SQLite

Check-in [ff10d2c7de]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add test cases and assert() statements to ensure that the authorizer is being called as expected from within ALTER TABLE.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: ff10d2c7de430c88167b1e6e4f5307eee5d69e22c8d24b2ef4fcb3aea25a92e1
User & Date: dan 2018-10-06 13:46:22.771
Context
2018-10-06
14:38
Fix the ".help -all" option in the command-line shell. (check-in: aac8f1dff0 user: drh tags: trunk)
14:33
Ensure each ALTER TABLE statement makes just a single SQLITE_ALTER_TABLE call to the authorizer function. (Leaf check-in: dac285474a user: dan tags: alter-auth-callbacks)
13:46
Add test cases and assert() statements to ensure that the authorizer is being called as expected from within ALTER TABLE. (check-in: ff10d2c7de user: dan tags: trunk)
2018-10-05
15:10
Changes to geopoly to silience false-positive warnings coming out of clang. (check-in: 11d9015f31 user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/auth.c.
147
148
149
150
151
152
153

154
155
156
157
158
159
160
  Table *pTab = 0;      /* The table being read */
  const char *zCol;     /* Name of the column of the table */
  int iSrc;             /* Index in pTabList->a[] of table being read */
  int iDb;              /* The index of the database the expression refers to */
  int iCol;             /* Index of column in table */

  assert( pExpr->op==TK_COLUMN || pExpr->op==TK_TRIGGER );

  if( db->xAuth==0 ) return;
  iDb = sqlite3SchemaToIndex(pParse->db, pSchema);
  if( iDb<0 ){
    /* An attempt to read a column out of a subquery or other
    ** temporary table. */
    return;
  }







>







147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
  Table *pTab = 0;      /* The table being read */
  const char *zCol;     /* Name of the column of the table */
  int iSrc;             /* Index in pTabList->a[] of table being read */
  int iDb;              /* The index of the database the expression refers to */
  int iCol;             /* Index of column in table */

  assert( pExpr->op==TK_COLUMN || pExpr->op==TK_TRIGGER );
  assert( !IN_RENAME_OBJECT || db->xAuth==0 );
  if( db->xAuth==0 ) return;
  iDb = sqlite3SchemaToIndex(pParse->db, pSchema);
  if( iDb<0 ){
    /* An attempt to read a column out of a subquery or other
    ** temporary table. */
    return;
  }
203
204
205
206
207
208
209

210
211
212
213
214
215
216
){
  sqlite3 *db = pParse->db;
  int rc;

  /* Don't do any authorization checks if the database is initialising
  ** or if the parser is being invoked from within sqlite3_declare_vtab.
  */

  if( db->init.busy || IN_SPECIAL_PARSE ){
    return SQLITE_OK;
  }

  if( db->xAuth==0 ){
    return SQLITE_OK;
  }







>







204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
){
  sqlite3 *db = pParse->db;
  int rc;

  /* Don't do any authorization checks if the database is initialising
  ** or if the parser is being invoked from within sqlite3_declare_vtab.
  */
  assert( !IN_RENAME_OBJECT || db->xAuth==0 );
  if( db->init.busy || IN_SPECIAL_PARSE ){
    return SQLITE_OK;
  }

  if( db->xAuth==0 ){
    return SQLITE_OK;
  }
Added test/alterauth2.test.




































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# 2018 October 6
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#*************************************************************************
#

set testdir [file dirname $argv0]

source $testdir/tester.tcl

# If SQLITE_OMIT_ALTERTABLE is defined, omit this file.
ifcapable !altertable {
  finish_test
  return
}
set testprefix alterauth2

set ::auth [list]
proc xAuth {type args} {
  lappend ::auth [concat $type [lrange $args 0 3]]
  if {$type=="SQLITE_READ" && [lindex $args 0] == "t2"} breakpoint
  return SQLITE_OK
}
db auth xAuth

proc do_auth_test {tn sql authcode} {
  set script "
    set ::auth \[list\]
    execsql {$sql}
    lsort -unique \[set ::auth\]
  "

  set normal [list {*}$authcode]
  uplevel [list do_test $tn $script $normal]
}

do_execsql_test 1.0 { 
  CREATE TABLE t1(a, b, c); 
  CREATE VIEW v1 AS SELECT * FROM t1;
  CREATE TRIGGER tr1 AFTER INSERT ON t1 BEGIN
    DELETE FROM t1 WHERE a<new.a;
  END;

  CREATE TEMP TRIGGER tr2 AFTER UPDATE OF a, b ON t1 BEGIN
    UPDATE t1 SET a=a+1 WHERE new.b<b;
  END;
}

do_auth_test 1.1 {
  ALTER TABLE t1 RENAME TO t2;
} {
    {SQLITE_ALTER_TABLE main t1 {} {}} 
    {SQLITE_FUNCTION {} like {} {}} 
  {SQLITE_FUNCTION {} sqlite_rename_table {} {}} 
  {SQLITE_FUNCTION {} sqlite_rename_test {} {}} 
    {SQLITE_FUNCTION {} substr {} {}} 
    {SQLITE_READ sqlite_master name main {}} 
    {SQLITE_READ sqlite_master sql main {}} 
    {SQLITE_READ sqlite_master tbl_name main {}} 
    {SQLITE_READ sqlite_master type main {}} 
  {SQLITE_READ sqlite_temp_master name temp {}} 
  {SQLITE_READ sqlite_temp_master sql temp {}} 
  {SQLITE_READ sqlite_temp_master tbl_name temp {}} 
  {SQLITE_READ sqlite_temp_master type temp {}} 
  {SQLITE_SELECT {} {} {} {}} 
    {SQLITE_UPDATE sqlite_master name main {}} 
    {SQLITE_UPDATE sqlite_master sql main {}} 
    {SQLITE_UPDATE sqlite_master tbl_name main {}} 
  {SQLITE_UPDATE sqlite_temp_master sql temp {}} 
  {SQLITE_UPDATE sqlite_temp_master tbl_name temp {}}
}

do_auth_test 1.2 {
  ALTER TABLE t2 RENAME a TO aaa;
} {
  {SQLITE_ALTER_TABLE main t2 {} {}} 
  {SQLITE_FUNCTION {} like {} {}} 
  {SQLITE_FUNCTION {} sqlite_rename_column {} {}} 
  {SQLITE_FUNCTION {} sqlite_rename_test {} {}} 
  {SQLITE_READ sqlite_master name main {}} 
  {SQLITE_READ sqlite_master sql main {}} 
  {SQLITE_READ sqlite_master tbl_name main {}} 
  {SQLITE_READ sqlite_master type main {}} 
  {SQLITE_READ sqlite_temp_master name temp {}} 
  {SQLITE_READ sqlite_temp_master sql temp {}} 
  {SQLITE_READ sqlite_temp_master type temp {}} 
  {SQLITE_SELECT {} {} {} {}} 
  {SQLITE_UPDATE sqlite_master sql main {}} 
  {SQLITE_UPDATE sqlite_temp_master sql temp {}}
}

finish_test