mirrors/sqlite
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

The initial round of tests for the sqlite_set_authorizer() API. More are

Browse Source 
needed before release.  Ticket #215. (CVS 829)

FossilOrigin-Name: 5707b3d56efb6e988f816abefb1836f2f3254117
This commit is contained in:
drh 2003-01-12 19:33:52 +00:00
parent e6d01c3a04
commit 1962bda764
5 changed files with 291 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
manifest
View File

@ -1,5 +1,5 @@
C Forgot\sto\sinclude\sthe\snew\s"auth.c"\ssource\sfile\sin\sthe\sprevious\scheckin.\s(CVS\s828)
D 2003-01-12T18:07:49
C The\sinitial\sround\sof\stests\sfor\sthe\ssqlite_set_authorizer()\sAPI.\s\sMore\sare\nneeded\sbefore\srelease.\s\sTicket\s#215.\s(CVS\s829)
D 2003-01-12T19:33:53
F Makefile.in 6606854b1512f185b8e8c779b8d7fc2750463d64
F Makefile.linux-gcc b86a99c493a5bfb402d1d9178dcdc4bd4b32f906
F README f1de682fbbd94899d50aca13d387d1b3fd3be2dd
@ -18,7 +18,7 @@ F main.mk 8b10c5df8a21cdd343986a90c75247bafaebb3aa
F publish.sh e5b83867d14708ed58cec8cba0a4f201e969474d
F spec.template 238f7db425a78dc1bb7682e56e3834c7270a3f5e
F sqlite.1 83f4a9d37bdf2b7ef079a82d54eaf2e3509ee6ea
F src/auth.c 1ba84533dedc0aff1697bdea0bd63844bed49c48
F src/auth.c de3c70e5eab92ef5c1af87dae626022b8f46a6fd
F src/btree.c 131b5903f66e148f0f9af0cedd1c6654932c4e04
F src/btree.h 17710339f7a8f46e3c7d6d0d4648ef19c584ffda
F src/build.c 3136d7fc765cc2feee2ad987bac1c1696fdc0f0e
@ -28,7 +28,7 @@ F src/expr.c d8b319f25335443a415a639aec8e0edc64e3ab6c
F src/func.c 90c583f0b91220f7cd411a2407deaf9327245d63
F src/hash.c 4fc39feb7b7711f6495ee9f2159559bedb043e1f
F src/hash.h cd0433998bc1a3759d244e1637fe5a3c13b53bf8
F src/insert.c 0ea9427f7242a4432842100b41b4b81fd1999ad6
F src/insert.c d19a73907ade1f2801bf8c3cb68538e8b1a05b5f
F src/main.c c8f8fdfe4548a8404fab90ff6ad374b217e6b7fa
F src/md5.c fe4f9c9c6f71dfc26af8da63e4d04489b1430565
F src/os.c 28447687e7914306650f72058f62f7162faeef1f
@ -57,6 +57,7 @@ F src/vdbe.c e103bd5a154b1790dd344662dceb14566a51a879
F src/vdbe.h 754eba497cfe0c3e352b9c101ab2f811f10d0a55
F src/where.c 5bf7f1e1d756ab3d25a18b24bb42106cb8e14d18
F test/all.test 873d30e25a41b3aa48fec5633a7ec1816e107029
F test/auth.test 1e8e443bc8d5c4ea44176ce6d9de4157582475aa
F test/bigfile.test 1cd8256d4619c39bea48147d344f348823e78678
F test/bigrow.test 8ab252dba108f12ad64e337b0f2ff31a807ac578
F test/btree.test 10e75aec120ecefc0edc4c912a0980a43db1b6c2
@ -153,7 +154,7 @@ F www/speed.tcl a20a792738475b68756ea7a19321600f23d1d803
F www/sqlite.tcl ae3dcfb077e53833b59d4fcc94d8a12c50a44098
F www/tclsqlite.tcl 1db15abeb446aad0caf0b95b8b9579720e4ea331
F www/vdbe.tcl 2013852c27a02a091d39a766bc87cff329f21218
P 52d5007f64d0af5286b2a0e1f0b9e53c86bece3f
R 1a3038845af2798949c6e7c2b6282e0e
P 7601916419489879fe963c83010b452c49ef063f
R bf3593b345d77cb3f65a7094575c0db9
U drh
Z ce72280da87725f92833f0d83598931c
Z 10949dc2e6e230f66d8a085db700df05

2
manifest.uuid
View File

@ -1 +1 @@
7601916419489879fe963c83010b452c49ef063f
5707b3d56efb6e988f816abefb1836f2f3254117

8
src/auth.c
View File

@ -14,7 +14,7 @@
** systems that do not need this facility may omit it by recompiling
** the library with -DSQLITE_OMIT_AUTHORIZATION=1
**
** $Id: auth.c,v 1.1 2003/01/12 18:07:49 drh Exp $
** $Id: auth.c,v 1.2 2003/01/12 19:33:53 drh Exp $
*/
#include "sqliteInt.h"
@ -68,7 +68,7 @@ static void sqliteAuthBadReturnCode(Parse *pParse, int rc){
char zBuf[20];
sprintf(zBuf, "(%d)", rc);
sqliteSetString(&pParse->zErrMsg, "illegal return value ", zBuf,
" from the authorization function - should to be SQLITE_OK, "
" from the authorization function - should be SQLITE_OK, "
"SQLITE_IGNORE, or SQLITE_DENY", 0);
pParse->nErr++;
}
@ -133,7 +133,7 @@ int sqliteAuthDelete(Parse *pParse, const char *zName, int forceError){
}
rc = db->xAuth(db->pAuthArg, SQLITE_DELETE_ROW, zName, "");
if( rc==SQLITE_DENY || (rc==SQLITE_IGNORE && forceError) ){
sqliteSetString(&pParse->zErrMsg,"deletion of rows from table ",
sqliteSetString(&pParse->zErrMsg,"deletion from table ",
zName, " is prohibited", 0);
pParse->nErr++;
}else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){
@ -158,7 +158,7 @@ int sqliteAuthInsert(Parse *pParse, const char *zName, int forceError){
}
rc = db->xAuth(db->pAuthArg, SQLITE_INSERT_ROW, zName, "");
if( rc==SQLITE_DENY || (rc==SQLITE_IGNORE && forceError) ){
sqliteSetString(&pParse->zErrMsg,"insertion of rows from table ",
sqliteSetString(&pParse->zErrMsg,"insertion into table ",
zName, " is prohibited", 0);
pParse->nErr++;
}else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){

5
src/insert.c
View File

@ -12,7 +12,7 @@
** This file contains C code routines that are called by the parser
** to handle INSERT statements in SQLite.
**
** $Id: insert.c,v 1.69 2003/01/12 18:02:18 drh Exp $
** $Id: insert.c,v 1.70 2003/01/12 19:33:53 drh Exp $
*/
#include "sqliteInt.h"
@ -127,6 +127,9 @@ void sqliteInsert(
pParse->nErr++;
goto insert_cleanup;
}
if( sqliteAuthInsert(pParse, zTab, 0) ){
goto insert_cleanup;
}
/* Ensure that:
* (a) the table is not read-only,

274
test/auth.test Normal file
View File

@ -0,0 +1,274 @@
# 2003 January 12
#
# The author disclaims copyright to this source code. In place of
# a legal notice, here is a blessing:
#
# May you do good and not evil.
# May you find forgiveness for yourself and forgive others.
# May you share freely, never taking more than you give.
#
#***********************************************************************
# This file implements regression tests for SQLite library. The
# focus of this script testing the sqlite_set_authorizer() API.
#
# $Id: auth.test,v 1.1 2003/01/12 19:33:54 drh Exp $
#
set testdir [file dirname $argv0]
source $testdir/tester.tcl
if {[info command sqlite_set_authorizer]!=""} {
do_test auth-1.1 {
db close
set ::DB [sqlite db test.db]
proc auth {code arg1 arg2} {
if {$code=="SQLITE_INSERT_ROW"
&& [string compare -nocase $arg1 sqlite_master]==0} {
return SQLITE_DENY
}
return SQLITE_OK
}
sqlite_set_authorizer $::DB ::auth
catchsql {CREATE TABLE t1(a,b,c)}
} {1 {insertion into table sqlite_master is prohibited}}
do_test auth-1.2 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_INSERT_ROW"
&& [string compare -nocase $arg1 sqlite_master]==0} {
return SQLITE_IGNORE
}
return SQLITE_OK
}
catchsql {CREATE TABLE t1(a,b,c)}
} {1 {insertion into table sqlite_master is prohibited}}
do_test auth-1.3 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_INSERT_ROW"
&& [string compare -nocase $arg1 sqlite_master]==0} {
return SQLITE_OK
}
return SQLITE_OK
}
catchsql {CREATE TABLE t1(a,b,c)}
} {0 {}}
do_test auth-1.4 {
execsql {SELECT name FROM sqlite_master}
} {t1}
do_test auth-1.5 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_INSERT_ROW"
&& [string compare -nocase $arg1 sqlite_master]==0} {
return BOGUS
}
return SQLITE_OK
}
catchsql {CREATE TABLE t2(a,b,c)}
} {1 {illegal return value (1) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY}}
do_test auth-1.6 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_DELETE_ROW"
&& [string compare -nocase $arg1 sqlite_master]==0} {
return SQLITE_DENY
}
return SQLITE_OK
}
catchsql {DROP TABLE t1}
} {1 {deletion from table sqlite_master is prohibited}}
do_test auth-1.7 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_DELETE_ROW"
&& [string compare -nocase $arg1 sqlite_master]==0} {
return SQLITE_IGNORE
}
return SQLITE_OK
}
catchsql {DROP TABLE t1}
} {1 {deletion from table sqlite_master is prohibited}}
do_test auth-1.8 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_INSERT_ROW"
&& [string compare -nocase $arg1 t1]==0} {
return SQLITE_DENY
}
return SQLITE_OK
}
catchsql {INSERT INTO t1 VALUES(1,2,3)}
} {1 {insertion into table t1 is prohibited}}
do_test auth-1.9 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_INSERT_ROW"
&& [string compare -nocase $arg1 t1]==0} {
return SQLITE_IGNORE
}
return SQLITE_OK
}
catchsql {INSERT INTO t1 VALUES(1,2,3)}
} {0 {}}
do_test auth-1.10 {
execsql {SELECT * FROM t1}
} {}
do_test auth-1.11 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_INSERT_ROW"
&& [string compare -nocase $arg1 t1]==0} {
return SQLITE_OK
}
return SQLITE_OK
}
catchsql {INSERT INTO t1 VALUES(1,2,3)}
} {0 {}}
do_test auth-1.12 {
execsql {SELECT * FROM t1}
} {1 2 3}
do_test auth-1.13 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_DELETE_ROW"
&& [string compare -nocase $arg1 t1]==0} {
return SQLITE_DENY
}
return SQLITE_OK
}
catchsql {DELETE FROM t1 WHERE a=1}
} {1 {deletion from table t1 is prohibited}}
do_test auth-1.14 {
execsql {SELECT * FROM t1}
} {1 2 3}
do_test auth-1.15 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_DELETE_ROW"
&& [string compare -nocase $arg1 t1]==0} {
return SQLITE_IGNORE
}
return SQLITE_OK
}
catchsql {DELETE FROM t1 WHERE a=1}
} {0 {}}
do_test auth-1.16 {
execsql {SELECT * FROM t1}
} {1 2 3}
do_test auth-1.17 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_READ_COLUMN"
&& [string compare -nocase $arg1 t1]==0
&& [string compare -nocase $arg2 a]==0} {
return SQLITE_DENY
}
return SQLITE_OK
}
catchsql {SELECT * FROM t1}
} {1 {access to t1.a is prohibited}}
do_test auth-1.18 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_READ_COLUMN"
&& [string compare -nocase $arg1 t1]==0
&& [string compare -nocase $arg2 a]==0} {
return SQLITE_IGNORE
}
return SQLITE_OK
}
catchsql {SELECT * FROM t1}
} {0 {{} 2 3}}
do_test auth-1.19 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_WRITE_COLUMN"
&& [string compare -nocase $arg1 t1]==0
&& [string compare -nocase $arg2 a]==0} {
return SQLITE_DENY
}
return SQLITE_OK
}
catchsql {UPDATE t1 SET a=11 WHERE a=1}
} {1 {changes to t1.a are prohibited}}
do_test auth-1.20 {
execsql {SELECT * FROM t1}
} {1 2 3}
do_test auth-1.21 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_WRITE_COLUMN"
&& [string compare -nocase $arg1 t1]==0
&& [string compare -nocase $arg2 a]==0} {
return SQLITE_DENY
}
return SQLITE_OK
}
catchsql {UPDATE t1 SET b=12 WHERE a=1}
} {0 {}}
do_test auth-1.22 {
execsql {SELECT * FROM t1}
} {1 12 3}
do_test auth-1.23 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_WRITE_COLUMN"
&& [string compare -nocase $arg1 t1]==0
&& [string compare -nocase $arg2 a]==0} {
return SQLITE_IGNORE
}
return SQLITE_OK
}
catchsql {UPDATE t1 SET a=11, b=22 WHERE a=1}
} {0 {}}
do_test auth-1.24 {
execsql {SELECT * FROM t1}
} {1 22 3}
do_test auth-1.25 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_WRITE_COLUMN"
&& [string compare -nocase $arg1 t1]==0
&& [string compare -nocase $arg2 a]==0} {
return SQLITE_DENY
}
return SQLITE_OK
}
catchsql {UPDATE t1 SET a=11, b=33 WHERE a=1}
} {1 {changes to t1.a are prohibited}}
do_test auth-1.26 {
execsql {SELECT * FROM t1}
} {1 22 3}
do_test auth-1.27 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_READ_COLUMN"
&& [string compare -nocase $arg1 t1]==0
&& [string compare -nocase $arg2 a]==0} {
return SQLITE_DENY
}
return SQLITE_OK
}
catchsql {UPDATE t1 SET b=33, c=44 WHERE a=1}
} {1 {access to t1.a is prohibited}}
do_test auth-1.28 {
execsql {SELECT b, c FROM t1}
} {22 3}
do_test auth-1.29 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_READ_COLUMN"
&& [string compare -nocase $arg1 t1]==0
&& [string compare -nocase $arg2 a]==0} {
return SQLITE_IGNORE
}
return SQLITE_OK
}
catchsql {UPDATE t1 SET b=33, c=44 WHERE a=1}
} {0 {}}
do_test auth-1.30 {
execsql {SELECT b, c FROM t1}
} {22 3}
do_test auth-1.31 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_READ_COLUMN"
&& [string compare -nocase $arg1 t1]==0
&& [string compare -nocase $arg2 a]==0} {
return SQLITE_IGNORE
}
return SQLITE_OK
}
catchsql {UPDATE t1 SET b=33, c=44 WHERE a IS NULL}
} {0 {}}
do_test auth-1.32 {
execsql {SELECT b, c FROM t1}
} {33 44}
} ;# End of the "if( db command exists )"
finish_test