/ Check-in [ff10d2c7]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add test cases and assert() statements to ensure that the authorizer is being called as expected from within ALTER TABLE.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: ff10d2c7de430c88167b1e6e4f5307eee5d69e22c8d24b2ef4fcb3aea25a92e1
User & Date: dan 2018-10-06 13:46:22
Context
2018-10-06
14:38
Fix the ".help -all" option in the command-line shell. check-in: aac8f1df user: drh tags: trunk
14:33
Ensure each ALTER TABLE statement makes just a single SQLITE_ALTER_TABLE call to the authorizer function. Leaf check-in: dac28547 user: dan tags: alter-auth-callbacks
13:46
Add test cases and assert() statements to ensure that the authorizer is being called as expected from within ALTER TABLE. check-in: ff10d2c7 user: dan tags: trunk
2018-10-05
15:10
Changes to geopoly to silience false-positive warnings coming out of clang. check-in: 11d9015f user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/auth.c.

147
148
149
150
151
152
153

154
155
156
157
158
159
160
...
203
204
205
206
207
208
209

210
211
212
213
214
215
216
  Table *pTab = 0;      /* The table being read */
  const char *zCol;     /* Name of the column of the table */
  int iSrc;             /* Index in pTabList->a[] of table being read */
  int iDb;              /* The index of the database the expression refers to */
  int iCol;             /* Index of column in table */

  assert( pExpr->op==TK_COLUMN || pExpr->op==TK_TRIGGER );

  if( db->xAuth==0 ) return;
  iDb = sqlite3SchemaToIndex(pParse->db, pSchema);
  if( iDb<0 ){
    /* An attempt to read a column out of a subquery or other
    ** temporary table. */
    return;
  }
................................................................................
){
  sqlite3 *db = pParse->db;
  int rc;

  /* Don't do any authorization checks if the database is initialising
  ** or if the parser is being invoked from within sqlite3_declare_vtab.
  */

  if( db->init.busy || IN_SPECIAL_PARSE ){
    return SQLITE_OK;
  }

  if( db->xAuth==0 ){
    return SQLITE_OK;
  }







>







 







>







147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
...
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
  Table *pTab = 0;      /* The table being read */
  const char *zCol;     /* Name of the column of the table */
  int iSrc;             /* Index in pTabList->a[] of table being read */
  int iDb;              /* The index of the database the expression refers to */
  int iCol;             /* Index of column in table */

  assert( pExpr->op==TK_COLUMN || pExpr->op==TK_TRIGGER );
  assert( !IN_RENAME_OBJECT || db->xAuth==0 );
  if( db->xAuth==0 ) return;
  iDb = sqlite3SchemaToIndex(pParse->db, pSchema);
  if( iDb<0 ){
    /* An attempt to read a column out of a subquery or other
    ** temporary table. */
    return;
  }
................................................................................
){
  sqlite3 *db = pParse->db;
  int rc;

  /* Don't do any authorization checks if the database is initialising
  ** or if the parser is being invoked from within sqlite3_declare_vtab.
  */
  assert( !IN_RENAME_OBJECT || db->xAuth==0 );
  if( db->init.busy || IN_SPECIAL_PARSE ){
    return SQLITE_OK;
  }

  if( db->xAuth==0 ){
    return SQLITE_OK;
  }

Added test/alterauth2.test.





































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# 2018 October 6
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#*************************************************************************
#

set testdir [file dirname $argv0]

source $testdir/tester.tcl

# If SQLITE_OMIT_ALTERTABLE is defined, omit this file.
ifcapable !altertable {
  finish_test
  return
}
set testprefix alterauth2

set ::auth [list]
proc xAuth {type args} {
  lappend ::auth [concat $type [lrange $args 0 3]]
  if {$type=="SQLITE_READ" && [lindex $args 0] == "t2"} breakpoint
  return SQLITE_OK
}
db auth xAuth

proc do_auth_test {tn sql authcode} {
  set script "
    set ::auth \[list\]
    execsql {$sql}
    lsort -unique \[set ::auth\]
  "

  set normal [list {*}$authcode]
  uplevel [list do_test $tn $script $normal]
}

do_execsql_test 1.0 { 
  CREATE TABLE t1(a, b, c); 
  CREATE VIEW v1 AS SELECT * FROM t1;
  CREATE TRIGGER tr1 AFTER INSERT ON t1 BEGIN
    DELETE FROM t1 WHERE a<new.a;
  END;

  CREATE TEMP TRIGGER tr2 AFTER UPDATE OF a, b ON t1 BEGIN
    UPDATE t1 SET a=a+1 WHERE new.b<b;
  END;
}

do_auth_test 1.1 {
  ALTER TABLE t1 RENAME TO t2;
} {
    {SQLITE_ALTER_TABLE main t1 {} {}} 
    {SQLITE_FUNCTION {} like {} {}} 
  {SQLITE_FUNCTION {} sqlite_rename_table {} {}} 
  {SQLITE_FUNCTION {} sqlite_rename_test {} {}} 
    {SQLITE_FUNCTION {} substr {} {}} 
    {SQLITE_READ sqlite_master name main {}} 
    {SQLITE_READ sqlite_master sql main {}} 
    {SQLITE_READ sqlite_master tbl_name main {}} 
    {SQLITE_READ sqlite_master type main {}} 
  {SQLITE_READ sqlite_temp_master name temp {}} 
  {SQLITE_READ sqlite_temp_master sql temp {}} 
  {SQLITE_READ sqlite_temp_master tbl_name temp {}} 
  {SQLITE_READ sqlite_temp_master type temp {}} 
  {SQLITE_SELECT {} {} {} {}} 
    {SQLITE_UPDATE sqlite_master name main {}} 
    {SQLITE_UPDATE sqlite_master sql main {}} 
    {SQLITE_UPDATE sqlite_master tbl_name main {}} 
  {SQLITE_UPDATE sqlite_temp_master sql temp {}} 
  {SQLITE_UPDATE sqlite_temp_master tbl_name temp {}}
}

do_auth_test 1.2 {
  ALTER TABLE t2 RENAME a TO aaa;
} {
  {SQLITE_ALTER_TABLE main t2 {} {}} 
  {SQLITE_FUNCTION {} like {} {}} 
  {SQLITE_FUNCTION {} sqlite_rename_column {} {}} 
  {SQLITE_FUNCTION {} sqlite_rename_test {} {}} 
  {SQLITE_READ sqlite_master name main {}} 
  {SQLITE_READ sqlite_master sql main {}} 
  {SQLITE_READ sqlite_master tbl_name main {}} 
  {SQLITE_READ sqlite_master type main {}} 
  {SQLITE_READ sqlite_temp_master name temp {}} 
  {SQLITE_READ sqlite_temp_master sql temp {}} 
  {SQLITE_READ sqlite_temp_master type temp {}} 
  {SQLITE_SELECT {} {} {} {}} 
  {SQLITE_UPDATE sqlite_master sql main {}} 
  {SQLITE_UPDATE sqlite_temp_master sql temp {}}
}

finish_test