer() API.
#
# $Id: auth.test,v 1.1 2003/01/12 19:33:54 drh Exp $
#

set testdir [file dirname $argv0]
source $testdir/tester.tcl

if {[info command sqlite_set_authorizer]!=""} {

do_test auth-1.1 {
  db close
  set ::DB [sqlite db test.db]
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_INSERT_ROW" 
          && [string compare -nocase $arg1 sqlite_master]==0} {
      return SQLITE_DENY
    }
    return SQLITE_OK
  }
  sqlite_set_authorizer $::DB ::auth
  catchsql {CREATE TABLE t1(a,b,c)}
















} {1 {insertion into table sqlite_master is prohibited}}
do_test auth-1.2 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_INSERT_ROW" 


























          && [string compare -nocase $arg1 sqlite_master]==0} {
      return SQLITE_IGNORE
    }
    return SQLITE_OK
  }
  catchsql {CREATE TABLE t1(a,b,c)}


} {1 {insertion into table sqlite_master is prohibited}}

do_test auth-1.3 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_INSERT_ROW" 
          && [string compare -nocase $arg1 sqlite_master]==0} {
      return SQLITE_OK
    }
    return SQLITE_OK
  }
  catchsql {CREATE TABLE t1(a,b,c)}
} {0 {}}
do_test auth-1.4 {
  execsql {SELECT name FROM sqlite_master}
} {t1}
do_test auth-1.5 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_INSERT_ROW" 
          && [string compare -nocase $arg1 sqlite_master]==0} {
      return BOGUS
    }
    return SQLITE_OK
  }
  catchsql {CREATE TABLE t2(a,b,c)}
} {1 {illegal return value (1) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY}}
do_test auth-1.6 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_DELETE_ROW" 
          && [string compare -nocase $arg1 sqlite_master]==0} {
      return SQLITE_DENY
    }
    return SQLITE_OK
  }
  catchsql {DROP TABLE t1}
} {1 {deletion from table sqlite_master is prohibited}}
do_test auth-1.7 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_DELETE_ROW" 
          && [string compare -nocase $arg1 sqlite_master]==0} {
      return SQLITE_IGNORE
    }
    return SQLITE_OK
  }
  catchsql {DROP TABLE t1}
} {1 {deletion from table sqlite_master is prohibited}}
do_test auth-1.8 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_INSERT_ROW" 
          && [string compare -nocase $arg1 t1]==0} {
      return SQLITE_DENY
    }
    return SQLITE_OK
  }
  catchsql {INSERT INTO t1 VALUES(1,2,3)}
} {1 {insertion into table t1 is prohibited}}
do_test auth-1.9 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_INSERT_ROW" 
          && [string compare -nocase $arg1 t1]==0} {
      return SQLITE_IGNORE
    }
    return SQLITE_OK
  }
  catchsql {INSERT INTO t1 VALUES(1,2,3)}
} {0 {}}
do_test auth-1.10 {
  execsql {SELECT * FROM t1}
} {}
do_test auth-1.11 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_INSERT_ROW" 
          && [string compare -nocase $arg1 t1]==0} {
      return SQLITE_OK
    }
    return SQLITE_OK
  }
  catchsql {INSERT INTO t1 VALUES(1,2,3)}
} {0 {}}
do_test auth-1.12 {
  execsql {SELECT * FROM t1}
} {1 2 3}
do_test auth-1.13 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_DELETE_ROW" 
          && [string compare -nocase $arg1 t1]==0} {
      return SQLITE_DENY
    }
    return SQLITE_OK
  }
  catchsql {DELETE FROM t1 WHERE a=1}
} {1 {deletion from table t1 is prohibited}}
do_test auth-1.14 {
  execsql {SELECT * FROM t1}
} {1 2 3}
do_test auth-1.15 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_DELETE_ROW" 
          && [string compare -nocase $arg1 t1]==0} {
      return SQLITE_IGNORE
    }
    return SQLITE_OK
  }
  catchsql {DELETE FROM t1 WHERE a=1}
} {0 {}}
do_test auth-1.16 {
  execsql {SELECT * FROM t1}
} {1 2 3}
do_test auth-1.17 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_READ_COLUMN" 
          && [string compare -nocase $arg1 t1]==0
          && [string compare -nocase $arg2 a]==0} {
      return SQLITE_DENY
    }
    return SQLITE_OK
  }
  catchsql {SELECT * FROM t1}
} {1 {access to t1.a is prohibited}}
do_test auth-1.18 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_READ_COLUMN" 
          && [string compare -nocase $arg1 t1]==0
          && [string compare -nocase $arg2 a]==0} {
      return SQLITE_IGNORE
    }
    return SQLITE_OK
  }
  catchsql {SELECT * FROM t1}
} {0 {{} 2 3}}
do_test auth-1.19 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_WRITE_COLUMN" 
          && [string compare -nocase $arg1 t1]==0
          && [string compare -nocase $arg2 a]==0} {
      return SQLITE_DENY
    }
    return SQLITE_OK
  }
  catchsql {UPDATE t1 SET a=11 WHERE a=1}
} {1 {changes to t1.a are prohibited}}
do_test auth-1.20 {
  execsql {SELECT * FROM t1}
} {1 2 3}
do_test auth-1.21 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_WRITE_COLUMN" 
          && [string compare -nocase $arg1 t1]==0
          && [string compare -nocase $arg2 a]==0} {
      return SQLITE_DENY
    }
    return SQLITE_OK
  }
  catchsql {UPDATE t1 SET b=12 WHERE a=1}
} {0 {}}
do_test auth-1.22 {
  execsql {SELECT * FROM t1}
} {1 12 3}
do_test auth-1.23 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_WRITE_COLUMN" 
          && [string compare -nocase $arg1 t1]==0
          && [string compare -nocase $arg2 a]==0} {
      return SQLITE_IGNORE
    }
    return SQLITE_OK
  }
  catchsql {UPDATE t1 SET a=11, b=22 WHERE a=1}
} {0 {}}
do_test auth-1.24 {
  execsql {SELECT * FROM t1}
} {1 22 3}
do_test auth-1.25 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_WRITE_COLUMN" 
          && [string compare -nocase $arg1 t1]==0
          && [string compare -nocase $arg2 a]==0} {
      return SQLITE_DENY
    }
    return SQLITE_OK
  }
  catchsql {UPDATE t1 SET a=11, b=33 WHERE a=1}
} {1 {changes to t1.a are prohibited}}
do_test auth-1.26 {
  execsql {SELECT * FROM t1}
} {1 22 3}
do_test auth-1.27 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_READ_COLUMN" 
          && [string compare -nocase $arg1 t1]==0
          && [string compare -nocase $arg2 a]==0} {
      return SQLITE_DENY
    }
    return SQLITE_OK
  }
  catchsql {UPDATE t1 SET b=33, c=44 WHERE a=1}
} {1 {access to t1.a is prohibited}}
do_test auth-1.28 {
  execsql {SELECT b, c FROM t1}
} {22 3}
do_test auth-1.29 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_READ_COLUMN" 
          && [string compare -nocase $arg1 t1]==0
          && [string compare -nocase $arg2 a]==0} {
      return SQLITE_IGNORE
    }
    return SQLITE_OK
  }
  catchsql {UPDATE t1 SET b=33, c=44 WHERE a=1}
} {0 {}}
do_test auth-1.30 {
  execsql {SELECT b, c FROM t1}
} {22 3}
do_test auth-1.31 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_READ_COLUMN" 
          && [string compare -nocase $arg1 t1]==0
          && [string compare -nocase $arg2 a]==0} {
      return SQLITE_IGNORE
    }
    return SQLITE_OK
  }
  catchsql {UPDATE t1 SET b=33, c=44 WHERE a IS NULL}
} {0 {}}
do_test auth-1.32 {
  execsql {SELECT b, c FROM t1}
} {33 44}

  
} ;# End of the "if( db command exists )"

finish_test