The initial round of tests for the sqlite_set_authorizer() API. More are

needed before release.  Ticket #215. (CVS 829)

FossilOrigin-Name: 5707b3d56efb6e988f816abefb1836f2f3254117

diff --git a/manifest b/manifest
index 6d1310ea588cb9c05e81a170790dbcec7c117606..2531ee9a3969d4d737addbfca78e0b83e482127c 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Forgot\sto\sinclude\sthe\snew\s"auth.c"\ssource\sfile\sin\sthe\sprevious\scheckin.\s(CVS\s828)
-D 2003-01-12T18:07:49
+C The\sinitial\sround\sof\stests\sfor\sthe\ssqlite_set_authorizer()\sAPI.\s\sMore\sare\nneeded\sbefore\srelease.\s\sTicket\s#215.\s(CVS\s829)
+D 2003-01-12T19:33:53
 F Makefile.in 6606854b1512f185b8e8c779b8d7fc2750463d64
 F Makefile.linux-gcc b86a99c493a5bfb402d1d9178dcdc4bd4b32f906
 F README f1de682fbbd94899d50aca13d387d1b3fd3be2dd
@@ -18,7 +18,7 @@ F main.mk 8b10c5df8a21cdd343986a90c75247bafaebb3aa
 F publish.sh e5b83867d14708ed58cec8cba0a4f201e969474d
 F spec.template 238f7db425a78dc1bb7682e56e3834c7270a3f5e
 F sqlite.1 83f4a9d37bdf2b7ef079a82d54eaf2e3509ee6ea
-F src/auth.c 1ba84533dedc0aff1697bdea0bd63844bed49c48
+F src/auth.c de3c70e5eab92ef5c1af87dae626022b8f46a6fd
 F src/btree.c 131b5903f66e148f0f9af0cedd1c6654932c4e04
 F src/btree.h 17710339f7a8f46e3c7d6d0d4648ef19c584ffda
 F src/build.c 3136d7fc765cc2feee2ad987bac1c1696fdc0f0e
@@ -28,7 +28,7 @@ F src/expr.c d8b319f25335443a415a639aec8e0edc64e3ab6c
 F src/func.c 90c583f0b91220f7cd411a2407deaf9327245d63
 F src/hash.c 4fc39feb7b7711f6495ee9f2159559bedb043e1f
 F src/hash.h cd0433998bc1a3759d244e1637fe5a3c13b53bf8
-F src/insert.c 0ea9427f7242a4432842100b41b4b81fd1999ad6
+F src/insert.c d19a73907ade1f2801bf8c3cb68538e8b1a05b5f
 F src/main.c c8f8fdfe4548a8404fab90ff6ad374b217e6b7fa
 F src/md5.c fe4f9c9c6f71dfc26af8da63e4d04489b1430565
 F src/os.c 28447687e7914306650f72058f62f7162faeef1f
@@ -57,6 +57,7 @@ F src/vdbe.c e103bd5a154b1790dd344662dceb14566a51a879
 F src/vdbe.h 754eba497cfe0c3e352b9c101ab2f811f10d0a55
 F src/where.c 5bf7f1e1d756ab3d25a18b24bb42106cb8e14d18
 F test/all.test 873d30e25a41b3aa48fec5633a7ec1816e107029
+F test/auth.test 1e8e443bc8d5c4ea44176ce6d9de4157582475aa
 F test/bigfile.test 1cd8256d4619c39bea48147d344f348823e78678
 F test/bigrow.test 8ab252dba108f12ad64e337b0f2ff31a807ac578
 F test/btree.test 10e75aec120ecefc0edc4c912a0980a43db1b6c2
@@ -153,7 +154,7 @@ F www/speed.tcl a20a792738475b68756ea7a19321600f23d1d803
 F www/sqlite.tcl ae3dcfb077e53833b59d4fcc94d8a12c50a44098
 F www/tclsqlite.tcl 1db15abeb446aad0caf0b95b8b9579720e4ea331
 F www/vdbe.tcl 2013852c27a02a091d39a766bc87cff329f21218
-P 52d5007f64d0af5286b2a0e1f0b9e53c86bece3f
-R 1a3038845af2798949c6e7c2b6282e0e
+P 7601916419489879fe963c83010b452c49ef063f
+R bf3593b345d77cb3f65a7094575c0db9
 U drh
-Z ce72280da87725f92833f0d83598931c
+Z 10949dc2e6e230f66d8a085db700df05

diff --git a/manifest.uuid b/manifest.uuid
index 8456bf254cd9281d6361a122877c64b719ada42c..b1cd83be48cce57ba7513c9921304a70e77ed0f4 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-7601916419489879fe963c83010b452c49ef063f
\ No newline at end of file
+5707b3d56efb6e988f816abefb1836f2f3254117
\ No newline at end of file

diff --git a/src/auth.c b/src/auth.c
index 92782b85a53d7c9f9ed8b52c4542e85e22660c0a..8303e7a81af847284cda8e4cfede454455c08921 100644 (file)
--- a/src/auth.c
+++ b/src/auth.c
@@ -14,7 +14,7 @@
 ** systems that do not need this facility may omit it by recompiling
 ** the library with -DSQLITE_OMIT_AUTHORIZATION=1
 **
-** $Id: auth.c,v 1.1 2003/01/12 18:07:49 drh Exp $
+** $Id: auth.c,v 1.2 2003/01/12 19:33:53 drh Exp $
 */
 #include "sqliteInt.h"
 
@@ -68,7 +68,7 @@ static void sqliteAuthBadReturnCode(Parse *pParse, int rc){
   char zBuf[20];
   sprintf(zBuf, "(%d)", rc);
   sqliteSetString(&pParse->zErrMsg, "illegal return value ", zBuf,
-    " from the authorization function - should to be SQLITE_OK, "
+    " from the authorization function - should be SQLITE_OK, "
     "SQLITE_IGNORE, or SQLITE_DENY", 0);
   pParse->nErr++;
 }
@@ -133,7 +133,7 @@ int sqliteAuthDelete(Parse *pParse, const char *zName, int forceError){
   }
   rc = db->xAuth(db->pAuthArg, SQLITE_DELETE_ROW, zName, "");
   if( rc==SQLITE_DENY  || (rc==SQLITE_IGNORE && forceError) ){
-    sqliteSetString(&pParse->zErrMsg,"deletion of rows from table ",
+    sqliteSetString(&pParse->zErrMsg,"deletion from table ",
         zName, " is prohibited", 0);
     pParse->nErr++;
   }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){
@@ -158,7 +158,7 @@ int sqliteAuthInsert(Parse *pParse, const char *zName, int forceError){
   }
   rc = db->xAuth(db->pAuthArg, SQLITE_INSERT_ROW, zName, "");
   if( rc==SQLITE_DENY || (rc==SQLITE_IGNORE && forceError) ){
-    sqliteSetString(&pParse->zErrMsg,"insertion of rows from table ",
+    sqliteSetString(&pParse->zErrMsg,"insertion into table ",
         zName, " is prohibited", 0);
     pParse->nErr++;
   }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){

diff --git a/src/insert.c b/src/insert.c
index 5dc8882d3274b4fec7ea678d79a93b0521c49c26..888f129098ebb343bac573264c1cef30c6c19cfb 100644 (file)
--- a/src/insert.c
+++ b/src/insert.c
@@ -12,7 +12,7 @@
 ** This file contains C code routines that are called by the parser
 ** to handle INSERT statements in SQLite.
 **
-** $Id: insert.c,v 1.69 2003/01/12 18:02:18 drh Exp $
+** $Id: insert.c,v 1.70 2003/01/12 19:33:53 drh Exp $
 */
 #include "sqliteInt.h"
 
@@ -127,6 +127,9 @@ void sqliteInsert(
     pParse->nErr++;
     goto insert_cleanup;
   }
+  if( sqliteAuthInsert(pParse, zTab, 0) ){
+    goto insert_cleanup;
+  }
 
   /* Ensure that:
   *  (a) the table is not read-only, 

diff --git a/test/auth.test b/test/auth.test
new file mode 100644 (file)
index 0000000..2ba7fdf
--- /dev/null
+++ b/test/auth.test
@@ -0,0 +1,274 @@
+# 2003 January 12
+#
+# The author disclaims copyright to this source code.  In place of
+# a legal notice, here is a blessing:
+#
+#    May you do good and not evil.
+#    May you find forgiveness for yourself and forgive others.
+#    May you share freely, never taking more than you give.
+#
+#***********************************************************************
+# This file implements regression tests for SQLite library.  The
+# focus of this script testing the sqlite_set_authorizer() API.
+#
+# $Id: auth.test,v 1.1 2003/01/12 19:33:54 drh Exp $
+#
+
+set testdir [file dirname $argv0]
+source $testdir/tester.tcl
+
+if {[info command sqlite_set_authorizer]!=""} {
+
+do_test auth-1.1 {
+  db close
+  set ::DB [sqlite db test.db]
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_INSERT_ROW" 
+          && [string compare -nocase $arg1 sqlite_master]==0} {
+      return SQLITE_DENY
+    }
+    return SQLITE_OK
+  }
+  sqlite_set_authorizer $::DB ::auth
+  catchsql {CREATE TABLE t1(a,b,c)}
+} {1 {insertion into table sqlite_master is prohibited}}
+do_test auth-1.2 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_INSERT_ROW" 
+          && [string compare -nocase $arg1 sqlite_master]==0} {
+      return SQLITE_IGNORE
+    }
+    return SQLITE_OK
+  }
+  catchsql {CREATE TABLE t1(a,b,c)}
+} {1 {insertion into table sqlite_master is prohibited}}
+do_test auth-1.3 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_INSERT_ROW" 
+          && [string compare -nocase $arg1 sqlite_master]==0} {
+      return SQLITE_OK
+    }
+    return SQLITE_OK
+  }
+  catchsql {CREATE TABLE t1(a,b,c)}
+} {0 {}}
+do_test auth-1.4 {
+  execsql {SELECT name FROM sqlite_master}
+} {t1}
+do_test auth-1.5 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_INSERT_ROW" 
+          && [string compare -nocase $arg1 sqlite_master]==0} {
+      return BOGUS
+    }
+    return SQLITE_OK
+  }
+  catchsql {CREATE TABLE t2(a,b,c)}
+} {1 {illegal return value (1) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY}}
+do_test auth-1.6 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_DELETE_ROW" 
+          && [string compare -nocase $arg1 sqlite_master]==0} {
+      return SQLITE_DENY
+    }
+    return SQLITE_OK
+  }
+  catchsql {DROP TABLE t1}
+} {1 {deletion from table sqlite_master is prohibited}}
+do_test auth-1.7 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_DELETE_ROW" 
+          && [string compare -nocase $arg1 sqlite_master]==0} {
+      return SQLITE_IGNORE
+    }
+    return SQLITE_OK
+  }
+  catchsql {DROP TABLE t1}
+} {1 {deletion from table sqlite_master is prohibited}}
+do_test auth-1.8 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_INSERT_ROW" 
+          && [string compare -nocase $arg1 t1]==0} {
+      return SQLITE_DENY
+    }
+    return SQLITE_OK
+  }
+  catchsql {INSERT INTO t1 VALUES(1,2,3)}
+} {1 {insertion into table t1 is prohibited}}
+do_test auth-1.9 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_INSERT_ROW" 
+          && [string compare -nocase $arg1 t1]==0} {
+      return SQLITE_IGNORE
+    }
+    return SQLITE_OK
+  }
+  catchsql {INSERT INTO t1 VALUES(1,2,3)}
+} {0 {}}
+do_test auth-1.10 {
+  execsql {SELECT * FROM t1}
+} {}
+do_test auth-1.11 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_INSERT_ROW" 
+          && [string compare -nocase $arg1 t1]==0} {
+      return SQLITE_OK
+    }
+    return SQLITE_OK
+  }
+  catchsql {INSERT INTO t1 VALUES(1,2,3)}
+} {0 {}}
+do_test auth-1.12 {
+  execsql {SELECT * FROM t1}
+} {1 2 3}
+do_test auth-1.13 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_DELETE_ROW" 
+          && [string compare -nocase $arg1 t1]==0} {
+      return SQLITE_DENY
+    }
+    return SQLITE_OK
+  }
+  catchsql {DELETE FROM t1 WHERE a=1}
+} {1 {deletion from table t1 is prohibited}}
+do_test auth-1.14 {
+  execsql {SELECT * FROM t1}
+} {1 2 3}
+do_test auth-1.15 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_DELETE_ROW" 
+          && [string compare -nocase $arg1 t1]==0} {
+      return SQLITE_IGNORE
+    }
+    return SQLITE_OK
+  }
+  catchsql {DELETE FROM t1 WHERE a=1}
+} {0 {}}
+do_test auth-1.16 {
+  execsql {SELECT * FROM t1}
+} {1 2 3}
+do_test auth-1.17 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_READ_COLUMN" 
+          && [string compare -nocase $arg1 t1]==0
+          && [string compare -nocase $arg2 a]==0} {
+      return SQLITE_DENY
+    }
+    return SQLITE_OK
+  }
+  catchsql {SELECT * FROM t1}
+} {1 {access to t1.a is prohibited}}
+do_test auth-1.18 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_READ_COLUMN" 
+          && [string compare -nocase $arg1 t1]==0
+          && [string compare -nocase $arg2 a]==0} {
+      return SQLITE_IGNORE
+    }
+    return SQLITE_OK
+  }
+  catchsql {SELECT * FROM t1}
+} {0 {{} 2 3}}
+do_test auth-1.19 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_WRITE_COLUMN" 
+          && [string compare -nocase $arg1 t1]==0
+          && [string compare -nocase $arg2 a]==0} {
+      return SQLITE_DENY
+    }
+    return SQLITE_OK
+  }
+  catchsql {UPDATE t1 SET a=11 WHERE a=1}
+} {1 {changes to t1.a are prohibited}}
+do_test auth-1.20 {
+  execsql {SELECT * FROM t1}
+} {1 2 3}
+do_test auth-1.21 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_WRITE_COLUMN" 
+          && [string compare -nocase $arg1 t1]==0
+          && [string compare -nocase $arg2 a]==0} {
+      return SQLITE_DENY
+    }
+    return SQLITE_OK
+  }
+  catchsql {UPDATE t1 SET b=12 WHERE a=1}
+} {0 {}}
+do_test auth-1.22 {
+  execsql {SELECT * FROM t1}
+} {1 12 3}
+do_test auth-1.23 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_WRITE_COLUMN" 
+          && [string compare -nocase $arg1 t1]==0
+          && [string compare -nocase $arg2 a]==0} {
+      return SQLITE_IGNORE
+    }
+    return SQLITE_OK
+  }
+  catchsql {UPDATE t1 SET a=11, b=22 WHERE a=1}
+} {0 {}}
+do_test auth-1.24 {
+  execsql {SELECT * FROM t1}
+} {1 22 3}
+do_test auth-1.25 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_WRITE_COLUMN" 
+          && [string compare -nocase $arg1 t1]==0
+          && [string compare -nocase $arg2 a]==0} {
+      return SQLITE_DENY
+    }
+    return SQLITE_OK
+  }
+  catchsql {UPDATE t1 SET a=11, b=33 WHERE a=1}
+} {1 {changes to t1.a are prohibited}}
+do_test auth-1.26 {
+  execsql {SELECT * FROM t1}
+} {1 22 3}
+do_test auth-1.27 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_READ_COLUMN" 
+          && [string compare -nocase $arg1 t1]==0
+          && [string compare -nocase $arg2 a]==0} {
+      return SQLITE_DENY
+    }
+    return SQLITE_OK
+  }
+  catchsql {UPDATE t1 SET b=33, c=44 WHERE a=1}
+} {1 {access to t1.a is prohibited}}
+do_test auth-1.28 {
+  execsql {SELECT b, c FROM t1}
+} {22 3}
+do_test auth-1.29 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_READ_COLUMN" 
+          && [string compare -nocase $arg1 t1]==0
+          && [string compare -nocase $arg2 a]==0} {
+      return SQLITE_IGNORE
+    }
+    return SQLITE_OK
+  }
+  catchsql {UPDATE t1 SET b=33, c=44 WHERE a=1}
+} {0 {}}
+do_test auth-1.30 {
+  execsql {SELECT b, c FROM t1}
+} {22 3}
+do_test auth-1.31 {
+  proc auth {code arg1 arg2} {
+    if {$code=="SQLITE_READ_COLUMN" 
+          && [string compare -nocase $arg1 t1]==0
+          && [string compare -nocase $arg2 a]==0} {
+      return SQLITE_IGNORE
+    }
+    return SQLITE_OK
+  }
+  catchsql {UPDATE t1 SET b=33, c=44 WHERE a IS NULL}
+} {0 {}}
+do_test auth-1.32 {
+  execsql {SELECT b, c FROM t1}
+} {33 44}
+
+  
+} ;# End of the "if( db command exists )"
+
+finish_test