diff -pruN 1.14.27~ds1-1/.github/workflows/go.yaml 1.14.32~ds1-1/.github/workflows/go.yaml --- 1.14.27~ds1-1/.github/workflows/go.yaml 2025-04-02 16:27:34.000000000 +0000 +++ 1.14.32~ds1-1/.github/workflows/go.yaml 2025-08-14 12:57:30.000000000 +0000 @@ -14,7 +14,7 @@ jobs: strategy: matrix: os: [ubuntu-latest, macos-latest] - go: ['1.19', '1.20', '1.21'] + go: ['1.22', '1.23', '1.24'] fail-fast: false env: OS: ${{ matrix.os }} @@ -44,7 +44,7 @@ jobs: run: go-acc . -- -race -v -tags "libsqlite3" - name: 'Tags: full' - run: go-acc . -- -race -v -tags "sqlite_allow_uri_authority sqlite_app_armor sqlite_column_metadata sqlite_foreign_keys sqlite_fts5 sqlite_icu sqlite_introspect sqlite_json sqlite_math_functions sqlite_os_trace sqlite_preupdate_hook sqlite_secure_delete sqlite_see sqlite_stat4 sqlite_trace sqlite_unlock_notify sqlite_userauth sqlite_vacuum_incr sqlite_vtable" + run: go-acc . -- -race -v -tags "sqlite_allow_uri_authority sqlite_app_armor sqlite_column_metadata sqlite_foreign_keys sqlite_fts5 sqlite_icu sqlite_introspect sqlite_json sqlite_math_functions sqlite_os_trace sqlite_preupdate_hook sqlite_secure_delete sqlite_see sqlite_stat4 sqlite_trace sqlite_unlock_notify sqlite_vacuum_incr sqlite_vtable" - name: 'Tags: vacuum' run: go-acc . -- -race -v -tags "sqlite_vacuum_full" @@ -64,7 +64,7 @@ jobs: strategy: matrix: - go: ['1.19', '1.20', '1.21'] + go: ['1.22', '1.23', '1.24'] fail-fast: false env: OS: windows-latest @@ -99,7 +99,7 @@ jobs: - name: 'Tags: full' run: | echo 'skip this test' - echo go build -race -v -tags "sqlite_allow_uri_authority sqlite_app_armor sqlite_column_metadata sqlite_foreign_keys sqlite_fts5 sqlite_icu sqlite_introspect sqlite_json sqlite_math_functions sqlite_preupdate_hook sqlite_secure_delete sqlite_see sqlite_stat4 sqlite_trace sqlite_unlock_notify sqlite_userauth sqlite_vacuum_incr sqlite_vtable" + echo go build -race -v -tags "sqlite_allow_uri_authority sqlite_app_armor sqlite_column_metadata sqlite_foreign_keys sqlite_fts5 sqlite_icu sqlite_introspect sqlite_json sqlite_math_functions sqlite_preupdate_hook sqlite_secure_delete sqlite_see sqlite_stat4 sqlite_trace sqlite_unlock_notify sqlite_vacuum_incr sqlite_vtable" shell: msys2 {0} - name: 'Tags: vacuum' diff -pruN 1.14.27~ds1-1/README.md 1.14.32~ds1-1/README.md --- 1.14.27~ds1-1/README.md 2025-04-02 16:27:34.000000000 +0000 +++ 1.14.32~ds1-1/README.md 2025-08-14 12:57:30.000000000 +0000 @@ -351,6 +351,8 @@ For example the TDM-GCC Toolchain can be # User Authentication +***This is deprecated*** + This package supports the SQLite User Authentication module. ## Compile diff -pruN 1.14.27~ds1-1/debian/changelog 1.14.32~ds1-1/debian/changelog --- 1.14.27~ds1-1/debian/changelog 2025-04-06 14:18:06.000000000 +0000 +++ 1.14.32~ds1-1/debian/changelog 2025-09-07 15:30:23.000000000 +0000 @@ -1,3 +1,9 @@ +golang-github-mattn-go-sqlite3 (1.14.32~ds1-1) unstable; urgency=medium + + * New upstream release + + -- Mathias Gibbens Sun, 07 Sep 2025 15:30:23 +0000 + golang-github-mattn-go-sqlite3 (1.14.27~ds1-1) unstable; urgency=medium * New upstream release diff -pruN 1.14.27~ds1-1/error_test.go 1.14.32~ds1-1/error_test.go --- 1.14.27~ds1-1/error_test.go 2025-04-02 16:27:34.000000000 +0000 +++ 1.14.32~ds1-1/error_test.go 2025-08-14 12:57:30.000000000 +0000 @@ -43,7 +43,10 @@ func TestCorruptDbErrors(t *testing.T) { _, err = db.Exec("drop table foo") } - sqliteErr := err.(Error) + sqliteErr, ok := err.(Error) + if !ok { + t.Fatal(err) + } if sqliteErr.Code != ErrNotADB { t.Error("wrong error code for corrupted DB") } diff -pruN 1.14.27~ds1-1/sqlite3.go 1.14.32~ds1-1/sqlite3.go --- 1.14.27~ds1-1/sqlite3.go 2025-04-02 16:27:34.000000000 +0000 +++ 1.14.32~ds1-1/sqlite3.go 2025-08-14 12:57:30.000000000 +0000 @@ -1876,6 +1876,9 @@ func (c *SQLiteConn) SetLimit(id int, ne // This method is not thread-safe as the returned error code can be changed by // another call if invoked concurrently. // +// Use SetFileControlInt64 instead if the argument for the opcode is documented +// as a pointer to a sqlite3_int64. +// // See: sqlite3_file_control, https://www.sqlite.org/c3ref/file_control.html func (c *SQLiteConn) SetFileControlInt(dbName string, op int, arg int) error { if dbName == "" { @@ -1889,6 +1892,34 @@ func (c *SQLiteConn) SetFileControlInt(d rv := C.sqlite3_file_control(c.db, cDBName, C.int(op), unsafe.Pointer(&cArg)) if rv != C.SQLITE_OK { return c.lastError() + } + return nil +} + +// SetFileControlInt64 invokes the xFileControl method on a given database. The +// dbName is the name of the database. It will default to "main" if left blank. +// The op is one of the opcodes prefixed by "SQLITE_FCNTL_". The arg argument +// and return code are both opcode-specific. Please see the SQLite documentation. +// +// This method is not thread-safe as the returned error code can be changed by +// another call if invoked concurrently. +// +// Only use this method if the argument for the opcode is documented as a pointer +// to a sqlite3_int64. +// +// See: sqlite3_file_control, https://www.sqlite.org/c3ref/file_control.html +func (c *SQLiteConn) SetFileControlInt64(dbName string, op int, arg int64) error { + if dbName == "" { + dbName = "main" + } + + cDBName := C.CString(dbName) + defer C.free(unsafe.Pointer(cDBName)) + + cArg := C.sqlite3_int64(arg) + rv := C.sqlite3_file_control(c.db, cDBName, C.int(op), unsafe.Pointer(&cArg)) + if rv != C.SQLITE_OK { + return c.lastError() } return nil } diff -pruN 1.14.27~ds1-1/sqlite3_opt_userauth.go 1.14.32~ds1-1/sqlite3_opt_userauth.go --- 1.14.27~ds1-1/sqlite3_opt_userauth.go 2025-04-02 16:27:34.000000000 +0000 +++ 1.14.32~ds1-1/sqlite3_opt_userauth.go 2025-08-14 12:57:30.000000000 +0000 @@ -16,53 +16,10 @@ package sqlite3 #else #include #endif -#include - -static int -_sqlite3_user_authenticate(sqlite3* db, const char* zUsername, const char* aPW, int nPW) -{ - return sqlite3_user_authenticate(db, zUsername, aPW, nPW); -} - -static int -_sqlite3_user_add(sqlite3* db, const char* zUsername, const char* aPW, int nPW, int isAdmin) -{ - return sqlite3_user_add(db, zUsername, aPW, nPW, isAdmin); -} - -static int -_sqlite3_user_change(sqlite3* db, const char* zUsername, const char* aPW, int nPW, int isAdmin) -{ - return sqlite3_user_change(db, zUsername, aPW, nPW, isAdmin); -} - -static int -_sqlite3_user_delete(sqlite3* db, const char* zUsername) -{ - return sqlite3_user_delete(db, zUsername); -} - -static int -_sqlite3_auth_enabled(sqlite3* db) -{ - int exists = -1; - - sqlite3_stmt *stmt; - sqlite3_prepare_v2(db, "select count(type) from sqlite_master WHERE type='table' and name='sqlite_user';", -1, &stmt, NULL); - - while ( sqlite3_step(stmt) == SQLITE_ROW) { - exists = sqlite3_column_int(stmt, 0); - } - - sqlite3_finalize(stmt); - - return exists; -} */ import "C" import ( "errors" - "unsafe" ) const ( @@ -70,8 +27,9 @@ const ( ) var ( - ErrUnauthorized = errors.New("SQLITE_AUTH: Unauthorized") - ErrAdminRequired = errors.New("SQLITE_AUTH: Unauthorized; Admin Privileges Required") + ErrUnauthorized = errors.New("SQLITE_AUTH: Unauthorized") + ErrAdminRequired = errors.New("SQLITE_AUTH: Unauthorized; Admin Privileges Required") + errUserAuthNoLongerSupported = errors.New("sqlite3: the sqlite_userauth tag is no longer supported as the userauth extension is no longer supported by the SQLite authors, see https://github.com/mattn/go-sqlite3/issues/1341") ) // Authenticate will perform an authentication of the provided username @@ -88,15 +46,7 @@ var ( // If the SQLITE_USER table is not present in the database file, then // this interface is a harmless no-op returning SQLITE_OK. func (c *SQLiteConn) Authenticate(username, password string) error { - rv := c.authenticate(username, password) - switch rv { - case C.SQLITE_ERROR, C.SQLITE_AUTH: - return ErrUnauthorized - case C.SQLITE_OK: - return nil - default: - return c.lastError() - } + return errUserAuthNoLongerSupported } // authenticate provides the actual authentication to SQLite. @@ -109,17 +59,7 @@ func (c *SQLiteConn) Authenticate(userna // C.SQLITE_ERROR (1) // C.SQLITE_AUTH (23) func (c *SQLiteConn) authenticate(username, password string) int { - // Allocate C Variables - cuser := C.CString(username) - cpass := C.CString(password) - - // Free C Variables - defer func() { - C.free(unsafe.Pointer(cuser)) - C.free(unsafe.Pointer(cpass)) - }() - - return int(C._sqlite3_user_authenticate(c.db, cuser, cpass, C.int(len(password)))) + return 1 } // AuthUserAdd can be used (by an admin user only) @@ -131,20 +71,7 @@ func (c *SQLiteConn) authenticate(userna // for any ATTACH-ed databases. Any call to AuthUserAdd by a // non-admin user results in an error. func (c *SQLiteConn) AuthUserAdd(username, password string, admin bool) error { - isAdmin := 0 - if admin { - isAdmin = 1 - } - - rv := c.authUserAdd(username, password, isAdmin) - switch rv { - case C.SQLITE_ERROR, C.SQLITE_AUTH: - return ErrAdminRequired - case C.SQLITE_OK: - return nil - default: - return c.lastError() - } + return errUserAuthNoLongerSupported } // authUserAdd enables the User Authentication if not enabled. @@ -162,17 +89,7 @@ func (c *SQLiteConn) AuthUserAdd(usernam // C.SQLITE_ERROR (1) // C.SQLITE_AUTH (23) func (c *SQLiteConn) authUserAdd(username, password string, admin int) int { - // Allocate C Variables - cuser := C.CString(username) - cpass := C.CString(password) - - // Free C Variables - defer func() { - C.free(unsafe.Pointer(cuser)) - C.free(unsafe.Pointer(cpass)) - }() - - return int(C._sqlite3_user_add(c.db, cuser, cpass, C.int(len(password)), C.int(admin))) + return 1 } // AuthUserChange can be used to change a users @@ -181,20 +98,7 @@ func (c *SQLiteConn) authUserAdd(usernam // credentials or admin privilege setting. No user may change their own // admin privilege setting. func (c *SQLiteConn) AuthUserChange(username, password string, admin bool) error { - isAdmin := 0 - if admin { - isAdmin = 1 - } - - rv := c.authUserChange(username, password, isAdmin) - switch rv { - case C.SQLITE_ERROR, C.SQLITE_AUTH: - return ErrAdminRequired - case C.SQLITE_OK: - return nil - default: - return c.lastError() - } + return errUserAuthNoLongerSupported } // authUserChange allows to modify a user. @@ -215,17 +119,7 @@ func (c *SQLiteConn) AuthUserChange(user // C.SQLITE_ERROR (1) // C.SQLITE_AUTH (23) func (c *SQLiteConn) authUserChange(username, password string, admin int) int { - // Allocate C Variables - cuser := C.CString(username) - cpass := C.CString(password) - - // Free C Variables - defer func() { - C.free(unsafe.Pointer(cuser)) - C.free(unsafe.Pointer(cpass)) - }() - - return int(C._sqlite3_user_change(c.db, cuser, cpass, C.int(len(password)), C.int(admin))) + return 1 } // AuthUserDelete can be used (by an admin user only) @@ -234,15 +128,7 @@ func (c *SQLiteConn) authUserChange(user // the database cannot be converted into a no-authentication-required // database. func (c *SQLiteConn) AuthUserDelete(username string) error { - rv := c.authUserDelete(username) - switch rv { - case C.SQLITE_ERROR, C.SQLITE_AUTH: - return ErrAdminRequired - case C.SQLITE_OK: - return nil - default: - return c.lastError() - } + return errUserAuthNoLongerSupported } // authUserDelete can be used to delete a user. @@ -258,25 +144,12 @@ func (c *SQLiteConn) AuthUserDelete(user // C.SQLITE_ERROR (1) // C.SQLITE_AUTH (23) func (c *SQLiteConn) authUserDelete(username string) int { - // Allocate C Variables - cuser := C.CString(username) - - // Free C Variables - defer func() { - C.free(unsafe.Pointer(cuser)) - }() - - return int(C._sqlite3_user_delete(c.db, cuser)) + return 1 } // AuthEnabled checks if the database is protected by user authentication func (c *SQLiteConn) AuthEnabled() (exists bool) { - rv := c.authEnabled() - if rv == 1 { - exists = true - } - - return + return false } // authEnabled perform the actual check for user authentication. @@ -289,7 +162,7 @@ func (c *SQLiteConn) AuthEnabled() (exis // 0 - Disabled // 1 - Enabled func (c *SQLiteConn) authEnabled() int { - return int(C._sqlite3_auth_enabled(c.db)) + return 0 } // EOF diff -pruN 1.14.27~ds1-1/sqlite3_opt_userauth_test.go 1.14.32~ds1-1/sqlite3_opt_userauth_test.go --- 1.14.27~ds1-1/sqlite3_opt_userauth_test.go 2025-04-02 16:27:34.000000000 +0000 +++ 1.14.32~ds1-1/sqlite3_opt_userauth_test.go 2025-08-14 12:57:30.000000000 +0000 @@ -10,23 +10,15 @@ package sqlite3 import ( "database/sql" + "errors" "fmt" "os" "testing" ) var ( - conn *SQLiteConn - create func(t *testing.T, username, password string) (file string, err error) - createWithCrypt func(t *testing.T, username, password, crypt, salt string) (file string, err error) - connect func(t *testing.T, f string, username, password string) (file string, db *sql.DB, c *SQLiteConn, err error) - connectWithCrypt func(t *testing.T, f string, username, password string, crypt string, salt string) (file string, db *sql.DB, c *SQLiteConn, err error) - authEnabled func(db *sql.DB) (exists bool, err error) - addUser func(db *sql.DB, username, password string, admin int) (rv int, err error) - userExists func(db *sql.DB, username string) (rv int, err error) - isAdmin func(db *sql.DB, username string) (rv bool, err error) - modifyUser func(db *sql.DB, username, password string, admin int) (rv int, err error) - deleteUser func(db *sql.DB, username string) (rv int, err error) + conn *SQLiteConn + connect func(t *testing.T, f string, username, password string) (file string, db *sql.DB, c *SQLiteConn, err error) ) func init() { @@ -39,20 +31,6 @@ func init() { }, }) - create = func(t *testing.T, username, password string) (file string, err error) { - var db *sql.DB - file, db, _, err = connect(t, "", username, password) - db.Close() - return - } - - createWithCrypt = func(t *testing.T, username, password, crypt, salt string) (file string, err error) { - var db *sql.DB - file, db, _, err = connectWithCrypt(t, "", "admin", "admin", crypt, salt) - db.Close() - return - } - connect = func(t *testing.T, f string, username, password string) (file string, db *sql.DB, c *SQLiteConn, err error) { conn = nil // Clear connection file = f // Copy provided file (f) => file @@ -75,7 +53,7 @@ func init() { } // Dummy query to force connection and database creation - // Will return ErrUnauthorized (SQLITE_AUTH) if user authentication fails + // Will return errUserAuthNoLongerSupported if user authentication fails if _, err = db.Exec("SELECT 1;"); err != nil { defer os.Remove(file) defer db.Close() @@ -85,560 +63,14 @@ func init() { return } - - connectWithCrypt = func(t *testing.T, f string, username, password string, crypt string, salt string) (file string, db *sql.DB, c *SQLiteConn, err error) { - conn = nil // Clear connection - file = f // Copy provided file (f) => file - if file == "" { - // Create dummy file - file = TempFilename(t) - } - - db, err = sql.Open("sqlite3_with_conn", "file:"+file+fmt.Sprintf("?_auth&_auth_user=%s&_auth_pass=%s&_auth_crypt=%s&_auth_salt=%s", username, password, crypt, salt)) - if err != nil { - defer os.Remove(file) - return file, nil, nil, err - } - - // Dummy query to force connection and database creation - // Will return ErrUnauthorized (SQLITE_AUTH) if user authentication fails - if _, err = db.Exec("SELECT 1;"); err != nil { - defer os.Remove(file) - defer db.Close() - return file, nil, nil, err - } - c = conn - - return - } - - authEnabled = func(db *sql.DB) (exists bool, err error) { - err = db.QueryRow("select count(type) from sqlite_master WHERE type='table' and name='sqlite_user';").Scan(&exists) - return - } - - addUser = func(db *sql.DB, username, password string, admin int) (rv int, err error) { - err = db.QueryRow("select auth_user_add(?, ?, ?);", username, password, admin).Scan(&rv) - return - } - - userExists = func(db *sql.DB, username string) (rv int, err error) { - err = db.QueryRow("select count(uname) from sqlite_user where uname=?", username).Scan(&rv) - return - } - - isAdmin = func(db *sql.DB, username string) (rv bool, err error) { - err = db.QueryRow("select isAdmin from sqlite_user where uname=?", username).Scan(&rv) - return - } - - modifyUser = func(db *sql.DB, username, password string, admin int) (rv int, err error) { - err = db.QueryRow("select auth_user_change(?, ?, ?);", username, password, admin).Scan(&rv) - return - } - - deleteUser = func(db *sql.DB, username string) (rv int, err error) { - err = db.QueryRow("select auth_user_delete(?);", username).Scan(&rv) - return - } } -func TestUserAuthCreateDatabase(t *testing.T) { - f, db, c, err := connect(t, "", "admin", "admin") - if err != nil && c == nil && db == nil { - t.Fatal(err) - } - defer db.Close() - defer os.Remove(f) - - enabled, err := authEnabled(db) - if err != nil || !enabled { - t.Fatalf("UserAuth not enabled: %s", err) - } - - e, err := userExists(db, "admin") - if err != nil { - t.Fatal(err) - } - if e != 1 { - t.Fatal("UserAuth: admin does not exists") - } - a, err := isAdmin(db, "admin") - if err != nil { - t.Fatal(err) - } - if !a { - t.Fatal("UserAuth: User is not administrator") - } -} - -func TestUserAuthCreateDatabaseWithoutArgs(t *testing.T) { - _, db, c, err := connect(t, "", "", "") - if err == nil && c == nil && db == nil { - t.Fatal("Should have failed due to missing _auth_* parameters") - } - - _, db, c, err = connect(t, "", "", "admin") - if err == nil && c == nil && db == nil { - t.Fatal("Should have failed due to missing _auth_user parameter") - } - - _, db, c, err = connect(t, "", "admin", "") - if err == nil && c == nil && db == nil { - t.Fatal("Should have failed due to missing _auth_pass parameter") - } -} - -func TestUserAuthLogin(t *testing.T) { - f1, err := create(t, "admin", "admin") - if err != nil { - t.Fatal(err) - } - defer os.Remove(f1) - - f2, db2, c2, err := connect(t, f1, "admin", "admin") - if err != nil { - t.Fatal(err) - } - defer db2.Close() - if f1 != f2 { - t.Fatal("UserAuth: Database file mismatch") - } - - // Test lower level authentication - err = c2.Authenticate("admin", "admin") - if err != nil { - t.Fatalf("UserAuth: *SQLiteConn.Authenticate() Failed: %s", err) - } - - // Test Login Failed - _, _, _, err = connect(t, f1, "admin", "invalid") - if err == nil { - t.Fatal("Login successful while expecting to fail") - } - if err != ErrUnauthorized { - t.Fatal(err) - } - err = c2.Authenticate("admin", "invalid") +func TestUserAuth(t *testing.T) { + _, _, _, err := connect(t, "", "admin", "admin") if err == nil { - t.Fatal("Login successful while expecting to fail") - } - if err != ErrUnauthorized { - t.Fatal(err) - } -} - -func TestUserAuthAddAdmin(t *testing.T) { - f, db, c, err := connect(t, "", "admin", "admin") - if err != nil && c == nil && db == nil { - t.Fatal(err) - } - defer db.Close() - defer os.Remove(f) - - // Add Admin User through SQL call - rv, err := addUser(db, "admin2", "admin2", 1) - if err != nil { - t.Fatal(err) - } - if rv != 0 { - t.Fatal("Failed to add user") - } - - // Check if user was created - exists, err := userExists(db, "admin2") - if err != nil { - t.Fatal(err) - } - if exists != 1 { - t.Fatal("UserAuth: 'admin2' does not exists") - } - - // Check if user was created as an Administrator - admin, err := isAdmin(db, "admin2") - if err != nil { - t.Fatal(err) - } - if !admin { - t.Fatal("UserAuth: 'admin2' is not administrator") - } - - // Test *SQLiteConn - err = c.AuthUserAdd("admin3", "admin3", true) - if err != nil { - t.Fatal(err) - } - - // Check if user was created - exists, err = userExists(db, "admin2") - if err != nil { - t.Fatal(err) - } - if exists != 1 { - t.Fatal("UserAuth: 'admin3' does not exists") - } - - // Check if the user was created as an Administrator - admin, err = isAdmin(db, "admin3") - if err != nil { - t.Fatal(err) - } - if !admin { - t.Fatal("UserAuth: 'admin3' is not administrator") - } -} - -func TestUserAuthAddUser(t *testing.T) { - f1, db1, c, err := connect(t, "", "admin", "admin") - if err != nil && c == nil && db == nil { - t.Fatal(err) - } - defer os.Remove(f1) - - // Add user through SQL call - rv, err := addUser(db1, "user", "user", 0) - if err != nil { - t.Fatal(err) - } - if rv != 0 { - t.Fatal("Failed to add user") - } - - // Check if user was created - exists, err := userExists(db1, "user") - if err != nil { - t.Fatal(err) - } - if exists != 1 { - t.Fatal("UserAuth: 'user' does not exists") - } - - // Check if user was created as an Administrator - admin, err := isAdmin(db1, "user") - if err != nil { - t.Fatal(err) - } - if admin { - t.Fatal("UserAuth: 'user' is administrator") - } - - // Test *SQLiteConn - err = c.AuthUserAdd("user2", "user2", false) - if err != nil { - t.Fatal(err) - } - - // Check if user was created - exists, err = userExists(db1, "user2") - if err != nil { - t.Fatal(err) - } - if exists != 1 { - t.Fatal("UserAuth: 'user2' does not exists") - } - - // Check if the user was created as an Administrator - admin, err = isAdmin(db1, "user2") - if err != nil { - t.Fatal(err) - } - if admin { - t.Fatal("UserAuth: 'user2' is administrator") - } - - // Reconnect as normal user - db1.Close() - _, db2, c2, err := connect(t, f1, "user", "user") - if err != nil { - t.Fatal(err) - } - defer db2.Close() - - // Try to create admin user while logged in as normal user - rv, err = addUser(db2, "admin2", "admin2", 1) - if err != nil { - t.Fatal(err) - } - if rv != SQLITE_AUTH { - t.Fatal("Created admin user while not allowed") - } - - err = c2.AuthUserAdd("admin3", "admin3", true) - if err != ErrAdminRequired { - t.Fatal("Created admin user while not allowed") - } - - // Try to create normal user while logged in as normal user - rv, err = addUser(db2, "user3", "user3", 0) - if err != nil { - t.Fatal(err) - } - if rv != SQLITE_AUTH { - t.Fatal("Created user while not allowed") - } - - err = c2.AuthUserAdd("user4", "user4", false) - if err != ErrAdminRequired { - t.Fatal("Created user while not allowed") - } -} - -func TestUserAuthModifyUser(t *testing.T) { - f1, db1, c1, err := connect(t, "", "admin", "admin") - if err != nil && c1 == nil && db == nil { - t.Fatal(err) - } - defer os.Remove(f1) - - // Modify Password for current logged in admin - // through SQL - rv, err := modifyUser(db1, "admin", "admin2", 1) - if err != nil { - t.Fatal(err) - } - if rv != 0 { - t.Fatal("Failed to modify password for admin") - } - - // Modify password for current logged in admin - // through *SQLiteConn - err = c1.AuthUserChange("admin", "admin3", true) - if err != nil { - t.Fatal(err) - } - - // Modify Administrator Flag - // Because we are current logged in as 'admin' - // Changing our own admin flag should fail. - rv, err = modifyUser(db1, "admin", "admin3", 0) - if err != nil { - t.Fatal(err) - } - if rv != SQLITE_AUTH { - t.Fatal("Successfully changed admin flag while not allowed") - } - - // Modify admin flag through (*SQLiteConn) - // Because we are current logged in as 'admin' - // Changing our own admin flag should fail. - err = c1.AuthUserChange("admin", "admin3", false) - if err != ErrAdminRequired { - t.Fatal("Successfully changed admin flag while not allowed") - } - - // Add normal user - rv, err = addUser(db1, "user", "password", 0) - if err != nil { - t.Fatal(err) - } - if rv != 0 { - t.Fatal("Failed to add user") - } - - rv, err = addUser(db1, "user2", "user2", 0) - if err != nil { - t.Fatal(err) - } - if rv != 0 { - t.Fatal("Failed to add user") - } - - // Modify other user password and flag through SQL - rv, err = modifyUser(db1, "user", "pass", 1) - if err != nil { - t.Fatal(err) - } - if rv != 0 { - t.Fatal("Failed to modify password for user") - } - - // Modify other user password and flag through *SQLiteConn - err = c1.AuthUserChange("user", "newpass", false) - if err != nil { - t.Fatal(err) - } - - // Disconnect database for reconnect - db1.Close() - _, db2, c2, err := connect(t, f1, "user", "newpass") - if err != nil { - t.Fatal(err) - } - defer db2.Close() - - // Modify other user password through SQL - rv, err = modifyUser(db2, "user2", "newpass", 0) - if err != nil { - t.Fatal(err) - } - if rv != SQLITE_AUTH { - t.Fatal("Password change successful while not allowed") - } - - // Modify other user password and flag through *SQLiteConn - err = c2.AuthUserChange("user2", "invalid", false) - if err != ErrAdminRequired { - t.Fatal("Password change successful while not allowed") - } -} - -func TestUserAuthDeleteUser(t *testing.T) { - f1, db1, c, err := connect(t, "", "admin", "admin") - if err != nil && c == nil && db == nil { - t.Fatal(err) - } - defer os.Remove(f1) - - // Add Admin User 2 - rv, err := addUser(db1, "admin2", "admin2", 1) - if err != nil { - t.Fatal(err) - } - if rv != 0 { - t.Fatal("Failed to add user") - } - - rv, err = addUser(db1, "admin3", "admin3", 1) - if err != nil { - t.Fatal(err) - } - if rv != 0 { - t.Fatal("Failed to add user") - } - - // Check if user was created - exists, err := userExists(db1, "admin2") - if err != nil { - t.Fatal(err) - } - if exists != 1 { - t.Fatal("UserAuth: 'admin2' does not exists") - } - - exists, err = userExists(db1, "admin3") - if err != nil { - t.Fatal(err) - } - if exists != 1 { - t.Fatal("UserAuth: 'admin2' does not exists") - } - - // Delete user through SQL - rv, err = deleteUser(db1, "admin2") - if err != nil { - t.Fatal(err) - } - if rv != 0 { - t.Fatal("Failed to delete admin2") - } - - // Verify user admin2 deleted - exists, err = userExists(db1, "admin2") - if err != nil { - t.Fatal(err) - } - if exists != 0 { - t.Fatal("UserAuth: 'admin2' still exists") - } - - // Delete user through *SQLiteConn - rv, err = deleteUser(db1, "admin3") - if err != nil { - t.Fatal(err) - } - if rv != 0 { - t.Fatal("Failed to delete admin3") - } - - // Verify user admin3 deleted - exists, err = userExists(db1, "admin3") - if err != nil { - t.Fatal(err) - } - if exists != 0 { - t.Fatal("UserAuth: 'admin3' still exists") - } - - // Add normal user for reconnect and privileges check - rv, err = addUser(db1, "reconnect", "reconnect", 0) - if err != nil { - t.Fatal(err) - } - if rv != 0 { - t.Fatal("Failed to add user") - } - - // Add normal user for deletion through SQL - rv, err = addUser(db1, "user", "user", 0) - if err != nil { - t.Fatal(err) - } - if rv != 0 { - t.Fatal("Failed to add user") - } - - rv, err = addUser(db1, "user2", "user2", 0) - if err != nil { - t.Fatal(err) - } - if rv != 0 { - t.Fatal("Failed to add user") - } - - // Close database for reconnect - db1.Close() - - // Reconnect as normal user - _, db2, c2, err := connect(t, f1, "reconnect", "reconnect") - if err != nil { - t.Fatal(err) + t.Fatalf("UserAuth not enabled: %s", err) } - defer db2.Close() - - // Delete user while logged in as normal user - // through SQL - rv, err = deleteUser(db2, "user") - if err != nil { + if !errors.Is(err, errUserAuthNoLongerSupported) { t.Fatal(err) } - if rv != SQLITE_AUTH { - t.Fatal("Successfully deleted user wthout proper privileges") - } - - // Delete user while logged in as normal user - // through *SQLiteConn - err = c2.AuthUserDelete("user2") - if err != ErrAdminRequired { - t.Fatal("Successfully deleted user wthout proper privileges") - } -} - -func TestUserAuthEncoders(t *testing.T) { - cases := map[string]string{ - "sha1": "", - "ssha1": "salted", - "sha256": "", - "ssha256": "salted", - "sha384": "", - "ssha384": "salted", - "sha512": "", - "ssha512": "salted", - } - - for enc, salt := range cases { - f, err := createWithCrypt(t, "admin", "admin", enc, salt) - if err != nil { - t.Fatal(err) - } - defer os.Remove(f) - - _, db, _, err := connectWithCrypt(t, f, "admin", "admin", enc, salt) - if err != nil { - t.Fatal(err) - } - defer db.Close() - if e, err := authEnabled(db); err != nil && !e { - t.Fatalf("UserAuth (%s) not enabled %s", enc, err) - } - } } diff -pruN 1.14.27~ds1-1/sqlite3_test.go 1.14.32~ds1-1/sqlite3_test.go --- 1.14.27~ds1-1/sqlite3_test.go 2025-04-02 16:27:34.000000000 +0000 +++ 1.14.32~ds1-1/sqlite3_test.go 2025-08-14 12:57:30.000000000 +0000 @@ -1864,6 +1864,32 @@ func TestSetFileControlInt(t *testing.T) }) } +func TestSetFileControlInt64(t *testing.T) { + const GiB = 1024 * 1024 * 1024 + + t.Run("", func(t *testing.T) { + + sql.Register("sqlite3_FCNTL_SIZE_LIMIT", &SQLiteDriver{ + ConnectHook: func(conn *SQLiteConn) error { + if err := conn.SetFileControlInt64("", SQLITE_FCNTL_SIZE_LIMIT, 4*GiB); err != nil { + return fmt.Errorf("Unexpected error from SetFileControlInt64(): %w", err) + } + return nil + }, + }) + + db, err := sql.Open("sqlite3", "file:/dbname?vfs=memdb") + if err != nil { + t.Fatal("Failed to open database:", err) + } + err = db.Ping() + if err != nil { + t.Fatal("Failed to ping", err) + } + db.Close() + }) +} + func TestNonColumnString(t *testing.T) { db, err := sql.Open("sqlite3", ":memory:") if err != nil { diff -pruN 1.14.27~ds1-1/sqlite3ext.h 1.14.32~ds1-1/sqlite3ext.h --- 1.14.27~ds1-1/sqlite3ext.h 2025-04-02 16:27:34.000000000 +0000 +++ 1.14.32~ds1-1/sqlite3ext.h 2025-08-14 12:57:30.000000000 +0000 @@ -371,6 +371,8 @@ struct sqlite3_api_routines { /* Version 3.44.0 and later */ void *(*get_clientdata)(sqlite3*,const char*); int (*set_clientdata)(sqlite3*, const char*, void*, void(*)(void*)); + /* Version 3.50.0 and later */ + int (*setlk_timeout)(sqlite3*,int,int); }; /* @@ -704,6 +706,8 @@ typedef int (*sqlite3_loadext_entry)( /* Version 3.44.0 and later */ #define sqlite3_get_clientdata sqlite3_api->get_clientdata #define sqlite3_set_clientdata sqlite3_api->set_clientdata +/* Version 3.50.0 and later */ +#define sqlite3_setlk_timeout sqlite3_api->setlk_timeout #endif /* !defined(SQLITE_CORE) && !defined(SQLITE_OMIT_LOAD_EXTENSION) */ #if !defined(SQLITE_CORE) && !defined(SQLITE_OMIT_LOAD_EXTENSION) diff -pruN 1.14.27~ds1-1/upgrade/upgrade.go 1.14.32~ds1-1/upgrade/upgrade.go --- 1.14.27~ds1-1/upgrade/upgrade.go 2025-04-02 16:27:34.000000000 +0000 +++ 1.14.32~ds1-1/upgrade/upgrade.go 2025-08-14 12:57:30.000000000 +0000 @@ -114,10 +114,10 @@ func main() { } // Download Source - _, source, err := download("sqlite-src-") - if err != nil { - log.Fatalf("Failed to download: sqlite-src; %s", err) - } + //_, source, err := download("sqlite-src-") + //if err != nil { + // log.Fatalf("Failed to download: sqlite-src; %s", err) + //} // Create Amalgamation Zip Reader rAmalgamation, err := zip.NewReader(bytes.NewReader(amalgamation), int64(len(amalgamation))) @@ -126,10 +126,10 @@ func main() { } // Create Source Zip Reader - rSource, err := zip.NewReader(bytes.NewReader(source), int64(len(source))) - if err != nil { - log.Fatal(err) - } + //rSource, err := zip.NewReader(bytes.NewReader(source), int64(len(source))) + //if err != nil { + // log.Fatal(err) + //} // Extract Amalgamation for _, zf := range rAmalgamation.File { @@ -191,41 +191,41 @@ func main() { } //Extract Source - for _, zf := range rSource.File { - var f *os.File - switch path.Base(zf.Name) { - case "userauth.c": - f, err = os.Create("../userauth.c") - case "sqlite3userauth.h": - f, err = os.Create("../userauth.h") - default: - continue - } - if err != nil { - log.Fatal(err) - } - zr, err := zf.Open() - if err != nil { - log.Fatal(err) - } - - _, err = io.Copy(f, zr) - if err != nil { - log.Fatal(err) - } - - zr.Close() - f.Close() - fmt.Printf("extracted %v\n", filepath.Base(f.Name())) - } + //for _, zf := range rSource.File { + // var f *os.File + // switch path.Base(zf.Name) { + // case "userauth.c": + // f, err = os.Create("../userauth.c") + // case "sqlite3userauth.h": + // f, err = os.Create("../userauth.h") + // default: + // continue + // } + // if err != nil { + // log.Fatal(err) + // } + // zr, err := zf.Open() + // if err != nil { + // log.Fatal(err) + // } + + // _, err = io.Copy(f, zr) + // if err != nil { + // log.Fatal(err) + // } + + // zr.Close() + // f.Close() + // fmt.Printf("extracted %v\n", filepath.Base(f.Name())) + //} // Merge SQLite User Authentication into amalgamation - if err := mergeFile("../userauth.c", "../sqlite3-binding.c"); err != nil { - log.Fatal(err) - } - if err := mergeFile("../userauth.h", "../sqlite3-binding.h"); err != nil { - log.Fatal(err) - } + //if err := mergeFile("../userauth.c", "../sqlite3-binding.c"); err != nil { + // log.Fatal(err) + //} + //if err := mergeFile("../userauth.h", "../sqlite3-binding.h"); err != nil { + // log.Fatal(err) + //} os.Exit(0) }