Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | test-db-prepare command: added --auth-report and --auth-ticket flags to install either the report or ticket schema authorizer for purposes of testing the given statement preparation. Basic sanity tests pass but needs more testing. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | tktschema-allow-drop |
| Files: | files | file ages | folders |
| SHA3-256: |
1bb06c94d650c6bdd4b279da28e3d832 |
| User & Date: | stephan 2021-06-14 19:36:55.637 |
References
|
2021-06-15
| ||
| 17:20 | Factored out an extraneous var from [1bb06c94]. No functional changes. check-in: e0686dda41 user: stephan tags: trunk | |
Context
|
2021-06-14
| ||
| 19:44 | Doc typo fix. check-in: 323e3dfcbd user: stephan tags: tktschema-allow-drop | |
| 19:36 | test-db-prepare command: added --auth-report and --auth-ticket flags to install either the report or ticket schema authorizer for purposes of testing the given statement preparation. Basic sanity tests pass but needs more testing. check-in: 1bb06c94d6 user: stephan tags: tktschema-allow-drop | |
| 19:08 | Per /chat discussion: reopenened branch, merged in trunk, removed this branch's DROP TABLE option (potential data loss risk) but kept DROP VIEW/INDEX (no permanent damage can be done with those). Not yet ready for merge: addition of test code to run against the SQL authorizers is pending. check-in: 02226325b6 user: stephan tags: tktschema-allow-drop | |
Changes
Changes to src/db.c.
| ︙ | ︙ | |||
862 863 864 865 866 867 868 | db_find_and_open_repository(0,0); db_prepare(&err, "INSERT INTO repository.config(name) VALUES(NULL);"); db_exec(&err); } /* ** COMMAND: test-db-prepare | | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 |
db_find_and_open_repository(0,0);
db_prepare(&err, "INSERT INTO repository.config(name) VALUES(NULL);");
db_exec(&err);
}
/*
** COMMAND: test-db-prepare
** Usage: %fossil test-db-prepare ?OPTIONS? SQL-STATEMENT
**
** Options:
**
** --auth-report Enable the ticket report query authorizer.
** --auth-ticket Enable the ticket schema query authorizer.
**
** Invoke db_prepare() on the SQL input. Report any errors encountered.
** This command is used to verify error detection logic in the db_prepare()
** utility routine.
*/
void db_test_db_prepare(void){
const int fAuthReport = find_option("auth-report",0,0)!=0;
const int fAuthSchema = find_option("auth-ticket",0,0)!=0;
const int fAuth = fAuthReport + fAuthSchema;
char * zReportErr = 0; /* auth-report error string. */
int nSchemaErr = 0; /* Number of auth-ticket errors. */
Stmt err;
if(fAuth>1){
fossil_fatal("Only one of --auth-report or --auth-ticket "
"may be used.");
}
db_find_and_open_repository(0,0);
verify_all_options();
if( g.argc!=3 ) usage("?OPTIONS? SQL");
if(fAuthReport){
report_restrict_sql(&zReportErr);
}else if(fAuthSchema){
ticket_restrict_sql(&nSchemaErr);
}
db_prepare(&err, "%s", g.argv[2]/*safe-for-%s*/);
db_finalize(&err);
if(fAuthReport){
report_unrestrict_sql();
if(zReportErr){
fossil_warning("Report authorizer error: %s\n", zReportErr);
fossil_free(zReportErr);
}
}else if(fAuthSchema){
ticket_unrestrict_sql();
if(nSchemaErr){
fossil_warning("Ticket schema authorizer error count: %d\n",
nSchemaErr);
}
}
}
/*
** Print the output of one or more SQL queries on standard output.
** This routine is used for debugging purposes only.
*/
int db_debug(const char *zSql, ...){
|
| ︙ | ︙ |
Changes to src/report.c.
| ︙ | ︙ | |||
238 239 240 241 242 243 244 |
break;
}
}
return rc;
}
/*
| | > | 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 |
break;
}
}
return rc;
}
/*
** Activate the ticket report query authorizer. Must be followed by an
** eventual call to ticket_unrestrict_sql().
*/
void report_restrict_sql(char **pzErr){
db_set_authorizer(report_query_authorizer,(void*)pzErr,"Ticket-Report");
sqlite3_limit(g.db, SQLITE_LIMIT_VDBE_OP, 10000);
}
void report_unrestrict_sql(void){
db_clear_authorizer();
|
| ︙ | ︙ |
Changes to src/tkt.c.
| ︙ | ︙ | |||
465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 |
return SQLITE_OK;
ticket_schema_error:
if( pNErr ) *(int*)pNErr = 1;
return SQLITE_DENY;
}
/*
** Recreate the TICKET and TICKETCHNG tables.
*/
void ticket_create_table(int separateConnection){
char *zSql;
db_multi_exec(
"DROP TABLE IF EXISTS ticket;"
"DROP TABLE IF EXISTS ticketchng;"
);
zSql = ticket_table_schema();
| > > > > > > > > > > > > > > | | | 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 |
return SQLITE_OK;
ticket_schema_error:
if( pNErr ) *(int*)pNErr = 1;
return SQLITE_DENY;
}
/*
** Activate the ticket schema authorizer. Must be followed by
** an eventual call to ticket_unrestrict_sql().
*/
void ticket_restrict_sql(int * pNErr){
db_set_authorizer(ticket_schema_auth,(void*)pNErr,"Ticket-Schema");
}
/*
** Deactivate the ticket schema authorizer.
*/
void ticket_unrestrict_sql(void){
db_clear_authorizer();
}
/*
** Recreate the TICKET and TICKETCHNG tables.
*/
void ticket_create_table(int separateConnection){
char *zSql;
db_multi_exec(
"DROP TABLE IF EXISTS ticket;"
"DROP TABLE IF EXISTS ticketchng;"
);
zSql = ticket_table_schema();
ticket_restrict_sql(0);
if( separateConnection ){
if( db_transaction_nesting_depth() ) db_end_transaction(0);
db_init_database(g.zRepositoryName, zSql, 0);
}else{
db_multi_exec("%s", zSql/*safe-for-%s*/);
}
ticket_unrestrict_sql();
fossil_free(zSql);
}
/*
** Repopulate the TICKET and TICKETCHNG tables from scratch using all
** available ticket artifacts.
*/
|
| ︙ | ︙ |