summaryrefslogtreecommitdiffstats
path: root/test/auth3.test
blob: abc973433ee41f698e94b99d04a3061586e195f2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# 2008 October 27
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
#
# Test that the truncate optimization is disabled if the SQLITE_DELETE
# authorization callback returns SQLITE_IGNORE.
#
# Test that authorizer is disabled during schema parsing.

set testdir [file dirname $argv0]
source $testdir/tester.tcl

# disable this test if the SQLITE_OMIT_AUTHORIZATION macro is
# defined during compilation.
if {[catch {db auth {}} msg]} {
  finish_test
  return
}

# Disable the statement cache for these tests.
# 
db cache size 0

db authorizer ::auth
proc auth {code arg1 arg2 arg3 arg4 args} {
  if {$code=="SQLITE_DELETE"} {
    return $::authcode
  }
  return SQLITE_OK
}

#--------------------------------------------------------------------------
# The following tests - auth3-1.* - test that return values of SQLITE_DENY,
# SQLITE_IGNORE, SQLITE_OK and <invalid> are correctly handled when returned
# by an SQLITE_DELETE authorization callback triggered by a 
# "DELETE FROM <table-name>" statement.
#
do_test auth3-1.1 {
  execsql {
    CREATE TABLE t1(a,b,c);
    INSERT INTO t1 VALUES(1, 2, 3);
    INSERT INTO t1 VALUES(4, 5, 6);
  }
} {}
do_test auth3.1.2 {
  set ::authcode SQLITE_DENY
  catchsql { DELETE FROM t1 }
} {1 {not authorized}}
# EVIDENCE-OF: R-64962-58611 If the authorizer callback returns any
# value other than SQLITE_IGNORE, SQLITE_OK, or SQLITE_DENY then the
# sqlite3_prepare_v2() or equivalent call that triggered the authorizer
# will fail with an error message.
do_test auth3.1.3 {
  set ::authcode SQLITE_INVALID
  catchsql { DELETE FROM t1 }
} {1 {authorizer malfunction}}
do_test auth3.1.4 {
  execsql { SELECT * FROM t1 }
} {1 2 3 4 5 6}
do_test auth3-1.5 {
  set ::authcode SQLITE_IGNORE
  execsql { 
    DELETE FROM t1;
    SELECT * FROM t1;
  }
} {}
do_test auth3-1.6 {
  set ::authcode SQLITE_OK
  execsql {
    INSERT INTO t1 VALUES(1, 2, 3);
    INSERT INTO t1 VALUES(4, 5, 6);
    DELETE FROM t1;
    SELECT * FROM t1;
  }
} {}

#--------------------------------------------------------------------------
# These tests - auth3-2.* - test that returning SQLITE_IGNORE really does
# disable the truncate optimization.
#
do_test auth3-2.1 {
  set ::authcode SQLITE_OK
  execsql {
    INSERT INTO t1 VALUES(1, 2, 3);
    INSERT INTO t1 VALUES(4, 5, 6);
  }
  set sqlite_search_count 0
  execsql {
    DELETE FROM t1;
  }
  set sqlite_search_count
} {0}

do_test auth3-2.2 {
  set ::authcode SQLITE_IGNORE
  execsql {
    INSERT INTO t1 VALUES(1, 2, 3);
    INSERT INTO t1 VALUES(4, 5, 6);
  }
  set sqlite_search_count 0
  execsql {
    DELETE FROM t1;
  }
  set sqlite_search_count
} {1}

# 2016-07-28.  A problem report from a private client complaining about
# an authorizer failure during an ALTER TABLE.  The solution (I think) is
# to disable the authorizer during schema parsing.
#
ifcapable altertable {
  proc auth {code args} {
    if {$code=="SQLITE_READ" && [regexp {DoNotRead} $args]} {
      return SQLITE_DENY
    }
    return SQLITE_OK
  }
  do_execsql_test auth3-3.0 {
    CREATE TEMPORARY TABLE TempTable (
        key TEXT NOT NULL ON CONFLICT FAIL UNIQUE ON CONFLICT REPLACE,
        value TEXT NOT NULL ON CONFLICT FAIL);
    ALTER TABLE TempTable RENAME TO DoNotRead;
    SELECT name FROM temp.sqlite_master;
  } {DoNotRead sqlite_autoindex_DoNotRead_1}
}

finish_test