Index: src/alter.c ================================================================== --- src/alter.c +++ src/alter.c @@ -643,10 +643,17 @@ /* Which schema holds the table to be altered */ iSchema = sqlite3SchemaToIndex(db, pTab->pSchema); assert( iSchema>=0 ); zDb = db->aDb[iSchema].zDbSName; + +#ifndef SQLITE_OMIT_AUTHORIZATION + /* Invoke the authorization callback. */ + if( sqlite3AuthCheck(pParse, SQLITE_ALTER_TABLE, zDb, pTab->zName, 0) ){ + goto exit_rename_column; + } +#endif /* Make sure the old name really is a column name in the table to be ** altered. Set iCol to be the index of the column being renamed */ zOld = sqlite3NameFromToken(db, pOld); if( !zOld ) goto exit_rename_column; Index: test/altercol.test ================================================================== --- test/altercol.test +++ test/altercol.test @@ -244,10 +244,12 @@ } {} #------------------------------------------------------------------------- # Triggers. # +db close +db2 close reset_db do_execsql_test 7.0 { CREATE TABLE c(x); INSERT INTO c VALUES(0); CREATE TABLE t6("col a", "col b", "col c"); Index: test/auth.test ================================================================== --- test/auth.test +++ test/auth.test @@ -2130,10 +2130,79 @@ WITH RECURSIVE auth1314(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM auth1314 WHERE x<5) SELECT * FROM t1 LEFT JOIN auth1314; } {1 {not authorized}} } ;# ifcapable cte + +# +# db eval {SELECT sql FROM temp.sqlite_master} {puts "TEMP: $sql;"} +# db eval {SELECT sql FROM main.sqlite_master} {puts "MAIN: $sql;"} +# +# MAIN: CREATE TABLE "t2"(a,b,c); +# MAIN: CREATE TABLE t4(a,b,c); +# MAIN: CREATE INDEX t4i1 ON t4(a); +# MAIN: CREATE INDEX t4i2 ON t4(b,a,c); +# MAIN: CREATE TABLE sqlite_stat1(tbl,idx,stat); +# MAIN: CREATE TABLE t1(a,b); +# +ifcapable altertable { + do_test 1.350 { + proc auth {code arg1 arg2 arg3 arg4 args} { + if {$code=="SQLITE_ALTER_TABLE"} { + set ::authargs [list $arg1 $arg2 $arg3 $arg4] + return SQLITE_OK + } + return SQLITE_OK + } + catchsql { + ALTER TABLE t1 RENAME COLUMN b TO bcdefg; + } + } {0 {}} + do_execsql_test auth-1.351 { + SELECT name FROM pragma_table_info('t1') ORDER BY cid; + } {a bcdefg} + do_test auth-1.352 { + set authargs + } {main t1 {} {}} + do_test 1.353 { + proc auth {code arg1 arg2 arg3 arg4 args} { + if {$code=="SQLITE_ALTER_TABLE"} { + set ::authargs [list $arg1 $arg2 $arg3 $arg4] + return SQLITE_IGNORE + } + return SQLITE_OK + } + catchsql { + ALTER TABLE t1 RENAME COLUMN bcdefg TO b; + } + } {0 {}} + do_execsql_test auth-1.354 { + SELECT name FROM pragma_table_info('t1') ORDER BY cid; + } {a bcdefg} + do_test auth-1.355 { + set authargs + } {main t1 {} {}} + do_test 1.356 { + proc auth {code arg1 arg2 arg3 arg4 args} { + if {$code=="SQLITE_ALTER_TABLE"} { + set ::authargs [list $arg1 $arg2 $arg3 $arg4] + return SQLITE_DENY + } + return SQLITE_OK + } + catchsql { + ALTER TABLE t1 RENAME COLUMN bcdefg TO b; + } + } {1 {not authorized}} + do_execsql_test auth-1.356 { + SELECT name FROM pragma_table_info('t1') ORDER BY cid; + } {a bcdefg} + do_test auth-1.357 { + set authargs + } {main t1 {} {}} +} + do_test auth-2.1 { proc auth {code arg1 arg2 arg3 arg4 args} { if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} { return SQLITE_DENY