Reorder parameters on the sqlite3_user_*() interfaces for consistency.

Add the first TCL test cases.

FossilOrigin-Name: 2f6d8f32eef526b5912f42ab467e3c7812480d8b

ext/userauth/sqlite3userauth.h

@@ -36,8 +36,8 @@
 int sqlite3_user_authenticate(
   sqlite3 *db,           /* The database connection */
   const char *zUsername, /* Username */
-  int nPW,               /* Number of bytes in aPW[] */
-  const char *aPW        /* Password or credentials */
+  const char *aPW,       /* Password or credentials */
+  int nPW                /* Number of bytes in aPW[] */
 );
 
 /*
@@ -53,9 +53,9 @@ int sqlite3_user_authenticate(
 int sqlite3_user_add(
   sqlite3 *db,           /* Database connection */
   const char *zUsername, /* Username to be added */
-  int isAdmin,           /* True to give new user admin privilege */
+  const char *aPW,       /* Password or credentials */
   int nPW,               /* Number of bytes in aPW[] */
-  const char *aPW        /* Password or credentials */
+  int isAdmin            /* True to give new user admin privilege */
 );
 
 /*
@@ -68,9 +68,9 @@ int sqlite3_user_add(
 int sqlite3_user_change(
   sqlite3 *db,           /* Database connection */
   const char *zUsername, /* Username to change */
-  int isAdmin,           /* Modified admin privilege for the user */
+  const char *aPW,       /* New password or credentials */
   int nPW,               /* Number of bytes in aPW[] */
-  const char *aPW        /* Modified password or credentials */
+  int isAdmin            /* Modified admin privilege for the user */
 );
 
 /*

ext/userauth/user-auth.txt

@@ -7,24 +7,24 @@ activated:
    int sqlite3_user_authenticate(
      sqlite3 *db,           /* The database connection */
      const char *zUsername, /* Username */
-     int nPW,               /* Number of bytes in aPW[] */
-     const void *aPW        /* Password or credentials */
+     const char *aPW,       /* Password or credentials */
+     int nPW                /* Number of bytes in aPW[] */
    );
    
    int sqlite3_user_add(
      sqlite3 *db,           /* Database connection */
      const char *zUsername, /* Username to be added */
-     int isAdmin,           /* True to give new user admin privilege */
+     const char *aPW,       /* Password or credentials */
      int nPW,               /* Number of bytes in aPW[] */
-     const void *aPW        /* Password or credentials */
+     int isAdmin            /* True to give new user admin privilege */
    );
    
    int sqlite3_user_change(
      sqlite3 *db,           /* Database connection */
      const char *zUsername, /* Username to change */
-     int isAdmin,           /* Modified admin privilege for the user */
+     const void *aPW,       /* Modified password or credentials */
      int nPW,               /* Number of bytes in aPW[] */
-     const void *aPW        /* Modified password or credentials */
+     int isAdmin            /* Modified admin privilege for the user */
    );
    
    int sqlite3_user_delete(
@@ -71,12 +71,15 @@ check fails, then the ATTACH-ed database is unreadable [1g].
 
 The sqlite3_user_add() interface can be used (by an admin user only)
 to create a new user.  When called on a no-authentication-required
-database, this routine converts the database into an authentication-
-required database [3], automatically makes the added user an
-administrator [1b], and logs in the current connection as that user [1a].
-The sqlite3_user_add() interface only works for the "main" database, not
-for any ATTACH-ed databases.  Any call to sqlite3_user_add() by a
-non-admin user results in an error.
+database and when A is true, the sqlite3_user_add(D,U,P,N,A) routine
+converts the database into an authentication-required database and
+logs the database connection D in using user U with password P,N.
+To convert a no-authentication-required database into an authentication-
+required database, the isAdmin parameter must be true.  If
+sqlite3_user_add(D,U,P,N,A) is called on a no-authentication-required
+database and A is false, then the call fails with an SQLITE_AUTH error.
+
+Any call to sqlite3_user_add() by a non-admin user results in an error.
 
 Hence, to create a new, unencrypted, authentication-required database,
 the call sequence is:

ext/userauth/userauth.c

@@ -177,8 +177,8 @@ void sqlite3CryptFunc(
 int sqlite3_user_authenticate(
   sqlite3 *db,           /* The database connection */
   const char *zUsername, /* Username */
-  int nPW,               /* Number of bytes in aPW[] */
-  const char *zPW        /* Password or credentials */
+  const char *zPW,       /* Password or credentials */
+  int nPW                /* Number of bytes in aPW[] */
 ){
   int rc;
   u8 authLevel = UAUTH_Fail;
@@ -217,9 +217,9 @@ int sqlite3_user_authenticate(
 int sqlite3_user_add(
   sqlite3 *db,           /* Database connection */
   const char *zUsername, /* Username to be added */
-  int isAdmin,           /* True to give new user admin privilege */
+  const char *aPW,       /* Password or credentials */
   int nPW,               /* Number of bytes in aPW[] */
-  const char *aPW        /* Password or credentials */
+  int isAdmin            /* True to give new user admin privilege */
 ){
   sqlite3_stmt *pStmt;
   int rc;
@@ -248,7 +248,7 @@ int sqlite3_user_add(
   if( rc ) return rc;
   if( db->auth.zAuthUser==0 ){
     assert( isAdmin!=0 );
-    sqlite3_user_authenticate(db, zUsername, nPW, aPW);
+    sqlite3_user_authenticate(db, zUsername, aPW, nPW);
   }
   return SQLITE_OK;
 }
@@ -263,9 +263,9 @@ int sqlite3_user_add(
 int sqlite3_user_change(
   sqlite3 *db,           /* Database connection */
   const char *zUsername, /* Username to change */
-  int isAdmin,           /* Modified admin privilege for the user */
+  const char *aPW,       /* Modified password or credentials */
   int nPW,               /* Number of bytes in aPW[] */
-  const char *aPW        /* Modified password or credentials */
+  int isAdmin            /* Modified admin privilege for the user */
 ){
   sqlite3_stmt *pStmt;
   if( db->auth.authLevel<UAUTH_User ){

manifest

@@ -1,5 +1,5 @@
-C Complete\sthe\simplementation\sof\sthe\svarious\sAPIs.\s\sFix\sseveral\sproblems.\nThis\sis\sanother\sincremental\scheck-in\sthat\sdoes\snot\scompletely\swork.
-D 2014-09-10T22:46:46.526
+C Reorder\sparameters\son\sthe\ssqlite3_user_*()\sinterfaces\sfor\sconsistency.\nAdd\sthe\sfirst\sTCL\stest\scases.
+D 2014-09-11T00:27:53.371
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in cf57f673d77606ab0f2d9627ca52a9ba1464146a
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -144,9 +144,9 @@ F ext/rtree/rtree_util.tcl 06aab2ed5b826545bf215fff90ecb9255a8647ea
 F ext/rtree/sqlite3rtree.h 83349d519fe5f518b3ea025d18dd1fe51b1684bd
 F ext/rtree/tkt3363.test 142ab96eded44a3615ec79fba98c7bde7d0f96de
 F ext/rtree/viewrtree.tcl eea6224b3553599ae665b239bd827e182b466024
-F ext/userauth/sqlite3userauth.h 6e15b0006e7b07b7b008c9f9297b3781a7514337
-F ext/userauth/user-auth.txt f471c5a363ab0682b109d85982ea857f9a144ccc
-F ext/userauth/userauth.c e14ab212e1e2cd3f3a5d324f2c3e0b0c5a950c86
+F ext/userauth/sqlite3userauth.h 19cb6f0e31316d0ee4afdfb7a85ef9da3333a220
+F ext/userauth/user-auth.txt a0340e6219f0b70fde57502c8f6b1c5fdb23023e
+F ext/userauth/userauth.c a66cd3abcc3b2c10b3999ab49f900d561e8ddd33
 F install-sh 9d4de14ab9fb0facae2f48780b874848cbf2f895 x
 F ltmain.sh 3ff0879076df340d2e23ae905484d8c15d5fdea8
 F magic.txt 8273bf49ba3b0c8559cb2774495390c31fd61c60
@@ -227,7 +227,7 @@ F src/random.c d10c1f85b6709ca97278428fd5db5bbb9c74eece
 F src/resolve.c 0d1621e45fffe4b4396477cf46e41a84b0145ffb
 F src/rowset.c eccf6af6d620aaa4579bd3b72c1b6395d9e9fa1e
 F src/select.c b4457526cee73c0b69fad42f799f619b1d5a8a8a
-F src/shell.c 4dac2ec625fb15a51b06ab998e7cec8c1e6a40eb
+F src/shell.c 7d26b6526fb9daab994265446b751fb86fd9d675
 F src/sqlite.h.in 577876beef2264a0b031c0d744c81855983088f9
 F src/sqlite3.rc 992c9f5fb8285ae285d6be28240a7e8d3a7f2bad
 F src/sqlite3ext.h 1f40357fb9b12a80c5a3b2b109fd249b009213d4
@@ -236,7 +236,7 @@ F src/sqliteLimit.h 164b0e6749d31e0daa1a4589a169d31c0dec7b3d
 F src/status.c 7ac05a5c7017d0b9f0b4bcd701228b784f987158
 F src/table.c 4e28a53e66bad8d014a510ef0205f5497c712b08
 F src/tclsqlite.c 8d6d6833c0053f0b3b1aeb1c5c7a7eeff0ad4d3f
-F src/test1.c 22bfe1ce9f2f3746d682093a475ec0a33e0e55d8
+F src/test1.c 523cd70ded28db71af9a30ec184cbe0957de9575
 F src/test2.c 98049e51a17dc62606a99a9eb95ee477f9996712
 F src/test3.c 1c0e5d6f080b8e33c1ce8b3078e7013fdbcd560c
 F src/test4.c 9b32d22f5f150abe23c1830e2057c4037c45b3df
@@ -1057,6 +1057,7 @@ F test/unixexcl.test cd6c765f75e50e8e2c2ba763149e5d340ea19825
 F test/unordered.test ca7adce0419e4ca0c50f039885e76ed2c531eda8
 F test/update.test 1b6c488a8f993d090b7ee9ad0e234faa161b3aeb
 F test/uri.test 23662b7b61958b0f0e47082de7d06341ccf85d5b
+F test/userauth01.test 695ead5a47e8827dea283abca69c121b679176af
 F test/utf16align.test 54cd35a27c005a9b6e7815d887718780b6a462ae
 F test/vacuum.test ce91c39f7f91a4273bf620efad21086b5aa6ef1d
 F test/vacuum2.test af432e6e3bfc0ea20a80cb86a03c7d9876d38324
@@ -1196,7 +1197,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P a0455f9deb603bf91684158d911269622720fc1a
-R 7c5d50077d463af5ab8f09588f919ad0
+P 4eaaa7fa87aa912d24f8b35440ab60310dc08310
+R b62ab47ef5a1f118b5c6bf446676036b
 U drh
-Z 0eb3e0d5d27e81783efc050a8d458d7f
+Z 388f9ca2f5e0d91d315989cc617a17a1

manifest.uuid

@@ -1 +1 @@
-4eaaa7fa87aa912d24f8b35440ab60310dc08310
+2f6d8f32eef526b5912f42ab467e3c7812480d8b

src/shell.c

@@ -3451,31 +3451,34 @@ static int do_meta_command(char *zLine, ShellState *p){
         rc = 1;
         goto meta_command_exit;
       }
-      rc = sqlite3_user_authenticate(p->db, azArg[2], (int)strlen(azArg[3]), azArg[3]);
+      rc = sqlite3_user_authenticate(p->db, azArg[2], azArg[3],
+                                    (int)strlen(azArg[3]));
       if( rc ){
         fprintf(stderr, "Authentication failed for user %s\n", azArg[2]);
         rc = 1;
       }
     }else if( strcmp(azArg[1],"add")==0 ){
       if( nArg!=5 ){
-        fprintf(stderr, "Usage: .user add USER ISADMIN PASSWORD\n");
+        fprintf(stderr, "Usage: .user add USER PASSWORD ISADMIN\n");
         rc = 1;
         goto meta_command_exit;
       }
-      rc = sqlite3_user_add(p->db, azArg[2], booleanValue(azArg[3]),
-                            (int)strlen(azArg[4]), azArg[4]);
+      rc = sqlite3_user_add(p->db, azArg[2],
+                            azArg[3], (int)strlen(azArg[3]),
+                            booleanValue(azArg[4]));
       if( rc ){
         fprintf(stderr, "User-Add failed: %d\n", rc);
         rc = 1;
       }
     }else if( strcmp(azArg[1],"edit")==0 ){
       if( nArg!=5 ){
-        fprintf(stderr, "Usage: .user edit USER ISADMIN PASSWORD\n");
+        fprintf(stderr, "Usage: .user edit USER PASSWORD ISADMIN\n");
         rc = 1;
         goto meta_command_exit;
       }
-      rc = sqlite3_user_change(p->db, azArg[2], booleanValue(azArg[3]),
-                              (int)strlen(azArg[4]), azArg[4]);
+      rc = sqlite3_user_change(p->db, azArg[2],
+                              azArg[3], (int)strlen(azArg[3]),
+                              booleanValue(azArg[4]));
       if( rc ){
         fprintf(stderr, "User-Edit failed: %d\n", rc);
         rc = 1;

src/test1.c

@@ -6497,6 +6497,132 @@ static int sorter_test_sort4_helper(
 }
 
 
+#ifdef SQLITE_USER_AUTHENTICATION
+#include "sqlite3userauth.h"
+/*
+** tclcmd:  sqlite3_user_authenticate DB USERNAME PASSWORD
+*/
+static int test_user_authenticate(
+  ClientData clientData, /* Unused */
+  Tcl_Interp *interp,    /* The TCL interpreter that invoked this command */
+  int objc,              /* Number of arguments */
+  Tcl_Obj *CONST objv[]  /* Command arguments */
+){
+  char *zUser = 0;
+  char *zPasswd = 0;
+  int nPasswd = 0;
+  sqlite3 *db;
+  int rc;
+
+  if( objc!=4 ){
+    Tcl_WrongNumArgs(interp, 1, objv, "DB USERNAME PASSWORD");
+    return TCL_ERROR;
+  }
+  if( getDbPointer(interp, Tcl_GetString(objv[1]), &db) ){
+    return TCL_ERROR;
+  }
+  zUser = Tcl_GetString(objv[2]);
+  zPasswd = Tcl_GetStringFromObj(objv[3], &nPasswd);
+  rc = sqlite3_user_authenticate(db, zUser, zPasswd, nPasswd);
+  Tcl_SetResult(interp, (char *)t1ErrorName(rc), TCL_STATIC);
+  return TCL_OK;
+}
+#endif /* SQLITE_USER_AUTHENTICATION */
+
+#ifdef SQLITE_USER_AUTHENTICATION
+/*
+** tclcmd:  sqlite3_user_add DB USERNAME PASSWORD ISADMIN
+*/
+static int test_user_add(
+  ClientData clientData, /* Unused */
+  Tcl_Interp *interp,    /* The TCL interpreter that invoked this command */
+  int objc,              /* Number of arguments */
+  Tcl_Obj *CONST objv[]  /* Command arguments */
+){
+  char *zUser = 0;
+  char *zPasswd = 0;
+  int nPasswd = 0;
+  int isAdmin = 0;
+  sqlite3 *db;
+  int rc;
+
+  if( objc!=5 ){
+    Tcl_WrongNumArgs(interp, 1, objv, "DB USERNAME PASSWORD ISADMIN");
+    return TCL_ERROR;
+  }
+  if( getDbPointer(interp, Tcl_GetString(objv[1]), &db) ){
+    return TCL_ERROR;
+  }
+  zUser = Tcl_GetString(objv[2]);
+  zPasswd = Tcl_GetStringFromObj(objv[3], &nPasswd);
+  Tcl_GetBooleanFromObj(interp, objv[4], &isAdmin);
+  rc = sqlite3_user_add(db, zUser, zPasswd, nPasswd, isAdmin);
+  Tcl_SetResult(interp, (char *)t1ErrorName(rc), TCL_STATIC);
+  return TCL_OK;
+}
+#endif /* SQLITE_USER_AUTHENTICATION */
+
+#ifdef SQLITE_USER_AUTHENTICATION
+/*
+** tclcmd:  sqlite3_user_change DB USERNAME PASSWORD ISADMIN
+*/
+static int test_user_change(
+  ClientData clientData, /* Unused */
+  Tcl_Interp *interp,    /* The TCL interpreter that invoked this command */
+  int objc,              /* Number of arguments */
+  Tcl_Obj *CONST objv[]  /* Command arguments */
+){
+  char *zUser = 0;
+  char *zPasswd = 0;
+  int nPasswd = 0;
+  int isAdmin = 0;
+  sqlite3 *db;
+  int rc;
+
+  if( objc!=5 ){
+    Tcl_WrongNumArgs(interp, 1, objv, "DB USERNAME PASSWORD ISADMIN");
+    return TCL_ERROR;
+  }
+  if( getDbPointer(interp, Tcl_GetString(objv[1]), &db) ){
+    return TCL_ERROR;
+  }
+  zUser = Tcl_GetString(objv[2]);
+  zPasswd = Tcl_GetStringFromObj(objv[3], &nPasswd);
+  Tcl_GetBooleanFromObj(interp, objv[4], &isAdmin);
+  rc = sqlite3_user_change(db, zUser, zPasswd, nPasswd, isAdmin);
+  Tcl_SetResult(interp, (char *)t1ErrorName(rc), TCL_STATIC);
+  return TCL_OK;
+}
+#endif /* SQLITE_USER_AUTHENTICATION */
+
+#ifdef SQLITE_USER_AUTHENTICATION
+/*
+** tclcmd:  sqlite3_user_delete DB USERNAME
+*/
+static int test_user_delete(
+  ClientData clientData, /* Unused */
+  Tcl_Interp *interp,    /* The TCL interpreter that invoked this command */
+  int objc,              /* Number of arguments */
+  Tcl_Obj *CONST objv[]  /* Command arguments */
+){
+  char *zUser = 0;
+  sqlite3 *db;
+  int rc;
+
+  if( objc!=3 ){
+    Tcl_WrongNumArgs(interp, 1, objv, "DB USERNAME");
+    return TCL_ERROR;
+  }
+  if( getDbPointer(interp, Tcl_GetString(objv[1]), &db) ){
+    return TCL_ERROR;
+  }
+  zUser = Tcl_GetString(objv[2]);
+  rc = sqlite3_user_delete(db, zUser);
+  Tcl_SetResult(interp, (char *)t1ErrorName(rc), TCL_STATIC);
+  return TCL_OK;
+}
+#endif /* SQLITE_USER_AUTHENTICATION */
+
 /*
 ** Register commands with the TCL interpreter.
 */
@@ -6734,6 +6860,13 @@ int Sqlitetest1_Init(Tcl_Interp *interp){
      { "load_static_extension", tclLoadStaticExtensionCmd },
      { "sorter_test_fakeheap", sorter_test_fakeheap },
      { "sorter_test_sort4_helper", sorter_test_sort4_helper },
+#ifdef SQLITE_USER_AUTHENTICATION
+     { "sqlite3_user_authenticate", test_user_authenticate, 0 },
+     { "sqlite3_user_add",          test_user_add,          0 },
+     { "sqlite3_user_change",       test_user_change,       0 },
+     { "sqlite3_user_delete",       test_user_delete,       0 },
+#endif
+
   };
   static int bitmask_size = sizeof(Bitmask)*8;
   int i;

test/userauth01.test

@@ -0,0 +1,74 @@
+# 2014-09-10
+#
+# The author disclaims copyright to this source code.  In place of
+# a legal notice, here is a blessing:
+#
+#    May you do good and not evil.
+#    May you find forgiveness for yourself and forgive others.
+#    May you share freely, never taking more than you give.
+#
+#***********************************************************************
+# 
+# This file implements tests of the SQLITE_USER_AUTHENTICATION extension.
+#
+
+set testdir [file dirname $argv0]
+source $testdir/tester.tcl
+set testprefix userauth01
+
+ifcapable !userauth {
+  finish_test
+  return
+}
+
+# Create a no-authentication-required database
+#
+do_execsql_test userauth01-1.0 {
+  CREATE TABLE t1(x);
+  INSERT INTO t1 VALUES(1),(2.5),('three'),(x'4444'),(NULL);
+  SELECT quote(x) FROM t1 ORDER BY x;
+  SELECT name FROM sqlite_master;
+} {NULL 1 2.5 'three' X'4444' t1}
+
+# Calling sqlite3_user_authenticate() on a no-authentication-required
+# database connection is a harmless no-op.  
+#
+do_test userauth01-1.1 {
+  sqlite3_user_authenticate db alice pw-4-alice
+  execsql {
+    SELECT quote(x) FROM t1 ORDER BY x;
+    SELECT name FROM sqlite_master;
+  }
+} {NULL 1 2.5 'three' X'4444' t1}
+
+# If sqlite3_user_add(D,U,P,N,A) is called on a no-authentication-required
+# database and A is false, then the call fails with an SQLITE_AUTH error.
+#
+do_test userauth01-1.2 {
+  sqlite3_user_add db bob pw-4-bob 0
+} {SQLITE_AUTH}
+do_test userauth01-1.3 {
+  execsql {
+    SELECT quote(x) FROM t1 ORDER BY x;
+    SELECT name FROM sqlite_master;
+  }
+} {NULL 1 2.5 'three' X'4444' t1}
+
+# When called on a no-authentication-required
+# database and when A is true, the sqlite3_user_add(D,U,P,N,A) routine
+# converts the database into an authentication-required database and
+# logs the database connection D in using user U with password P,N.
+#  
+do_test userauth01-1.4 {
+  sqlite3_user_add db alice pw-4-alice 1
+} {SQLITE_OK}
+do_test userauth01-1.5 {
+  execsql {
+    SELECT quote(x) FROM t1 ORDER BY x;
+    SELECT uname, isadmin FROM sqlite_user ORDER BY uname;
+    SELECT name FROM sqlite_master ORDER BY name;
+  }
+} {NULL 1 2.5 'three' X'4444' alice 1 sqlite_user t1}
+
+
+finish_test