From: drh Date: Sat, 25 Aug 2018 16:14:46 +0000 (+0000) Subject: Invoke the authorizer for ALTER TABLE RENAME COLUMN. X-Git-Tag: version-3.25.0~39^2~14 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0d019b924335bf9860dbea20c88b5ea30573882c;p=thirdparty%2Fsqlite.git Invoke the authorizer for ALTER TABLE RENAME COLUMN. FossilOrigin-Name: fc293bcb3402f049fb9e22aacfb4fdcd13f8609edf29c97d6cb95ce351363873 --- diff --git a/manifest b/manifest index 6aff9ae547..45c0a0aeb3 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Remove\san\sunnecessary\sIN_RENAME_COLUMN\smacro\sfrom\sresolve.c. -D 2018-08-25T03:29:34.617 +C Invoke\sthe\sauthorizer\sfor\sALTER\sTABLE\sRENAME\sCOLUMN. +D 2018-08-25T16:14:46.168 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F Makefile.in 2729786d5d188974913f07ea63cc84cd42cb9cac5f4aac823c40105e68e22f63 @@ -432,7 +432,7 @@ F spec.template 86a4a43b99ebb3e75e6b9a735d5fd293a24e90ca F sqlite.pc.in 42b7bf0d02e08b9e77734a47798d1a55a9e0716b F sqlite3.1 fc7ad8990fc8409983309bb80de8c811a7506786 F sqlite3.pc.in 48fed132e7cb71ab676105d2a4dc77127d8c1f3a -F src/alter.c 64dcb3cb53c93d49347ee2366f4583308be1e5022a83825c4554d7caeb9e5559 +F src/alter.c cd45c47c74347cf2d6da3e055f19b880fb7c9d3022230b4a46132b3055e71350 F src/analyze.c 3dc6b98cf007b005af89df165c966baaa48e8124f38c87b4d2b276fe7f0b9eb9 F src/attach.c 4bd5b92633671d3e8ce431153ebb1893b50335818423b5373f3f27969f79769a F src/auth.c 32a5bbe3b755169ab6c66311c5225a3cd4f75a46c041f7fb117e0cbb68055114 @@ -632,7 +632,7 @@ F test/attach2.test 256bd240da1835fb8408dd59fb7ef71f8358c7a756c46662434d11d07ba3 F test/attach3.test c59d92791070c59272e00183b7353eeb94915976 F test/attach4.test 53bf502f17647c6d6c5add46dda6bac8b6f4665c F test/attachmalloc.test 3a4bfca9545bfe906a8d2e622de10fbac5b711b0 -F test/auth.test 3d6cd8f3978ba55b1202574e6ecd79c6e00914ca44b9bfd6c1fe6fb873fcac88 +F test/auth.test 4dd570df24d175f6c3a8988358e9ce884d86434edf8af0b396af97c97147ac57 F test/auth2.test 9eb7fce9f34bf1f50d3f366fb3e606be5a2000a1 F test/auth3.test db21405b95257c24d29273b6b31d0efc59e1d337e3d5804ba2d1fd4897b1ae49 F test/autoanalyze1.test b9cc3f32a990fa56669b668d237c6d53e983554ae80c0604992e18869a0b2dec @@ -1758,7 +1758,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P f0eed21d4e2e1f2c8e680a510a283ac21156c9766efec5b80a362a040424bce7 -R 765df4694289b6c53a17c97f9702ba6c +P 5858c0bde7c210f07cfa72cee95325847b26733abab4f56301b57cd816931e97 +R dd94651ea0773b5a11f95a943c96a170 U drh -Z db8eccde43135de3a0e592fd50ea76f1 +Z 17da09075e978c2583f9ca2204e2cf85 diff --git a/manifest.uuid b/manifest.uuid index 6c371ddbf1..3a9b8cf775 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -5858c0bde7c210f07cfa72cee95325847b26733abab4f56301b57cd816931e97 \ No newline at end of file +fc293bcb3402f049fb9e22aacfb4fdcd13f8609edf29c97d6cb95ce351363873 \ No newline at end of file diff --git a/src/alter.c b/src/alter.c index 50690b9819..61eb3b6cce 100644 --- a/src/alter.c +++ b/src/alter.c @@ -856,6 +856,13 @@ void sqlite3AlterRenameColumn( assert( iSchema>=0 ); zDb = db->aDb[iSchema].zDbSName; +#ifndef SQLITE_OMIT_AUTHORIZATION + /* Invoke the authorization callback. */ + if( sqlite3AuthCheck(pParse, SQLITE_ALTER_TABLE, zDb, pTab->zName, 0) ){ + goto exit_rename_column; + } +#endif + /* Make sure the old name really is a column name in the table to be ** altered. Set iCol to be the index of the column being renamed */ zOld = sqlite3NameFromToken(db, pOld); diff --git a/test/auth.test b/test/auth.test index 2487e568b2..219ac78048 100644 --- a/test/auth.test +++ b/test/auth.test @@ -2133,6 +2133,75 @@ ifcapable {cte} { } {1 {not authorized}} } ;# ifcapable cte +# +# db eval {SELECT sql FROM temp.sqlite_master} {puts "TEMP: $sql;"} +# db eval {SELECT sql FROM main.sqlite_master} {puts "MAIN: $sql;"} +# +# MAIN: CREATE TABLE "t2"(a,b,c); +# MAIN: CREATE TABLE t4(a,b,c); +# MAIN: CREATE INDEX t4i1 ON t4(a); +# MAIN: CREATE INDEX t4i2 ON t4(b,a,c); +# MAIN: CREATE TABLE sqlite_stat1(tbl,idx,stat); +# MAIN: CREATE TABLE t1(a,b); +# +ifcapable altertable { + do_test 1.350 { + proc auth {code arg1 arg2 arg3 arg4 args} { + if {$code=="SQLITE_ALTER_TABLE"} { + set ::authargs [list $arg1 $arg2 $arg3 $arg4] + return SQLITE_OK + } + return SQLITE_OK + } + catchsql { + ALTER TABLE t1 RENAME COLUMN b TO bcdefg; + } + } {0 {}} + do_execsql_test auth-1.351 { + SELECT name FROM pragma_table_info('t1') ORDER BY cid; + } {a bcdefg} + do_test auth-1.352 { + set authargs + } {main t1 {} {}} + do_test 1.353 { + proc auth {code arg1 arg2 arg3 arg4 args} { + if {$code=="SQLITE_ALTER_TABLE"} { + set ::authargs [list $arg1 $arg2 $arg3 $arg4] + return SQLITE_IGNORE + } + return SQLITE_OK + } + catchsql { + ALTER TABLE t1 RENAME COLUMN bcdefg TO b; + } + } {0 {}} + do_execsql_test auth-1.354 { + SELECT name FROM pragma_table_info('t1') ORDER BY cid; + } {a bcdefg} + do_test auth-1.355 { + set authargs + } {main t1 {} {}} + do_test 1.356 { + proc auth {code arg1 arg2 arg3 arg4 args} { + if {$code=="SQLITE_ALTER_TABLE"} { + set ::authargs [list $arg1 $arg2 $arg3 $arg4] + return SQLITE_DENY + } + return SQLITE_OK + } + catchsql { + ALTER TABLE t1 RENAME COLUMN bcdefg TO b; + } + } {1 {not authorized}} + do_execsql_test auth-1.356 { + SELECT name FROM pragma_table_info('t1') ORDER BY cid; + } {a bcdefg} + do_test auth-1.357 { + set authargs + } {main t1 {} {}} +} + + do_test auth-2.1 { proc auth {code arg1 arg2 arg3 arg4 args} { if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} {