From dcd997ea2ec92c08506c56490cf6109a9611eafc Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Fri, 31 Jan 2003 17:21:49 +0000
Subject: [PATCH] The sqlite_exec() function now returns SQLITE_AUTH when
authorization fails. Ticket #231. (CVS 857)
FossilOrigin-Name: d93c1aeb544a5b1056424945eb43854213b30e50
---
manifest | 20 ++++++++++----------
manifest.uuid | 2 +-
src/auth.c | 5 ++++-
src/tclsqlite.c | 27 +++++++++++++++++++++------
src/where.c | 6 +++---
test/auth.test | 15 ++++++++++++---
test/tclsqlite.test | 4 ++--
7 files changed, 53 insertions(+), 26 deletions(-)
diff --git a/manifest b/manifest
index 3e9f116a07..611cbb1ed7 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Allow\sdouble-quoted\sstrings\sas\sstring\sconstants\sin\sthe\sIN\soperator.\s\sAs\sa\nside-efffect,\sallow\sthe\sGROUP\sBY\sclause\sto\srefer\sto\scolumns\sby\stheir\sinteger\ncolumn\snumber.\s\sTicket\s#237.\s(CVS\s856)
-D 2003-01-31T17:16:37
+C The\ssqlite_exec()\sfunction\snow\sreturns\sSQLITE_AUTH\swhen\sauthorization\sfails.\nTicket\s#231.\s(CVS\s857)
+D 2003-01-31T17:21:50
F Makefile.in 6606854b1512f185b8e8c779b8d7fc2750463d64
F Makefile.linux-gcc b86a99c493a5bfb402d1d9178dcdc4bd4b32f906
F README f1de682fbbd94899d50aca13d387d1b3fd3be2dd
@@ -18,7 +18,7 @@ F main.mk 8b10c5df8a21cdd343986a90c75247bafaebb3aa
F publish.sh ce0bf7e235984bc156dc5d1a0c8092db4c8442f3
F spec.template 238f7db425a78dc1bb7682e56e3834c7270a3f5e
F sqlite.1 83f4a9d37bdf2b7ef079a82d54eaf2e3509ee6ea
-F src/auth.c 9c2db0bc7707f2d2e227f47e3d557b41d44ade75
+F src/auth.c f37bfc9451b8c1fa52f34adff474560018892729
F src/btree.c 668402ca441592d85da521309625bd1bcc6f010e
F src/btree.h 17710339f7a8f46e3c7d6d0d4648ef19c584ffda
F src/build.c 6e0310086b8e2deef74f0d4fb3297c4e8fcf6222
@@ -44,7 +44,7 @@ F src/shell.tcl 27ecbd63dd88396ad16d81ab44f73e6c0ea9d20e
F src/sqlite.h.in 6f648803f2ffb9beb35cb1cfa42b323d55519171
F src/sqliteInt.h f22092ed33fea784f58bcd57b90c0babd16a0e29
F src/table.c eed2098c9b577aa17f8abe89313a9c4413f57d63
-F src/tclsqlite.c 9f2c00a92338c51171ded8943bd42d77f7e69e64
+F src/tclsqlite.c 8167d40fd34036701e07492d07a6f9e5c4015241
F src/test1.c eb05abd3ec6822f800476c04aed4db112690b144
F src/test2.c 03f05e984c8e2f2badc44644d42baf72b249096b
F src/test3.c c12ea7f1c3fbbd58904e81e6cb10ad424e6fc728
@@ -55,9 +55,9 @@ F src/update.c f06afa9bf1f777d17702e0f6e33cf44c44bc4f75
F src/util.c 757875a366be838d96c09f255631596a2f558fca
F src/vdbe.c 2ad2510bc3d25db9da66054d33fdcadf54d25fff
F src/vdbe.h ed43771f1dc2b994d5c484fdf2eab357c6ef0ee3
-F src/where.c 5bf7f1e1d756ab3d25a18b24bb42106cb8e14d18
+F src/where.c ba96cab1fb076f025b6eae3fb0aead769fd2c96f
F test/all.test 873d30e25a41b3aa48fec5633a7ec1816e107029
-F test/auth.test 95aeda24f76b6fd028bdb3d6ae1e30b153d942fe
+F test/auth.test 33e8b9680eb0ce521c54096fff1c9ab506c7dfb8
F test/bigfile.test 1cd8256d4619c39bea48147d344f348823e78678
F test/bigrow.test 8ab252dba108f12ad64e337b0f2ff31a807ac578
F test/btree.test 10e75aec120ecefc0edc4c912a0980a43db1b6c2
@@ -105,7 +105,7 @@ F test/sort.test 61a729023ae4ac3be9b225dc0be026fb43fec4e6
F test/subselect.test f0fea8cf9f386d416d64d152e3c65f9116d0f50f
F test/table.test 371a1fc1c470982b2f68f9732f903a5d96f949c4
F test/tableapi.test 3c80421a889e1d106df16e5800fa787f0d2914a6
-F test/tclsqlite.test 2441ab135e5af85110326b3e3b057e7257c144e1
+F test/tclsqlite.test f650195b8124aca24bee175393a1ed2e5a544a38
F test/temptable.test 03b7bdb7d6ce2c658ad20c94b037652c6cad34e0
F test/tester.tcl 6f603d90881bd835ea27c568a7fecaa57dce91cc
F test/trans.test 10b53c77e2cc4ad9529c15fdcb390b8d5722ea65
@@ -155,7 +155,7 @@ F www/speed.tcl 4d463e2aea41f688ed320a937f93ff885be918c3
F www/sqlite.tcl ae3dcfb077e53833b59d4fcc94d8a12c50a44098
F www/tclsqlite.tcl 1db15abeb446aad0caf0b95b8b9579720e4ea331
F www/vdbe.tcl 2013852c27a02a091d39a766bc87cff329f21218
-P af1e9299468aa70d7d91e7a5445ba391ccc8ff8b
-R abe368a1e78797105f7fab70a2918394
+P 187d9c405891e543fc706f8ddb41f3966a842214
+R e72cd3d7f826c0bad837a962239e2bd9
U drh
-Z cccb4416844848dad1dd0c24ba4f2710
+Z 1c620db2c2b284ab3836973fab10f6c5
diff --git a/manifest.uuid b/manifest.uuid
index c836ed0f7f..79d2a1a139 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-187d9c405891e543fc706f8ddb41f3966a842214
\ No newline at end of file
+d93c1aeb544a5b1056424945eb43854213b30e50
\ No newline at end of file
diff --git a/src/auth.c b/src/auth.c
index ca5af14ba8..933416fbd1 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -14,7 +14,7 @@
** systems that do not need this facility may omit it by recompiling
** the library with -DSQLITE_OMIT_AUTHORIZATION=1
**
-** $Id: auth.c,v 1.3 2003/01/13 23:27:32 drh Exp $
+** $Id: auth.c,v 1.4 2003/01/31 17:21:50 drh Exp $
*/
#include "sqliteInt.h"
@@ -71,6 +71,7 @@ static void sqliteAuthBadReturnCode(Parse *pParse, int rc){
" from the authorization function - should be SQLITE_OK, "
"SQLITE_IGNORE, or SQLITE_DENY", 0);
pParse->nErr++;
+ pParse->rc = SQLITE_MISUSE;
}
/*
@@ -113,6 +114,7 @@ void sqliteAuthRead(
sqliteSetString(&pParse->zErrMsg,"access to ",
pTab->zName, ".", zCol, " is prohibited", 0);
pParse->nErr++;
+ pParse->rc = SQLITE_AUTH;
}else if( rc!=SQLITE_OK ){
sqliteAuthBadReturnCode(pParse, rc);
}
@@ -138,6 +140,7 @@ int sqliteAuthCheck(
rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2);
if( rc==SQLITE_DENY ){
sqliteSetString(&pParse->zErrMsg, "not authorized", 0);
+ pParse->rc = SQLITE_AUTH;
pParse->nErr++;
}else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){
rc = SQLITE_DENY;
diff --git a/src/tclsqlite.c b/src/tclsqlite.c
index 2326f75333..bddcbb267b 100644
--- a/src/tclsqlite.c
+++ b/src/tclsqlite.c
@@ -11,7 +11,7 @@
*************************************************************************
** A TCL Interface to SQLite
**
-** $Id: tclsqlite.c,v 1.43 2002/11/04 19:32:26 drh Exp $
+** $Id: tclsqlite.c,v 1.44 2003/01/31 17:21:50 drh Exp $
*/
#ifndef NO_TCL /* Omit this whole file if TCL is unavailable */
@@ -52,6 +52,7 @@ struct SqliteDb {
Tcl_Interp *interp; /* The interpreter used for this database */
char *zBusy; /* The busy callback routine */
SqlFunc *pFunc; /* List of SQL functions */
+ int rc; /* Return code of most recent sqlite_exec() */
};
/*
@@ -328,14 +329,15 @@ static int DbObjCmd(void *cd, Tcl_Interp *interp, int objc,Tcl_Obj *const*objv){
int choice;
static const char *DB_strs[] = {
"busy", "changes", "close",
- "complete", "eval", "function",
- "last_insert_rowid", "open_aux_file", "timeout",
- 0
+ "complete", "errorcode", "eval",
+ "function", "last_insert_rowid", "open_aux_file",
+ "timeout", 0
};
enum DB_enum {
DB_BUSY, DB_CHANGES, DB_CLOSE,
- DB_COMPLETE, DB_EVAL, DB_FUNCTION,
- DB_LAST_INSERT_ROWID, DB_OPEN_AUX_FILE, DB_TIMEOUT,
+ DB_COMPLETE, DB_ERRORCODE, DB_EVAL,
+ DB_FUNCTION, DB_LAST_INSERT_ROWID,DB_OPEN_AUX_FILE,
+ DB_TIMEOUT,
};
if( objc<2 ){
@@ -430,6 +432,17 @@ static int DbObjCmd(void *cd, Tcl_Interp *interp, int objc,Tcl_Obj *const*objv){
Tcl_SetBooleanObj(pResult, isComplete);
break;
}
+
+ /*
+ ** $db errorcode
+ **
+ ** Return the numeric error code that was returned by the most recent
+ ** call to sqlite_exec().
+ */
+ case DB_ERRORCODE: {
+ Tcl_SetObjResult(interp, Tcl_NewIntObj(pDb->rc));
+ break;
+ }
/*
** $db eval $sql ?array { ...code... }?
@@ -483,6 +496,7 @@ static int DbObjCmd(void *cd, Tcl_Interp *interp, int objc,Tcl_Obj *const*objv){
rc = sqlite_exec(pDb->db, zSql, DbEvalCallback2, pList, &zErrMsg);
Tcl_SetObjResult(interp, pList);
}
+ pDb->rc = rc;
if( rc==SQLITE_ABORT ){
if( zErrMsg ) free(zErrMsg);
rc = cbData.tcl_rc;
@@ -571,6 +585,7 @@ static int DbObjCmd(void *cd, Tcl_Interp *interp, int objc,Tcl_Obj *const*objv){
}
zFilename = Tcl_GetStringFromObj(objv[2], 0);
rc = sqlite_open_aux_file(pDb->db, zFilename, &zErrMsg);
+ pDb->rc = rc;
if( rc!=0 ){
if( zErrMsg ){
Tcl_AppendResult(interp, zErrMsg, 0);
diff --git a/src/where.c b/src/where.c
index b99583c4c0..7fa6f41716 100644
--- a/src/where.c
+++ b/src/where.c
@@ -13,7 +13,7 @@
** the WHERE clause of SQL statements. Also found here are subroutines
** to generate VDBE code to evaluate expressions.
**
-** $Id: where.c,v 1.71 2003/01/11 15:02:45 drh Exp $
+** $Id: where.c,v 1.72 2003/01/31 17:21:50 drh Exp $
*/
#include "sqliteInt.h"
@@ -62,8 +62,8 @@ static int exprSplit(int nSlot, ExprInfo *aSlot, Expr *pExpr){
aSlot[0].p = pExpr->pLeft;
cnt = 1 + exprSplit(nSlot-1, &aSlot[1], pExpr->pRight);
}else{
- cnt = exprSplit(nSlot, aSlot, pExpr->pRight);
- cnt += exprSplit(nSlot-cnt, &aSlot[cnt], pExpr->pLeft);
+ cnt = exprSplit(nSlot, aSlot, pExpr->pLeft);
+ cnt += exprSplit(nSlot-cnt, &aSlot[cnt], pExpr->pRight);
}
return cnt;
}
diff --git a/test/auth.test b/test/auth.test
index 4b62b06c62..63610479b2 100644
--- a/test/auth.test
+++ b/test/auth.test
@@ -11,7 +11,7 @@
# This file implements regression tests for SQLite library. The
# focus of this script testing the sqlite_set_authorizer() API.
#
-# $Id: auth.test,v 1.4 2003/01/14 13:48:21 drh Exp $
+# $Id: auth.test,v 1.5 2003/01/31 17:21:50 drh Exp $
#
set testdir [file dirname $argv0]
@@ -19,7 +19,7 @@ source $testdir/tester.tcl
if {[info command sqlite_set_authorizer]!=""} {
-do_test auth-1.1 {
+do_test auth-1.1.1 {
db close
set ::DB [sqlite db test.db]
proc auth {code arg1 arg2} {
@@ -31,6 +31,9 @@ do_test auth-1.1 {
sqlite_set_authorizer $::DB ::auth
catchsql {CREATE TABLE t1(a,b,c)}
} {1 {not authorized}}
+do_test auth-1.1.2 {
+ db errorcode
+} {23}
do_test auth-1.2 {
execsql {SELECT name FROM sqlite_master}
} {}
@@ -45,6 +48,9 @@ do_test auth-1.3.1 {
catchsql {CREATE TABLE t1(a,b,c)}
} {1 {not authorized}}
do_test auth-1.3.2 {
+ db errorcode
+} {23}
+do_test auth-1.3.3 {
set ::authargs
} {t1 {}}
do_test auth-1.4 {
@@ -1612,7 +1618,7 @@ do_test auth-2.8 {
}
catchsql {SELECT ROWID,b,c FROM t2}
} {0 {{} 2 33 {} 8 9}}
-do_test auth-2.9 {
+do_test auth-2.9.1 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} {
return bogus
@@ -1621,6 +1627,9 @@ do_test auth-2.9 {
}
catchsql {SELECT ROWID,b,c FROM t2}
} {1 {illegal return value (999) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY}}
+do_test auth-2.9.2 {
+ db errorcode
+} {21}
do_test auth-2.10 {
proc auth {code arg1 arg2} {
if {$code=="SQLITE_SELECT"} {
diff --git a/test/tclsqlite.test b/test/tclsqlite.test
index 88041859f4..8ffc8243da 100644
--- a/test/tclsqlite.test
+++ b/test/tclsqlite.test
@@ -15,7 +15,7 @@
# interface is pretty well tested. This file contains some addition
# tests for fringe issues that the main test suite does not cover.
#
-# $Id: tclsqlite.test,v 1.8 2002/09/14 13:47:33 drh Exp $
+# $Id: tclsqlite.test,v 1.9 2003/01/31 17:21:51 drh Exp $
set testdir [file dirname $argv0]
source $testdir/tester.tcl
@@ -29,7 +29,7 @@ do_test tcl-1.1 {
do_test tcl-1.2 {
set v [catch {db bogus} msg]
lappend v $msg
-} {1 {bad option "bogus": must be busy, changes, close, complete, eval, function, last_insert_rowid, open_aux_file, or timeout}}
+} {1 {bad option "bogus": must be busy, changes, close, complete, errorcode, eval, function, last_insert_rowid, open_aux_file, or timeout}}
do_test tcl-1.3 {
execsql {CREATE TABLE t1(a int, b int)}
execsql {INSERT INTO t1 VALUES(10,20)}