SQLite4  Check-in [555f0c788d]

/*
** 2003 January 11
**
** The author disclaims copyright to this source code.  In place of
** a legal notice, here is a blessing:
**
**    May you do good and not evil.
**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains code used to implement the sqlite4_set_authorizer()
** API.  This facility is an optional feature of the library.  Embedded
** systems that do not need this facility may omit it by recompiling
** the library with -DSQLITE4_OMIT_AUTHORIZATION=1
*/
#include "sqliteInt.h"

/*
** All of the code in this file may be omitted by defining a single
** macro.
*/
#ifndef SQLITE4_OMIT_AUTHORIZATION

/*
** Set or clear the access authorization function.


**
** The access authorization function is be called during the compilation
** phase to verify that the user has read and/or write access permission on
** various fields of the database.  The first argument to the auth function
** is a copy of the 3rd argument to this routine.  The second argument
** to the auth function is one of these constants:
**
**       SQLITE4_CREATE_INDEX

**       SQLITE4_CREATE_TABLE
**       SQLITE4_CREATE_TEMP_INDEX
**       SQLITE4_CREATE_TEMP_TABLE
**       SQLITE4_CREATE_TEMP_TRIGGER

**       SQLITE4_CREATE_TEMP_VIEW
**       SQLITE4_CREATE_TRIGGER
**       SQLITE4_CREATE_VIEW
**       SQLITE4_DELETE
**       SQLITE4_DROP_INDEX
**       SQLITE4_DROP_TABLE
**       SQLITE4_DROP_TEMP_INDEX
**       SQLITE4_DROP_TEMP_TABLE
**       SQLITE4_DROP_TEMP_TRIGGER
**       SQLITE4_DROP_TEMP_VIEW
**       SQLITE4_DROP_TRIGGER
**       SQLITE4_DROP_VIEW
**       SQLITE4_INSERT
**       SQLITE4_PRAGMA
**       SQLITE4_READ
**       SQLITE4_SELECT
**       SQLITE4_TRANSACTION
**       SQLITE4_UPDATE
**
** The third and fourth arguments to the auth function are the name of
** the table and the column that are being accessed.  The auth function
** should return either SQLITE4_OK, SQLITE4_DENY, or SQLITE4_IGNORE.  If
** SQLITE4_OK is returned, it means that access is allowed.  SQLITE4_DENY
** means that the SQL statement will never-run - the sqlite4_exec() call
** will return with an error.  SQLITE4_IGNORE means that the SQL statement
** should run but attempts to read the specified column will return NULL
** and attempts to write the column will be ignored.
**
** Setting the auth function to NULL disables this hook.  The default
** setting of the auth function is NULL.
*/
int sqlite4_set_authorizer(
  sqlite4 *db,

  int (*xAuth)(void*,int,const char*,const char*,const char*,const char*),
  void *pArg
){



  sqlite4_mutex_enter(db->mutex);






  db->xAuth = xAuth;


  db->pAuthArg = pArg;
  sqlite4ExpirePreparedStatements(db);


  sqlite4_mutex_leave(db->mutex);
  return SQLITE4_OK;








































}

/*
** Write an error message into pParse->zErrMsg that explains that the
** user-supplied authorization function returned an illegal value.
*/
static void sqliteAuthBadReturnCode(Parse *pParse){
  sqlite4ErrorMsg(pParse, "authorizer malfunction");
  pParse->rc = SQLITE4_ERROR;
}











































/*
** Invoke the authorization callback for permission to read column zCol from
** table zTab in database zDb. This function assumes that an authorization
** callback has been registered (i.e. that sqlite4.xAuth is not NULL).
**
** If SQLITE4_IGNORE is returned and pExpr is not NULL, then pExpr is changed
** to an SQL NULL expression. Otherwise, if pExpr is NULL, then SQLITE4_IGNORE
** is treated as SQLITE4_DENY. In this case an error is left in pParse.
*/
int sqlite4AuthReadCol(
  Parse *pParse,                  /* The parser context */
  const char *zTab,               /* Table name */
  const char *zCol,               /* Column name */
  int iDb                         /* Index of containing database. */
){

  sqlite4 *db = pParse->db;       /* Database handle */
  char *zDb = db->aDb[iDb].zName; /* Name of attached database */
  int rc;                         /* Auth callback return code */

  rc = db->xAuth(db->pAuthArg, SQLITE4_READ, zTab,zCol,zDb,pParse->zAuthContext);
  if( rc==SQLITE4_DENY ){
    if( db->nDb>2 || iDb!=0 ){
      sqlite4ErrorMsg(pParse, "access to %s.%s.%s is prohibited",zDb,zTab,zCol);
    }else{
      sqlite4ErrorMsg(pParse, "access to %s.%s is prohibited", zTab, zCol);
    }
    pParse->rc = SQLITE4_AUTH;
  }else if( rc!=SQLITE4_IGNORE && rc!=SQLITE4_OK ){
    sqliteAuthBadReturnCode(pParse);
  }

  return rc;
}

/*
** The pExpr should be a TK_COLUMN expression.  The table referred to
** is in pTabList or else it is the NEW or OLD table of a trigger.  
** Check to see if it is OK to read this particular column.

  sqlite4 *db = pParse->db;
  Table *pTab = 0;      /* The table being read */
  const char *zCol;     /* Name of the column of the table */
  int iSrc;             /* Index in pTabList->a[] of table being read */
  int iDb;              /* The index of the database the expression refers to */
  int iCol;             /* Index of column in table */

  if( db->xAuth==0 ) return;
  iDb = sqlite4SchemaToIndex(pParse->db, pSchema);
  if( iDb<0 ){
    /* An attempt to read a column out of a subquery or other
    ** temporary table. */
    return;
  }

  /* Don't do any authorization checks if the database is initialising
  ** or if the parser is being invoked from within sqlite4_declare_vtab.
  */
  if( db->init.busy || IN_DECLARE_VTAB ){
    return SQLITE4_OK;
  }

  if( db->xAuth==0 ){
    return SQLITE4_OK;
  }
  rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2, zArg3, pParse->zAuthContext);
  if( rc==SQLITE4_DENY ){
    sqlite4ErrorMsg(pParse, "not authorized");
    pParse->rc = SQLITE4_AUTH;
  }else if( rc!=SQLITE4_OK && rc!=SQLITE4_IGNORE ){
    rc = SQLITE4_DENY;
    sqliteAuthBadReturnCode(pParse);
  }

  return rc;
}

/*
** Push an authorization context.  After this routine is called, the
** zArg3 argument to authorization callbacks will be zContext until
** popped.  Or if pParse==0, this routine is a no-op.

*/
int sqlite4ViewGetColumnNames(Parse *pParse, Table *pTable){
  Table *pSelTab;   /* A fake table from which we get the result set */
  Select *pSel;     /* Copy of the SELECT that implements the view */
  int nErr = 0;     /* Number of errors encountered */
  int n;            /* Temporarily holds the number of cursors assigned */
  sqlite4 *db = pParse->db;  /* Database connection for malloc errors */
  int (*xAuth)(void*,int,const char*,const char*,const char*,const char*);

  assert( pTable );

#ifndef SQLITE4_OMIT_VIRTUALTABLE
  if( sqlite4VtabCallConnect(pParse, pTable) ){
    return SQLITE4_ERROR;
  }

  if( pSel ){
    u8 enableLookaside = db->lookaside.bEnabled;
    n = pParse->nTab;
    sqlite4SrcListAssignCursors(pParse, pSel->pSrc);
    pTable->nCol = -1;
    db->lookaside.bEnabled = 0;
#ifndef SQLITE4_OMIT_AUTHORIZATION
    xAuth = db->xAuth;
    db->xAuth = 0;
    pSelTab = sqlite4ResultSetOfSelect(pParse, pSel);
    db->xAuth = xAuth;
#else
    pSelTab = sqlite4ResultSetOfSelect(pParse, pSel);
#endif
    db->lookaside.bEnabled = enableLookaside;
    pParse->nTab = n;
    if( pSelTab ){
      assert( pTable->aCol==0 );

){
  Index *pRet = 0;     /* Pointer to return */
  Table *pTab = 0;     /* Table to be indexed */
  Index *pIndex = 0;   /* The index to be created */
  char *zName = 0;     /* Name of the index */
  int i, j;
  Token nullId;        /* Fake token for an empty ID list */
  DbFixer sFix;        /* For assigning database names to pTable */
  sqlite4 *db = pParse->db;
  Db *pDb;             /* The specific table containing the indexed database */
  int iDb;             /* Index of the database that is being written */
  Token *pName = 0;    /* Unqualified name of the index to create */
  ExprListItem *pListItem; /* For looping over pList */
  int nExtra = 0;
  char *zExtra;

  assert( pStart==0 || pEnd!=0 ); /* pEnd must be non-NULL if pStart is */

    assert( pName==0 );
    assert( pStart==0 );
    pTab = pParse->pNewTable;
    if( !pTab ) goto exit_create_index;
    iDb = sqlite4SchemaToIndex(db, pTab->pSchema);
  }
  pDb = &db->aDb[iDb];

  assert( pTab!=0 );
  assert( pParse->nErr==0 );
  assert( IsVirtual(pTab)==0 && IsView(pTab)==0 );

  /* If pName==0 it means that we are dealing with a primary key or 
  ** UNIQUE constraint.  We have to invent our own name.  */

      aiCol = &iCol;
    }
#ifndef SQLITE4_OMIT_AUTHORIZATION
    for(i=0; i<pFKey->nCol; i++){
      /* Request permission to read the parent key columns. If the 
      ** authorization callback returns SQLITE4_IGNORE, behave as if any
      ** values read from the parent table are NULL. */
      if( db->xAuth ){
        int rcauth;
        char *zCol = pTo->aCol[pIdx->aiColumn[i]].zName;
        rcauth = sqlite4AuthReadCol(pParse, pTo->zName, zCol, iDb);
        isIgnore = (rcauth==SQLITE4_IGNORE);
      }
    }
#endif

    pParse->nTab++;
    if( regOld!=0 ){
      /* A row is being removed from the child table. Search for the parent.
      ** If the parent does not exist, removing the child row resolves an 

      sqlite4KVStoreClose(pDb->pKV);
      pDb->pKV = 0;
    }
    sqlite4DbFree(db, pDb->pSchema);
    pDb->pSchema = 0;
  }
  sqlite4ResetInternalSchema(db, -1);




  /* Tell the code in notify.c that the connection no longer holds any
  ** locks and does not require any further unlock-notify callbacks.
  */
  sqlite4ConnectionClosed(db);
  
  /* Delete tokenizers */

  {
    char *zSql;
    zSql = sqlite4MPrintf(db, 
        "SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid",
        db->aDb[iDb].zName, zMasterName);
#ifndef SQLITE4_OMIT_AUTHORIZATION
    {
      int (*xAuth)(void*,int,const char*,const char*,const char*,const char*);
      xAuth = db->xAuth;
      db->xAuth = 0;
#endif
      rc = sqlite4_exec(db, zSql, sqlite4InitCallback, &initData, 0);
#ifndef SQLITE4_OMIT_AUTHORIZATION
      db->xAuth = xAuth;
    }
#endif
    if( rc==SQLITE4_OK ) rc = initData.rc;
    sqlite4DbFree(db, zSql);
#ifndef SQLITE4_OMIT_ANALYZE
    if( rc==SQLITE4_OK ){
      sqlite4AnalysisLoad(db, iDb);

** ^A call to this routine stores N bytes of pseudo-randomness into buffer P.
*/
void sqlite4_randomness(sqlite4_env*, int N, void *P);

/*
** CAPIREF: Compile-Time Authorization Callbacks
**
** ^This routine registers an authorizer callback with a particular
** [database connection], supplied in the first argument.
** ^The authorizer callback is invoked as SQL statements are being compiled
** by [sqlite4_prepare()] or its variants [sqlite4_prepare()],
** [sqlite4_prepare16()] and [sqlite4_prepare16_v2()].  ^At various
** points during the compilation process, as logic is being created
** to perform various actions, the authorizer callback is invoked to
** see if those actions are allowed.  ^The authorizer callback should

** return [SQLITE4_OK] to allow the action, [SQLITE4_IGNORE] to disallow the
** specific action but allow the SQL statement to continue to be
** compiled, or [SQLITE4_DENY] to cause the entire SQL statement to be
** rejected with an error.  ^If the authorizer callback returns
** any value other than [SQLITE4_IGNORE], [SQLITE4_OK], or [SQLITE4_DENY]
** then the [sqlite4_prepare()] or equivalent call that triggered
** the authorizer will fail with an error message.
**
** When the callback returns [SQLITE4_OK], that means the operation
** requested is ok.  ^When the callback returns [SQLITE4_DENY], the
** [sqlite4_prepare()] or equivalent call that triggered the

** authorizer will fail with an error message explaining that


** access is denied. 

**
** ^The first parameter to the authorizer callback is a copy of the third
** parameter to the sqlite4_set_authorizer() interface. ^The second parameter
** to the callback is an integer [SQLITE4_COPY | action code] that specifies
** the particular action to be authorized. ^The third through sixth parameters
** to the callback are zero-terminated strings that contain additional
** details about the action to be authorized.
**
** ^If the action code is [SQLITE4_READ]
** and the callback returns [SQLITE4_IGNORE] then the
** [prepared statement] statement is constructed to substitute
** a NULL value in place of the table column that would have
** been read if [SQLITE4_OK] had been returned.  The [SQLITE4_IGNORE]
** return can be used to deny an untrusted user access to individual
** columns of a table.
** ^If the action code is [SQLITE4_DELETE] and the callback returns
** [SQLITE4_IGNORE] then the [DELETE] operation proceeds but the
** [truncate optimization] is disabled and all rows are deleted individually.
**
** An authorizer is used when [sqlite4_prepare | preparing]


** SQL statements from an untrusted source, to ensure that the SQL statements


** do not try to access data they are not allowed to see, or that they do not
** try to execute malicious statements that damage the database.  For
** example, an application may allow a user to enter arbitrary
** SQL queries for evaluation by a database.  But the application does
** not want the user to be able to make arbitrary changes to the
** database.  An authorizer could then be put in place while the
** user-entered SQL is being [sqlite4_prepare | prepared] that
** disallows everything except [SELECT] statements.
**



** Applications that need to process SQL from untrusted sources
** might also consider lowering resource limits using [sqlite4_limit()]
** and limiting database size using the [max_page_count] [PRAGMA]
** in addition to using an authorizer.




**

** ^(Only a single authorizer can be in place on a database connection
** at a time.  Each call to sqlite4_set_authorizer overrides the
** previous call.)^  ^Disable the authorizer by installing a NULL callback.
** The authorizer is disabled by default.

**
** The authorizer callback must not do anything that will modify
** the database connection that invoked the authorizer callback.
** Note that [sqlite4_prepare()] and [sqlite4_step()] both modify their
** database connections for the meaning of "modify" in this paragraph.
**
** ^When [sqlite4_prepare()] is used to prepare a statement, the
** statement might be re-prepared during [sqlite4_step()] due to a 
** schema change.  Hence, the application should ensure that the
** correct authorizer callback remains in place during the [sqlite4_step()].
**
** ^Note that the authorizer callback is invoked only during
** [sqlite4_prepare()] or its variants.  Authorization is not
** performed during statement evaluation in [sqlite4_step()], unless
** as stated in the previous paragraph, sqlite4_step() invokes
** sqlite4_prepare() to reprepare a statement after a schema change.
*/
int sqlite4_set_authorizer(
  sqlite4*,

  int (*xAuth)(void*,int,const char*,const char*,const char*,const char*),
  void *pUserData
);


/*
** CAPIREF: Authorizer Return Codes
**
** The [sqlite4_set_authorizer | authorizer callback function] must
** return either [SQLITE4_OK] or one of these two constants in order
** to signal SQLite whether or not the action is permitted.  See the
** [sqlite4_set_authorizer | authorizer documentation] for additional
** information.
**
** Note that SQLITE4_IGNORE is also used as a [SQLITE4_ROLLBACK | return code]
** from the [sqlite4_vtab_on_conflict()] interface.
*/
#define SQLITE4_DENY   1   /* Abort the SQL statement with an error */
#define SQLITE4_IGNORE 2   /* Don't allow access, but don't generate an error */


/*
** CAPIREF: Authorizer Action Codes
**
** The [sqlite4_set_authorizer()] interface registers a callback function
** that is invoked to authorize certain SQL statement actions.  The
** second parameter to the callback is an integer code that specifies

/*
** Forward references to structures
*/
typedef struct AggInfo AggInfo;
typedef struct AggInfoCol AggInfoCol;
typedef struct AggInfoFunc AggInfoFunc;

typedef struct AuthContext AuthContext;
typedef struct AutoincInfo AutoincInfo;
typedef struct CollSeq CollSeq;
typedef struct Column Column;
typedef struct CreateIndex CreateIndex;
typedef struct Db Db;
typedef struct Schema Schema;

  char *zErrMsg16;              /* Most recent error message (UTF-16 encoded) */
  union {
    volatile int isInterrupted; /* True if sqlite4_interrupt has been called */
    double notUsed1;            /* Spacer */
  } u1;
  Lookaside lookaside;          /* Lookaside malloc configuration */
#ifndef SQLITE4_OMIT_AUTHORIZATION
  int (*xAuth)(void*,int,const char*,const char*,const char*,const char*);
                                /* Access authorization function */
  void *pAuthArg;               /* 1st argument to the access auth function */
#endif
#ifndef SQLITE4_OMIT_PROGRESS_CALLBACK
  int (*xProgress)(void *);     /* The progress callback */
  void *pProgressArg;           /* Argument to the progress callback */
  int nProgressOps;             /* Number of opcodes for progress callback */
#endif
#ifndef SQLITE4_OMIT_VIRTUALTABLE

void sqlite4DeferForeignKey(Parse*, int);
#ifndef SQLITE4_OMIT_AUTHORIZATION
  void sqlite4AuthRead(Parse*,Expr*,Schema*,SrcList*);
  int sqlite4AuthCheck(Parse*,int, const char*, const char*, const char*);
  void sqlite4AuthContextPush(Parse*, AuthContext*, const char*);
  void sqlite4AuthContextPop(AuthContext*);
  int sqlite4AuthReadCol(Parse*, const char *, const char *, int);

#else
# define sqlite4AuthRead(a,b,c,d)
# define sqlite4AuthCheck(a,b,c,d,e)    SQLITE4_OK
# define sqlite4AuthContextPush(a,b,c)
# define sqlite4AuthContextPop(a)  ((void)(a))

#endif
void sqlite4Attach(Parse*, Expr*, Expr*, Expr*);
void sqlite4Detach(Parse*, Expr*);
int sqlite4FixInit(DbFixer*, Parse*, int, const char*, const Token*);
int sqlite4FixSrcList(DbFixer*, SrcList*);
int sqlite4FixSelect(DbFixer*, Select*);
int sqlite4FixExpr(DbFixer*, Expr*);

        Tcl_AppendResult(interp, pDb->zAuth, 0);
      }
    }else{
      char *zAuth;
      int len;
      if( pDb->zAuth ){
        Tcl_Free(pDb->zAuth);

      }
      zAuth = Tcl_GetStringFromObj(objv[2], &len);
      if( zAuth && len>0 ){
        pDb->zAuth = Tcl_Alloc( len + 1 );
        memcpy(pDb->zAuth, zAuth, len+1);
      }else{
        pDb->zAuth = 0;
      }
      if( pDb->zAuth ){
        pDb->interp = interp;
        sqlite4_set_authorizer(pDb->db, auth_callback, pDb);
      }else{

        sqlite4_set_authorizer(pDb->db, 0, 0);


      }
    }
#endif
    break;
  }

  /*     $db cache flush

  }
  set ::authargs {}
  execsql {
    INSERT INTO t2 VALUES(1,2,3);
  }
  set ::authargs 
} {SQLITE4_INSERT t2 {} main {} SQLITE4_INSERT tx {} main r2 SQLITE4_READ t2 ROWID main r2}
do_test auth-1.136.4 {
  execsql {
    SELECT * FROM tx;
  }
} {3}
do_test auth-1.137 {
  execsql {SELECT name FROM sqlite_master}
} {t2 tx r2}
do_test auth-1.138 {
  proc auth {code arg1 arg2 arg3 arg4} {
    if {$code=="SQLITE4_CREATE_TEMP_TRIGGER"} {
      set ::authargs [list $arg1 $arg2 $arg3 $arg4]

} {1 {not authorized}}
do_test auth-1.230 {
  set ::authargs
} {full_column_names on {} {}}
do_test auth-1.231 {
  execsql2 {SELECT a FROM t2}
} {a 11 a 7}
do_test auth-1.232 {
  proc auth {code arg1 arg2 arg3 arg4} {
    if {$code=="SQLITE4_PRAGMA"} {
      set ::authargs [list $arg1 $arg2 $arg3 $arg4]
      return SQLITE4_IGNORE
    }
    return SQLITE4_OK
  }
  catchsql {PRAGMA full_column_names=on}
} {0 {}}
do_test auth-1.233 {
  set ::authargs
} {full_column_names on {} {}}
do_test auth-1.234 {
  execsql2 {SELECT a FROM t2}
} {a 11 a 7}
do_test auth-1.235 {
  proc auth {code arg1 arg2 arg3 arg4} {
    if {$code=="SQLITE4_PRAGMA"} {
      set ::authargs [list $arg1 $arg2 $arg3 $arg4]
      return SQLITE4_OK
    }
    return SQLITE4_OK
  }
  catchsql {PRAGMA full_column_names=on}
} {0 {}}
do_test auth-1.236 {
  execsql2 {SELECT a FROM t2}
} {t2.a 11 t2.a 7}
do_test auth-1.237 {
  proc auth {code arg1 arg2 arg3 arg4} {
    if {$code=="SQLITE4_PRAGMA"} {
      set ::authargs [list $arg1 $arg2 $arg3 $arg4]
      return SQLITE4_OK
    }
    return SQLITE4_OK
  }
  catchsql {PRAGMA full_column_names=OFF}
} {0 {}}
do_test auth-1.238 {
  set ::authargs
} {full_column_names OFF {} {}}
do_test auth-1.239 {
  execsql2 {SELECT a FROM t2}
} {a 11 a 7}

do_test auth-1.240 {
  proc auth {code arg1 arg2 arg3 arg4} {
    if {$code=="SQLITE4_TRANSACTION"} {

} {t3_idx1 {} main {}}
do_test auth-1.283 {
  set ::authargs {}
  execsql {
    REINDEX BINARY;
  }
  set ::authargs
} {t3_idx1 {} main {} sqlite_autoindex_t3_1 {} main {}}
do_test auth-1.284 {
  set ::authargs {}
  execsql {
    REINDEX NOCASE;
  }
  set ::authargs
} {t3_idx2 {} main {}}
do_test auth-1.285 {
  set ::authargs {}
  execsql {
    REINDEX t3;
  }
  set ::authargs
} {t3_idx2 {} main {} t3_idx1 {} main {} sqlite_autoindex_t3_1 {} main {}}
do_test auth-1.286 {
  execsql {
    DROP TABLE t3;
  }
} {}
ifcapable tempdb {
  do_test auth-1.287 {

  } {t3_idx1 {} temp {}}
  do_test auth-1.289 {
    set ::authargs {}
    execsql {
      REINDEX BINARY;
    }
    set ::authargs
  } {t3_idx1 {} temp {} sqlite_autoindex_t3_1 {} temp {}}
  do_test auth-1.290 {
    set ::authargs {}
    execsql {
      REINDEX NOCASE;
    }
    set ::authargs
  } {t3_idx2 {} temp {}}
  do_test auth-1.291 {
    set ::authargs {}
    execsql {
      REINDEX temp.t3;
    }
    set ::authargs
  } {t3_idx2 {} temp {} t3_idx1 {} temp {} sqlite_autoindex_t3_1 {} temp {}}
  proc auth {code args} {
    if {$code=="SQLITE4_REINDEX"} {
      set ::authargs [concat $::authargs $args]
      return SQLITE4_DENY
    }
    return SQLITE4_OK
  }

      DROP TABLE t3;
    }
  } {}
}

} ;# ifcapable reindex 








ifcapable analyze {
  proc auth {code args} {
    if {$code=="SQLITE4_ANALYZE"} {
      set ::authargs [concat $::authargs $args]
    }
    return SQLITE4_OK
  }
  do_test auth-1.294 {
    set ::authargs {}
    execsql {
      CREATE TABLE t4(a,b,c);
      CREATE INDEX t4i1 ON t4(a);
      CREATE INDEX t4i2 ON t4(b,a,c);
      INSERT INTO t4 VALUES(1,2,3);
      ANALYZE;
    }
    set ::authargs
  } {t4 {} main {} t2 {} main {}}
  do_test auth-1.295 {
    execsql {
      SELECT count(*) FROM sqlite_stat1;

  execsql {CREATE TABLE t3(x INTEGER PRIMARY KEY, y, z)}
  catchsql {SELECT * FROM t3}
} {1 {access to t3.x is prohibited}}
do_test auth-2.1 {
  catchsql {SELECT y,z FROM t3}
} {0 {}}
do_test auth-2.2 {
  catchsql {SELECT ROWID,y,z FROM t3}
} {1 {access to t3.x is prohibited}}
do_test auth-2.3 {
  catchsql {SELECT OID,y,z FROM t3}
} {1 {access to t3.x is prohibited}}
do_test auth-2.4 {
  proc auth {code arg1 arg2 arg3 arg4} {
    if {$code=="SQLITE4_READ" && $arg1=="t3" && $arg2=="x"} {
      return SQLITE4_IGNORE
    }
    return SQLITE4_OK
  }
  execsql {INSERT INTO t3 VALUES(44,55,66)}
  catchsql {SELECT * FROM t3}
} {0 {{} 55 66}}
do_test auth-2.5 {
  catchsql {SELECT rowid,y,z FROM t3}
} {0 {{} 55 66}}
do_test auth-2.6 {
  proc auth {code arg1 arg2 arg3 arg4} {
    if {$code=="SQLITE4_READ" && $arg1=="t3" && $arg2=="ROWID"} {
      return SQLITE4_IGNORE
    }
    return SQLITE4_OK
  }
  catchsql {SELECT * FROM t3}
} {0 {44 55 66}}
do_test auth-2.7 {
  catchsql {SELECT ROWID,y,z FROM t3}
} {0 {44 55 66}}
do_test auth-2.8 {
  proc auth {code arg1 arg2 arg3 arg4} {
    if {$code=="SQLITE4_READ" && $arg1=="t2" && $arg2=="ROWID"} {
      return SQLITE4_IGNORE
    }
    return SQLITE4_OK

  execsql {
    SELECT count(a) AS cnt FROM t4 ORDER BY cnt
  }
} {1}

# Ticket #1607
#
ifcapable compound&&subquery {
  ifcapable trigger {
    execsql {
      DROP TABLE tx;
    }
    ifcapable view {
      execsql {
        DROP TABLE v1chng;

  lsm1.test lsm2.test lsm3.test lsm4.test lsm5.test
  csr1.test
  ckpt1.test
  mc1.test
  fts5expr1.test fts5query1.test fts5rnd1.test fts5create.test
  fts5snippet.test


  aggerror.test
  attach.test
  autoindex1.test
  badutf.test
  between.test
  bigrow.test
  bind.test