diff --git a/manifest b/manifest index 6d1310ea58..2531ee9a39 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Forgot\sto\sinclude\sthe\snew\s"auth.c"\ssource\sfile\sin\sthe\sprevious\scheckin.\s(CVS\s828) -D 2003-01-12T18:07:49 +C The\sinitial\sround\sof\stests\sfor\sthe\ssqlite_set_authorizer()\sAPI.\s\sMore\sare\nneeded\sbefore\srelease.\s\sTicket\s#215.\s(CVS\s829) +D 2003-01-12T19:33:53 F Makefile.in 6606854b1512f185b8e8c779b8d7fc2750463d64 F Makefile.linux-gcc b86a99c493a5bfb402d1d9178dcdc4bd4b32f906 F README f1de682fbbd94899d50aca13d387d1b3fd3be2dd @@ -18,7 +18,7 @@ F main.mk 8b10c5df8a21cdd343986a90c75247bafaebb3aa F publish.sh e5b83867d14708ed58cec8cba0a4f201e969474d F spec.template 238f7db425a78dc1bb7682e56e3834c7270a3f5e F sqlite.1 83f4a9d37bdf2b7ef079a82d54eaf2e3509ee6ea -F src/auth.c 1ba84533dedc0aff1697bdea0bd63844bed49c48 +F src/auth.c de3c70e5eab92ef5c1af87dae626022b8f46a6fd F src/btree.c 131b5903f66e148f0f9af0cedd1c6654932c4e04 F src/btree.h 17710339f7a8f46e3c7d6d0d4648ef19c584ffda F src/build.c 3136d7fc765cc2feee2ad987bac1c1696fdc0f0e @@ -28,7 +28,7 @@ F src/expr.c d8b319f25335443a415a639aec8e0edc64e3ab6c F src/func.c 90c583f0b91220f7cd411a2407deaf9327245d63 F src/hash.c 4fc39feb7b7711f6495ee9f2159559bedb043e1f F src/hash.h cd0433998bc1a3759d244e1637fe5a3c13b53bf8 -F src/insert.c 0ea9427f7242a4432842100b41b4b81fd1999ad6 +F src/insert.c d19a73907ade1f2801bf8c3cb68538e8b1a05b5f F src/main.c c8f8fdfe4548a8404fab90ff6ad374b217e6b7fa F src/md5.c fe4f9c9c6f71dfc26af8da63e4d04489b1430565 F src/os.c 28447687e7914306650f72058f62f7162faeef1f @@ -57,6 +57,7 @@ F src/vdbe.c e103bd5a154b1790dd344662dceb14566a51a879 F src/vdbe.h 754eba497cfe0c3e352b9c101ab2f811f10d0a55 F src/where.c 5bf7f1e1d756ab3d25a18b24bb42106cb8e14d18 F test/all.test 873d30e25a41b3aa48fec5633a7ec1816e107029 +F test/auth.test 1e8e443bc8d5c4ea44176ce6d9de4157582475aa F test/bigfile.test 1cd8256d4619c39bea48147d344f348823e78678 F test/bigrow.test 8ab252dba108f12ad64e337b0f2ff31a807ac578 F test/btree.test 10e75aec120ecefc0edc4c912a0980a43db1b6c2 @@ -153,7 +154,7 @@ F www/speed.tcl a20a792738475b68756ea7a19321600f23d1d803 F www/sqlite.tcl ae3dcfb077e53833b59d4fcc94d8a12c50a44098 F www/tclsqlite.tcl 1db15abeb446aad0caf0b95b8b9579720e4ea331 F www/vdbe.tcl 2013852c27a02a091d39a766bc87cff329f21218 -P 52d5007f64d0af5286b2a0e1f0b9e53c86bece3f -R 1a3038845af2798949c6e7c2b6282e0e +P 7601916419489879fe963c83010b452c49ef063f +R bf3593b345d77cb3f65a7094575c0db9 U drh -Z ce72280da87725f92833f0d83598931c +Z 10949dc2e6e230f66d8a085db700df05 diff --git a/manifest.uuid b/manifest.uuid index 8456bf254c..b1cd83be48 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -7601916419489879fe963c83010b452c49ef063f \ No newline at end of file +5707b3d56efb6e988f816abefb1836f2f3254117 \ No newline at end of file diff --git a/src/auth.c b/src/auth.c index 92782b85a5..8303e7a81a 100644 --- a/src/auth.c +++ b/src/auth.c @@ -14,7 +14,7 @@ ** systems that do not need this facility may omit it by recompiling ** the library with -DSQLITE_OMIT_AUTHORIZATION=1 ** -** $Id: auth.c,v 1.1 2003/01/12 18:07:49 drh Exp $ +** $Id: auth.c,v 1.2 2003/01/12 19:33:53 drh Exp $ */ #include "sqliteInt.h" @@ -68,7 +68,7 @@ static void sqliteAuthBadReturnCode(Parse *pParse, int rc){ char zBuf[20]; sprintf(zBuf, "(%d)", rc); sqliteSetString(&pParse->zErrMsg, "illegal return value ", zBuf, - " from the authorization function - should to be SQLITE_OK, " + " from the authorization function - should be SQLITE_OK, " "SQLITE_IGNORE, or SQLITE_DENY", 0); pParse->nErr++; } @@ -133,7 +133,7 @@ int sqliteAuthDelete(Parse *pParse, const char *zName, int forceError){ } rc = db->xAuth(db->pAuthArg, SQLITE_DELETE_ROW, zName, ""); if( rc==SQLITE_DENY || (rc==SQLITE_IGNORE && forceError) ){ - sqliteSetString(&pParse->zErrMsg,"deletion of rows from table ", + sqliteSetString(&pParse->zErrMsg,"deletion from table ", zName, " is prohibited", 0); pParse->nErr++; }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){ @@ -158,7 +158,7 @@ int sqliteAuthInsert(Parse *pParse, const char *zName, int forceError){ } rc = db->xAuth(db->pAuthArg, SQLITE_INSERT_ROW, zName, ""); if( rc==SQLITE_DENY || (rc==SQLITE_IGNORE && forceError) ){ - sqliteSetString(&pParse->zErrMsg,"insertion of rows from table ", + sqliteSetString(&pParse->zErrMsg,"insertion into table ", zName, " is prohibited", 0); pParse->nErr++; }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){ diff --git a/src/insert.c b/src/insert.c index 5dc8882d32..888f129098 100644 --- a/src/insert.c +++ b/src/insert.c @@ -12,7 +12,7 @@ ** This file contains C code routines that are called by the parser ** to handle INSERT statements in SQLite. ** -** $Id: insert.c,v 1.69 2003/01/12 18:02:18 drh Exp $ +** $Id: insert.c,v 1.70 2003/01/12 19:33:53 drh Exp $ */ #include "sqliteInt.h" @@ -127,6 +127,9 @@ void sqliteInsert( pParse->nErr++; goto insert_cleanup; } + if( sqliteAuthInsert(pParse, zTab, 0) ){ + goto insert_cleanup; + } /* Ensure that: * (a) the table is not read-only, diff --git a/test/auth.test b/test/auth.test new file mode 100644 index 0000000000..2ba7fdf329 --- /dev/null +++ b/test/auth.test @@ -0,0 +1,274 @@ +# 2003 January 12 +# +# The author disclaims copyright to this source code. In place of +# a legal notice, here is a blessing: +# +# May you do good and not evil. +# May you find forgiveness for yourself and forgive others. +# May you share freely, never taking more than you give. +# +#*********************************************************************** +# This file implements regression tests for SQLite library. The +# focus of this script testing the sqlite_set_authorizer() API. +# +# $Id: auth.test,v 1.1 2003/01/12 19:33:54 drh Exp $ +# + +set testdir [file dirname $argv0] +source $testdir/tester.tcl + +if {[info command sqlite_set_authorizer]!=""} { + +do_test auth-1.1 { + db close + set ::DB [sqlite db test.db] + proc auth {code arg1 arg2} { + if {$code=="SQLITE_INSERT_ROW" + && [string compare -nocase $arg1 sqlite_master]==0} { + return SQLITE_DENY + } + return SQLITE_OK + } + sqlite_set_authorizer $::DB ::auth + catchsql {CREATE TABLE t1(a,b,c)} +} {1 {insertion into table sqlite_master is prohibited}} +do_test auth-1.2 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_INSERT_ROW" + && [string compare -nocase $arg1 sqlite_master]==0} { + return SQLITE_IGNORE + } + return SQLITE_OK + } + catchsql {CREATE TABLE t1(a,b,c)} +} {1 {insertion into table sqlite_master is prohibited}} +do_test auth-1.3 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_INSERT_ROW" + && [string compare -nocase $arg1 sqlite_master]==0} { + return SQLITE_OK + } + return SQLITE_OK + } + catchsql {CREATE TABLE t1(a,b,c)} +} {0 {}} +do_test auth-1.4 { + execsql {SELECT name FROM sqlite_master} +} {t1} +do_test auth-1.5 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_INSERT_ROW" + && [string compare -nocase $arg1 sqlite_master]==0} { + return BOGUS + } + return SQLITE_OK + } + catchsql {CREATE TABLE t2(a,b,c)} +} {1 {illegal return value (1) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY}} +do_test auth-1.6 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_DELETE_ROW" + && [string compare -nocase $arg1 sqlite_master]==0} { + return SQLITE_DENY + } + return SQLITE_OK + } + catchsql {DROP TABLE t1} +} {1 {deletion from table sqlite_master is prohibited}} +do_test auth-1.7 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_DELETE_ROW" + && [string compare -nocase $arg1 sqlite_master]==0} { + return SQLITE_IGNORE + } + return SQLITE_OK + } + catchsql {DROP TABLE t1} +} {1 {deletion from table sqlite_master is prohibited}} +do_test auth-1.8 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_INSERT_ROW" + && [string compare -nocase $arg1 t1]==0} { + return SQLITE_DENY + } + return SQLITE_OK + } + catchsql {INSERT INTO t1 VALUES(1,2,3)} +} {1 {insertion into table t1 is prohibited}} +do_test auth-1.9 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_INSERT_ROW" + && [string compare -nocase $arg1 t1]==0} { + return SQLITE_IGNORE + } + return SQLITE_OK + } + catchsql {INSERT INTO t1 VALUES(1,2,3)} +} {0 {}} +do_test auth-1.10 { + execsql {SELECT * FROM t1} +} {} +do_test auth-1.11 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_INSERT_ROW" + && [string compare -nocase $arg1 t1]==0} { + return SQLITE_OK + } + return SQLITE_OK + } + catchsql {INSERT INTO t1 VALUES(1,2,3)} +} {0 {}} +do_test auth-1.12 { + execsql {SELECT * FROM t1} +} {1 2 3} +do_test auth-1.13 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_DELETE_ROW" + && [string compare -nocase $arg1 t1]==0} { + return SQLITE_DENY + } + return SQLITE_OK + } + catchsql {DELETE FROM t1 WHERE a=1} +} {1 {deletion from table t1 is prohibited}} +do_test auth-1.14 { + execsql {SELECT * FROM t1} +} {1 2 3} +do_test auth-1.15 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_DELETE_ROW" + && [string compare -nocase $arg1 t1]==0} { + return SQLITE_IGNORE + } + return SQLITE_OK + } + catchsql {DELETE FROM t1 WHERE a=1} +} {0 {}} +do_test auth-1.16 { + execsql {SELECT * FROM t1} +} {1 2 3} +do_test auth-1.17 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_READ_COLUMN" + && [string compare -nocase $arg1 t1]==0 + && [string compare -nocase $arg2 a]==0} { + return SQLITE_DENY + } + return SQLITE_OK + } + catchsql {SELECT * FROM t1} +} {1 {access to t1.a is prohibited}} +do_test auth-1.18 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_READ_COLUMN" + && [string compare -nocase $arg1 t1]==0 + && [string compare -nocase $arg2 a]==0} { + return SQLITE_IGNORE + } + return SQLITE_OK + } + catchsql {SELECT * FROM t1} +} {0 {{} 2 3}} +do_test auth-1.19 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_WRITE_COLUMN" + && [string compare -nocase $arg1 t1]==0 + && [string compare -nocase $arg2 a]==0} { + return SQLITE_DENY + } + return SQLITE_OK + } + catchsql {UPDATE t1 SET a=11 WHERE a=1} +} {1 {changes to t1.a are prohibited}} +do_test auth-1.20 { + execsql {SELECT * FROM t1} +} {1 2 3} +do_test auth-1.21 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_WRITE_COLUMN" + && [string compare -nocase $arg1 t1]==0 + && [string compare -nocase $arg2 a]==0} { + return SQLITE_DENY + } + return SQLITE_OK + } + catchsql {UPDATE t1 SET b=12 WHERE a=1} +} {0 {}} +do_test auth-1.22 { + execsql {SELECT * FROM t1} +} {1 12 3} +do_test auth-1.23 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_WRITE_COLUMN" + && [string compare -nocase $arg1 t1]==0 + && [string compare -nocase $arg2 a]==0} { + return SQLITE_IGNORE + } + return SQLITE_OK + } + catchsql {UPDATE t1 SET a=11, b=22 WHERE a=1} +} {0 {}} +do_test auth-1.24 { + execsql {SELECT * FROM t1} +} {1 22 3} +do_test auth-1.25 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_WRITE_COLUMN" + && [string compare -nocase $arg1 t1]==0 + && [string compare -nocase $arg2 a]==0} { + return SQLITE_DENY + } + return SQLITE_OK + } + catchsql {UPDATE t1 SET a=11, b=33 WHERE a=1} +} {1 {changes to t1.a are prohibited}} +do_test auth-1.26 { + execsql {SELECT * FROM t1} +} {1 22 3} +do_test auth-1.27 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_READ_COLUMN" + && [string compare -nocase $arg1 t1]==0 + && [string compare -nocase $arg2 a]==0} { + return SQLITE_DENY + } + return SQLITE_OK + } + catchsql {UPDATE t1 SET b=33, c=44 WHERE a=1} +} {1 {access to t1.a is prohibited}} +do_test auth-1.28 { + execsql {SELECT b, c FROM t1} +} {22 3} +do_test auth-1.29 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_READ_COLUMN" + && [string compare -nocase $arg1 t1]==0 + && [string compare -nocase $arg2 a]==0} { + return SQLITE_IGNORE + } + return SQLITE_OK + } + catchsql {UPDATE t1 SET b=33, c=44 WHERE a=1} +} {0 {}} +do_test auth-1.30 { + execsql {SELECT b, c FROM t1} +} {22 3} +do_test auth-1.31 { + proc auth {code arg1 arg2} { + if {$code=="SQLITE_READ_COLUMN" + && [string compare -nocase $arg1 t1]==0 + && [string compare -nocase $arg2 a]==0} { + return SQLITE_IGNORE + } + return SQLITE_OK + } + catchsql {UPDATE t1 SET b=33, c=44 WHERE a IS NULL} +} {0 {}} +do_test auth-1.32 { + execsql {SELECT b, c FROM t1} +} {33 44} + + +} ;# End of the "if( db command exists )" + +finish_test