12d458347Sdrh# 2003 April 4 21962bda7Sdrh# 31962bda7Sdrh# The author disclaims copyright to this source code. In place of 41962bda7Sdrh# a legal notice, here is a blessing: 51962bda7Sdrh# 61962bda7Sdrh# May you do good and not evil. 71962bda7Sdrh# May you find forgiveness for yourself and forgive others. 81962bda7Sdrh# May you share freely, never taking more than you give. 91962bda7Sdrh# 101962bda7Sdrh#*********************************************************************** 111962bda7Sdrh# This file implements regression tests for SQLite library. The 125169bbc6Sdrh# focus of this script is testing the sqlite3_set_authorizer() API 132d458347Sdrh# and related functionality. 141962bda7Sdrh# 1534acdc95Sdanielk1977# $Id: auth.test,v 1.46 2009/07/02 18:40:35 danielk1977 Exp $ 161962bda7Sdrh# 171962bda7Sdrh 181962bda7Sdrhset testdir [file dirname $argv0] 191962bda7Sdrhsource $testdir/tester.tcl 201962bda7Sdrh 21e22a334bSdrh# disable this test if the SQLITE_OMIT_AUTHORIZATION macro is 22e22a334bSdrh# defined during compilation. 231211de37Sdrhif {[catch {db auth {}} msg]} { 241211de37Sdrh finish_test 251211de37Sdrh return 261211de37Sdrh} 271962bda7Sdrh 28a21c6b6fSdanielk1977rename proc proc_real 29a21c6b6fSdanielk1977proc_real proc {name arguments script} { 30a21c6b6fSdanielk1977 proc_real $name $arguments $script 31a21c6b6fSdanielk1977 if {$name=="auth"} { 32a21c6b6fSdanielk1977 db authorizer ::auth 33a21c6b6fSdanielk1977 } 34a21c6b6fSdanielk1977} 35a21c6b6fSdanielk1977 36dcd997eaSdrhdo_test auth-1.1.1 { 371962bda7Sdrh db close 38ef4ac8f9Sdrh set ::DB [sqlite3 db test.db] 399418921cSdrh proc authx {code arg1 arg2 arg3 arg4 args} {return SQLITE_DENY} 4032c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 4177ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { 421962bda7Sdrh return SQLITE_DENY 431962bda7Sdrh } 441962bda7Sdrh return SQLITE_OK 451962bda7Sdrh } 469418921cSdrh db authorizer ::authx 479418921cSdrh # EVIDENCE-OF: R-03993-24285 Only a single authorizer can be in place on 489418921cSdrh # a database connection at a time. Each call to sqlite3_set_authorizer 499418921cSdrh # overrides the previous call. 509418921cSdrh # 519418921cSdrh # The authx authorizer above is overridden by the auth authorizer below 529418921cSdrh # authx is never invoked. 53e22a334bSdrh db authorizer ::auth 541962bda7Sdrh catchsql {CREATE TABLE t1(a,b,c)} 55e5f9c644Sdrh} {1 {not authorized}} 56dcd997eaSdrhdo_test auth-1.1.2 { 57dcd997eaSdrh db errorcode 58dcd997eaSdrh} {23} 590f14e2ebSdrhdo_test auth-1.1.3 { 600f14e2ebSdrh db authorizer 610f14e2ebSdrh} {::auth} 625689123cSdrhdo_test auth-1.1.4 { 635689123cSdrh # Ticket #896. 645689123cSdrh catchsql { 655689123cSdrh SELECT x; 665689123cSdrh } 675689123cSdrh} {1 {no such column: x}} 681962bda7Sdrhdo_test auth-1.2 { 69e5f9c644Sdrh execsql {SELECT name FROM sqlite_master} 70e5f9c644Sdrh} {} 719418921cSdrh# EVIDENCE-OF: R-04452-49349 When the callback returns SQLITE_DENY, the 729418921cSdrh# sqlite3_prepare_v2() or equivalent call that triggered the authorizer 739418921cSdrh# will fail with an error message explaining that access is denied. 7477ad4e41Sdrhdo_test auth-1.3.1 { 7532c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 76e5f9c644Sdrh if {$code=="SQLITE_CREATE_TABLE"} { 77e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 78e5f9c644Sdrh return SQLITE_DENY 79e5f9c644Sdrh } 80e5f9c644Sdrh return SQLITE_OK 81e5f9c644Sdrh } 82e5f9c644Sdrh catchsql {CREATE TABLE t1(a,b,c)} 83e5f9c644Sdrh} {1 {not authorized}} 8477ad4e41Sdrhdo_test auth-1.3.2 { 85dcd997eaSdrh db errorcode 86dcd997eaSdrh} {23} 87dcd997eaSdrhdo_test auth-1.3.3 { 8877ad4e41Sdrh set ::authargs 89e22a334bSdrh} {t1 {} main {}} 90e5f9c644Sdrhdo_test auth-1.4 { 91e5f9c644Sdrh execsql {SELECT name FROM sqlite_master} 92e5f9c644Sdrh} {} 93e5f9c644Sdrh 9453c0f748Sdanielk1977ifcapable tempdb { 95e5f9c644Sdrh do_test auth-1.5 { 9632c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 9777ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { 98e5f9c644Sdrh return SQLITE_DENY 99e5f9c644Sdrh } 100e5f9c644Sdrh return SQLITE_OK 101e5f9c644Sdrh } 102e5f9c644Sdrh catchsql {CREATE TEMP TABLE t1(a,b,c)} 103e5f9c644Sdrh } {1 {not authorized}} 104e5f9c644Sdrh do_test auth-1.6 { 105e0a04a36Sdrh execsql {SELECT name FROM temp.sqlite_master} 106e5f9c644Sdrh } {} 10777ad4e41Sdrh do_test auth-1.7.1 { 10832c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 109e5f9c644Sdrh if {$code=="SQLITE_CREATE_TEMP_TABLE"} { 110e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 111e5f9c644Sdrh return SQLITE_DENY 112e5f9c644Sdrh } 113e5f9c644Sdrh return SQLITE_OK 114e5f9c644Sdrh } 115e5f9c644Sdrh catchsql {CREATE TEMP TABLE t1(a,b,c)} 116e5f9c644Sdrh } {1 {not authorized}} 11777ad4e41Sdrh do_test auth-1.7.2 { 11877ad4e41Sdrh set ::authargs 119e22a334bSdrh } {t1 {} temp {}} 120e5f9c644Sdrh do_test auth-1.8 { 121e5f9c644Sdrh execsql {SELECT name FROM sqlite_temp_master} 122e5f9c644Sdrh } {} 12353c0f748Sdanielk1977} 124e5f9c644Sdrh 125e5f9c644Sdrhdo_test auth-1.9 { 12632c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 12777ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { 1281962bda7Sdrh return SQLITE_IGNORE 1291962bda7Sdrh } 1301962bda7Sdrh return SQLITE_OK 1311962bda7Sdrh } 1321962bda7Sdrh catchsql {CREATE TABLE t1(a,b,c)} 133e5f9c644Sdrh} {0 {}} 134e5f9c644Sdrhdo_test auth-1.10 { 135e5f9c644Sdrh execsql {SELECT name FROM sqlite_master} 136e5f9c644Sdrh} {} 137e5f9c644Sdrhdo_test auth-1.11 { 13832c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 139e5f9c644Sdrh if {$code=="SQLITE_CREATE_TABLE"} { 140e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 141e5f9c644Sdrh return SQLITE_IGNORE 1421962bda7Sdrh } 1431962bda7Sdrh return SQLITE_OK 1441962bda7Sdrh } 1451962bda7Sdrh catchsql {CREATE TABLE t1(a,b,c)} 1461962bda7Sdrh} {0 {}} 147e5f9c644Sdrhdo_test auth-1.12 { 1481962bda7Sdrh execsql {SELECT name FROM sqlite_master} 149e5f9c644Sdrh} {} 15053c0f748Sdanielk1977 15153c0f748Sdanielk1977ifcapable tempdb { 152e5f9c644Sdrh do_test auth-1.13 { 15332c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 15477ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { 155e5f9c644Sdrh return SQLITE_IGNORE 156e5f9c644Sdrh } 157e5f9c644Sdrh return SQLITE_OK 158e5f9c644Sdrh } 159e5f9c644Sdrh catchsql {CREATE TEMP TABLE t1(a,b,c)} 160e5f9c644Sdrh } {0 {}} 161e5f9c644Sdrh do_test auth-1.14 { 162e0a04a36Sdrh execsql {SELECT name FROM temp.sqlite_master} 163e5f9c644Sdrh } {} 164e5f9c644Sdrh do_test auth-1.15 { 16532c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 166e5f9c644Sdrh if {$code=="SQLITE_CREATE_TEMP_TABLE"} { 167e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 168e5f9c644Sdrh return SQLITE_IGNORE 169e5f9c644Sdrh } 170e5f9c644Sdrh return SQLITE_OK 171e5f9c644Sdrh } 172e5f9c644Sdrh catchsql {CREATE TEMP TABLE t1(a,b,c)} 173e5f9c644Sdrh } {0 {}} 174e5f9c644Sdrh do_test auth-1.16 { 175e5f9c644Sdrh execsql {SELECT name FROM sqlite_temp_master} 176e5f9c644Sdrh } {} 177e5f9c644Sdrh 178e5f9c644Sdrh do_test auth-1.17 { 17932c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 180e5f9c644Sdrh if {$code=="SQLITE_CREATE_TABLE"} { 181e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 18277ad4e41Sdrh return SQLITE_DENY 183e5f9c644Sdrh } 184e5f9c644Sdrh return SQLITE_OK 185e5f9c644Sdrh } 186e5f9c644Sdrh catchsql {CREATE TEMP TABLE t1(a,b,c)} 187e5f9c644Sdrh } {0 {}} 188e5f9c644Sdrh do_test auth-1.18 { 189e5f9c644Sdrh execsql {SELECT name FROM sqlite_temp_master} 190e5f9c644Sdrh } {t1} 19153c0f748Sdanielk1977} 19253c0f748Sdanielk1977 19377ad4e41Sdrhdo_test auth-1.19.1 { 19477ad4e41Sdrh set ::authargs {} 19532c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 196e5f9c644Sdrh if {$code=="SQLITE_CREATE_TEMP_TABLE"} { 197e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 19877ad4e41Sdrh return SQLITE_DENY 1991962bda7Sdrh } 2001962bda7Sdrh return SQLITE_OK 2011962bda7Sdrh } 2021962bda7Sdrh catchsql {CREATE TABLE t2(a,b,c)} 2031962bda7Sdrh} {0 {}} 20477ad4e41Sdrhdo_test auth-1.19.2 { 20577ad4e41Sdrh set ::authargs 20677ad4e41Sdrh} {} 2071962bda7Sdrhdo_test auth-1.20 { 208e5f9c644Sdrh execsql {SELECT name FROM sqlite_master} 209e5f9c644Sdrh} {t2} 210e5f9c644Sdrh 21177ad4e41Sdrhdo_test auth-1.21.1 { 21232c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 21377ad4e41Sdrh if {$code=="SQLITE_DROP_TABLE"} { 214e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 21577ad4e41Sdrh return SQLITE_DENY 21677ad4e41Sdrh } 21777ad4e41Sdrh return SQLITE_OK 21877ad4e41Sdrh } 21977ad4e41Sdrh catchsql {DROP TABLE t2} 22077ad4e41Sdrh} {1 {not authorized}} 22177ad4e41Sdrhdo_test auth-1.21.2 { 22277ad4e41Sdrh set ::authargs 223e22a334bSdrh} {t2 {} main {}} 22477ad4e41Sdrhdo_test auth-1.22 { 22577ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 22677ad4e41Sdrh} {t2} 22777ad4e41Sdrhdo_test auth-1.23.1 { 22832c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 22977ad4e41Sdrh if {$code=="SQLITE_DROP_TABLE"} { 230e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 23177ad4e41Sdrh return SQLITE_IGNORE 23277ad4e41Sdrh } 23377ad4e41Sdrh return SQLITE_OK 23477ad4e41Sdrh } 23577ad4e41Sdrh catchsql {DROP TABLE t2} 23677ad4e41Sdrh} {0 {}} 23777ad4e41Sdrhdo_test auth-1.23.2 { 23877ad4e41Sdrh set ::authargs 239e22a334bSdrh} {t2 {} main {}} 24077ad4e41Sdrhdo_test auth-1.24 { 24177ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 24277ad4e41Sdrh} {t2} 243e5f9c644Sdrh 24453c0f748Sdanielk1977ifcapable tempdb { 24577ad4e41Sdrh do_test auth-1.25 { 24632c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 24777ad4e41Sdrh if {$code=="SQLITE_DROP_TEMP_TABLE"} { 248e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 24977ad4e41Sdrh return SQLITE_DENY 25077ad4e41Sdrh } 25177ad4e41Sdrh return SQLITE_OK 25277ad4e41Sdrh } 25377ad4e41Sdrh catchsql {DROP TABLE t1} 25477ad4e41Sdrh } {1 {not authorized}} 25577ad4e41Sdrh do_test auth-1.26 { 25677ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 25777ad4e41Sdrh } {t1} 25877ad4e41Sdrh do_test auth-1.27 { 25932c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 26077ad4e41Sdrh if {$code=="SQLITE_DROP_TEMP_TABLE"} { 261e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 26277ad4e41Sdrh return SQLITE_IGNORE 26377ad4e41Sdrh } 26477ad4e41Sdrh return SQLITE_OK 26577ad4e41Sdrh } 26677ad4e41Sdrh catchsql {DROP TABLE t1} 26777ad4e41Sdrh } {0 {}} 26877ad4e41Sdrh do_test auth-1.28 { 26977ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 27077ad4e41Sdrh } {t1} 27153c0f748Sdanielk1977} 27277ad4e41Sdrh 27377ad4e41Sdrhdo_test auth-1.29 { 27432c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 27577ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="t2"} { 27677ad4e41Sdrh return SQLITE_DENY 27777ad4e41Sdrh } 27877ad4e41Sdrh return SQLITE_OK 27977ad4e41Sdrh } 28077ad4e41Sdrh catchsql {INSERT INTO t2 VALUES(1,2,3)} 28177ad4e41Sdrh} {1 {not authorized}} 28277ad4e41Sdrhdo_test auth-1.30 { 28377ad4e41Sdrh execsql {SELECT * FROM t2} 28477ad4e41Sdrh} {} 28577ad4e41Sdrhdo_test auth-1.31 { 28632c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 28777ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="t2"} { 28877ad4e41Sdrh return SQLITE_IGNORE 28977ad4e41Sdrh } 29077ad4e41Sdrh return SQLITE_OK 29177ad4e41Sdrh } 29277ad4e41Sdrh catchsql {INSERT INTO t2 VALUES(1,2,3)} 29377ad4e41Sdrh} {0 {}} 29477ad4e41Sdrhdo_test auth-1.32 { 29577ad4e41Sdrh execsql {SELECT * FROM t2} 29677ad4e41Sdrh} {} 29777ad4e41Sdrhdo_test auth-1.33 { 29832c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 29977ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="t1"} { 30077ad4e41Sdrh return SQLITE_IGNORE 30177ad4e41Sdrh } 30277ad4e41Sdrh return SQLITE_OK 30377ad4e41Sdrh } 30477ad4e41Sdrh catchsql {INSERT INTO t2 VALUES(1,2,3)} 30577ad4e41Sdrh} {0 {}} 30677ad4e41Sdrhdo_test auth-1.34 { 30777ad4e41Sdrh execsql {SELECT * FROM t2} 30877ad4e41Sdrh} {1 2 3} 30977ad4e41Sdrh 3104925ca00Sdrhdo_test auth-1.35.1 { 31132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 31277ad4e41Sdrh if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} { 31377ad4e41Sdrh return SQLITE_DENY 31477ad4e41Sdrh } 31577ad4e41Sdrh return SQLITE_OK 31677ad4e41Sdrh } 31777ad4e41Sdrh catchsql {SELECT * FROM t2} 31877ad4e41Sdrh} {1 {access to t2.b is prohibited}} 3195a8f9374Sdanielk1977ifcapable attach { 3204925ca00Sdrh do_test auth-1.35.2 { 3214925ca00Sdrh execsql {ATTACH DATABASE 'test.db' AS two} 3224925ca00Sdrh catchsql {SELECT * FROM two.t2} 3234925ca00Sdrh } {1 {access to two.t2.b is prohibited}} 3244925ca00Sdrh execsql {DETACH DATABASE two} 3255a8f9374Sdanielk1977} 3269418921cSdrh# EVIDENCE-OF: R-38392-49970 If the action code is SQLITE_READ and the 3279418921cSdrh# callback returns SQLITE_IGNORE then the prepared statement statement 3289418921cSdrh# is constructed to substitute a NULL value in place of the table column 3299418921cSdrh# that would have been read if SQLITE_OK had been returned. 33077ad4e41Sdrhdo_test auth-1.36 { 33132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 33277ad4e41Sdrh if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} { 33377ad4e41Sdrh return SQLITE_IGNORE 33477ad4e41Sdrh } 33577ad4e41Sdrh return SQLITE_OK 33677ad4e41Sdrh } 33777ad4e41Sdrh catchsql {SELECT * FROM t2} 33877ad4e41Sdrh} {0 {1 {} 3}} 33977ad4e41Sdrhdo_test auth-1.37 { 34032c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 34177ad4e41Sdrh if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} { 34277ad4e41Sdrh return SQLITE_IGNORE 34377ad4e41Sdrh } 34477ad4e41Sdrh return SQLITE_OK 34577ad4e41Sdrh } 34677ad4e41Sdrh catchsql {SELECT * FROM t2 WHERE b=2} 34777ad4e41Sdrh} {0 {}} 34877ad4e41Sdrhdo_test auth-1.38 { 34932c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 35077ad4e41Sdrh if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="a"} { 35177ad4e41Sdrh return SQLITE_IGNORE 35277ad4e41Sdrh } 35377ad4e41Sdrh return SQLITE_OK 35477ad4e41Sdrh } 35577ad4e41Sdrh catchsql {SELECT * FROM t2 WHERE b=2} 35677ad4e41Sdrh} {0 {{} 2 3}} 35777ad4e41Sdrhdo_test auth-1.39 { 35832c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 35977ad4e41Sdrh if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} { 36077ad4e41Sdrh return SQLITE_IGNORE 36177ad4e41Sdrh } 36277ad4e41Sdrh return SQLITE_OK 36377ad4e41Sdrh } 36477ad4e41Sdrh catchsql {SELECT * FROM t2 WHERE b IS NULL} 36577ad4e41Sdrh} {0 {1 {} 3}} 36677ad4e41Sdrhdo_test auth-1.40 { 36732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 36877ad4e41Sdrh if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="b"} { 36977ad4e41Sdrh return SQLITE_DENY 37077ad4e41Sdrh } 37177ad4e41Sdrh return SQLITE_OK 37277ad4e41Sdrh } 37377ad4e41Sdrh catchsql {SELECT a,c FROM t2 WHERE b IS NULL} 37477ad4e41Sdrh} {1 {access to t2.b is prohibited}} 37577ad4e41Sdrh 37677ad4e41Sdrhdo_test auth-1.41 { 37732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 37877ad4e41Sdrh if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} { 37977ad4e41Sdrh return SQLITE_DENY 38077ad4e41Sdrh } 38177ad4e41Sdrh return SQLITE_OK 38277ad4e41Sdrh } 38377ad4e41Sdrh catchsql {UPDATE t2 SET a=11} 38477ad4e41Sdrh} {0 {}} 38577ad4e41Sdrhdo_test auth-1.42 { 38677ad4e41Sdrh execsql {SELECT * FROM t2} 38777ad4e41Sdrh} {11 2 3} 38877ad4e41Sdrhdo_test auth-1.43 { 38932c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 39077ad4e41Sdrh if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} { 39177ad4e41Sdrh return SQLITE_DENY 39277ad4e41Sdrh } 39377ad4e41Sdrh return SQLITE_OK 39477ad4e41Sdrh } 39577ad4e41Sdrh catchsql {UPDATE t2 SET b=22, c=33} 39677ad4e41Sdrh} {1 {not authorized}} 39777ad4e41Sdrhdo_test auth-1.44 { 39877ad4e41Sdrh execsql {SELECT * FROM t2} 39977ad4e41Sdrh} {11 2 3} 40077ad4e41Sdrhdo_test auth-1.45 { 40132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 40277ad4e41Sdrh if {$code=="SQLITE_UPDATE" && $arg1=="t2" && $arg2=="b"} { 40377ad4e41Sdrh return SQLITE_IGNORE 40477ad4e41Sdrh } 40577ad4e41Sdrh return SQLITE_OK 40677ad4e41Sdrh } 40777ad4e41Sdrh catchsql {UPDATE t2 SET b=22, c=33} 40877ad4e41Sdrh} {0 {}} 40977ad4e41Sdrhdo_test auth-1.46 { 41077ad4e41Sdrh execsql {SELECT * FROM t2} 41177ad4e41Sdrh} {11 2 33} 41277ad4e41Sdrh 41377ad4e41Sdrhdo_test auth-1.47 { 41432c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 41577ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="t2"} { 41677ad4e41Sdrh return SQLITE_DENY 41777ad4e41Sdrh } 41877ad4e41Sdrh return SQLITE_OK 41977ad4e41Sdrh } 42077ad4e41Sdrh catchsql {DELETE FROM t2 WHERE a=11} 42177ad4e41Sdrh} {1 {not authorized}} 42277ad4e41Sdrhdo_test auth-1.48 { 42377ad4e41Sdrh execsql {SELECT * FROM t2} 42477ad4e41Sdrh} {11 2 33} 42577ad4e41Sdrhdo_test auth-1.49 { 42632c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 42777ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="t2"} { 42877ad4e41Sdrh return SQLITE_IGNORE 42977ad4e41Sdrh } 43077ad4e41Sdrh return SQLITE_OK 43177ad4e41Sdrh } 43277ad4e41Sdrh catchsql {DELETE FROM t2 WHERE a=11} 43377ad4e41Sdrh} {0 {}} 43477ad4e41Sdrhdo_test auth-1.50 { 43577ad4e41Sdrh execsql {SELECT * FROM t2} 43652bd7912Sdanielk1977} {} 43752bd7912Sdanielk1977do_test auth-1.50.2 { 43852bd7912Sdanielk1977 execsql {INSERT INTO t2 VALUES(11, 2, 33)} 43952bd7912Sdanielk1977} {} 44077ad4e41Sdrh 44177ad4e41Sdrhdo_test auth-1.51 { 44232c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 44377ad4e41Sdrh if {$code=="SQLITE_SELECT"} { 44477ad4e41Sdrh return SQLITE_DENY 44577ad4e41Sdrh } 44677ad4e41Sdrh return SQLITE_OK 44777ad4e41Sdrh } 44877ad4e41Sdrh catchsql {SELECT * FROM t2} 44977ad4e41Sdrh} {1 {not authorized}} 45077ad4e41Sdrhdo_test auth-1.52 { 45132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 45277ad4e41Sdrh if {$code=="SQLITE_SELECT"} { 45377ad4e41Sdrh return SQLITE_IGNORE 45477ad4e41Sdrh } 45577ad4e41Sdrh return SQLITE_OK 45677ad4e41Sdrh } 45777ad4e41Sdrh catchsql {SELECT * FROM t2} 45877ad4e41Sdrh} {0 {}} 45977ad4e41Sdrhdo_test auth-1.53 { 46032c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 46177ad4e41Sdrh if {$code=="SQLITE_SELECT"} { 46277ad4e41Sdrh return SQLITE_OK 46377ad4e41Sdrh } 46477ad4e41Sdrh return SQLITE_OK 46577ad4e41Sdrh } 46677ad4e41Sdrh catchsql {SELECT * FROM t2} 46777ad4e41Sdrh} {0 {11 2 33}} 46877ad4e41Sdrh 4692ac79703Sdanielk1977# Update for version 3: There used to be a handful of test here that 4702ac79703Sdanielk1977# tested the authorisation callback with the COPY command. The following 4712ac79703Sdanielk1977# test makes the same database modifications as they used to. 4722ac79703Sdanielk1977do_test auth-1.54 { 4732ac79703Sdanielk1977 execsql {INSERT INTO t2 VALUES(7, 8, 9);} 4742ac79703Sdanielk1977} {} 4752ac79703Sdanielk1977do_test auth-1.55 { 4762ac79703Sdanielk1977 execsql {SELECT * FROM t2} 4772ac79703Sdanielk1977} {11 2 33 7 8 9} 47877ad4e41Sdrh 47977ad4e41Sdrhdo_test auth-1.63 { 48032c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 48177ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { 48277ad4e41Sdrh return SQLITE_DENY 48377ad4e41Sdrh } 48477ad4e41Sdrh return SQLITE_OK 48577ad4e41Sdrh } 48677ad4e41Sdrh catchsql {DROP TABLE t2} 48777ad4e41Sdrh} {1 {not authorized}} 48877ad4e41Sdrhdo_test auth-1.64 { 48977ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 49077ad4e41Sdrh} {t2} 49177ad4e41Sdrhdo_test auth-1.65 { 49232c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 49377ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="t2"} { 49477ad4e41Sdrh return SQLITE_DENY 49577ad4e41Sdrh } 49677ad4e41Sdrh return SQLITE_OK 49777ad4e41Sdrh } 49877ad4e41Sdrh catchsql {DROP TABLE t2} 49977ad4e41Sdrh} {1 {not authorized}} 50077ad4e41Sdrhdo_test auth-1.66 { 50177ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 50277ad4e41Sdrh} {t2} 50353c0f748Sdanielk1977 50453c0f748Sdanielk1977ifcapable tempdb { 50577ad4e41Sdrh do_test auth-1.67 { 50632c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 50777ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { 50877ad4e41Sdrh return SQLITE_DENY 50977ad4e41Sdrh } 51077ad4e41Sdrh return SQLITE_OK 51177ad4e41Sdrh } 51277ad4e41Sdrh catchsql {DROP TABLE t1} 51377ad4e41Sdrh } {1 {not authorized}} 51477ad4e41Sdrh do_test auth-1.68 { 51577ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 51677ad4e41Sdrh } {t1} 51777ad4e41Sdrh do_test auth-1.69 { 51832c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 51977ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="t1"} { 52077ad4e41Sdrh return SQLITE_DENY 52177ad4e41Sdrh } 52277ad4e41Sdrh return SQLITE_OK 52377ad4e41Sdrh } 52477ad4e41Sdrh catchsql {DROP TABLE t1} 52577ad4e41Sdrh } {1 {not authorized}} 52677ad4e41Sdrh do_test auth-1.70 { 52777ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 52877ad4e41Sdrh } {t1} 52953c0f748Sdanielk1977} 53077ad4e41Sdrh 53177ad4e41Sdrhdo_test auth-1.71 { 53232c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 53377ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { 53477ad4e41Sdrh return SQLITE_IGNORE 53577ad4e41Sdrh } 53677ad4e41Sdrh return SQLITE_OK 53777ad4e41Sdrh } 53877ad4e41Sdrh catchsql {DROP TABLE t2} 53977ad4e41Sdrh} {0 {}} 54077ad4e41Sdrhdo_test auth-1.72 { 54177ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 54277ad4e41Sdrh} {t2} 54377ad4e41Sdrhdo_test auth-1.73 { 54432c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 54577ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="t2"} { 54677ad4e41Sdrh return SQLITE_IGNORE 54777ad4e41Sdrh } 54877ad4e41Sdrh return SQLITE_OK 54977ad4e41Sdrh } 55077ad4e41Sdrh catchsql {DROP TABLE t2} 55177ad4e41Sdrh} {0 {}} 55277ad4e41Sdrhdo_test auth-1.74 { 55377ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 55477ad4e41Sdrh} {t2} 55553c0f748Sdanielk1977 55653c0f748Sdanielk1977ifcapable tempdb { 55777ad4e41Sdrh do_test auth-1.75 { 55832c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 55977ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { 56077ad4e41Sdrh return SQLITE_IGNORE 56177ad4e41Sdrh } 56277ad4e41Sdrh return SQLITE_OK 56377ad4e41Sdrh } 56477ad4e41Sdrh catchsql {DROP TABLE t1} 56577ad4e41Sdrh } {0 {}} 56677ad4e41Sdrh do_test auth-1.76 { 56777ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 56877ad4e41Sdrh } {t1} 56977ad4e41Sdrh do_test auth-1.77 { 57032c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 57177ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="t1"} { 57277ad4e41Sdrh return SQLITE_IGNORE 57377ad4e41Sdrh } 57477ad4e41Sdrh return SQLITE_OK 57577ad4e41Sdrh } 57677ad4e41Sdrh catchsql {DROP TABLE t1} 57777ad4e41Sdrh } {0 {}} 57877ad4e41Sdrh do_test auth-1.78 { 579e0a04a36Sdrh execsql {SELECT name FROM temp.sqlite_master} 58077ad4e41Sdrh } {t1} 58153c0f748Sdanielk1977} 58277ad4e41Sdrh 58381650dc6Sdanielk1977# Test cases auth-1.79 to auth-1.124 test creating and dropping views. 5840fa8ddbdSdanielk1977# Omit these if the library was compiled with views omitted. 5850fa8ddbdSdanielk1977ifcapable view { 58677ad4e41Sdrhdo_test auth-1.79 { 58732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 58877ad4e41Sdrh if {$code=="SQLITE_CREATE_VIEW"} { 589e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 59077ad4e41Sdrh return SQLITE_DENY 59177ad4e41Sdrh } 59277ad4e41Sdrh return SQLITE_OK 59377ad4e41Sdrh } 59477ad4e41Sdrh catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2} 59577ad4e41Sdrh} {1 {not authorized}} 59677ad4e41Sdrhdo_test auth-1.80 { 59777ad4e41Sdrh set ::authargs 598e22a334bSdrh} {v1 {} main {}} 59977ad4e41Sdrhdo_test auth-1.81 { 60077ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 60177ad4e41Sdrh} {t2} 60277ad4e41Sdrhdo_test auth-1.82 { 60332c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 60477ad4e41Sdrh if {$code=="SQLITE_CREATE_VIEW"} { 605e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 60677ad4e41Sdrh return SQLITE_IGNORE 60777ad4e41Sdrh } 60877ad4e41Sdrh return SQLITE_OK 60977ad4e41Sdrh } 61077ad4e41Sdrh catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2} 61177ad4e41Sdrh} {0 {}} 61277ad4e41Sdrhdo_test auth-1.83 { 61377ad4e41Sdrh set ::authargs 614e22a334bSdrh} {v1 {} main {}} 61577ad4e41Sdrhdo_test auth-1.84 { 61677ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 61777ad4e41Sdrh} {t2} 61877ad4e41Sdrh 61953c0f748Sdanielk1977ifcapable tempdb { 62077ad4e41Sdrh do_test auth-1.85 { 62132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 62277ad4e41Sdrh if {$code=="SQLITE_CREATE_TEMP_VIEW"} { 623e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 62477ad4e41Sdrh return SQLITE_DENY 62577ad4e41Sdrh } 62677ad4e41Sdrh return SQLITE_OK 62777ad4e41Sdrh } 62877ad4e41Sdrh catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2} 62977ad4e41Sdrh } {1 {not authorized}} 63077ad4e41Sdrh do_test auth-1.86 { 63177ad4e41Sdrh set ::authargs 632e22a334bSdrh } {v1 {} temp {}} 63377ad4e41Sdrh do_test auth-1.87 { 63477ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 63577ad4e41Sdrh } {t1} 63677ad4e41Sdrh do_test auth-1.88 { 63732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 63877ad4e41Sdrh if {$code=="SQLITE_CREATE_TEMP_VIEW"} { 639e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 64077ad4e41Sdrh return SQLITE_IGNORE 64177ad4e41Sdrh } 64277ad4e41Sdrh return SQLITE_OK 64377ad4e41Sdrh } 64477ad4e41Sdrh catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2} 64577ad4e41Sdrh } {0 {}} 64677ad4e41Sdrh do_test auth-1.89 { 64777ad4e41Sdrh set ::authargs 648e22a334bSdrh } {v1 {} temp {}} 64977ad4e41Sdrh do_test auth-1.90 { 650e0a04a36Sdrh execsql {SELECT name FROM temp.sqlite_master} 65177ad4e41Sdrh } {t1} 65253c0f748Sdanielk1977} 65377ad4e41Sdrh 65477ad4e41Sdrhdo_test auth-1.91 { 65532c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 65677ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { 65777ad4e41Sdrh return SQLITE_DENY 65877ad4e41Sdrh } 65977ad4e41Sdrh return SQLITE_OK 66077ad4e41Sdrh } 66177ad4e41Sdrh catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2} 66277ad4e41Sdrh} {1 {not authorized}} 66377ad4e41Sdrhdo_test auth-1.92 { 66477ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 66577ad4e41Sdrh} {t2} 66677ad4e41Sdrhdo_test auth-1.93 { 66732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 66877ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { 66977ad4e41Sdrh return SQLITE_IGNORE 67077ad4e41Sdrh } 67177ad4e41Sdrh return SQLITE_OK 67277ad4e41Sdrh } 67377ad4e41Sdrh catchsql {CREATE VIEW v1 AS SELECT a+1,b+1 FROM t2} 67477ad4e41Sdrh} {0 {}} 67577ad4e41Sdrhdo_test auth-1.94 { 67677ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 67777ad4e41Sdrh} {t2} 67877ad4e41Sdrh 67953c0f748Sdanielk1977ifcapable tempdb { 68077ad4e41Sdrh do_test auth-1.95 { 68132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 68277ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { 68377ad4e41Sdrh return SQLITE_DENY 68477ad4e41Sdrh } 68577ad4e41Sdrh return SQLITE_OK 68677ad4e41Sdrh } 68777ad4e41Sdrh catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2} 68877ad4e41Sdrh } {1 {not authorized}} 68977ad4e41Sdrh do_test auth-1.96 { 69077ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 69177ad4e41Sdrh } {t1} 69277ad4e41Sdrh do_test auth-1.97 { 69332c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 69477ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { 69577ad4e41Sdrh return SQLITE_IGNORE 69677ad4e41Sdrh } 69777ad4e41Sdrh return SQLITE_OK 69877ad4e41Sdrh } 69977ad4e41Sdrh catchsql {CREATE TEMPORARY VIEW v1 AS SELECT a+1,b+1 FROM t2} 70077ad4e41Sdrh } {0 {}} 70177ad4e41Sdrh do_test auth-1.98 { 70277ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 70377ad4e41Sdrh } {t1} 70453c0f748Sdanielk1977} 70577ad4e41Sdrh 70677ad4e41Sdrhdo_test auth-1.99 { 70732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 70877ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { 70977ad4e41Sdrh return SQLITE_DENY 71077ad4e41Sdrh } 71177ad4e41Sdrh return SQLITE_OK 71277ad4e41Sdrh } 71377ad4e41Sdrh catchsql { 71477ad4e41Sdrh CREATE VIEW v2 AS SELECT a+1,b+1 FROM t2; 71577ad4e41Sdrh DROP VIEW v2 71677ad4e41Sdrh } 71777ad4e41Sdrh} {1 {not authorized}} 71877ad4e41Sdrhdo_test auth-1.100 { 71977ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 72077ad4e41Sdrh} {t2 v2} 72177ad4e41Sdrhdo_test auth-1.101 { 72232c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 72377ad4e41Sdrh if {$code=="SQLITE_DROP_VIEW"} { 724e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 72577ad4e41Sdrh return SQLITE_DENY 72677ad4e41Sdrh } 72777ad4e41Sdrh return SQLITE_OK 72877ad4e41Sdrh } 72977ad4e41Sdrh catchsql {DROP VIEW v2} 73077ad4e41Sdrh} {1 {not authorized}} 73177ad4e41Sdrhdo_test auth-1.102 { 73277ad4e41Sdrh set ::authargs 733e22a334bSdrh} {v2 {} main {}} 73477ad4e41Sdrhdo_test auth-1.103 { 73577ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 73677ad4e41Sdrh} {t2 v2} 73777ad4e41Sdrhdo_test auth-1.104 { 73832c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 73977ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { 74077ad4e41Sdrh return SQLITE_IGNORE 74177ad4e41Sdrh } 74277ad4e41Sdrh return SQLITE_OK 74377ad4e41Sdrh } 74477ad4e41Sdrh catchsql {DROP VIEW v2} 74577ad4e41Sdrh} {0 {}} 74677ad4e41Sdrhdo_test auth-1.105 { 74777ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 74877ad4e41Sdrh} {t2 v2} 74977ad4e41Sdrhdo_test auth-1.106 { 75032c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 75177ad4e41Sdrh if {$code=="SQLITE_DROP_VIEW"} { 752e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 75377ad4e41Sdrh return SQLITE_IGNORE 75477ad4e41Sdrh } 75577ad4e41Sdrh return SQLITE_OK 75677ad4e41Sdrh } 75777ad4e41Sdrh catchsql {DROP VIEW v2} 75877ad4e41Sdrh} {0 {}} 75977ad4e41Sdrhdo_test auth-1.107 { 76077ad4e41Sdrh set ::authargs 761e22a334bSdrh} {v2 {} main {}} 76277ad4e41Sdrhdo_test auth-1.108 { 76377ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 76477ad4e41Sdrh} {t2 v2} 76577ad4e41Sdrhdo_test auth-1.109 { 76632c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 76777ad4e41Sdrh if {$code=="SQLITE_DROP_VIEW"} { 768e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 76977ad4e41Sdrh return SQLITE_OK 77077ad4e41Sdrh } 77177ad4e41Sdrh return SQLITE_OK 77277ad4e41Sdrh } 77377ad4e41Sdrh catchsql {DROP VIEW v2} 77477ad4e41Sdrh} {0 {}} 77577ad4e41Sdrhdo_test auth-1.110 { 77677ad4e41Sdrh set ::authargs 777e22a334bSdrh} {v2 {} main {}} 77877ad4e41Sdrhdo_test auth-1.111 { 77977ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 78077ad4e41Sdrh} {t2} 78177ad4e41Sdrh 78277ad4e41Sdrh 78353c0f748Sdanielk1977ifcapable tempdb { 78477ad4e41Sdrh do_test auth-1.112 { 78532c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 78677ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { 78777ad4e41Sdrh return SQLITE_DENY 78877ad4e41Sdrh } 78977ad4e41Sdrh return SQLITE_OK 79077ad4e41Sdrh } 79177ad4e41Sdrh catchsql { 79277ad4e41Sdrh CREATE TEMP VIEW v1 AS SELECT a+1,b+1 FROM t1; 79377ad4e41Sdrh DROP VIEW v1 79477ad4e41Sdrh } 79577ad4e41Sdrh } {1 {not authorized}} 79677ad4e41Sdrh do_test auth-1.113 { 797e0a04a36Sdrh execsql {SELECT name FROM temp.sqlite_master} 79877ad4e41Sdrh } {t1 v1} 79977ad4e41Sdrh do_test auth-1.114 { 80032c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 80177ad4e41Sdrh if {$code=="SQLITE_DROP_TEMP_VIEW"} { 802e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 80377ad4e41Sdrh return SQLITE_DENY 80477ad4e41Sdrh } 80577ad4e41Sdrh return SQLITE_OK 80677ad4e41Sdrh } 80777ad4e41Sdrh catchsql {DROP VIEW v1} 80877ad4e41Sdrh } {1 {not authorized}} 80977ad4e41Sdrh do_test auth-1.115 { 81077ad4e41Sdrh set ::authargs 811e22a334bSdrh } {v1 {} temp {}} 81277ad4e41Sdrh do_test auth-1.116 { 81377ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 81477ad4e41Sdrh } {t1 v1} 81577ad4e41Sdrh do_test auth-1.117 { 81632c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 81777ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { 81877ad4e41Sdrh return SQLITE_IGNORE 81977ad4e41Sdrh } 82077ad4e41Sdrh return SQLITE_OK 82177ad4e41Sdrh } 82277ad4e41Sdrh catchsql {DROP VIEW v1} 82377ad4e41Sdrh } {0 {}} 82477ad4e41Sdrh do_test auth-1.118 { 82577ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 82677ad4e41Sdrh } {t1 v1} 82777ad4e41Sdrh do_test auth-1.119 { 82832c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 82977ad4e41Sdrh if {$code=="SQLITE_DROP_TEMP_VIEW"} { 830e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 83177ad4e41Sdrh return SQLITE_IGNORE 83277ad4e41Sdrh } 83377ad4e41Sdrh return SQLITE_OK 83477ad4e41Sdrh } 83577ad4e41Sdrh catchsql {DROP VIEW v1} 83677ad4e41Sdrh } {0 {}} 83777ad4e41Sdrh do_test auth-1.120 { 83877ad4e41Sdrh set ::authargs 839e22a334bSdrh } {v1 {} temp {}} 84077ad4e41Sdrh do_test auth-1.121 { 841e0a04a36Sdrh execsql {SELECT name FROM temp.sqlite_master} 84277ad4e41Sdrh } {t1 v1} 84377ad4e41Sdrh do_test auth-1.122 { 84432c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 84577ad4e41Sdrh if {$code=="SQLITE_DROP_TEMP_VIEW"} { 846e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 84777ad4e41Sdrh return SQLITE_OK 84877ad4e41Sdrh } 84977ad4e41Sdrh return SQLITE_OK 85077ad4e41Sdrh } 85177ad4e41Sdrh catchsql {DROP VIEW v1} 85277ad4e41Sdrh } {0 {}} 85377ad4e41Sdrh do_test auth-1.123 { 85477ad4e41Sdrh set ::authargs 855e22a334bSdrh } {v1 {} temp {}} 85677ad4e41Sdrh do_test auth-1.124 { 85777ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 85877ad4e41Sdrh } {t1} 85953c0f748Sdanielk1977} 8600fa8ddbdSdanielk1977} ;# ifcapable view 86177ad4e41Sdrh 86281650dc6Sdanielk1977# Test cases auth-1.125 to auth-1.176 test creating and dropping triggers. 86381650dc6Sdanielk1977# Omit these if the library was compiled with triggers omitted. 86481650dc6Sdanielk1977# 86553c0f748Sdanielk1977ifcapable trigger&&tempdb { 86677ad4e41Sdrhdo_test auth-1.125 { 86732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 86877ad4e41Sdrh if {$code=="SQLITE_CREATE_TRIGGER"} { 869e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 87077ad4e41Sdrh return SQLITE_DENY 87177ad4e41Sdrh } 87277ad4e41Sdrh return SQLITE_OK 87377ad4e41Sdrh } 87477ad4e41Sdrh catchsql { 87577ad4e41Sdrh CREATE TRIGGER r2 DELETE on t2 BEGIN 87677ad4e41Sdrh SELECT NULL; 87777ad4e41Sdrh END; 87877ad4e41Sdrh } 87977ad4e41Sdrh} {1 {not authorized}} 88077ad4e41Sdrhdo_test auth-1.126 { 88177ad4e41Sdrh set ::authargs 882e22a334bSdrh} {r2 t2 main {}} 88377ad4e41Sdrhdo_test auth-1.127 { 88477ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 88577ad4e41Sdrh} {t2} 88677ad4e41Sdrhdo_test auth-1.128 { 88732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 88877ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { 88977ad4e41Sdrh return SQLITE_DENY 89077ad4e41Sdrh } 89177ad4e41Sdrh return SQLITE_OK 89277ad4e41Sdrh } 89377ad4e41Sdrh catchsql { 89477ad4e41Sdrh CREATE TRIGGER r2 DELETE on t2 BEGIN 89577ad4e41Sdrh SELECT NULL; 89677ad4e41Sdrh END; 89777ad4e41Sdrh } 89877ad4e41Sdrh} {1 {not authorized}} 89977ad4e41Sdrhdo_test auth-1.129 { 90077ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 90177ad4e41Sdrh} {t2} 90277ad4e41Sdrhdo_test auth-1.130 { 90332c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 90477ad4e41Sdrh if {$code=="SQLITE_CREATE_TRIGGER"} { 905e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 90677ad4e41Sdrh return SQLITE_IGNORE 90777ad4e41Sdrh } 90877ad4e41Sdrh return SQLITE_OK 90977ad4e41Sdrh } 91077ad4e41Sdrh catchsql { 91177ad4e41Sdrh CREATE TRIGGER r2 DELETE on t2 BEGIN 91277ad4e41Sdrh SELECT NULL; 91377ad4e41Sdrh END; 91477ad4e41Sdrh } 91577ad4e41Sdrh} {0 {}} 91677ad4e41Sdrhdo_test auth-1.131 { 91777ad4e41Sdrh set ::authargs 918e22a334bSdrh} {r2 t2 main {}} 91977ad4e41Sdrhdo_test auth-1.132 { 92077ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 92177ad4e41Sdrh} {t2} 92277ad4e41Sdrhdo_test auth-1.133 { 92332c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 92477ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { 92577ad4e41Sdrh return SQLITE_IGNORE 92677ad4e41Sdrh } 92777ad4e41Sdrh return SQLITE_OK 92877ad4e41Sdrh } 92977ad4e41Sdrh catchsql { 93077ad4e41Sdrh CREATE TRIGGER r2 DELETE on t2 BEGIN 93177ad4e41Sdrh SELECT NULL; 93277ad4e41Sdrh END; 93377ad4e41Sdrh } 93477ad4e41Sdrh} {0 {}} 93577ad4e41Sdrhdo_test auth-1.134 { 93677ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 93777ad4e41Sdrh} {t2} 93877ad4e41Sdrhdo_test auth-1.135 { 93932c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 94077ad4e41Sdrh if {$code=="SQLITE_CREATE_TRIGGER"} { 941e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 94277ad4e41Sdrh return SQLITE_OK 94377ad4e41Sdrh } 94477ad4e41Sdrh return SQLITE_OK 94577ad4e41Sdrh } 94677ad4e41Sdrh catchsql { 947e22a334bSdrh CREATE TABLE tx(id); 948e22a334bSdrh CREATE TRIGGER r2 AFTER INSERT ON t2 BEGIN 949e22a334bSdrh INSERT INTO tx VALUES(NEW.rowid); 95077ad4e41Sdrh END; 95177ad4e41Sdrh } 95277ad4e41Sdrh} {0 {}} 953e22a334bSdrhdo_test auth-1.136.1 { 95477ad4e41Sdrh set ::authargs 955e22a334bSdrh} {r2 t2 main {}} 956e22a334bSdrhdo_test auth-1.136.2 { 957e22a334bSdrh execsql { 958e22a334bSdrh SELECT name FROM sqlite_master WHERE type='trigger' 959e22a334bSdrh } 960e22a334bSdrh} {r2} 961e22a334bSdrhdo_test auth-1.136.3 { 96232c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 963e22a334bSdrh lappend ::authargs $code $arg1 $arg2 $arg3 $arg4 964e22a334bSdrh return SQLITE_OK 965e22a334bSdrh } 966e22a334bSdrh set ::authargs {} 967e22a334bSdrh execsql { 968e22a334bSdrh INSERT INTO t2 VALUES(1,2,3); 969e22a334bSdrh } 970e22a334bSdrh set ::authargs 971e22a334bSdrh} {SQLITE_INSERT t2 {} main {} SQLITE_INSERT tx {} main r2 SQLITE_READ t2 ROWID main r2} 972e22a334bSdrhdo_test auth-1.136.4 { 973e22a334bSdrh execsql { 974e22a334bSdrh SELECT * FROM tx; 975e22a334bSdrh } 976e22a334bSdrh} {3} 97777ad4e41Sdrhdo_test auth-1.137 { 97877ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 979e22a334bSdrh} {t2 tx r2} 98077ad4e41Sdrhdo_test auth-1.138 { 98132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 98277ad4e41Sdrh if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} { 983e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 98477ad4e41Sdrh return SQLITE_DENY 98577ad4e41Sdrh } 98677ad4e41Sdrh return SQLITE_OK 98777ad4e41Sdrh } 98877ad4e41Sdrh catchsql { 98977ad4e41Sdrh CREATE TRIGGER r1 DELETE on t1 BEGIN 99077ad4e41Sdrh SELECT NULL; 99177ad4e41Sdrh END; 99277ad4e41Sdrh } 99377ad4e41Sdrh} {1 {not authorized}} 99477ad4e41Sdrhdo_test auth-1.139 { 99577ad4e41Sdrh set ::authargs 996e22a334bSdrh} {r1 t1 temp {}} 99777ad4e41Sdrhdo_test auth-1.140 { 998e0a04a36Sdrh execsql {SELECT name FROM temp.sqlite_master} 99977ad4e41Sdrh} {t1} 100077ad4e41Sdrhdo_test auth-1.141 { 100132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 100277ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { 100377ad4e41Sdrh return SQLITE_DENY 100477ad4e41Sdrh } 100577ad4e41Sdrh return SQLITE_OK 100677ad4e41Sdrh } 100777ad4e41Sdrh catchsql { 100877ad4e41Sdrh CREATE TRIGGER r1 DELETE on t1 BEGIN 100977ad4e41Sdrh SELECT NULL; 101077ad4e41Sdrh END; 101177ad4e41Sdrh } 101277ad4e41Sdrh} {1 {not authorized}} 101377ad4e41Sdrhdo_test auth-1.142 { 101477ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 101577ad4e41Sdrh} {t1} 101677ad4e41Sdrhdo_test auth-1.143 { 101732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 101877ad4e41Sdrh if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} { 1019e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 102077ad4e41Sdrh return SQLITE_IGNORE 102177ad4e41Sdrh } 102277ad4e41Sdrh return SQLITE_OK 102377ad4e41Sdrh } 102477ad4e41Sdrh catchsql { 102577ad4e41Sdrh CREATE TRIGGER r1 DELETE on t1 BEGIN 102677ad4e41Sdrh SELECT NULL; 102777ad4e41Sdrh END; 102877ad4e41Sdrh } 102977ad4e41Sdrh} {0 {}} 103077ad4e41Sdrhdo_test auth-1.144 { 103177ad4e41Sdrh set ::authargs 1032e22a334bSdrh} {r1 t1 temp {}} 103377ad4e41Sdrhdo_test auth-1.145 { 1034e0a04a36Sdrh execsql {SELECT name FROM temp.sqlite_master} 103577ad4e41Sdrh} {t1} 103677ad4e41Sdrhdo_test auth-1.146 { 103732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 103877ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { 103977ad4e41Sdrh return SQLITE_IGNORE 104077ad4e41Sdrh } 104177ad4e41Sdrh return SQLITE_OK 104277ad4e41Sdrh } 104377ad4e41Sdrh catchsql { 104477ad4e41Sdrh CREATE TRIGGER r1 DELETE on t1 BEGIN 104577ad4e41Sdrh SELECT NULL; 104677ad4e41Sdrh END; 104777ad4e41Sdrh } 104877ad4e41Sdrh} {0 {}} 104977ad4e41Sdrhdo_test auth-1.147 { 105077ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 105177ad4e41Sdrh} {t1} 105277ad4e41Sdrhdo_test auth-1.148 { 105332c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 105477ad4e41Sdrh if {$code=="SQLITE_CREATE_TEMP_TRIGGER"} { 1055e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 105677ad4e41Sdrh return SQLITE_OK 105777ad4e41Sdrh } 105877ad4e41Sdrh return SQLITE_OK 105977ad4e41Sdrh } 106077ad4e41Sdrh catchsql { 106177ad4e41Sdrh CREATE TRIGGER r1 DELETE on t1 BEGIN 106277ad4e41Sdrh SELECT NULL; 106377ad4e41Sdrh END; 106477ad4e41Sdrh } 106577ad4e41Sdrh} {0 {}} 106677ad4e41Sdrhdo_test auth-1.149 { 106777ad4e41Sdrh set ::authargs 1068e22a334bSdrh} {r1 t1 temp {}} 106977ad4e41Sdrhdo_test auth-1.150 { 1070e0a04a36Sdrh execsql {SELECT name FROM temp.sqlite_master} 107177ad4e41Sdrh} {t1 r1} 107277ad4e41Sdrh 107377ad4e41Sdrhdo_test auth-1.151 { 107432c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 107577ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { 107677ad4e41Sdrh return SQLITE_DENY 107777ad4e41Sdrh } 107877ad4e41Sdrh return SQLITE_OK 107977ad4e41Sdrh } 108077ad4e41Sdrh catchsql {DROP TRIGGER r2} 108177ad4e41Sdrh} {1 {not authorized}} 108277ad4e41Sdrhdo_test auth-1.152 { 108377ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 1084e22a334bSdrh} {t2 tx r2} 108577ad4e41Sdrhdo_test auth-1.153 { 108632c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 108777ad4e41Sdrh if {$code=="SQLITE_DROP_TRIGGER"} { 1088e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 108977ad4e41Sdrh return SQLITE_DENY 109077ad4e41Sdrh } 109177ad4e41Sdrh return SQLITE_OK 109277ad4e41Sdrh } 109377ad4e41Sdrh catchsql {DROP TRIGGER r2} 109477ad4e41Sdrh} {1 {not authorized}} 109577ad4e41Sdrhdo_test auth-1.154 { 109677ad4e41Sdrh set ::authargs 1097e22a334bSdrh} {r2 t2 main {}} 109877ad4e41Sdrhdo_test auth-1.155 { 109977ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 1100e22a334bSdrh} {t2 tx r2} 110177ad4e41Sdrhdo_test auth-1.156 { 110232c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 110377ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { 110477ad4e41Sdrh return SQLITE_IGNORE 110577ad4e41Sdrh } 110677ad4e41Sdrh return SQLITE_OK 110777ad4e41Sdrh } 110877ad4e41Sdrh catchsql {DROP TRIGGER r2} 110977ad4e41Sdrh} {0 {}} 111077ad4e41Sdrhdo_test auth-1.157 { 111177ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 1112e22a334bSdrh} {t2 tx r2} 111377ad4e41Sdrhdo_test auth-1.158 { 111432c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 111577ad4e41Sdrh if {$code=="SQLITE_DROP_TRIGGER"} { 1116e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 111777ad4e41Sdrh return SQLITE_IGNORE 111877ad4e41Sdrh } 111977ad4e41Sdrh return SQLITE_OK 112077ad4e41Sdrh } 112177ad4e41Sdrh catchsql {DROP TRIGGER r2} 112277ad4e41Sdrh} {0 {}} 112377ad4e41Sdrhdo_test auth-1.159 { 112477ad4e41Sdrh set ::authargs 1125e22a334bSdrh} {r2 t2 main {}} 112677ad4e41Sdrhdo_test auth-1.160 { 112777ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 1128e22a334bSdrh} {t2 tx r2} 112977ad4e41Sdrhdo_test auth-1.161 { 113032c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 113177ad4e41Sdrh if {$code=="SQLITE_DROP_TRIGGER"} { 1132e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 113377ad4e41Sdrh return SQLITE_OK 113477ad4e41Sdrh } 113577ad4e41Sdrh return SQLITE_OK 113677ad4e41Sdrh } 113777ad4e41Sdrh catchsql {DROP TRIGGER r2} 113877ad4e41Sdrh} {0 {}} 113977ad4e41Sdrhdo_test auth-1.162 { 114077ad4e41Sdrh set ::authargs 1141e22a334bSdrh} {r2 t2 main {}} 114277ad4e41Sdrhdo_test auth-1.163 { 1143e22a334bSdrh execsql { 1144e22a334bSdrh DROP TABLE tx; 1145e22a334bSdrh DELETE FROM t2 WHERE a=1 AND b=2 AND c=3; 1146e22a334bSdrh SELECT name FROM sqlite_master; 1147e22a334bSdrh } 114877ad4e41Sdrh} {t2} 114977ad4e41Sdrh 115077ad4e41Sdrhdo_test auth-1.164 { 115132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 115277ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { 115377ad4e41Sdrh return SQLITE_DENY 115477ad4e41Sdrh } 115577ad4e41Sdrh return SQLITE_OK 115677ad4e41Sdrh } 115777ad4e41Sdrh catchsql {DROP TRIGGER r1} 115877ad4e41Sdrh} {1 {not authorized}} 115977ad4e41Sdrhdo_test auth-1.165 { 1160e0a04a36Sdrh execsql {SELECT name FROM temp.sqlite_master} 116177ad4e41Sdrh} {t1 r1} 116277ad4e41Sdrhdo_test auth-1.166 { 116332c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 116477ad4e41Sdrh if {$code=="SQLITE_DROP_TEMP_TRIGGER"} { 1165e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 116677ad4e41Sdrh return SQLITE_DENY 116777ad4e41Sdrh } 116877ad4e41Sdrh return SQLITE_OK 116977ad4e41Sdrh } 117077ad4e41Sdrh catchsql {DROP TRIGGER r1} 117177ad4e41Sdrh} {1 {not authorized}} 117277ad4e41Sdrhdo_test auth-1.167 { 117377ad4e41Sdrh set ::authargs 1174e22a334bSdrh} {r1 t1 temp {}} 117577ad4e41Sdrhdo_test auth-1.168 { 117677ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 117777ad4e41Sdrh} {t1 r1} 117877ad4e41Sdrhdo_test auth-1.169 { 117932c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 118077ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { 118177ad4e41Sdrh return SQLITE_IGNORE 118277ad4e41Sdrh } 118377ad4e41Sdrh return SQLITE_OK 118477ad4e41Sdrh } 118577ad4e41Sdrh catchsql {DROP TRIGGER r1} 118677ad4e41Sdrh} {0 {}} 118777ad4e41Sdrhdo_test auth-1.170 { 1188e0a04a36Sdrh execsql {SELECT name FROM temp.sqlite_master} 118977ad4e41Sdrh} {t1 r1} 119077ad4e41Sdrhdo_test auth-1.171 { 119132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 119277ad4e41Sdrh if {$code=="SQLITE_DROP_TEMP_TRIGGER"} { 1193e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 119477ad4e41Sdrh return SQLITE_IGNORE 119577ad4e41Sdrh } 119677ad4e41Sdrh return SQLITE_OK 119777ad4e41Sdrh } 119877ad4e41Sdrh catchsql {DROP TRIGGER r1} 119977ad4e41Sdrh} {0 {}} 120077ad4e41Sdrhdo_test auth-1.172 { 120177ad4e41Sdrh set ::authargs 1202e22a334bSdrh} {r1 t1 temp {}} 120377ad4e41Sdrhdo_test auth-1.173 { 120477ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 120577ad4e41Sdrh} {t1 r1} 120677ad4e41Sdrhdo_test auth-1.174 { 120732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 120877ad4e41Sdrh if {$code=="SQLITE_DROP_TEMP_TRIGGER"} { 1209e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 121077ad4e41Sdrh return SQLITE_OK 121177ad4e41Sdrh } 121277ad4e41Sdrh return SQLITE_OK 121377ad4e41Sdrh } 121477ad4e41Sdrh catchsql {DROP TRIGGER r1} 121577ad4e41Sdrh} {0 {}} 121677ad4e41Sdrhdo_test auth-1.175 { 121777ad4e41Sdrh set ::authargs 1218e22a334bSdrh} {r1 t1 temp {}} 121977ad4e41Sdrhdo_test auth-1.176 { 1220e0a04a36Sdrh execsql {SELECT name FROM temp.sqlite_master} 122177ad4e41Sdrh} {t1} 122281650dc6Sdanielk1977} ;# ifcapable trigger 122377ad4e41Sdrh 122477ad4e41Sdrhdo_test auth-1.177 { 122532c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 122677ad4e41Sdrh if {$code=="SQLITE_CREATE_INDEX"} { 1227e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 122877ad4e41Sdrh return SQLITE_DENY 122977ad4e41Sdrh } 123077ad4e41Sdrh return SQLITE_OK 123177ad4e41Sdrh } 123277ad4e41Sdrh catchsql {CREATE INDEX i2 ON t2(a)} 123377ad4e41Sdrh} {1 {not authorized}} 123477ad4e41Sdrhdo_test auth-1.178 { 123577ad4e41Sdrh set ::authargs 1236e22a334bSdrh} {i2 t2 main {}} 123777ad4e41Sdrhdo_test auth-1.179 { 123877ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 123977ad4e41Sdrh} {t2} 124077ad4e41Sdrhdo_test auth-1.180 { 124132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 124277ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { 124377ad4e41Sdrh return SQLITE_DENY 124477ad4e41Sdrh } 124577ad4e41Sdrh return SQLITE_OK 124677ad4e41Sdrh } 124777ad4e41Sdrh catchsql {CREATE INDEX i2 ON t2(a)} 124877ad4e41Sdrh} {1 {not authorized}} 124977ad4e41Sdrhdo_test auth-1.181 { 125077ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 125177ad4e41Sdrh} {t2} 125277ad4e41Sdrhdo_test auth-1.182 { 125332c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 125477ad4e41Sdrh if {$code=="SQLITE_CREATE_INDEX"} { 1255e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 125677ad4e41Sdrh return SQLITE_IGNORE 125777ad4e41Sdrh } 125877ad4e41Sdrh return SQLITE_OK 125977ad4e41Sdrh } 126077ad4e41Sdrh catchsql {CREATE INDEX i2 ON t2(b)} 126177ad4e41Sdrh} {0 {}} 126277ad4e41Sdrhdo_test auth-1.183 { 126377ad4e41Sdrh set ::authargs 1264e22a334bSdrh} {i2 t2 main {}} 126577ad4e41Sdrhdo_test auth-1.184 { 126677ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 126777ad4e41Sdrh} {t2} 126877ad4e41Sdrhdo_test auth-1.185 { 126932c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 127077ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="sqlite_master"} { 127177ad4e41Sdrh return SQLITE_IGNORE 127277ad4e41Sdrh } 127377ad4e41Sdrh return SQLITE_OK 127477ad4e41Sdrh } 127577ad4e41Sdrh catchsql {CREATE INDEX i2 ON t2(b)} 127677ad4e41Sdrh} {0 {}} 127777ad4e41Sdrhdo_test auth-1.186 { 127877ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 127977ad4e41Sdrh} {t2} 128077ad4e41Sdrhdo_test auth-1.187 { 128132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 128277ad4e41Sdrh if {$code=="SQLITE_CREATE_INDEX"} { 1283e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 128477ad4e41Sdrh return SQLITE_OK 128577ad4e41Sdrh } 128677ad4e41Sdrh return SQLITE_OK 128777ad4e41Sdrh } 128877ad4e41Sdrh catchsql {CREATE INDEX i2 ON t2(a)} 128977ad4e41Sdrh} {0 {}} 129077ad4e41Sdrhdo_test auth-1.188 { 129177ad4e41Sdrh set ::authargs 1292e22a334bSdrh} {i2 t2 main {}} 129377ad4e41Sdrhdo_test auth-1.189 { 129477ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 129577ad4e41Sdrh} {t2 i2} 129677ad4e41Sdrh 129753c0f748Sdanielk1977ifcapable tempdb { 129877ad4e41Sdrh do_test auth-1.190 { 129932c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 130077ad4e41Sdrh if {$code=="SQLITE_CREATE_TEMP_INDEX"} { 1301e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 130277ad4e41Sdrh return SQLITE_DENY 130377ad4e41Sdrh } 130477ad4e41Sdrh return SQLITE_OK 130577ad4e41Sdrh } 130677ad4e41Sdrh catchsql {CREATE INDEX i1 ON t1(a)} 130777ad4e41Sdrh } {1 {not authorized}} 130877ad4e41Sdrh do_test auth-1.191 { 130977ad4e41Sdrh set ::authargs 1310e22a334bSdrh } {i1 t1 temp {}} 131177ad4e41Sdrh do_test auth-1.192 { 131277ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 131377ad4e41Sdrh } {t1} 131477ad4e41Sdrh do_test auth-1.193 { 131532c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 131677ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { 131777ad4e41Sdrh return SQLITE_DENY 131877ad4e41Sdrh } 131977ad4e41Sdrh return SQLITE_OK 132077ad4e41Sdrh } 132177ad4e41Sdrh catchsql {CREATE INDEX i1 ON t1(b)} 132277ad4e41Sdrh } {1 {not authorized}} 132377ad4e41Sdrh do_test auth-1.194 { 1324e0a04a36Sdrh execsql {SELECT name FROM temp.sqlite_master} 132577ad4e41Sdrh } {t1} 132677ad4e41Sdrh do_test auth-1.195 { 132732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 132877ad4e41Sdrh if {$code=="SQLITE_CREATE_TEMP_INDEX"} { 1329e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 133077ad4e41Sdrh return SQLITE_IGNORE 133177ad4e41Sdrh } 133277ad4e41Sdrh return SQLITE_OK 133377ad4e41Sdrh } 133477ad4e41Sdrh catchsql {CREATE INDEX i1 ON t1(b)} 133577ad4e41Sdrh } {0 {}} 133677ad4e41Sdrh do_test auth-1.196 { 133777ad4e41Sdrh set ::authargs 1338e22a334bSdrh } {i1 t1 temp {}} 133977ad4e41Sdrh do_test auth-1.197 { 134077ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 134177ad4e41Sdrh } {t1} 134277ad4e41Sdrh do_test auth-1.198 { 134332c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 134477ad4e41Sdrh if {$code=="SQLITE_INSERT" && $arg1=="sqlite_temp_master"} { 134577ad4e41Sdrh return SQLITE_IGNORE 134677ad4e41Sdrh } 134777ad4e41Sdrh return SQLITE_OK 134877ad4e41Sdrh } 134977ad4e41Sdrh catchsql {CREATE INDEX i1 ON t1(c)} 135077ad4e41Sdrh } {0 {}} 135177ad4e41Sdrh do_test auth-1.199 { 135277ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 135377ad4e41Sdrh } {t1} 135477ad4e41Sdrh do_test auth-1.200 { 135532c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 135677ad4e41Sdrh if {$code=="SQLITE_CREATE_TEMP_INDEX"} { 1357e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 135877ad4e41Sdrh return SQLITE_OK 135977ad4e41Sdrh } 136077ad4e41Sdrh return SQLITE_OK 136177ad4e41Sdrh } 136277ad4e41Sdrh catchsql {CREATE INDEX i1 ON t1(a)} 136377ad4e41Sdrh } {0 {}} 136477ad4e41Sdrh do_test auth-1.201 { 136577ad4e41Sdrh set ::authargs 1366e22a334bSdrh } {i1 t1 temp {}} 136777ad4e41Sdrh do_test auth-1.202 { 1368e0a04a36Sdrh execsql {SELECT name FROM temp.sqlite_master} 136977ad4e41Sdrh } {t1 i1} 137053c0f748Sdanielk1977} 137177ad4e41Sdrh 137277ad4e41Sdrhdo_test auth-1.203 { 137332c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 137477ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { 137577ad4e41Sdrh return SQLITE_DENY 137677ad4e41Sdrh } 137777ad4e41Sdrh return SQLITE_OK 137877ad4e41Sdrh } 137977ad4e41Sdrh catchsql {DROP INDEX i2} 138077ad4e41Sdrh} {1 {not authorized}} 138177ad4e41Sdrhdo_test auth-1.204 { 138277ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 138377ad4e41Sdrh} {t2 i2} 138477ad4e41Sdrhdo_test auth-1.205 { 138532c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 138677ad4e41Sdrh if {$code=="SQLITE_DROP_INDEX"} { 1387e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 138877ad4e41Sdrh return SQLITE_DENY 138977ad4e41Sdrh } 139077ad4e41Sdrh return SQLITE_OK 139177ad4e41Sdrh } 139277ad4e41Sdrh catchsql {DROP INDEX i2} 139377ad4e41Sdrh} {1 {not authorized}} 139493fd5420Sdrhdo_test auth-1.205a { 139577ad4e41Sdrh set ::authargs 1396e22a334bSdrh} {i2 t2 main {}} 139793fd5420Sdrhdb eval { 139893fd5420Sdrh ATTACH ':memory:' as di205; 139993fd5420Sdrh CREATE TABLE di205.t1(x); 140093fd5420Sdrh CREATE INDEX di205.t1x ON t1(x); 140193fd5420Sdrh} 140293fd5420Sdrhdo_catchsql_test auth-1.205b { 140393fd5420Sdrh DROP INDEX di205.t1x; 140493fd5420Sdrh} {1 {not authorized}} 140593fd5420Sdrhdb eval { 140693fd5420Sdrh DETACH di205; 140793fd5420Sdrh} 140893fd5420Sdrhdo_test auth-1.206 { 140993fd5420Sdrh set ::authargs 141093fd5420Sdrh} {t1x t1 di205 {}} 141177ad4e41Sdrhdo_test auth-1.207 { 141277ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 141377ad4e41Sdrh} {t2 i2} 141477ad4e41Sdrhdo_test auth-1.208 { 141532c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 141677ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="sqlite_master"} { 141777ad4e41Sdrh return SQLITE_IGNORE 141877ad4e41Sdrh } 141977ad4e41Sdrh return SQLITE_OK 142077ad4e41Sdrh } 142177ad4e41Sdrh catchsql {DROP INDEX i2} 142277ad4e41Sdrh} {0 {}} 142377ad4e41Sdrhdo_test auth-1.209 { 142477ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 142577ad4e41Sdrh} {t2 i2} 142677ad4e41Sdrhdo_test auth-1.210 { 142732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 142877ad4e41Sdrh if {$code=="SQLITE_DROP_INDEX"} { 1429e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 143077ad4e41Sdrh return SQLITE_IGNORE 143177ad4e41Sdrh } 143277ad4e41Sdrh return SQLITE_OK 143377ad4e41Sdrh } 143477ad4e41Sdrh catchsql {DROP INDEX i2} 143577ad4e41Sdrh} {0 {}} 143677ad4e41Sdrhdo_test auth-1.211 { 143777ad4e41Sdrh set ::authargs 1438e22a334bSdrh} {i2 t2 main {}} 143977ad4e41Sdrhdo_test auth-1.212 { 144077ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 144177ad4e41Sdrh} {t2 i2} 144277ad4e41Sdrhdo_test auth-1.213 { 144332c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 144477ad4e41Sdrh if {$code=="SQLITE_DROP_INDEX"} { 1445e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 144677ad4e41Sdrh return SQLITE_OK 144777ad4e41Sdrh } 144877ad4e41Sdrh return SQLITE_OK 144977ad4e41Sdrh } 145077ad4e41Sdrh catchsql {DROP INDEX i2} 145177ad4e41Sdrh} {0 {}} 145277ad4e41Sdrhdo_test auth-1.214 { 145377ad4e41Sdrh set ::authargs 1454e22a334bSdrh} {i2 t2 main {}} 145577ad4e41Sdrhdo_test auth-1.215 { 145677ad4e41Sdrh execsql {SELECT name FROM sqlite_master} 145777ad4e41Sdrh} {t2} 145877ad4e41Sdrh 145953c0f748Sdanielk1977ifcapable tempdb { 146077ad4e41Sdrh do_test auth-1.216 { 146132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 146277ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { 146377ad4e41Sdrh return SQLITE_DENY 146477ad4e41Sdrh } 146577ad4e41Sdrh return SQLITE_OK 146677ad4e41Sdrh } 146777ad4e41Sdrh catchsql {DROP INDEX i1} 146877ad4e41Sdrh } {1 {not authorized}} 146977ad4e41Sdrh do_test auth-1.217 { 147077ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 147177ad4e41Sdrh } {t1 i1} 147277ad4e41Sdrh do_test auth-1.218 { 147332c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 147477ad4e41Sdrh if {$code=="SQLITE_DROP_TEMP_INDEX"} { 1475e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 147677ad4e41Sdrh return SQLITE_DENY 147777ad4e41Sdrh } 147877ad4e41Sdrh return SQLITE_OK 147977ad4e41Sdrh } 148077ad4e41Sdrh catchsql {DROP INDEX i1} 148177ad4e41Sdrh } {1 {not authorized}} 148277ad4e41Sdrh do_test auth-1.219 { 148377ad4e41Sdrh set ::authargs 1484e22a334bSdrh } {i1 t1 temp {}} 148577ad4e41Sdrh do_test auth-1.220 { 148677ad4e41Sdrh execsql {SELECT name FROM sqlite_temp_master} 148777ad4e41Sdrh } {t1 i1} 148877ad4e41Sdrh do_test auth-1.221 { 148932c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 149077ad4e41Sdrh if {$code=="SQLITE_DELETE" && $arg1=="sqlite_temp_master"} { 149177ad4e41Sdrh return SQLITE_IGNORE 149277ad4e41Sdrh } 149377ad4e41Sdrh return SQLITE_OK 149477ad4e41Sdrh } 149577ad4e41Sdrh catchsql {DROP INDEX i1} 149677ad4e41Sdrh } {0 {}} 149777ad4e41Sdrh do_test auth-1.222 { 1498e0a04a36Sdrh execsql {SELECT name FROM temp.sqlite_master} 149977ad4e41Sdrh } {t1 i1} 150077ad4e41Sdrh do_test auth-1.223 { 150132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 150277ad4e41Sdrh if {$code=="SQLITE_DROP_TEMP_INDEX"} { 1503e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 150477ad4e41Sdrh return SQLITE_IGNORE 150577ad4e41Sdrh } 150677ad4e41Sdrh return SQLITE_OK 150777ad4e41Sdrh } 150877ad4e41Sdrh catchsql {DROP INDEX i1} 150977ad4e41Sdrh } {0 {}} 151077ad4e41Sdrh do_test auth-1.224 { 151177ad4e41Sdrh set ::authargs 1512e22a334bSdrh } {i1 t1 temp {}} 151377ad4e41Sdrh do_test auth-1.225 { 1514e0a04a36Sdrh execsql {SELECT name FROM temp.sqlite_master} 151577ad4e41Sdrh } {t1 i1} 151677ad4e41Sdrh do_test auth-1.226 { 151732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 151877ad4e41Sdrh if {$code=="SQLITE_DROP_TEMP_INDEX"} { 1519e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 152077ad4e41Sdrh return SQLITE_OK 152177ad4e41Sdrh } 152277ad4e41Sdrh return SQLITE_OK 152377ad4e41Sdrh } 152477ad4e41Sdrh catchsql {DROP INDEX i1} 152577ad4e41Sdrh } {0 {}} 152677ad4e41Sdrh do_test auth-1.227 { 152777ad4e41Sdrh set ::authargs 1528e22a334bSdrh } {i1 t1 temp {}} 152977ad4e41Sdrh do_test auth-1.228 { 1530e0a04a36Sdrh execsql {SELECT name FROM temp.sqlite_master} 153177ad4e41Sdrh } {t1} 153253c0f748Sdanielk1977} 153377ad4e41Sdrh 153477ad4e41Sdrhdo_test auth-1.229 { 153532c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 153677ad4e41Sdrh if {$code=="SQLITE_PRAGMA"} { 1537e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 153877ad4e41Sdrh return SQLITE_DENY 153977ad4e41Sdrh } 154077ad4e41Sdrh return SQLITE_OK 154177ad4e41Sdrh } 154277ad4e41Sdrh catchsql {PRAGMA full_column_names=on} 154377ad4e41Sdrh} {1 {not authorized}} 154477ad4e41Sdrhdo_test auth-1.230 { 154577ad4e41Sdrh set ::authargs 1546e22a334bSdrh} {full_column_names on {} {}} 154777ad4e41Sdrhdo_test auth-1.231 { 154877ad4e41Sdrh execsql2 {SELECT a FROM t2} 154977ad4e41Sdrh} {a 11 a 7} 155077ad4e41Sdrhdo_test auth-1.232 { 155132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 155277ad4e41Sdrh if {$code=="SQLITE_PRAGMA"} { 1553e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 155477ad4e41Sdrh return SQLITE_IGNORE 155577ad4e41Sdrh } 155677ad4e41Sdrh return SQLITE_OK 155777ad4e41Sdrh } 155877ad4e41Sdrh catchsql {PRAGMA full_column_names=on} 155977ad4e41Sdrh} {0 {}} 156077ad4e41Sdrhdo_test auth-1.233 { 156177ad4e41Sdrh set ::authargs 1562e22a334bSdrh} {full_column_names on {} {}} 156377ad4e41Sdrhdo_test auth-1.234 { 156477ad4e41Sdrh execsql2 {SELECT a FROM t2} 156577ad4e41Sdrh} {a 11 a 7} 156677ad4e41Sdrhdo_test auth-1.235 { 156732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 156877ad4e41Sdrh if {$code=="SQLITE_PRAGMA"} { 1569e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 157077ad4e41Sdrh return SQLITE_OK 157177ad4e41Sdrh } 157277ad4e41Sdrh return SQLITE_OK 157377ad4e41Sdrh } 157477ad4e41Sdrh catchsql {PRAGMA full_column_names=on} 157577ad4e41Sdrh} {0 {}} 157677ad4e41Sdrhdo_test auth-1.236 { 157777ad4e41Sdrh execsql2 {SELECT a FROM t2} 157877ad4e41Sdrh} {t2.a 11 t2.a 7} 157977ad4e41Sdrhdo_test auth-1.237 { 158032c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 158177ad4e41Sdrh if {$code=="SQLITE_PRAGMA"} { 1582e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 158377ad4e41Sdrh return SQLITE_OK 158477ad4e41Sdrh } 158577ad4e41Sdrh return SQLITE_OK 158677ad4e41Sdrh } 158777ad4e41Sdrh catchsql {PRAGMA full_column_names=OFF} 158877ad4e41Sdrh} {0 {}} 158977ad4e41Sdrhdo_test auth-1.238 { 159077ad4e41Sdrh set ::authargs 1591e22a334bSdrh} {full_column_names OFF {} {}} 159277ad4e41Sdrhdo_test auth-1.239 { 159377ad4e41Sdrh execsql2 {SELECT a FROM t2} 159477ad4e41Sdrh} {a 11 a 7} 15951962bda7Sdrh 15962c3831cbSdrhdo_test auth-1.240 { 159732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 15982c3831cbSdrh if {$code=="SQLITE_TRANSACTION"} { 1599e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 16002c3831cbSdrh return SQLITE_DENY 16012c3831cbSdrh } 16022c3831cbSdrh return SQLITE_OK 16032c3831cbSdrh } 16042c3831cbSdrh catchsql {BEGIN} 16052c3831cbSdrh} {1 {not authorized}} 16062c3831cbSdrhdo_test auth-1.241 { 16072c3831cbSdrh set ::authargs 1608e22a334bSdrh} {BEGIN {} {} {}} 16092c3831cbSdrhdo_test auth-1.242 { 161032c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 16112c3831cbSdrh if {$code=="SQLITE_TRANSACTION" && $arg1!="BEGIN"} { 1612e22a334bSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 16132c3831cbSdrh return SQLITE_DENY 16142c3831cbSdrh } 16152c3831cbSdrh return SQLITE_OK 16162c3831cbSdrh } 16172c3831cbSdrh catchsql {BEGIN; INSERT INTO t2 VALUES(44,55,66); COMMIT} 16182c3831cbSdrh} {1 {not authorized}} 16192c3831cbSdrhdo_test auth-1.243 { 16202c3831cbSdrh set ::authargs 1621e22a334bSdrh} {COMMIT {} {} {}} 16222c3831cbSdrhdo_test auth-1.244 { 16232c3831cbSdrh execsql {SELECT * FROM t2} 16242c3831cbSdrh} {11 2 33 7 8 9 44 55 66} 16252c3831cbSdrhdo_test auth-1.245 { 16262c3831cbSdrh catchsql {ROLLBACK} 16272c3831cbSdrh} {1 {not authorized}} 16282c3831cbSdrhdo_test auth-1.246 { 16292c3831cbSdrh set ::authargs 1630e22a334bSdrh} {ROLLBACK {} {} {}} 16312c3831cbSdrhdo_test auth-1.247 { 16322c3831cbSdrh catchsql {END TRANSACTION} 16332c3831cbSdrh} {1 {not authorized}} 16342c3831cbSdrhdo_test auth-1.248 { 16352c3831cbSdrh set ::authargs 1636e22a334bSdrh} {COMMIT {} {} {}} 16372c3831cbSdrhdo_test auth-1.249 { 16389418921cSdrh # EVIDENCE-OF: R-52112-44167 Disable the authorizer by installing a NULL 16399418921cSdrh # callback. 1640e22a334bSdrh db authorizer {} 16412c3831cbSdrh catchsql {ROLLBACK} 16422c3831cbSdrh} {0 {}} 16432c3831cbSdrhdo_test auth-1.250 { 16442c3831cbSdrh execsql {SELECT * FROM t2} 16452c3831cbSdrh} {11 2 33 7 8 9} 16462c3831cbSdrh 164781e293b4Sdrh# ticket #340 - authorization for ATTACH and DETACH. 164881e293b4Sdrh# 16495a8f9374Sdanielk1977ifcapable attach { 165081e293b4Sdrh do_test auth-1.251 { 165181e293b4Sdrh db authorizer ::auth 165232c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 165381e293b4Sdrh if {$code=="SQLITE_ATTACH"} { 165481e293b4Sdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 165581e293b4Sdrh } 165681e293b4Sdrh return SQLITE_OK 165781e293b4Sdrh } 165881e293b4Sdrh catchsql { 165981e293b4Sdrh ATTACH DATABASE ':memory:' AS test1 166081e293b4Sdrh } 166181e293b4Sdrh } {0 {}} 16620097eb39Sdrh do_test auth-1.252a { 166381e293b4Sdrh set ::authargs 166481e293b4Sdrh } {:memory: {} {} {}} 16650097eb39Sdrh do_test auth-1.252b { 16660097eb39Sdrh db eval {DETACH test1} 16670097eb39Sdrh set ::attachfilename :memory: 16680097eb39Sdrh db eval {ATTACH $::attachfilename AS test1} 16690097eb39Sdrh set ::authargs 16700097eb39Sdrh } {{} {} {} {}} 16710097eb39Sdrh do_test auth-1.252c { 16720097eb39Sdrh db eval {DETACH test1} 16730097eb39Sdrh db eval {ATTACH ':mem' || 'ory:' AS test1} 16740097eb39Sdrh set ::authargs 16750097eb39Sdrh } {{} {} {} {}} 167681e293b4Sdrh do_test auth-1.253 { 167781e293b4Sdrh catchsql {DETACH DATABASE test1} 167832c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 167981e293b4Sdrh if {$code=="SQLITE_ATTACH"} { 168081e293b4Sdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 168181e293b4Sdrh return SQLITE_DENY 168281e293b4Sdrh } 168381e293b4Sdrh return SQLITE_OK 168481e293b4Sdrh } 168581e293b4Sdrh catchsql { 168681e293b4Sdrh ATTACH DATABASE ':memory:' AS test1; 168781e293b4Sdrh } 168881e293b4Sdrh } {1 {not authorized}} 168981e293b4Sdrh do_test auth-1.254 { 169081e293b4Sdrh lindex [execsql {PRAGMA database_list}] 7 169181e293b4Sdrh } {} 169281e293b4Sdrh do_test auth-1.255 { 169381e293b4Sdrh catchsql {DETACH DATABASE test1} 169432c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 169581e293b4Sdrh if {$code=="SQLITE_ATTACH"} { 169681e293b4Sdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 169781e293b4Sdrh return SQLITE_IGNORE 169881e293b4Sdrh } 169981e293b4Sdrh return SQLITE_OK 170081e293b4Sdrh } 170181e293b4Sdrh catchsql { 170281e293b4Sdrh ATTACH DATABASE ':memory:' AS test1; 170381e293b4Sdrh } 170481e293b4Sdrh } {0 {}} 170581e293b4Sdrh do_test auth-1.256 { 170681e293b4Sdrh lindex [execsql {PRAGMA database_list}] 7 170781e293b4Sdrh } {} 170881e293b4Sdrh do_test auth-1.257 { 170932c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 171081e293b4Sdrh if {$code=="SQLITE_DETACH"} { 171181e293b4Sdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 171281e293b4Sdrh return SQLITE_OK 171381e293b4Sdrh } 171481e293b4Sdrh return SQLITE_OK 171581e293b4Sdrh } 171681e293b4Sdrh execsql {ATTACH DATABASE ':memory:' AS test1} 171781e293b4Sdrh catchsql { 171881e293b4Sdrh DETACH DATABASE test1; 171981e293b4Sdrh } 172081e293b4Sdrh } {0 {}} 172181e293b4Sdrh do_test auth-1.258 { 172281e293b4Sdrh lindex [execsql {PRAGMA database_list}] 7 172381e293b4Sdrh } {} 172481e293b4Sdrh do_test auth-1.259 { 172581e293b4Sdrh execsql {ATTACH DATABASE ':memory:' AS test1} 172632c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 172781e293b4Sdrh if {$code=="SQLITE_DETACH"} { 172881e293b4Sdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 172981e293b4Sdrh return SQLITE_IGNORE 173081e293b4Sdrh } 173181e293b4Sdrh return SQLITE_OK 173281e293b4Sdrh } 173381e293b4Sdrh catchsql { 173481e293b4Sdrh DETACH DATABASE test1; 173581e293b4Sdrh } 173681e293b4Sdrh } {0 {}} 173753c0f748Sdanielk1977 ifcapable tempdb { 173827188fb5Sdanielk1977 ifcapable schema_pragmas { 173981e293b4Sdrh do_test auth-1.260 { 174081e293b4Sdrh lindex [execsql {PRAGMA database_list}] 7 174181e293b4Sdrh } {test1} 174227188fb5Sdanielk1977 } ;# ifcapable schema_pragmas 174381e293b4Sdrh do_test auth-1.261 { 174432c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 174581e293b4Sdrh if {$code=="SQLITE_DETACH"} { 174681e293b4Sdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 174781e293b4Sdrh return SQLITE_DENY 174881e293b4Sdrh } 174981e293b4Sdrh return SQLITE_OK 175081e293b4Sdrh } 175181e293b4Sdrh catchsql { 175281e293b4Sdrh DETACH DATABASE test1; 175381e293b4Sdrh } 175481e293b4Sdrh } {1 {not authorized}} 175527188fb5Sdanielk1977 ifcapable schema_pragmas { 175681e293b4Sdrh do_test auth-1.262 { 175781e293b4Sdrh lindex [execsql {PRAGMA database_list}] 7 175881e293b4Sdrh } {test1} 175927188fb5Sdanielk1977 } ;# ifcapable schema_pragmas 176081e293b4Sdrh db authorizer {} 176181e293b4Sdrh execsql {DETACH DATABASE test1} 17621c8c23ccSdanielk1977 db authorizer ::auth 17631c8c23ccSdanielk1977 1764215e64daSdanielk1977 # Authorization for ALTER TABLE. These tests are omitted if the library 1765215e64daSdanielk1977 # was built without ALTER TABLE support. 1766215e64daSdanielk1977 ifcapable altertable { 1767215e64daSdanielk1977 17681c8c23ccSdanielk1977 do_test auth-1.263 { 176932c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 17701c8c23ccSdanielk1977 if {$code=="SQLITE_ALTER_TABLE"} { 17711c8c23ccSdanielk1977 set ::authargs [list $arg1 $arg2 $arg3 $arg4] 17721c8c23ccSdanielk1977 return SQLITE_OK 17731c8c23ccSdanielk1977 } 17741c8c23ccSdanielk1977 return SQLITE_OK 17751c8c23ccSdanielk1977 } 17761c8c23ccSdanielk1977 catchsql { 17771c8c23ccSdanielk1977 ALTER TABLE t1 RENAME TO t1x 17781c8c23ccSdanielk1977 } 17791c8c23ccSdanielk1977 } {0 {}} 17801c8c23ccSdanielk1977 do_test auth-1.264 { 17811c8c23ccSdanielk1977 execsql {SELECT name FROM sqlite_temp_master WHERE type='table'} 17821c8c23ccSdanielk1977 } {t1x} 17831c8c23ccSdanielk1977 do_test auth-1.265 { 17841c8c23ccSdanielk1977 set authargs 17851c8c23ccSdanielk1977 } {temp t1 {} {}} 17861c8c23ccSdanielk1977 do_test auth-1.266 { 178732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 17881c8c23ccSdanielk1977 if {$code=="SQLITE_ALTER_TABLE"} { 17891c8c23ccSdanielk1977 set ::authargs [list $arg1 $arg2 $arg3 $arg4] 17901c8c23ccSdanielk1977 return SQLITE_IGNORE 17911c8c23ccSdanielk1977 } 17921c8c23ccSdanielk1977 return SQLITE_OK 17931c8c23ccSdanielk1977 } 17941c8c23ccSdanielk1977 catchsql { 17951c8c23ccSdanielk1977 ALTER TABLE t1x RENAME TO t1 17961c8c23ccSdanielk1977 } 17971c8c23ccSdanielk1977 } {0 {}} 17981c8c23ccSdanielk1977 do_test auth-1.267 { 1799e0a04a36Sdrh execsql {SELECT name FROM temp.sqlite_master WHERE type='table'} 18001c8c23ccSdanielk1977 } {t1x} 18011c8c23ccSdanielk1977 do_test auth-1.268 { 18021c8c23ccSdanielk1977 set authargs 18031c8c23ccSdanielk1977 } {temp t1x {} {}} 18041c8c23ccSdanielk1977 do_test auth-1.269 { 180532c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 18061c8c23ccSdanielk1977 if {$code=="SQLITE_ALTER_TABLE"} { 18071c8c23ccSdanielk1977 set ::authargs [list $arg1 $arg2 $arg3 $arg4] 18081c8c23ccSdanielk1977 return SQLITE_DENY 18091c8c23ccSdanielk1977 } 18101c8c23ccSdanielk1977 return SQLITE_OK 18111c8c23ccSdanielk1977 } 18121c8c23ccSdanielk1977 catchsql { 18131c8c23ccSdanielk1977 ALTER TABLE t1x RENAME TO t1 18141c8c23ccSdanielk1977 } 18151c8c23ccSdanielk1977 } {1 {not authorized}} 18161c8c23ccSdanielk1977 do_test auth-1.270 { 18171c8c23ccSdanielk1977 execsql {SELECT name FROM sqlite_temp_master WHERE type='table'} 18181c8c23ccSdanielk1977 } {t1x} 181953c0f748Sdanielk1977 18201c8c23ccSdanielk1977 do_test auth-1.271 { 18211c8c23ccSdanielk1977 set authargs 18221c8c23ccSdanielk1977 } {temp t1x {} {}} 1823bab45c64Sdanielk1977 } ;# ifcapable altertable 1824bab45c64Sdanielk1977 182553c0f748Sdanielk1977 } else { 182653c0f748Sdanielk1977 db authorizer {} 182753c0f748Sdanielk1977 db eval { 182853c0f748Sdanielk1977 DETACH DATABASE test1; 182953c0f748Sdanielk1977 } 183053c0f748Sdanielk1977 } 18315a8f9374Sdanielk1977} 183253c0f748Sdanielk1977 183353c0f748Sdanielk1977ifcapable altertable { 18341c8c23ccSdanielk1977db authorizer {} 18351c8c23ccSdanielk1977catchsql {ALTER TABLE t1x RENAME TO t1} 18361c8c23ccSdanielk1977db authorizer ::auth 18371c8c23ccSdanielk1977do_test auth-1.272 { 183832c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 18391c8c23ccSdanielk1977 if {$code=="SQLITE_ALTER_TABLE"} { 18401c8c23ccSdanielk1977 set ::authargs [list $arg1 $arg2 $arg3 $arg4] 18411c8c23ccSdanielk1977 return SQLITE_OK 18421c8c23ccSdanielk1977 } 18431c8c23ccSdanielk1977 return SQLITE_OK 18441c8c23ccSdanielk1977 } 18451c8c23ccSdanielk1977 catchsql { 18461c8c23ccSdanielk1977 ALTER TABLE t2 RENAME TO t2x 18471c8c23ccSdanielk1977 } 18481c8c23ccSdanielk1977} {0 {}} 18491c8c23ccSdanielk1977do_test auth-1.273 { 18501c8c23ccSdanielk1977 execsql {SELECT name FROM sqlite_master WHERE type='table'} 18511c8c23ccSdanielk1977} {t2x} 18521c8c23ccSdanielk1977do_test auth-1.274 { 18531c8c23ccSdanielk1977 set authargs 18541c8c23ccSdanielk1977} {main t2 {} {}} 18551c8c23ccSdanielk1977do_test auth-1.275 { 185632c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 18571c8c23ccSdanielk1977 if {$code=="SQLITE_ALTER_TABLE"} { 18581c8c23ccSdanielk1977 set ::authargs [list $arg1 $arg2 $arg3 $arg4] 18591c8c23ccSdanielk1977 return SQLITE_IGNORE 18601c8c23ccSdanielk1977 } 18611c8c23ccSdanielk1977 return SQLITE_OK 18621c8c23ccSdanielk1977 } 18631c8c23ccSdanielk1977 catchsql { 18641c8c23ccSdanielk1977 ALTER TABLE t2x RENAME TO t2 18651c8c23ccSdanielk1977 } 18661c8c23ccSdanielk1977} {0 {}} 18671c8c23ccSdanielk1977do_test auth-1.276 { 18681c8c23ccSdanielk1977 execsql {SELECT name FROM sqlite_master WHERE type='table'} 18691c8c23ccSdanielk1977} {t2x} 18701c8c23ccSdanielk1977do_test auth-1.277 { 18711c8c23ccSdanielk1977 set authargs 18721c8c23ccSdanielk1977} {main t2x {} {}} 18731c8c23ccSdanielk1977do_test auth-1.278 { 187432c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 18751c8c23ccSdanielk1977 if {$code=="SQLITE_ALTER_TABLE"} { 18761c8c23ccSdanielk1977 set ::authargs [list $arg1 $arg2 $arg3 $arg4] 18771c8c23ccSdanielk1977 return SQLITE_DENY 18781c8c23ccSdanielk1977 } 18791c8c23ccSdanielk1977 return SQLITE_OK 18801c8c23ccSdanielk1977 } 18811c8c23ccSdanielk1977 catchsql { 18821c8c23ccSdanielk1977 ALTER TABLE t2x RENAME TO t2 18831c8c23ccSdanielk1977 } 18841c8c23ccSdanielk1977} {1 {not authorized}} 18851c8c23ccSdanielk1977do_test auth-1.279 { 18861c8c23ccSdanielk1977 execsql {SELECT name FROM sqlite_master WHERE type='table'} 18871c8c23ccSdanielk1977} {t2x} 18881c8c23ccSdanielk1977do_test auth-1.280 { 18891c8c23ccSdanielk1977 set authargs 18901c8c23ccSdanielk1977} {main t2x {} {}} 18911c8c23ccSdanielk1977db authorizer {} 18921c8c23ccSdanielk1977catchsql {ALTER TABLE t2x RENAME TO t2} 189381e293b4Sdrh 1894215e64daSdanielk1977} ;# ifcapable altertable 1895215e64daSdanielk1977 18961d54df88Sdanielk1977# Test the authorization callbacks for the REINDEX command. 18971d54df88Sdanielk1977ifcapable reindex { 18981d54df88Sdanielk1977 18991d54df88Sdanielk1977proc auth {code args} { 19001d54df88Sdanielk1977 if {$code=="SQLITE_REINDEX"} { 190132c6a48bSdrh set ::authargs [concat $::authargs [lrange $args 0 3]] 19021d54df88Sdanielk1977 } 19031d54df88Sdanielk1977 return SQLITE_OK 19041d54df88Sdanielk1977} 19051d54df88Sdanielk1977db authorizer auth 19061d54df88Sdanielk1977do_test auth-1.281 { 19071d54df88Sdanielk1977 execsql { 19081d54df88Sdanielk1977 CREATE TABLE t3(a PRIMARY KEY, b, c); 19091d54df88Sdanielk1977 CREATE INDEX t3_idx1 ON t3(c COLLATE BINARY); 19101d54df88Sdanielk1977 CREATE INDEX t3_idx2 ON t3(b COLLATE NOCASE); 19111d54df88Sdanielk1977 } 19121d54df88Sdanielk1977} {} 19131d54df88Sdanielk1977do_test auth-1.282 { 19141d54df88Sdanielk1977 set ::authargs {} 19151d54df88Sdanielk1977 execsql { 19161d54df88Sdanielk1977 REINDEX t3_idx1; 19171d54df88Sdanielk1977 } 19181d54df88Sdanielk1977 set ::authargs 19191d54df88Sdanielk1977} {t3_idx1 {} main {}} 19201d54df88Sdanielk1977do_test auth-1.283 { 19211d54df88Sdanielk1977 set ::authargs {} 19221d54df88Sdanielk1977 execsql { 19231d54df88Sdanielk1977 REINDEX BINARY; 19241d54df88Sdanielk1977 } 19251d54df88Sdanielk1977 set ::authargs 19261d54df88Sdanielk1977} {t3_idx1 {} main {} sqlite_autoindex_t3_1 {} main {}} 19271d54df88Sdanielk1977do_test auth-1.284 { 19281d54df88Sdanielk1977 set ::authargs {} 19291d54df88Sdanielk1977 execsql { 19301d54df88Sdanielk1977 REINDEX NOCASE; 19311d54df88Sdanielk1977 } 19321d54df88Sdanielk1977 set ::authargs 19331d54df88Sdanielk1977} {t3_idx2 {} main {}} 19341d54df88Sdanielk1977do_test auth-1.285 { 19351d54df88Sdanielk1977 set ::authargs {} 19361d54df88Sdanielk1977 execsql { 19371d54df88Sdanielk1977 REINDEX t3; 19381d54df88Sdanielk1977 } 19391d54df88Sdanielk1977 set ::authargs 19401d54df88Sdanielk1977} {t3_idx2 {} main {} t3_idx1 {} main {} sqlite_autoindex_t3_1 {} main {}} 19411d54df88Sdanielk1977do_test auth-1.286 { 19421d54df88Sdanielk1977 execsql { 19431d54df88Sdanielk1977 DROP TABLE t3; 19441d54df88Sdanielk1977 } 19451d54df88Sdanielk1977} {} 194653c0f748Sdanielk1977ifcapable tempdb { 19471d54df88Sdanielk1977 do_test auth-1.287 { 19481d54df88Sdanielk1977 execsql { 19491d54df88Sdanielk1977 CREATE TEMP TABLE t3(a PRIMARY KEY, b, c); 19501d54df88Sdanielk1977 CREATE INDEX t3_idx1 ON t3(c COLLATE BINARY); 19511d54df88Sdanielk1977 CREATE INDEX t3_idx2 ON t3(b COLLATE NOCASE); 19521d54df88Sdanielk1977 } 19531d54df88Sdanielk1977 } {} 19541d54df88Sdanielk1977 do_test auth-1.288 { 19551d54df88Sdanielk1977 set ::authargs {} 19561d54df88Sdanielk1977 execsql { 19571d54df88Sdanielk1977 REINDEX temp.t3_idx1; 19581d54df88Sdanielk1977 } 19591d54df88Sdanielk1977 set ::authargs 19601d54df88Sdanielk1977 } {t3_idx1 {} temp {}} 19611d54df88Sdanielk1977 do_test auth-1.289 { 19621d54df88Sdanielk1977 set ::authargs {} 19631d54df88Sdanielk1977 execsql { 19641d54df88Sdanielk1977 REINDEX BINARY; 19651d54df88Sdanielk1977 } 19661d54df88Sdanielk1977 set ::authargs 19671d54df88Sdanielk1977 } {t3_idx1 {} temp {} sqlite_autoindex_t3_1 {} temp {}} 19681d54df88Sdanielk1977 do_test auth-1.290 { 19691d54df88Sdanielk1977 set ::authargs {} 19701d54df88Sdanielk1977 execsql { 19711d54df88Sdanielk1977 REINDEX NOCASE; 19721d54df88Sdanielk1977 } 19731d54df88Sdanielk1977 set ::authargs 19741d54df88Sdanielk1977 } {t3_idx2 {} temp {}} 19751d54df88Sdanielk1977 do_test auth-1.291 { 19761d54df88Sdanielk1977 set ::authargs {} 19771d54df88Sdanielk1977 execsql { 19781d54df88Sdanielk1977 REINDEX temp.t3; 19791d54df88Sdanielk1977 } 19801d54df88Sdanielk1977 set ::authargs 19811d54df88Sdanielk1977 } {t3_idx2 {} temp {} t3_idx1 {} temp {} sqlite_autoindex_t3_1 {} temp {}} 19821d54df88Sdanielk1977 proc auth {code args} { 19831d54df88Sdanielk1977 if {$code=="SQLITE_REINDEX"} { 198432c6a48bSdrh set ::authargs [concat $::authargs [lrange $args 0 3]] 19851d54df88Sdanielk1977 return SQLITE_DENY 19861d54df88Sdanielk1977 } 19871d54df88Sdanielk1977 return SQLITE_OK 19881d54df88Sdanielk1977 } 19891d54df88Sdanielk1977 do_test auth-1.292 { 19901d54df88Sdanielk1977 set ::authargs {} 19911d54df88Sdanielk1977 catchsql { 19921d54df88Sdanielk1977 REINDEX temp.t3; 19931d54df88Sdanielk1977 } 19941d54df88Sdanielk1977 } {1 {not authorized}} 19951d54df88Sdanielk1977 do_test auth-1.293 { 19961d54df88Sdanielk1977 execsql { 19971d54df88Sdanielk1977 DROP TABLE t3; 19981d54df88Sdanielk1977 } 19991d54df88Sdanielk1977 } {} 200053c0f748Sdanielk1977} 20011d54df88Sdanielk1977 20021d54df88Sdanielk1977} ;# ifcapable reindex 20031d54df88Sdanielk1977 2004e6e04969Sdrhifcapable analyze { 2005e6e04969Sdrh proc auth {code args} { 2006e6e04969Sdrh if {$code=="SQLITE_ANALYZE"} { 200732c6a48bSdrh set ::authargs [concat $::authargs [lrange $args 0 3]] 2008e6e04969Sdrh } 2009e6e04969Sdrh return SQLITE_OK 2010e6e04969Sdrh } 2011e6e04969Sdrh do_test auth-1.294 { 2012e6e04969Sdrh set ::authargs {} 2013e6e04969Sdrh execsql { 2014e6e04969Sdrh CREATE TABLE t4(a,b,c); 2015e6e04969Sdrh CREATE INDEX t4i1 ON t4(a); 2016e6e04969Sdrh CREATE INDEX t4i2 ON t4(b,a,c); 2017e6e04969Sdrh INSERT INTO t4 VALUES(1,2,3); 2018e6e04969Sdrh ANALYZE; 2019e6e04969Sdrh } 2020e6e04969Sdrh set ::authargs 202115564055Sdrh } {t4 {} main {} t2 {} main {}} 2022e6e04969Sdrh do_test auth-1.295 { 2023e6e04969Sdrh execsql { 2024e6e04969Sdrh SELECT count(*) FROM sqlite_stat1; 2025e6e04969Sdrh } 202615564055Sdrh } 3 2027e6e04969Sdrh proc auth {code args} { 2028e6e04969Sdrh if {$code=="SQLITE_ANALYZE"} { 2029e6e04969Sdrh set ::authargs [concat $::authargs $args] 2030e6e04969Sdrh return SQLITE_DENY 2031e6e04969Sdrh } 2032e6e04969Sdrh return SQLITE_OK 2033e6e04969Sdrh } 2034e6e04969Sdrh do_test auth-1.296 { 2035e6e04969Sdrh set ::authargs {} 2036e6e04969Sdrh catchsql { 2037e6e04969Sdrh ANALYZE; 2038e6e04969Sdrh } 2039e6e04969Sdrh } {1 {not authorized}} 2040e6e04969Sdrh do_test auth-1.297 { 2041e6e04969Sdrh execsql { 2042e6e04969Sdrh SELECT count(*) FROM sqlite_stat1; 2043e6e04969Sdrh } 204415564055Sdrh } 3 2045e6e04969Sdrh} ;# ifcapable analyze 2046e6e04969Sdrh 204781f2ccdcSdrh 204881f2ccdcSdrh# Authorization for ALTER TABLE ADD COLUMN. 204981f2ccdcSdrh# These tests are omitted if the library 205081f2ccdcSdrh# was built without ALTER TABLE support. 205181f2ccdcSdrhifcapable {altertable} { 205281f2ccdcSdrh do_test auth-1.300 { 205381f2ccdcSdrh execsql {CREATE TABLE t5(x)} 205432c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 205581f2ccdcSdrh if {$code=="SQLITE_ALTER_TABLE"} { 205681f2ccdcSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 205781f2ccdcSdrh return SQLITE_OK 205881f2ccdcSdrh } 205981f2ccdcSdrh return SQLITE_OK 206081f2ccdcSdrh } 206181f2ccdcSdrh catchsql { 206281f2ccdcSdrh ALTER TABLE t5 ADD COLUMN new_col_1; 206381f2ccdcSdrh } 206481f2ccdcSdrh } {0 {}} 206581f2ccdcSdrh do_test auth-1.301 { 206681f2ccdcSdrh set x [execsql {SELECT sql FROM sqlite_master WHERE name='t5'}] 206781f2ccdcSdrh regexp new_col_1 $x 206881f2ccdcSdrh } {1} 206981f2ccdcSdrh do_test auth-1.302 { 207081f2ccdcSdrh set authargs 207181f2ccdcSdrh } {main t5 {} {}} 2072*85b70e00Sdrh db eval BEGIN 2073*85b70e00Sdrh set authargs {} 2074*85b70e00Sdrh do_execsql_test auth-1.302-drop-1 { 2075*85b70e00Sdrh ALTER TABLE t5 DROP COLUMN new_col_1; 2076*85b70e00Sdrh } {} 2077*85b70e00Sdrh db eval ROLLBACK 2078*85b70e00Sdrh do_test auth-1.302-drop-2 { 2079*85b70e00Sdrh set authargs 2080*85b70e00Sdrh } {main t5 new_col_1 {}} 208181f2ccdcSdrh do_test auth-1.303 { 208232c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 208381f2ccdcSdrh if {$code=="SQLITE_ALTER_TABLE"} { 208481f2ccdcSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 208581f2ccdcSdrh return SQLITE_IGNORE 208681f2ccdcSdrh } 208781f2ccdcSdrh return SQLITE_OK 208881f2ccdcSdrh } 208981f2ccdcSdrh catchsql { 209081f2ccdcSdrh ALTER TABLE t5 ADD COLUMN new_col_2; 209181f2ccdcSdrh } 209281f2ccdcSdrh } {0 {}} 209381f2ccdcSdrh do_test auth-1.304 { 209481f2ccdcSdrh set x [execsql {SELECT sql FROM sqlite_master WHERE name='t5'}] 209581f2ccdcSdrh regexp new_col_2 $x 209681f2ccdcSdrh } {0} 209781f2ccdcSdrh do_test auth-1.305 { 209881f2ccdcSdrh set authargs 209981f2ccdcSdrh } {main t5 {} {}} 2100*85b70e00Sdrh db eval BEGIN 2101*85b70e00Sdrh set authargs {} 2102*85b70e00Sdrh do_execsql_test auth-1.305-drop-1 { 2103*85b70e00Sdrh ALTER TABLE t5 DROP COLUMN new_col_1; 2104*85b70e00Sdrh SELECT 1 FROM sqlite_schema WHERE name='t5' AND sql LIKE '%new_col_1%'; 2105*85b70e00Sdrh } {1} 2106*85b70e00Sdrh db eval ROLLBACK 2107*85b70e00Sdrh do_test auth-1.305-drop-2 { 2108*85b70e00Sdrh set authargs 2109*85b70e00Sdrh } {main t5 new_col_1 {}} 211081f2ccdcSdrh do_test auth-1.306 { 211132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 211281f2ccdcSdrh if {$code=="SQLITE_ALTER_TABLE"} { 211381f2ccdcSdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 211481f2ccdcSdrh return SQLITE_DENY 211581f2ccdcSdrh } 211681f2ccdcSdrh return SQLITE_OK 211781f2ccdcSdrh } 211881f2ccdcSdrh catchsql { 211981f2ccdcSdrh ALTER TABLE t5 ADD COLUMN new_col_3 212081f2ccdcSdrh } 212181f2ccdcSdrh } {1 {not authorized}} 212281f2ccdcSdrh do_test auth-1.307 { 2123e0a04a36Sdrh set x [execsql {SELECT sql FROM temp.sqlite_master WHERE type='t5'}] 212481f2ccdcSdrh regexp new_col_3 $x 212581f2ccdcSdrh } {0} 212681f2ccdcSdrh do_test auth-1.308 { 212781f2ccdcSdrh set authargs 212881f2ccdcSdrh } {main t5 {} {}} 2129*85b70e00Sdrh db eval BEGIN 2130*85b70e00Sdrh set authargs {} 2131*85b70e00Sdrh do_catchsql_test auth-1.308-drop-1 { 2132*85b70e00Sdrh ALTER TABLE t5 DROP COLUMN new_col_1; 2133*85b70e00Sdrh } {1 {not authorized}} 2134*85b70e00Sdrh do_execsql_test auth-1.308-drop-2 { 2135*85b70e00Sdrh SELECT 1 FROM sqlite_schema WHERE name='t5' AND sql LIKE '%new_col_1%'; 2136*85b70e00Sdrh } {1} 2137*85b70e00Sdrh do_test auth-1.308-drop-3 { 2138*85b70e00Sdrh set authargs 2139*85b70e00Sdrh } {main t5 new_col_1 {}} 2140*85b70e00Sdrh db eval ROLLBACK 2141*85b70e00Sdrh 214281f2ccdcSdrh execsql {DROP TABLE t5} 214381f2ccdcSdrh} ;# ifcapable altertable 214481f2ccdcSdrh 214565a2aaa6Sdrhifcapable {cte} { 214665a2aaa6Sdrh do_test auth-1.310 { 214732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 214865a2aaa6Sdrh if {$code=="SQLITE_RECURSIVE"} { 214965a2aaa6Sdrh return SQLITE_DENY 215065a2aaa6Sdrh } 215165a2aaa6Sdrh return SQLITE_OK 215265a2aaa6Sdrh } 215365a2aaa6Sdrh db eval { 215465a2aaa6Sdrh DROP TABLE IF EXISTS t1; 215565a2aaa6Sdrh CREATE TABLE t1(a,b); 215665a2aaa6Sdrh INSERT INTO t1 VALUES(1,2),(3,4),(5,6); 215765a2aaa6Sdrh } 215865a2aaa6Sdrh } {} 215965a2aaa6Sdrh do_catchsql_test auth-1.311 { 216065a2aaa6Sdrh WITH 216165a2aaa6Sdrh auth1311(x,y) AS (SELECT a+b, b-a FROM t1) 216265a2aaa6Sdrh SELECT * FROM auth1311 ORDER BY x; 216365a2aaa6Sdrh } {0 {3 1 7 1 11 1}} 216465a2aaa6Sdrh do_catchsql_test auth-1.312 { 216565a2aaa6Sdrh WITH RECURSIVE 216665a2aaa6Sdrh auth1312(x,y) AS (SELECT a+b, b-a FROM t1) 216765a2aaa6Sdrh SELECT x, y FROM auth1312 ORDER BY x; 216865a2aaa6Sdrh } {0 {3 1 7 1 11 1}} 216965a2aaa6Sdrh do_catchsql_test auth-1.313 { 217065a2aaa6Sdrh WITH RECURSIVE 217165a2aaa6Sdrh auth1313(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM auth1313 WHERE x<5) 217265a2aaa6Sdrh SELECT * FROM t1; 217365a2aaa6Sdrh } {0 {1 2 3 4 5 6}} 217465a2aaa6Sdrh do_catchsql_test auth-1.314 { 217565a2aaa6Sdrh WITH RECURSIVE 217665a2aaa6Sdrh auth1314(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM auth1314 WHERE x<5) 217765a2aaa6Sdrh SELECT * FROM t1 LEFT JOIN auth1314; 217865a2aaa6Sdrh } {1 {not authorized}} 217965a2aaa6Sdrh} ;# ifcapable cte 218065a2aaa6Sdrh 21810d019b92Sdrh# 21820d019b92Sdrh# db eval {SELECT sql FROM temp.sqlite_master} {puts "TEMP: $sql;"} 21830d019b92Sdrh# db eval {SELECT sql FROM main.sqlite_master} {puts "MAIN: $sql;"} 21840d019b92Sdrh# 21850d019b92Sdrh# MAIN: CREATE TABLE "t2"(a,b,c); 21860d019b92Sdrh# MAIN: CREATE TABLE t4(a,b,c); 21870d019b92Sdrh# MAIN: CREATE INDEX t4i1 ON t4(a); 21880d019b92Sdrh# MAIN: CREATE INDEX t4i2 ON t4(b,a,c); 21890d019b92Sdrh# MAIN: CREATE TABLE sqlite_stat1(tbl,idx,stat); 21900d019b92Sdrh# MAIN: CREATE TABLE t1(a,b); 21910d019b92Sdrh# 21921041a6a8Sdanifcapable altertable&&vtab { 2193*85b70e00Sdrh do_test auth-1.350 { 21940d019b92Sdrh proc auth {code arg1 arg2 arg3 arg4 args} { 21950d019b92Sdrh if {$code=="SQLITE_ALTER_TABLE"} { 21960d019b92Sdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 21970d019b92Sdrh return SQLITE_OK 21980d019b92Sdrh } 21990d019b92Sdrh return SQLITE_OK 22000d019b92Sdrh } 22010d019b92Sdrh catchsql { 22020d019b92Sdrh ALTER TABLE t1 RENAME COLUMN b TO bcdefg; 22030d019b92Sdrh } 22040d019b92Sdrh } {0 {}} 22050d019b92Sdrh do_execsql_test auth-1.351 { 22060d019b92Sdrh SELECT name FROM pragma_table_info('t1') ORDER BY cid; 22070d019b92Sdrh } {a bcdefg} 22080d019b92Sdrh do_test auth-1.352 { 22090d019b92Sdrh set authargs 22100d019b92Sdrh } {main t1 {} {}} 2211*85b70e00Sdrh do_test auth-1.353 { 22120d019b92Sdrh proc auth {code arg1 arg2 arg3 arg4 args} { 22130d019b92Sdrh if {$code=="SQLITE_ALTER_TABLE"} { 22140d019b92Sdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 22150d019b92Sdrh return SQLITE_IGNORE 22160d019b92Sdrh } 22170d019b92Sdrh return SQLITE_OK 22180d019b92Sdrh } 22190d019b92Sdrh catchsql { 22200d019b92Sdrh ALTER TABLE t1 RENAME COLUMN bcdefg TO b; 22210d019b92Sdrh } 22220d019b92Sdrh } {0 {}} 22230d019b92Sdrh do_execsql_test auth-1.354 { 22240d019b92Sdrh SELECT name FROM pragma_table_info('t1') ORDER BY cid; 22250d019b92Sdrh } {a bcdefg} 22260d019b92Sdrh do_test auth-1.355 { 22270d019b92Sdrh set authargs 22280d019b92Sdrh } {main t1 {} {}} 2229*85b70e00Sdrh do_test auth-1.356 { 22300d019b92Sdrh proc auth {code arg1 arg2 arg3 arg4 args} { 22310d019b92Sdrh if {$code=="SQLITE_ALTER_TABLE"} { 22320d019b92Sdrh set ::authargs [list $arg1 $arg2 $arg3 $arg4] 22330d019b92Sdrh return SQLITE_DENY 22340d019b92Sdrh } 22350d019b92Sdrh return SQLITE_OK 22360d019b92Sdrh } 22370d019b92Sdrh catchsql { 22380d019b92Sdrh ALTER TABLE t1 RENAME COLUMN bcdefg TO b; 22390d019b92Sdrh } 22400d019b92Sdrh } {1 {not authorized}} 2241*85b70e00Sdrh do_execsql_test auth-1.357 { 22420d019b92Sdrh SELECT name FROM pragma_table_info('t1') ORDER BY cid; 22430d019b92Sdrh } {a bcdefg} 2244*85b70e00Sdrh do_test auth-1.358 { 22450d019b92Sdrh set authargs 22460d019b92Sdrh } {main t1 {} {}} 22470d019b92Sdrh} 22480d019b92Sdrh 22490d019b92Sdrh 22502c3831cbSdrhdo_test auth-2.1 { 225132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 22522c3831cbSdrh if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} { 22532c3831cbSdrh return SQLITE_DENY 22542c3831cbSdrh } 22552c3831cbSdrh return SQLITE_OK 22562c3831cbSdrh } 2257e22a334bSdrh db authorizer ::auth 22582c3831cbSdrh execsql {CREATE TABLE t3(x INTEGER PRIMARY KEY, y, z)} 22592c3831cbSdrh catchsql {SELECT * FROM t3} 22602c3831cbSdrh} {1 {access to t3.x is prohibited}} 22612c3831cbSdrhdo_test auth-2.1 { 22622c3831cbSdrh catchsql {SELECT y,z FROM t3} 22632c3831cbSdrh} {0 {}} 22642c3831cbSdrhdo_test auth-2.2 { 22652c3831cbSdrh catchsql {SELECT ROWID,y,z FROM t3} 22662c3831cbSdrh} {1 {access to t3.x is prohibited}} 22672c3831cbSdrhdo_test auth-2.3 { 22682c3831cbSdrh catchsql {SELECT OID,y,z FROM t3} 22692c3831cbSdrh} {1 {access to t3.x is prohibited}} 22702c3831cbSdrhdo_test auth-2.4 { 227132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 22722c3831cbSdrh if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} { 22732c3831cbSdrh return SQLITE_IGNORE 22742c3831cbSdrh } 22752c3831cbSdrh return SQLITE_OK 22762c3831cbSdrh } 22772c3831cbSdrh execsql {INSERT INTO t3 VALUES(44,55,66)} 22782c3831cbSdrh catchsql {SELECT * FROM t3} 22792c3831cbSdrh} {0 {{} 55 66}} 22802c3831cbSdrhdo_test auth-2.5 { 22812c3831cbSdrh catchsql {SELECT rowid,y,z FROM t3} 22822c3831cbSdrh} {0 {{} 55 66}} 22832c3831cbSdrhdo_test auth-2.6 { 228432c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 22852c3831cbSdrh if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="ROWID"} { 22862c3831cbSdrh return SQLITE_IGNORE 22872c3831cbSdrh } 22882c3831cbSdrh return SQLITE_OK 22892c3831cbSdrh } 22902c3831cbSdrh catchsql {SELECT * FROM t3} 22912c3831cbSdrh} {0 {44 55 66}} 22922c3831cbSdrhdo_test auth-2.7 { 22932c3831cbSdrh catchsql {SELECT ROWID,y,z FROM t3} 22942c3831cbSdrh} {0 {44 55 66}} 22952c3831cbSdrhdo_test auth-2.8 { 229632c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 22972c3831cbSdrh if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} { 22982c3831cbSdrh return SQLITE_IGNORE 22992c3831cbSdrh } 23002c3831cbSdrh return SQLITE_OK 23012c3831cbSdrh } 23022c3831cbSdrh catchsql {SELECT ROWID,b,c FROM t2} 23032c3831cbSdrh} {0 {{} 2 33 {} 8 9}} 2304dcd997eaSdrhdo_test auth-2.9.1 { 23058e556520Sdanielk1977 # We have to flush the cache here in case the Tcl interface tries to 23068e556520Sdanielk1977 # reuse a statement compiled with sqlite3_prepare_v2(). In this case, 23078e556520Sdanielk1977 # the first error encountered is an SQLITE_SCHEMA error. Then, when 23088e556520Sdanielk1977 # trying to recompile the statement, the authorization error is encountered. 23098e556520Sdanielk1977 # If we do not flush the cache, the correct error message is returned, but 23108e556520Sdanielk1977 # the error code is SQLITE_SCHEMA, not SQLITE_ERROR as required by the test 23118e556520Sdanielk1977 # case after this one. 23128e556520Sdanielk1977 # 23138e556520Sdanielk1977 db cache flush 23148e556520Sdanielk1977 231532c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 23162c3831cbSdrh if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} { 23172c3831cbSdrh return bogus 23182c3831cbSdrh } 23192c3831cbSdrh return SQLITE_OK 23202c3831cbSdrh } 23212c3831cbSdrh catchsql {SELECT ROWID,b,c FROM t2} 2322ce9b0157Sdrh} {1 {authorizer malfunction}} 2323dcd997eaSdrhdo_test auth-2.9.2 { 2324dcd997eaSdrh db errorcode 2325c60d0446Sdrh} {1} 23262c3831cbSdrhdo_test auth-2.10 { 232732c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 23282c3831cbSdrh if {$code=="SQLITE_SELECT"} { 23292c3831cbSdrh return bogus 23302c3831cbSdrh } 23312c3831cbSdrh return SQLITE_OK 23322c3831cbSdrh } 23332c3831cbSdrh catchsql {SELECT ROWID,b,c FROM t2} 2334ce9b0157Sdrh} {1 {authorizer malfunction}} 23356f8c91caSdrhdo_test auth-2.11.1 { 233632c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 23372c3831cbSdrh if {$code=="SQLITE_READ" && $arg2=="a"} { 23382c3831cbSdrh return SQLITE_IGNORE 23392c3831cbSdrh } 23402c3831cbSdrh return SQLITE_OK 23412c3831cbSdrh } 23422c3831cbSdrh catchsql {SELECT * FROM t2, t3} 23432c3831cbSdrh} {0 {{} 2 33 44 55 66 {} 8 9 44 55 66}} 23446f8c91caSdrhdo_test auth-2.11.2 { 234532c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 23462c3831cbSdrh if {$code=="SQLITE_READ" && $arg2=="x"} { 23472c3831cbSdrh return SQLITE_IGNORE 23482c3831cbSdrh } 23492c3831cbSdrh return SQLITE_OK 23502c3831cbSdrh } 23512c3831cbSdrh catchsql {SELECT * FROM t2, t3} 23522c3831cbSdrh} {0 {11 2 33 {} 55 66 7 8 9 {} 55 66}} 23531962bda7Sdrh 2354027850b6Sdrh# Make sure the OLD and NEW pseudo-tables of a trigger get authorized. 2355027850b6Sdrh# 235681650dc6Sdanielk1977ifcapable trigger { 2357027850b6Sdrh do_test auth-3.1 { 235832c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 2359027850b6Sdrh return SQLITE_OK 2360027850b6Sdrh } 2361027850b6Sdrh execsql { 2362027850b6Sdrh CREATE TABLE tx(a1,a2,b1,b2,c1,c2); 2363027850b6Sdrh CREATE TRIGGER r1 AFTER UPDATE ON t2 FOR EACH ROW BEGIN 2364027850b6Sdrh INSERT INTO tx VALUES(OLD.a,NEW.a,OLD.b,NEW.b,OLD.c,NEW.c); 2365027850b6Sdrh END; 2366027850b6Sdrh UPDATE t2 SET a=a+1; 2367027850b6Sdrh SELECT * FROM tx; 2368027850b6Sdrh } 2369027850b6Sdrh } {11 12 2 2 33 33 7 8 8 8 9 9} 2370027850b6Sdrh do_test auth-3.2 { 237132c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 2372027850b6Sdrh if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="c"} { 2373027850b6Sdrh return SQLITE_IGNORE 2374027850b6Sdrh } 2375027850b6Sdrh return SQLITE_OK 2376027850b6Sdrh } 2377027850b6Sdrh execsql { 2378027850b6Sdrh DELETE FROM tx; 2379027850b6Sdrh UPDATE t2 SET a=a+100; 2380027850b6Sdrh SELECT * FROM tx; 2381027850b6Sdrh } 2382027850b6Sdrh } {12 112 2 2 {} {} 8 108 8 8 {} {}} 238381650dc6Sdanielk1977} ;# ifcapable trigger 2384027850b6Sdrh 238585e2096fSdrh# Make sure the names of views and triggers are passed on on arg4. 238685e2096fSdrh# 238781650dc6Sdanielk1977ifcapable trigger { 238885e2096fSdrhdo_test auth-4.1 { 238932c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 239085e2096fSdrh lappend ::authargs $code $arg1 $arg2 $arg3 $arg4 239185e2096fSdrh return SQLITE_OK 239285e2096fSdrh } 239385e2096fSdrh set authargs {} 239485e2096fSdrh execsql { 239585e2096fSdrh UPDATE t2 SET a=a+1; 239685e2096fSdrh } 239785e2096fSdrh set authargs 239885e2096fSdrh} [list \ 239985e2096fSdrh SQLITE_READ t2 a main {} \ 240085e2096fSdrh SQLITE_UPDATE t2 a main {} \ 240185e2096fSdrh SQLITE_INSERT tx {} main r1 \ 240285e2096fSdrh SQLITE_READ t2 a main r1 \ 240385e2096fSdrh SQLITE_READ t2 a main r1 \ 240485e2096fSdrh SQLITE_READ t2 b main r1 \ 240585e2096fSdrh SQLITE_READ t2 b main r1 \ 240685e2096fSdrh SQLITE_READ t2 c main r1 \ 240785e2096fSdrh SQLITE_READ t2 c main r1] 240881650dc6Sdanielk1977} 24090fa8ddbdSdanielk1977 241081650dc6Sdanielk1977ifcapable {view && trigger} { 241185e2096fSdrhdo_test auth-4.2 { 241285e2096fSdrh execsql { 241385e2096fSdrh CREATE VIEW v1 AS SELECT a+b AS x FROM t2; 241485e2096fSdrh CREATE TABLE v1chng(x1,x2); 241585e2096fSdrh CREATE TRIGGER r2 INSTEAD OF UPDATE ON v1 BEGIN 241685e2096fSdrh INSERT INTO v1chng VALUES(OLD.x,NEW.x); 241785e2096fSdrh END; 241885e2096fSdrh SELECT * FROM v1; 241985e2096fSdrh } 242085e2096fSdrh} {115 117} 242185e2096fSdrhdo_test auth-4.3 { 242285e2096fSdrh set authargs {} 242385e2096fSdrh execsql { 242485e2096fSdrh UPDATE v1 SET x=1 WHERE x=117 242585e2096fSdrh } 242685e2096fSdrh set authargs 242785e2096fSdrh} [list \ 242885e2096fSdrh SQLITE_UPDATE v1 x main {} \ 2429f93d9999Sdrh SQLITE_SELECT {} {} {} v1 \ 24308f2c54e6Sdanielk1977 SQLITE_READ t2 a main v1 \ 24318f2c54e6Sdanielk1977 SQLITE_READ t2 b main v1 \ 24326d235cb8Sdan SQLITE_READ v1 x main v1 \ 24336d235cb8Sdan SQLITE_READ v1 x main v1 \ 24346d235cb8Sdan SQLITE_SELECT {} {} {} v1 \ 24350f35a6b5Sdrh SQLITE_READ v1 x main v1 \ 24361da40a38Sdan SQLITE_INSERT v1chng {} main r2 \ 24371da40a38Sdan SQLITE_READ v1 x main r2 \ 24381da40a38Sdan SQLITE_READ v1 x main r2 \ 24390f35a6b5Sdrh] 24401da40a38Sdan 244185e2096fSdrhdo_test auth-4.4 { 244285e2096fSdrh execsql { 244385e2096fSdrh CREATE TRIGGER r3 INSTEAD OF DELETE ON v1 BEGIN 244485e2096fSdrh INSERT INTO v1chng VALUES(OLD.x,NULL); 244585e2096fSdrh END; 244685e2096fSdrh SELECT * FROM v1; 244785e2096fSdrh } 244885e2096fSdrh} {115 117} 244985e2096fSdrhdo_test auth-4.5 { 245085e2096fSdrh set authargs {} 245185e2096fSdrh execsql { 245285e2096fSdrh DELETE FROM v1 WHERE x=117 245385e2096fSdrh } 245485e2096fSdrh set authargs 245585e2096fSdrh} [list \ 245685e2096fSdrh SQLITE_DELETE v1 {} main {} \ 2457f93d9999Sdrh SQLITE_SELECT {} {} {} v1 \ 245885e2096fSdrh SQLITE_READ t2 a main v1 \ 245985e2096fSdrh SQLITE_READ t2 b main v1 \ 24606d235cb8Sdan SQLITE_READ v1 x main v1 \ 24616d235cb8Sdan SQLITE_READ v1 x main v1 \ 24626d235cb8Sdan SQLITE_SELECT {} {} {} v1 \ 24630f35a6b5Sdrh SQLITE_READ v1 x main v1 \ 24642bd93516Sdan SQLITE_INSERT v1chng {} main r3 \ 24652bd93516Sdan SQLITE_READ v1 x main r3 \ 24660f35a6b5Sdrh] 24671962bda7Sdrh 246881650dc6Sdanielk1977} ;# ifcapable view && trigger 24690fa8ddbdSdanielk1977 24702ce99ecfSdrh# Ticket #1338: Make sure authentication works in the presence of an AS 24712ce99ecfSdrh# clause. 24722ce99ecfSdrh# 24732ce99ecfSdrhdo_test auth-5.1 { 247432c6a48bSdrh proc auth {code arg1 arg2 arg3 arg4 args} { 24752ce99ecfSdrh return SQLITE_OK 24762ce99ecfSdrh } 24772ce99ecfSdrh execsql { 24782ce99ecfSdrh SELECT count(a) AS cnt FROM t4 ORDER BY cnt 24792ce99ecfSdrh } 24802ce99ecfSdrh} {1} 24812ce99ecfSdrh 2482a3e4d96fSdrh# Ticket #1607 2483a3e4d96fSdrh# 24843bdca9c9Sdanielk1977ifcapable compound&&subquery { 24853bdca9c9Sdanielk1977 ifcapable trigger { 24863bdca9c9Sdanielk1977 execsql { 24873bdca9c9Sdanielk1977 DROP TABLE tx; 24883bdca9c9Sdanielk1977 } 24893bdca9c9Sdanielk1977 ifcapable view { 24903bdca9c9Sdanielk1977 execsql { 24913bdca9c9Sdanielk1977 DROP TABLE v1chng; 24923bdca9c9Sdanielk1977 } 24933bdca9c9Sdanielk1977 } 24943bdca9c9Sdanielk1977 } 2495f52bb8d3Sdan ifcapable stat4 { 2496f52bb8d3Sdan set stat4 "sqlite_stat4 " 2497faacf17cSdrh } else { 2498f52bb8d3Sdan set stat4 "" 2499faacf17cSdrh } 2500a3e4d96fSdrh do_test auth-5.2 { 2501a3e4d96fSdrh execsql { 2502a3e4d96fSdrh SELECT name FROM ( 2503e0a04a36Sdrh SELECT * FROM sqlite_master UNION ALL SELECT * FROM temp.sqlite_master) 2504a3e4d96fSdrh WHERE type='table' 2505a3e4d96fSdrh ORDER BY name 2506a3e4d96fSdrh } 2507f52bb8d3Sdan } "sqlite_stat1 ${stat4}t1 t2 t3 t4" 2508ff890793Sdanielk1977} 2509a3e4d96fSdrh 251034acdc95Sdanielk1977# Ticket #3944 251134acdc95Sdanielk1977# 251234acdc95Sdanielk1977ifcapable trigger { 251334acdc95Sdanielk1977 do_test auth-5.3.1 { 251434acdc95Sdanielk1977 execsql { 251534acdc95Sdanielk1977 CREATE TABLE t5 ( x ); 251634acdc95Sdanielk1977 CREATE TRIGGER t5_tr1 AFTER INSERT ON t5 BEGIN 251734acdc95Sdanielk1977 UPDATE t5 SET x = 1 WHERE NEW.x = 0; 251834acdc95Sdanielk1977 END; 251934acdc95Sdanielk1977 } 252034acdc95Sdanielk1977 } {} 252134acdc95Sdanielk1977 set ::authargs [list] 252234acdc95Sdanielk1977 proc auth {args} { 252332c6a48bSdrh eval lappend ::authargs [lrange $args 0 4] 252434acdc95Sdanielk1977 return SQLITE_OK 252534acdc95Sdanielk1977 } 252634acdc95Sdanielk1977 do_test auth-5.3.2 { 252734acdc95Sdanielk1977 execsql { INSERT INTO t5 (x) values(0) } 252834acdc95Sdanielk1977 set ::authargs 252934acdc95Sdanielk1977 } [list SQLITE_INSERT t5 {} main {} \ 253034acdc95Sdanielk1977 SQLITE_UPDATE t5 x main t5_tr1 \ 253134acdc95Sdanielk1977 SQLITE_READ t5 x main t5_tr1 \ 253234acdc95Sdanielk1977 ] 253334acdc95Sdanielk1977 do_test auth-5.3.2 { 253434acdc95Sdanielk1977 execsql { SELECT * FROM t5 } 253534acdc95Sdanielk1977 } {1} 253634acdc95Sdanielk1977} 253734acdc95Sdanielk1977 25382722898cSdrh# Ticket [0eb70d77cb05bb22720]: Invalid pointer passsed to the authorizer 25392722898cSdrh# callback when updating a ROWID. 25402722898cSdrh# 25412722898cSdrhdo_test auth-6.1 { 25422722898cSdrh execsql { 25432722898cSdrh CREATE TABLE t6(a,b,c,d,e,f,g,h); 25442722898cSdrh INSERT INTO t6 VALUES(1,2,3,4,5,6,7,8); 25452722898cSdrh } 25462722898cSdrh} {} 25472722898cSdrhset ::authargs [list] 25482722898cSdrhproc auth {args} { 254932c6a48bSdrh eval lappend ::authargs [lrange $args 0 4] 25502722898cSdrh return SQLITE_OK 25512722898cSdrh} 25522722898cSdrhdo_test auth-6.2 { 25532722898cSdrh execsql {UPDATE t6 SET rowID=rowID+100} 25542722898cSdrh set ::authargs 25552722898cSdrh} [list SQLITE_READ t6 ROWID main {} \ 25562722898cSdrh SQLITE_UPDATE t6 ROWID main {} \ 25572722898cSdrh] 25582722898cSdrhdo_test auth-6.3 { 25592722898cSdrh execsql {SELECT rowid, * FROM t6} 25602722898cSdrh} {101 1 2 3 4 5 6 7 8} 25612ce99ecfSdrh 2562455684a0Sdan#------------------------------------------------------------------------- 2563455684a0Sdan# Test that view names are included as zArg4. 2564455684a0Sdan# 2565455684a0Sdando_execsql_test auth-7.1 { 2566455684a0Sdan CREATE TABLE t7(a, b, c); 2567455684a0Sdan CREATE VIEW v7 AS SELECT * FROM t7; 2568455684a0Sdan} {} 2569455684a0Sdanset ::authargs [list] 2570455684a0Sdanproc auth {args} { 2571455684a0Sdan eval lappend ::authargs [lrange $args 0 4] 2572455684a0Sdan return SQLITE_OK 2573455684a0Sdan} 2574455684a0Sdan 2575455684a0Sdando_test auth-7.2 { 2576455684a0Sdan execsql {SELECT a, c FROM v7} 2577455684a0Sdan set ::authargs 2578455684a0Sdan} [list \ 2579455684a0Sdan SQLITE_SELECT {} {} {} {} \ 2580455684a0Sdan SQLITE_READ t7 a main v7 \ 2581455684a0Sdan SQLITE_READ t7 b main v7 \ 2582455684a0Sdan SQLITE_READ t7 c main v7 \ 2583455684a0Sdan SQLITE_READ v7 a main {} \ 2584455684a0Sdan SQLITE_READ v7 c main {} \ 2585455684a0Sdan SQLITE_SELECT {} {} {} v7 \ 2586455684a0Sdan] 2587455684a0Sdan 2588455684a0Sdanset ::authargs [list] 2589455684a0Sdando_test auth-7.3 { 2590455684a0Sdan execsql {SELECT a, c FROM t7} 2591455684a0Sdan set ::authargs 2592455684a0Sdan} [list \ 2593455684a0Sdan SQLITE_SELECT {} {} {} {} \ 2594455684a0Sdan SQLITE_READ t7 a main {} \ 2595455684a0Sdan SQLITE_READ t7 c main {} \ 2596455684a0Sdan] 2597455684a0Sdan 2598455684a0Sdanset ::authargs [list] 2599455684a0Sdando_test auth-7.4 { 2600455684a0Sdan execsql {SELECT a, c FROM t7 AS v7} 2601455684a0Sdan set ::authargs 2602455684a0Sdan} [list \ 2603455684a0Sdan SQLITE_SELECT {} {} {} {} \ 2604455684a0Sdan SQLITE_READ t7 a main {} \ 2605455684a0Sdan SQLITE_READ t7 c main {} \ 2606455684a0Sdan] 2607455684a0Sdan 2608701caf1eSdrh# If a table is referenced but no columns are read from the table, 2609701caf1eSdrh# that causes a single SQLITE_READ authorization with a NULL column 2610701caf1eSdrh# name. 2611701caf1eSdrh# 26129418921cSdrh# EVIDENCE-OF: R-31520-16302 When a table is referenced by a SELECT but 26139418921cSdrh# no column values are extracted from that table (for example in a query 26149418921cSdrh# like "SELECT count(*) FROM tab") then the SQLITE_READ authorizer 26159418921cSdrh# callback is invoked once for that table with a column name that is an 26169418921cSdrh# empty string. 26179418921cSdrh# 2618701caf1eSdrhset ::authargs [list] 2619701caf1eSdrhdo_test auth-8.1 { 2620701caf1eSdrh execsql {SELECT count(*) FROM t7} 2621701caf1eSdrh set ::authargs 2622701caf1eSdrh} [list \ 2623701caf1eSdrh SQLITE_SELECT {} {} {} {} \ 2624701caf1eSdrh SQLITE_FUNCTION {} count {} {} \ 2625701caf1eSdrh SQLITE_READ t7 {} {} {} \ 2626701caf1eSdrh ] 2627701caf1eSdrhset ::authargs [list] 2628701caf1eSdrh 2629701caf1eSdrhdo_test auth-8.2 { 2630701caf1eSdrh execsql {SELECT t6.a FROM t6, t7} 2631701caf1eSdrh set ::authargs 2632701caf1eSdrh} [list \ 2633701caf1eSdrh SQLITE_SELECT {} {} {} {} \ 2634701caf1eSdrh SQLITE_READ t6 a main {} \ 2635701caf1eSdrh SQLITE_READ t7 {} {} {} \ 2636701caf1eSdrh ] 2637455684a0Sdan 2638ee3333b2Sdan# Test also that if SQLITE_DENY is returned from an SQLITE_READ authorizer 2639ee3333b2Sdan# invocation with no column name specified, compilation fails. 2640ee3333b2Sdan# 2641ee3333b2Sdanset ::authargs [list] 264285c6892aSdanproc auth {op args} { 264385c6892aSdan foreach {a b c d} $args break 2644ee3333b2Sdan lappend ::authargs $op $a $b $c $d 2645ee3333b2Sdan if {$op == "SQLITE_READ"} { return "SQLITE_DENY" } 2646ee3333b2Sdan return "SQLITE_OK" 2647ee3333b2Sdan} 2648ee3333b2Sdanset ::authargs [list] 2649ee3333b2Sdando_catchsql_test auth-8.3 { 2650ee3333b2Sdan SELECT count(*) FROM t7 2651ee3333b2Sdan} {1 {not authorized}} 2652ee3333b2Sdando_test auth-8.4 { 2653ee3333b2Sdan set ::authargs 2654ee3333b2Sdan} [list \ 2655ee3333b2Sdan SQLITE_SELECT {} {} {} {} \ 2656ee3333b2Sdan SQLITE_FUNCTION {} count {} {} \ 2657ee3333b2Sdan SQLITE_READ t7 {} {} {} \ 2658ee3333b2Sdan] 2659ee3333b2Sdan 2660ee3333b2Sdan 2661a21c6b6fSdanielk1977rename proc {} 2662a21c6b6fSdanielk1977rename proc_real proc 26631962bda7Sdrhfinish_test 2664