Invoke the authorizer for ALTER TABLE RENAME COLUMN.

FossilOrigin-Name: fc293bcb3402f049fb9e22aacfb4fdcd13f8609edf29c97d6cb95ce351363873
2018-08-25 16:14:46 +00:00 · 2018-08-25 16:14:46 +00:00 · 0d019b9243
commit 0d019b9243
parent 3a843f525c
4 changed files with 84 additions and 8 deletions
--- a/14
+++ b/14
@ -1,5 +1,5 @@
-C Remove\san\sunnecessary\sIN_RENAME_COLUMN\smacro\sfrom\sresolve.c.
-D 2018-08-25T03:29:34.617
+C Invoke\sthe\sauthorizer\sfor\sALTER\sTABLE\sRENAME\sCOLUMN.
+D 2018-08-25T16:14:46.168
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F Makefile.in 2729786d5d188974913f07ea63cc84cd42cb9cac5f4aac823c40105e68e22f63
@ -432,7 +432,7 @@ F spec.template 86a4a43b99ebb3e75e6b9a735d5fd293a24e90ca
 F sqlite.pc.in 42b7bf0d02e08b9e77734a47798d1a55a9e0716b
 F sqlite3.1 fc7ad8990fc8409983309bb80de8c811a7506786
 F sqlite3.pc.in 48fed132e7cb71ab676105d2a4dc77127d8c1f3a
-F src/alter.c 64dcb3cb53c93d49347ee2366f4583308be1e5022a83825c4554d7caeb9e5559
+F src/alter.c cd45c47c74347cf2d6da3e055f19b880fb7c9d3022230b4a46132b3055e71350
 F src/analyze.c 3dc6b98cf007b005af89df165c966baaa48e8124f38c87b4d2b276fe7f0b9eb9
 F src/attach.c 4bd5b92633671d3e8ce431153ebb1893b50335818423b5373f3f27969f79769a
 F src/auth.c 32a5bbe3b755169ab6c66311c5225a3cd4f75a46c041f7fb117e0cbb68055114
@ -632,7 +632,7 @@ F test/attach2.test 256bd240da1835fb8408dd59fb7ef71f8358c7a756c46662434d11d07ba3
 F test/attach3.test c59d92791070c59272e00183b7353eeb94915976
 F test/attach4.test 53bf502f17647c6d6c5add46dda6bac8b6f4665c
 F test/attachmalloc.test 3a4bfca9545bfe906a8d2e622de10fbac5b711b0
-F test/auth.test 3d6cd8f3978ba55b1202574e6ecd79c6e00914ca44b9bfd6c1fe6fb873fcac88
+F test/auth.test 4dd570df24d175f6c3a8988358e9ce884d86434edf8af0b396af97c97147ac57
 F test/auth2.test 9eb7fce9f34bf1f50d3f366fb3e606be5a2000a1
 F test/auth3.test db21405b95257c24d29273b6b31d0efc59e1d337e3d5804ba2d1fd4897b1ae49
 F test/autoanalyze1.test b9cc3f32a990fa56669b668d237c6d53e983554ae80c0604992e18869a0b2dec
@ -1758,7 +1758,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P f0eed21d4e2e1f2c8e680a510a283ac21156c9766efec5b80a362a040424bce7
-R 765df4694289b6c53a17c97f9702ba6c
+P 5858c0bde7c210f07cfa72cee95325847b26733abab4f56301b57cd816931e97
+R dd94651ea0773b5a11f95a943c96a170
 U drh
-Z db8eccde43135de3a0e592fd50ea76f1
+Z 17da09075e978c2583f9ca2204e2cf85
--- a/manifest.uuid
+++ b/manifest.uuid
@ -1 +1 @@
-5858c0bde7c210f07cfa72cee95325847b26733abab4f56301b57cd816931e97
+fc293bcb3402f049fb9e22aacfb4fdcd13f8609edf29c97d6cb95ce351363873
--- a/src/alter.c
+++ b/src/alter.c
@ -856,6 +856,13 @@ void sqlite3AlterRenameColumn(
  assert( iSchema>=0 );
  zDb = db->aDb[iSchema].zDbSName;

+#ifndef SQLITE_OMIT_AUTHORIZATION
+  /* Invoke the authorization callback. */
+  if( sqlite3AuthCheck(pParse, SQLITE_ALTER_TABLE, zDb, pTab->zName, 0) ){
+    goto exit_rename_column;
+  }
+#endif
+
  /* Make sure the old name really is a column name in the table to be
  ** altered.  Set iCol to be the index of the column being renamed */
  zOld = sqlite3NameFromToken(db, pOld);
--- a/test/auth.test
+++ b/test/auth.test
@ -2133,6 +2133,75 @@ ifcapable {cte} {
  } {1 {not authorized}}
 } ;# ifcapable cte

+#
+# db eval {SELECT sql FROM temp.sqlite_master} {puts "TEMP: $sql;"}
+# db eval {SELECT sql FROM main.sqlite_master} {puts "MAIN: $sql;"}
+#
+#    MAIN: CREATE TABLE "t2"(a,b,c);
+#    MAIN: CREATE TABLE t4(a,b,c);
+#    MAIN: CREATE INDEX t4i1 ON t4(a);
+#    MAIN: CREATE INDEX t4i2 ON t4(b,a,c);
+#    MAIN: CREATE TABLE sqlite_stat1(tbl,idx,stat);
+#    MAIN: CREATE TABLE t1(a,b);
+#
+ifcapable altertable {
+  do_test 1.350 {
+    proc auth {code arg1 arg2 arg3 arg4 args} {
+      if {$code=="SQLITE_ALTER_TABLE"} {
+        set ::authargs [list $arg1 $arg2 $arg3 $arg4]
+        return SQLITE_OK
+      }
+      return SQLITE_OK
+    }
+    catchsql {
+      ALTER TABLE t1 RENAME COLUMN b TO bcdefg;
+    }
+  } {0 {}}
+  do_execsql_test auth-1.351 {
+    SELECT name FROM pragma_table_info('t1') ORDER BY cid;
+  } {a bcdefg}
+  do_test auth-1.352 {
+    set authargs
+  } {main t1 {} {}}
+  do_test 1.353 {
+    proc auth {code arg1 arg2 arg3 arg4 args} {
+      if {$code=="SQLITE_ALTER_TABLE"} {
+        set ::authargs [list $arg1 $arg2 $arg3 $arg4]
+        return SQLITE_IGNORE
+      }
+      return SQLITE_OK
+    }
+    catchsql {
+      ALTER TABLE t1 RENAME COLUMN bcdefg TO b;
+    }
+  } {0 {}}
+  do_execsql_test auth-1.354 {
+    SELECT name FROM pragma_table_info('t1') ORDER BY cid;
+  } {a bcdefg}
+  do_test auth-1.355 {
+    set authargs
+  } {main t1 {} {}}
+  do_test 1.356 {
+    proc auth {code arg1 arg2 arg3 arg4 args} {
+      if {$code=="SQLITE_ALTER_TABLE"} {
+        set ::authargs [list $arg1 $arg2 $arg3 $arg4]
+        return SQLITE_DENY
+      }
+      return SQLITE_OK
+    }
+    catchsql {
+      ALTER TABLE t1 RENAME COLUMN bcdefg TO b;
+    }
+  } {1 {not authorized}}
+  do_execsql_test auth-1.356 {
+    SELECT name FROM pragma_table_info('t1') ORDER BY cid;
+  } {a bcdefg}
+  do_test auth-1.357 {
+    set authargs
+  } {main t1 {} {}}
+}
+
+
 do_test auth-2.1 {
  proc auth {code arg1 arg2 arg3 arg4 args} {
    if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} {