From 0079da2e8942df146ea21ff3a040c68e80220db4 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Thu, 1 May 2025 20:22:57 +0000 Subject: [PATCH 01/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 --- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 189 ++++++++++ .../babelfishpg_tsql--5.2.0--5.3.0.sql | 189 ++++++++++ .../src/tsqlUnsupportedFeatureHandler.cpp | 1 - .../Test-sp_helplogins-vu-cleanup.out | 47 +++ .../expected/Test-sp_helplogins-vu-verify.out | 325 ++++++++++++++++++ .../Test-sp_helplogins-vu-cleanup.mix | 47 +++ .../Test-sp_helplogins-vu-verify.mix | 139 ++++++++ test/JDBC/jdbc_schedule | 4 + test/JDBC/singledb_jdbc_schedule | 10 + 9 files changed, 950 insertions(+), 1 deletion(-) create mode 100644 test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out create mode 100644 test/JDBC/expected/Test-sp_helplogins-vu-verify.out create mode 100644 test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix create mode 100644 test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index 4de0ff8aafd..2eabc555b65 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3754,3 +3754,192 @@ BEGIN END; $$ LANGUAGE pltsql; GRANT EXECUTE ON PROCEDURE sys.sp_procedure_params_100_managed TO PUBLIC; + +CREATE OR REPLACE PROCEDURE sys.sp_helplogins() +LANGUAGE pltsql +AS $$ +BEGIN + + IF is_srvrolemember('securityadmin') = 0 + BEGIN + RAISERROR('User does not have permission to perform this action.', 16, 1); + RETURN 1; + END + + SELECT + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, + CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, + CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, + CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, + CASE + WHEN Dp.name IS NOT NULL THEN 'YES' + ELSE 'NO' + END as AUser, + 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins + FROM pg_catalog.pg_roles AS Base + INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname + LEFT JOIN sys.database_principals Dp ON Dp.sid = CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) -- In order to find out if a login has any users associated with it + WHERE LExt.type NOT IN ('R', 'Z'); + + CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) + INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) + SELECT + UExt2.database_name as database_name, + UExt1.orig_username as role_name, + UExt2.login_name as member_login + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') + AND UExt2.login_name = sys.suser_name() + + SELECT + CASE ISNULL(UExt.login_name, '') + WHEN '' THEN CAST(Db.owner AS sys.SYSNAME) + ELSE CAST(UExt.login_name AS sys.SYSNAME) + END AS LoginName, + CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, + 'User' AS UserOrAlias + FROM sys.babelfish_authid_user_ext UExt + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name + WHERE UExt.type != 'R' AND + UExt.orig_username != 'guest' AND + has_dbaccess(UExt.database_name) = 1 AND + ( + is_srvrolemember('sysadmin') = 1 OR + EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR + UExt.login_name = LOWER(sys.suser_name()) OR + ISNULL(UExt.login_name, '') = '' + ) + + UNION + + SELECT + CASE ISNULL(UExt2.login_name, '') + WHEN '' THEN CAST(Db.owner AS sys.SYSNAME) + ELSE CAST(UExt2.login_name AS sys.SYSNAME) + END AS LoginName, + CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, + 'Member of' AS UserOrAlias + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name + WHERE UExt1.type = 'R' AND + UExt2.orig_username != 'db_owner' AND + has_dbaccess(UExt2.database_name) = 1 AND + ( + is_srvrolemember('sysadmin') = 1 OR + UExt2.login_name = LOWER(sys.suser_name()) OR + ISNULL(UExt2.login_name, '') = '' + ) + + RETURN 0; +END; +$$; +GRANT EXECUTE ON PROCEDURE sys.sp_helplogins() TO PUBLIC; + +CREATE OR REPLACE PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) +LANGUAGE pltsql +AS $$ +DECLARE @input_loginname sys.SYSNAME; +BEGIN + + SET @input_loginname = sys.RTRIM(@loginname); + + IF is_srvrolemember('securityadmin') = 0 + BEGIN + RAISERROR('User does not have permission to perform this action.', 16, 1); + RETURN 1; + END + + SELECT * FROM + ( + SELECT + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, + CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, + CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, + CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, + CASE + WHEN Dp.name IS NOT NULL THEN 'YES' + ELSE 'NO' + END as AUser, + 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins + FROM pg_catalog.pg_roles AS Base + INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname + LEFT JOIN sys.database_principals Dp ON Dp.sid = CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) -- In order to find out if a login has any users associated with it + WHERE LExt.type NOT IN ('R', 'Z') + ) + WHERE LoginName = @input_loginname; + + CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) + INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) + SELECT + UExt2.database_name as database_name, + UExt1.orig_username as role_name, + UExt2.login_name as member_login + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') + AND UExt2.login_name = sys.suser_name() + + SELECT * FROM + ( + SELECT + CASE ISNULL(UExt.login_name, '') + WHEN '' THEN CAST(Db.owner AS sys.SYSNAME) + ELSE CAST(UExt.login_name AS sys.SYSNAME) + END AS LoginName, + CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, + 'User' AS UserOrAlias + FROM sys.babelfish_authid_user_ext UExt + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name + WHERE UExt.type != 'R' AND + UExt.orig_username != 'guest' AND + has_dbaccess(UExt.database_name) = 1 AND + ( + is_srvrolemember('sysadmin') = 1 OR + EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR + UExt.login_name = LOWER(sys.suser_name()) OR + ISNULL(UExt.login_name, '') = '' + ) + UNION + SELECT + CASE ISNULL(UExt2.login_name, '') + WHEN '' THEN CAST(Db.owner AS sys.SYSNAME) + ELSE CAST(UExt2.login_name AS sys.SYSNAME) + END AS LoginName, + CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, + 'Member of' AS UserOrAlias + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name + WHERE UExt1.type = 'R' AND + UExt2.orig_username != 'db_owner' AND + has_dbaccess(UExt2.database_name) = 1 AND + ( + is_srvrolemember('sysadmin') = 1 OR + UExt2.login_name = LOWER(sys.suser_name()) OR + ISNULL(UExt2.login_name, '') = '' + ) + ) + WHERE LoginName = @input_loginname; + + RETURN 0; +END; +$$; +GRANT EXECUTE ON PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) TO PUBLIC; \ No newline at end of file diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index 637715c4a07..f3b267f58ce 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -112,6 +112,195 @@ END; $$ LANGUAGE plpgsql IMMUTABLE; +CREATE OR REPLACE PROCEDURE sys.sp_helplogins() +LANGUAGE pltsql +AS $$ +BEGIN + + IF is_srvrolemember('securityadmin') = 0 + BEGIN + RAISERROR('User does not have permission to perform this action.', 16, 1); + RETURN 1; + END + + SELECT + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, + CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, + CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, + CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, + CASE + WHEN Dp.name IS NOT NULL THEN 'YES' + ELSE 'NO' + END as AUser, + 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins + FROM pg_catalog.pg_roles AS Base + INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname + LEFT JOIN sys.database_principals Dp ON Dp.sid = CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) -- In order to find out if a login has any users associated with it + WHERE LExt.type NOT IN ('R', 'Z'); + + CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) + INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) + SELECT + UExt2.database_name as database_name, + UExt1.orig_username as role_name, + UExt2.login_name as member_login + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') + AND UExt2.login_name = sys.suser_name() + + SELECT + CASE ISNULL(UExt.login_name, '') + WHEN '' THEN CAST(Db.owner AS sys.SYSNAME) + ELSE CAST(UExt.login_name AS sys.SYSNAME) + END AS LoginName, + CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, + 'User' AS UserOrAlias + FROM sys.babelfish_authid_user_ext UExt + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name + WHERE UExt.type != 'R' AND + UExt.orig_username != 'guest' AND + has_dbaccess(UExt.database_name) = 1 AND + ( + is_srvrolemember('sysadmin') = 1 OR + EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR + UExt.login_name = LOWER(sys.suser_name()) OR + ISNULL(UExt.login_name, '') = '' + ) + + UNION + + SELECT + CASE ISNULL(UExt2.login_name, '') + WHEN '' THEN CAST(Db.owner AS sys.SYSNAME) + ELSE CAST(UExt2.login_name AS sys.SYSNAME) + END AS LoginName, + CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, + 'Member of' AS UserOrAlias + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name + WHERE UExt1.type = 'R' AND + UExt2.orig_username != 'db_owner' AND + has_dbaccess(UExt2.database_name) = 1 AND + ( + is_srvrolemember('sysadmin') = 1 OR + UExt2.login_name = LOWER(sys.suser_name()) OR + ISNULL(UExt2.login_name, '') = '' + ) + + RETURN 0; +END; +$$; +GRANT EXECUTE ON PROCEDURE sys.sp_helplogins() TO PUBLIC; + +CREATE OR REPLACE PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) +LANGUAGE pltsql +AS $$ +DECLARE @input_loginname sys.SYSNAME; +BEGIN + + SET @input_loginname = sys.RTRIM(@loginname); + + IF is_srvrolemember('securityadmin') = 0 + BEGIN + RAISERROR('User does not have permission to perform this action.', 16, 1); + RETURN 1; + END + + SELECT * FROM + ( + SELECT + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, + CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, + CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, + CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, + CASE + WHEN Dp.name IS NOT NULL THEN 'YES' + ELSE 'NO' + END as AUser, + 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins + FROM pg_catalog.pg_roles AS Base + INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname + LEFT JOIN sys.database_principals Dp ON Dp.sid = CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) -- In order to find out if a login has any users associated with it + WHERE LExt.type NOT IN ('R', 'Z') + ) + WHERE LoginName = @input_loginname; + + CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) + INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) + SELECT + UExt2.database_name as database_name, + UExt1.orig_username as role_name, + UExt2.login_name as member_login + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') + AND UExt2.login_name = sys.suser_name() + + SELECT * FROM + ( + SELECT + CASE ISNULL(UExt.login_name, '') + WHEN '' THEN CAST(Db.owner AS sys.SYSNAME) + ELSE CAST(UExt.login_name AS sys.SYSNAME) + END AS LoginName, + CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, + 'User' AS UserOrAlias + FROM sys.babelfish_authid_user_ext UExt + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name + WHERE UExt.type != 'R' AND + UExt.orig_username != 'guest' AND + has_dbaccess(UExt.database_name) = 1 AND + ( + is_srvrolemember('sysadmin') = 1 OR + EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR + UExt.login_name = LOWER(sys.suser_name()) OR + ISNULL(UExt.login_name, '') = '' + ) + UNION + SELECT + CASE ISNULL(UExt2.login_name, '') + WHEN '' THEN CAST(Db.owner AS sys.SYSNAME) + ELSE CAST(UExt2.login_name AS sys.SYSNAME) + END AS LoginName, + CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, + 'Member of' AS UserOrAlias + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name + WHERE UExt1.type = 'R' AND + UExt2.orig_username != 'db_owner' AND + has_dbaccess(UExt2.database_name) = 1 AND + ( + is_srvrolemember('sysadmin') = 1 OR + UExt2.login_name = LOWER(sys.suser_name()) OR + ISNULL(UExt2.login_name, '') = '' + ) + ) + WHERE LoginName = @input_loginname; + + RETURN 0; +END; +$$; +GRANT EXECUTE ON PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) TO PUBLIC; + CREATE OR REPLACE VIEW sys.server_permissions AS WITH super_user AS (SELECT datdba AS super_user FROM pg_database WHERE datname = CURRENT_DATABASE()) SELECT diff --git a/contrib/babelfishpg_tsql/src/tsqlUnsupportedFeatureHandler.cpp b/contrib/babelfishpg_tsql/src/tsqlUnsupportedFeatureHandler.cpp index 9eb05f076d2..ec2c1dfecb9 100644 --- a/contrib/babelfishpg_tsql/src/tsqlUnsupportedFeatureHandler.cpp +++ b/contrib/babelfishpg_tsql/src/tsqlUnsupportedFeatureHandler.cpp @@ -1712,7 +1712,6 @@ const char *unsupported_sp_procedures[] = { "sp_generate_database_ledger_digest", "sp_grantdbaccess", "sp_grantlogin", - "sp_helplogins", "sp_helpntgroup", "sp_helpremotelogin", "sp_helprotect", diff --git a/test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out b/test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out new file mode 100644 index 00000000000..33517aac2db --- /dev/null +++ b/test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out @@ -0,0 +1,47 @@ +-- tsql user=jdbc_user password=12345678 database=master +drop user if exists userof_testlogin +GO + +-- tsql +drop login testlogin +GO + +-- tsql +drop user if exists userof_testloginwithsecurityadmin +GO + +-- tsql +drop user if exists userof_testloginwithsecurityadmin_indb1 +GO + +-- tsql +drop login testloginwithsecurityadmin +GO + +-- tsql +drop database db1 +GO + +-- tsql +drop user if exists userof_testloginwithsecurityadmin2 +GO + +-- tsql +drop login testloginwithsecurityadmin2 +GO + +-- tsql +drop login testloginwithsecurityadmin3 +GO + +-- tsql +drop database db2 +GO + +-- tsql +drop login testloginindb1 +GO + +-- tsql +drop user if exists userof_testloginindb1 +GO diff --git a/test/JDBC/expected/Test-sp_helplogins-vu-verify.out b/test/JDBC/expected/Test-sp_helplogins-vu-verify.out new file mode 100644 index 00000000000..541922762ab --- /dev/null +++ b/test/JDBC/expected/Test-sp_helplogins-vu-verify.out @@ -0,0 +1,325 @@ + +-- tsql +-- prepare script for sp_helplogins +-- create login with user in master with db_securityadmin role +create login testlogin with password = '12345678' +create user userof_testlogin for login testlogin +GO + +-- tsql +alter role db_securityadmin add member userof_testlogin +GO + +-- tsql +-- create a dummy db +create database db1 +GO + +-- tsql +-- create a login with user in master with securityadmin server role +create login testloginwithsecurityadmin with password = '12345678' +create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin +GO + +-- tsql +alter server role securityadmin add member testloginwithsecurityadmin +GO + +-- tsql +-- create another user for login testloginwithsecurityadmin in db1 +use db1 +GO +create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin +GO + +-- tsql +use master +GO + +-- tsql +-- create a login which is a member of securityadmin server role +-- and has a user with db_securityadmin role in db1 +create login testloginwithsecurityadmin2 with password = '12345678' +GO + +-- tsql +alter server role securityadmin add member testloginwithsecurityadmin2 +GO + +-- tsql +-- create a login and a user in db1 +create login testloginindb1 with password = '12345678' +GO + +-- tsql +use db1 +GO + +-- tsql +create user userof_testloginindb1 for login testloginindb1 +GO + +-- tsql +create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 +GO + +-- tsql +alter role db_securityadmin add member userof_testloginwithsecurityadmin2 +GO + + +-- tsql +-- create a login which is a member of securityadmin server role +-- with a default database and ownership on db2 +create database db2 +GO + +-- tsql +create login testloginwithsecurityadmin3 with password = '12345678', default_database = db2 +GO + +-- tsql +alter server role securityadmin add member testloginwithsecurityadmin3 +GO + +-- tsql +alter AUTHORIZATION on database::db2 to testloginwithsecurityadmin3 +GO + + + +-- tsql +-- verify script for sp_helplogins +EXEC sp_helplogins +GO +~~START~~ +varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#00004000#!#master#!#English#!#YES#!#NO +testlogin#!#000160C9#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin#!#00016105#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin2#!#00016117#!#master#!#English#!#YES#!#NO +testloginindb1#!#0001611F#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin3#!#00016164#!#db2#!#English#!#NO#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#db1#!#db_owner#!#Member of +jdbc_user#!#db1#!#dbo#!#User +jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#dbo#!#User +testlogin#!#master#!#db_securityadmin#!#Member of +testlogin#!#master#!#userof_testlogin#!#User +testloginindb1#!#db1#!#userof_testloginindb1#!#User +testloginwithsecurityadmin#!#db1#!#userof_testloginwithsecurityadmin_indb1#!#User +testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User +testloginwithsecurityadmin2#!#db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#db1#!#userof_testloginwithsecurityadmin2#!#User +testloginwithsecurityadmin3#!#db2#!#db_owner#!#Member of +testloginwithsecurityadmin3#!#db2#!#dbo#!#User +~~END~~ + + +-- tsql user=testlogin password=12345678 +EXEC sp_helplogins +GO +~~ERROR (Code: 50000)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + + +-- tsql user=testloginwithsecurityadmin password=12345678 +EXEC sp_helplogins +GO +~~START~~ +varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#00004000#!#master#!#English#!#YES#!#NO +testlogin#!#000160C9#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin#!#00016105#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin2#!#00016117#!#master#!#English#!#NO#!#NO +testloginindb1#!#0001611F#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin3#!#00016164#!#db2#!#English#!#NO#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#db1#!#db_owner#!#Member of +jdbc_user#!#db1#!#dbo#!#User +jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#dbo#!#User +testloginwithsecurityadmin#!#db1#!#userof_testloginwithsecurityadmin_indb1#!#User +testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User +~~END~~ + + +-- tsql user=testloginwithsecurityadmin2 password=12345678 +EXEC sp_helplogins +GO +~~START~~ +varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#00004000#!#master#!#English#!#YES#!#NO +testlogin#!#000160C9#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin#!#00016105#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin2#!#00016117#!#master#!#English#!#NO#!#NO +testloginindb1#!#0001611F#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin3#!#00016164#!#db2#!#English#!#NO#!#NO +~~END~~ + +~~ROW COUNT: 1~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#db1#!#db_owner#!#Member of +jdbc_user#!#db1#!#dbo#!#User +jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#dbo#!#User +testloginindb1#!#db1#!#userof_testloginindb1#!#User +testloginwithsecurityadmin#!#db1#!#userof_testloginwithsecurityadmin_indb1#!#User +testloginwithsecurityadmin2#!#db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#db1#!#userof_testloginwithsecurityadmin2#!#User +~~END~~ + + +-- tsql user=testloginwithsecurityadmin3 password=12345678 +EXEC sp_helplogins +GO +~~START~~ +varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#00004000#!#master#!#English#!#YES#!#NO +testlogin#!#000160C9#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin#!#00016105#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin2#!#00016117#!#master#!#English#!#NO#!#NO +testloginindb1#!#0001611F#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin3#!#00016164#!#db2#!#English#!#NO#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#dbo#!#User +testloginwithsecurityadmin3#!#db2#!#db_owner#!#Member of +testloginwithsecurityadmin3#!#db2#!#dbo#!#User +~~END~~ + + +-- tsql user=jdbc_user password=12345678 +EXEC sp_helplogins 'jdbc_user' +GO +~~START~~ +varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#00004000#!#master#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#db1#!#db_owner#!#Member of +jdbc_user#!#db1#!#dbo#!#User +jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#dbo#!#User +~~END~~ + + +-- tsql user=jdbc_user password=12345678 +EXEC sp_helplogins 'testlogin' +GO +~~START~~ +varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar +testlogin#!#000160C9#!#master#!#English#!#NO#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +testlogin#!#master#!#db_securityadmin#!#Member of +testlogin#!#master#!#userof_testlogin#!#User +~~END~~ + + +-- tsql user=jdbc_user password=12345678 +EXEC sp_helplogins 'testloginwithsecurityadmin' +GO +~~START~~ +varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar +testloginwithsecurityadmin#!#00016105#!#master#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +testloginwithsecurityadmin#!#db1#!#userof_testloginwithsecurityadmin_indb1#!#User +testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User +~~END~~ + + +-- tsql user=jdbc_user password=12345678 +EXEC sp_helplogins 'testloginwithsecurityadmin2' +GO +~~START~~ +varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar +testloginwithsecurityadmin2#!#00016117#!#master#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +testloginwithsecurityadmin2#!#db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#db1#!#userof_testloginwithsecurityadmin2#!#User +~~END~~ + + +-- tsql user=jdbc_user password=12345678 +EXEC sp_helplogins 'testloginwithsecurityadmin2 ' +GO +~~START~~ +varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar +testloginwithsecurityadmin2#!#00016117#!#master#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +testloginwithsecurityadmin2#!#db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#db1#!#userof_testloginwithsecurityadmin2#!#User +~~END~~ + + +-- tsql user=jdbc_user password=12345678 +EXEC sp_helplogins ' testloginwithsecurityadmin2 ' +GO +~~START~~ +varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +~~END~~ + + +-- tsql user=jdbc_user password=12345678 +EXEC sp_helplogins ' ' +GO +~~START~~ +varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +~~END~~ + + diff --git a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix new file mode 100644 index 00000000000..7741ffadb54 --- /dev/null +++ b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix @@ -0,0 +1,47 @@ +-- tsql user=jdbc_user password=12345678 database=master +drop user if exists userof_testlogin +GO + +-- tsql +drop login testlogin +GO + +-- tsql +drop user if exists userof_testloginwithsecurityadmin +GO + +-- tsql +drop user if exists userof_testloginwithsecurityadmin_indb1 +GO + +-- tsql +drop login testloginwithsecurityadmin +GO + +-- tsql +drop database db1 +GO + +-- tsql +drop user if exists userof_testloginwithsecurityadmin2 +GO + +-- tsql +drop login testloginwithsecurityadmin2 +GO + +-- tsql +drop login testloginwithsecurityadmin3 +GO + +-- tsql +drop database db2 +GO + +-- tsql +drop login testloginindb1 +GO + +-- tsql +drop user if exists userof_testloginindb1 +GO \ No newline at end of file diff --git a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix new file mode 100644 index 00000000000..0d66e779f91 --- /dev/null +++ b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix @@ -0,0 +1,139 @@ +-- prepare script for sp_helplogins + +-- create login with user in master with db_securityadmin role +-- tsql +create login testlogin with password = '12345678' +create user userof_testlogin for login testlogin +GO + +-- tsql +alter role db_securityadmin add member userof_testlogin +GO + +-- create a dummy db +-- tsql +create database db1 +GO + +-- create a login with user in master with securityadmin server role +-- tsql +create login testloginwithsecurityadmin with password = '12345678' +create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin +GO + +-- tsql +alter server role securityadmin add member testloginwithsecurityadmin +GO + +-- create another user for login testloginwithsecurityadmin in db1 +-- tsql +use db1 +GO +create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin +GO + +-- tsql +use master +GO + +-- create a login which is a member of securityadmin server role +-- and has a user with db_securityadmin role in db1 +-- tsql +create login testloginwithsecurityadmin2 with password = '12345678' +GO + +-- tsql +alter server role securityadmin add member testloginwithsecurityadmin2 +GO + +-- create a login and a user in db1 +-- tsql +create login testloginindb1 with password = '12345678' +GO + +-- tsql +use db1 +GO + +-- tsql +create user userof_testloginindb1 for login testloginindb1 +GO + +-- tsql +create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 +GO + +-- tsql +alter role db_securityadmin add member userof_testloginwithsecurityadmin2 +GO + + +-- create a login which is a member of securityadmin server role +-- with a default database and ownership on db2 +-- tsql +create database db2 +GO + +-- tsql +create login testloginwithsecurityadmin3 with password = '12345678', default_database = db2 +GO + +-- tsql +alter server role securityadmin add member testloginwithsecurityadmin3 +GO + +-- tsql +alter AUTHORIZATION on database::db2 to testloginwithsecurityadmin3 +GO + + +-- verify script for sp_helplogins + +-- tsql +EXEC sp_helplogins +GO + +-- tsql user=testlogin password=12345678 +EXEC sp_helplogins +GO + +-- tsql user=testloginwithsecurityadmin password=12345678 +EXEC sp_helplogins +GO + +-- tsql user=testloginwithsecurityadmin2 password=12345678 +EXEC sp_helplogins +GO + +-- tsql user=testloginwithsecurityadmin3 password=12345678 +EXEC sp_helplogins +GO + +-- tsql user=jdbc_user password=12345678 +EXEC sp_helplogins 'jdbc_user' +GO + +-- tsql user=jdbc_user password=12345678 +EXEC sp_helplogins 'testlogin' +GO + +-- tsql user=jdbc_user password=12345678 +EXEC sp_helplogins 'testloginwithsecurityadmin' +GO + +-- tsql user=jdbc_user password=12345678 +EXEC sp_helplogins 'testloginwithsecurityadmin2' +GO + +-- tsql user=jdbc_user password=12345678 +EXEC sp_helplogins 'testloginwithsecurityadmin2 ' +GO + +-- tsql user=jdbc_user password=12345678 +EXEC sp_helplogins ' testloginwithsecurityadmin2 ' +GO + +-- tsql user=jdbc_user password=12345678 +EXEC sp_helplogins ' ' +GO + diff --git a/test/JDBC/jdbc_schedule b/test/JDBC/jdbc_schedule index 2cc8da0d149..ead3505a002 100644 --- a/test/JDBC/jdbc_schedule +++ b/test/JDBC/jdbc_schedule @@ -579,3 +579,7 @@ ignore#!#test_constraint_like-16-6-vu-cleanup ignore#!#sys-fn-varbintohexsubstring-before-16_10-or-17_6-vu-prepare ignore#!#sys-fn-varbintohexsubstring-before-16_10-or-17_6-vu-verify ignore#!#sys-fn-varbintohexsubstring-before-16_10-or-17_6-vu-cleanup + +# More info: BABEL-5742 +ignore#!#Test-sp_helplogins-vu-verify +ignore#!#Test-sp_helplogins-vu-cleanup \ No newline at end of file diff --git a/test/JDBC/singledb_jdbc_schedule b/test/JDBC/singledb_jdbc_schedule index 15846e6c336..3bb0cba5c8c 100644 --- a/test/JDBC/singledb_jdbc_schedule +++ b/test/JDBC/singledb_jdbc_schedule @@ -15,3 +15,13 @@ ignore#!#test_search_path ignore#!#alter-mvu-test-vu-prepare ignore#!#alter-mvu-test-vu-verify ignore#!#alter-mvu-test-vu-cleanup +<<<<<<< Updated upstream +======= +ignore#!#sys_database_principals-vu-prepare +ignore#!#sys_database_principals-vu-verify +ignore#!#sys_database_principals-vu-cleanup + +# because these inherently execute with more than one db +ignore#!#Test-sp_helplogins-vu-verify +ignore#!#Test-sp_helplogins-vu-cleanup +>>>>>>> Stashed changes From 23684fe97928e4603b8a3a5ca31f061613567517 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Thu, 1 May 2025 20:32:25 +0000 Subject: [PATCH 02/54] Removed tests from singledb-schedule since these tests are expected to run in a multi-db setup --- test/JDBC/singledb_jdbc_schedule | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/test/JDBC/singledb_jdbc_schedule b/test/JDBC/singledb_jdbc_schedule index 3bb0cba5c8c..3d998c0e8b7 100644 --- a/test/JDBC/singledb_jdbc_schedule +++ b/test/JDBC/singledb_jdbc_schedule @@ -2,6 +2,10 @@ # 1. Lines starting with '#' will be treated as comments # 2. To ignore any test file, add an entry like ignore#!# +# because these inherently execute with more than one db +ignore#!#Test-sp_helplogins-vu-verify +ignore#!#Test-sp_helplogins-vu-cleanup + ignore#!#test_db_collation-vu-prepare ignore#!#test_db_collation-vu-verify ignore#!#test_db_collation-vu-cleanup @@ -15,13 +19,3 @@ ignore#!#test_search_path ignore#!#alter-mvu-test-vu-prepare ignore#!#alter-mvu-test-vu-verify ignore#!#alter-mvu-test-vu-cleanup -<<<<<<< Updated upstream -======= -ignore#!#sys_database_principals-vu-prepare -ignore#!#sys_database_principals-vu-verify -ignore#!#sys_database_principals-vu-cleanup - -# because these inherently execute with more than one db -ignore#!#Test-sp_helplogins-vu-verify -ignore#!#Test-sp_helplogins-vu-cleanup ->>>>>>> Stashed changes From 6b2ddbbd68f0c3448ea35486093c738b8c243d68 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Mon, 5 May 2025 19:31:54 +0000 Subject: [PATCH 03/54] Addressed comments - improved join conditions, separated prepare script out of verify script --- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 161 +++++++++--------- .../Test-sp_helplogins-vu-cleanup.out | 14 +- .../Test-sp_helplogins-vu-prepare.out | 72 ++++++++ .../expected/Test-sp_helplogins-vu-verify.out | 151 ++++------------ .../Test-sp_helplogins-vu-cleanup.mix | 14 +- .../Test-sp_helplogins-vu-prepare.mix | 72 ++++++++ .../Test-sp_helplogins-vu-verify.mix | 99 +---------- 7 files changed, 264 insertions(+), 319 deletions(-) create mode 100644 test/JDBC/expected/Test-sp_helplogins-vu-prepare.out create mode 100644 test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-prepare.mix diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index 2eabc555b65..4e6352b8bbd 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3755,9 +3755,28 @@ END; $$ LANGUAGE pltsql; GRANT EXECUTE ON PROCEDURE sys.sp_procedure_params_100_managed TO PUBLIC; +CREATE OR REPLACE VIEW sys.all_database_users AS +SELECT DISTINCT +CASE + WHEN Ext.orig_username = 'dbo' THEN Base3.oid + WHEN Ext.orig_username = 'guest' THEN 0 + ELSE Base2.oid +END AS oid +FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_user_ext AS Ext +ON Base.rolname = Ext.rolname +LEFT OUTER JOIN pg_catalog.pg_roles Base2 +ON Ext.login_name = Base2.rolname +LEFT OUTER JOIN sys.babelfish_sysdatabases AS Db +ON Ext.database_name COLLATE sys.database_default = Db.name +LEFT OUTER JOIN pg_catalog.pg_roles AS Base3 +ON Db.owner = Base3.rolname +WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL; +GRANT SELECT on sys.all_database_users TO PUBLIC; + CREATE OR REPLACE PROCEDURE sys.sp_helplogins() LANGUAGE pltsql AS $$ +DECLARE @current_username sys.nvarchar(128) BEGIN IF is_srvrolemember('securityadmin') = 0 @@ -3766,79 +3785,73 @@ BEGIN RETURN 1; END + SET @current_username = sys.suser_name(); + SELECT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Dp.name IS NOT NULL THEN 'YES' + WHEN Dp.oid IS NOT NULL THEN 'YES' ELSE 'NO' END as AUser, 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname - LEFT JOIN sys.database_principals Dp ON Dp.sid = CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) -- In order to find out if a login has any users associated with it + LEFT JOIN sys.all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it WHERE LExt.type NOT IN ('R', 'Z'); CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) SELECT UExt2.database_name as database_name, - UExt1.orig_username as role_name, - UExt2.login_name as member_login + UExt1.orig_username as role_name, + UExt2.login_name as member_login FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') - AND UExt2.login_name = sys.suser_name() + AND UExt2.login_name = @current_username SELECT - CASE ISNULL(UExt.login_name, '') - WHEN '' THEN CAST(Db.owner AS sys.SYSNAME) - ELSE CAST(UExt.login_name AS sys.SYSNAME) - END AS LoginName, - CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, - CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - 'User' AS UserOrAlias + CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, + 'User' AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name WHERE UExt.type != 'R' AND UExt.orig_username != 'guest' AND has_dbaccess(UExt.database_name) = 1 AND ( - is_srvrolemember('sysadmin') = 1 OR + is_srvrolemember('sysadmin') = 1 OR EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR - UExt.login_name = LOWER(sys.suser_name()) OR + UExt.login_name = LOWER(@current_username) OR ISNULL(UExt.login_name, '') = '' - ) + ) UNION SELECT - CASE ISNULL(UExt2.login_name, '') - WHEN '' THEN CAST(Db.owner AS sys.SYSNAME) - ELSE CAST(UExt2.login_name AS sys.SYSNAME) - END AS LoginName, + CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, 'Member of' AS UserOrAlias FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name - WHERE UExt1.type = 'R' AND - UExt2.orig_username != 'db_owner' AND - has_dbaccess(UExt2.database_name) = 1 AND + WHERE has_dbaccess(UExt2.database_name) = 1 AND ( - is_srvrolemember('sysadmin') = 1 OR - UExt2.login_name = LOWER(sys.suser_name()) OR - ISNULL(UExt2.login_name, '') = '' - ) + is_srvrolemember('sysadmin') = 1 OR + UExt2.login_name = LOWER(@current_username) OR + ISNULL(UExt2.login_name, '') = '' + ) RETURN 0; END; @@ -3848,10 +3861,12 @@ GRANT EXECUTE ON PROCEDURE sys.sp_helplogins() TO PUBLIC; CREATE OR REPLACE PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) LANGUAGE pltsql AS $$ +DECLARE @current_username sys.nvarchar(128) DECLARE @input_loginname sys.SYSNAME; BEGIN SET @input_loginname = sys.RTRIM(@loginname); + SET @current_username = sys.suser_name(); IF is_srvrolemember('securityadmin') = 0 BEGIN @@ -3861,82 +3876,74 @@ BEGIN SELECT * FROM ( - SELECT - CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, - CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, - CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, - CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, - CASE - WHEN Dp.name IS NOT NULL THEN 'YES' - ELSE 'NO' - END as AUser, - 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins - FROM pg_catalog.pg_roles AS Base - INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname - LEFT JOIN sys.database_principals Dp ON Dp.sid = CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) -- In order to find out if a login has any users associated with it - WHERE LExt.type NOT IN ('R', 'Z') - ) + SELECT + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, + CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, + CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, + CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, + CASE + WHEN Dp.oid IS NOT NULL THEN 'YES' + ELSE 'NO' + END as AUser, + 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins + FROM pg_catalog.pg_roles AS Base + INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname + LEFT JOIN sys.all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it + WHERE LExt.type NOT IN ('R', 'Z') + ) WHERE LoginName = @input_loginname; CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) SELECT UExt2.database_name as database_name, - UExt1.orig_username as role_name, - UExt2.login_name as member_login + UExt1.orig_username as role_name, + UExt2.login_name as member_login FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') - AND UExt2.login_name = sys.suser_name() + AND UExt2.login_name = @current_username SELECT * FROM ( - SELECT - CASE ISNULL(UExt.login_name, '') - WHEN '' THEN CAST(Db.owner AS sys.SYSNAME) - ELSE CAST(UExt.login_name AS sys.SYSNAME) - END AS LoginName, - CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, - CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - 'User' AS UserOrAlias + SELECT + CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, + 'User' AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name WHERE UExt.type != 'R' AND - UExt.orig_username != 'guest' AND - has_dbaccess(UExt.database_name) = 1 AND - ( - is_srvrolemember('sysadmin') = 1 OR - EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR - UExt.login_name = LOWER(sys.suser_name()) OR - ISNULL(UExt.login_name, '') = '' - ) + UExt.orig_username != 'guest' AND + has_dbaccess(UExt.database_name) = 1 AND + ( + is_srvrolemember('sysadmin') = 1 OR + EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR + UExt.login_name = LOWER(@current_username) OR + ISNULL(UExt.login_name, '') = '' + ) UNION SELECT - CASE ISNULL(UExt2.login_name, '') - WHEN '' THEN CAST(Db.owner AS sys.SYSNAME) - ELSE CAST(UExt2.login_name AS sys.SYSNAME) - END AS LoginName, + CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, 'Member of' AS UserOrAlias FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name - WHERE UExt1.type = 'R' AND - UExt2.orig_username != 'db_owner' AND - has_dbaccess(UExt2.database_name) = 1 AND - ( - is_srvrolemember('sysadmin') = 1 OR - UExt2.login_name = LOWER(sys.suser_name()) OR - ISNULL(UExt2.login_name, '') = '' - ) - ) + WHERE has_dbaccess(UExt2.database_name) = 1 AND + ( + is_srvrolemember('sysadmin') = 1 OR + UExt2.login_name = LOWER(@current_username) OR + ISNULL(UExt2.login_name, '') = '' + ) + ) WHERE LoginName = @input_loginname; RETURN 0; diff --git a/test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out b/test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out index 33517aac2db..a73fc38a48d 100644 --- a/test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out +++ b/test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out @@ -2,46 +2,38 @@ drop user if exists userof_testlogin GO --- tsql drop login testlogin GO --- tsql drop user if exists userof_testloginwithsecurityadmin GO --- tsql drop user if exists userof_testloginwithsecurityadmin_indb1 GO --- tsql drop login testloginwithsecurityadmin GO --- tsql drop database db1 GO --- tsql drop user if exists userof_testloginwithsecurityadmin2 GO --- tsql drop login testloginwithsecurityadmin2 GO --- tsql drop login testloginwithsecurityadmin3 GO --- tsql drop database db2 GO --- tsql drop login testloginindb1 GO --- tsql drop user if exists userof_testloginindb1 GO + +drop login testloginwithoutusers +GO diff --git a/test/JDBC/expected/Test-sp_helplogins-vu-prepare.out b/test/JDBC/expected/Test-sp_helplogins-vu-prepare.out new file mode 100644 index 00000000000..f64538a51e7 --- /dev/null +++ b/test/JDBC/expected/Test-sp_helplogins-vu-prepare.out @@ -0,0 +1,72 @@ +-- tsql +-- create login with user in master with db_securityadmin role +create login testlogin with password = '12345678' +create user userof_testlogin for login testlogin +GO + +alter role db_securityadmin add member userof_testlogin +GO + +-- create a dummy db +create database db1 +GO + +-- create a login with user in master with securityadmin server role +create login testloginwithsecurityadmin with password = '12345678' +create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin +GO + +alter server role securityadmin add member testloginwithsecurityadmin +GO + +-- create another user for login testloginwithsecurityadmin in db1 +use db1 +GO +create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin +GO + +use master +GO + +-- create a login which does not have any users +create login testloginwithoutusers with password = '12345678' +GO + +-- create a login which is a member of securityadmin server role +-- and has a user with db_securityadmin role in db1 +create login testloginwithsecurityadmin2 with password = '12345678' +GO + +alter server role securityadmin add member testloginwithsecurityadmin2 +GO + +-- create a login and a user in db1 +create login testloginindb1 with password = '12345678' +GO + +use db1 +GO + +create user userof_testloginindb1 for login testloginindb1 +GO + +create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 +GO + +alter role db_securityadmin add member userof_testloginwithsecurityadmin2 +GO + + +-- create a login which is a member of securityadmin server role +-- with a default database and ownership on db2 +create database db2 +GO + +create login testloginwithsecurityadmin3 with password = '12345678', default_database = db2 +GO + +alter server role securityadmin add member testloginwithsecurityadmin3 +GO + +alter AUTHORIZATION on database::db2 to testloginwithsecurityadmin3 +GO diff --git a/test/JDBC/expected/Test-sp_helplogins-vu-verify.out b/test/JDBC/expected/Test-sp_helplogins-vu-verify.out index 541922762ab..78fa4f4be8a 100644 --- a/test/JDBC/expected/Test-sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/Test-sp_helplogins-vu-verify.out @@ -1,105 +1,15 @@ - --- tsql --- prepare script for sp_helplogins --- create login with user in master with db_securityadmin role -create login testlogin with password = '12345678' -create user userof_testlogin for login testlogin -GO - --- tsql -alter role db_securityadmin add member userof_testlogin -GO - --- tsql --- create a dummy db -create database db1 -GO - --- tsql --- create a login with user in master with securityadmin server role -create login testloginwithsecurityadmin with password = '12345678' -create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin -GO - --- tsql -alter server role securityadmin add member testloginwithsecurityadmin -GO - --- tsql --- create another user for login testloginwithsecurityadmin in db1 -use db1 -GO -create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin -GO - --- tsql -use master -GO - --- tsql --- create a login which is a member of securityadmin server role --- and has a user with db_securityadmin role in db1 -create login testloginwithsecurityadmin2 with password = '12345678' -GO - --- tsql -alter server role securityadmin add member testloginwithsecurityadmin2 -GO - --- tsql --- create a login and a user in db1 -create login testloginindb1 with password = '12345678' -GO - --- tsql -use db1 -GO - --- tsql -create user userof_testloginindb1 for login testloginindb1 -GO - --- tsql -create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 -GO - --- tsql -alter role db_securityadmin add member userof_testloginwithsecurityadmin2 -GO - - --- tsql --- create a login which is a member of securityadmin server role --- with a default database and ownership on db2 -create database db2 -GO - --- tsql -create login testloginwithsecurityadmin3 with password = '12345678', default_database = db2 -GO - --- tsql -alter server role securityadmin add member testloginwithsecurityadmin3 -GO - --- tsql -alter AUTHORIZATION on database::db2 to testloginwithsecurityadmin3 -GO - - - --- tsql --- verify script for sp_helplogins +-- tsql user=jdbc_user password=12345678 EXEC sp_helplogins GO ~~START~~ varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar jdbc_user#!#00004000#!#master#!#English#!#YES#!#NO -testlogin#!#000160C9#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin#!#00016105#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin2#!#00016117#!#master#!#English#!#YES#!#NO -testloginindb1#!#0001611F#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin3#!#00016164#!#db2#!#English#!#NO#!#NO +testlogin#!#00014F5C#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin#!#00014F98#!#master#!#English#!#YES#!#NO +testloginwithoutusers#!#00014FAA#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin2#!#00014FB1#!#master#!#English#!#YES#!#NO +testloginindb1#!#00014FB9#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin3#!#00014FFF#!#db2#!#English#!#YES#!#NO ~~END~~ ~~START~~ @@ -138,11 +48,12 @@ GO ~~START~~ varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar jdbc_user#!#00004000#!#master#!#English#!#YES#!#NO -testlogin#!#000160C9#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin#!#00016105#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin2#!#00016117#!#master#!#English#!#NO#!#NO -testloginindb1#!#0001611F#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin3#!#00016164#!#db2#!#English#!#NO#!#NO +testlogin#!#00014F5C#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin#!#00014F98#!#master#!#English#!#YES#!#NO +testloginwithoutusers#!#00014FAA#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin2#!#00014FB1#!#master#!#English#!#YES#!#NO +testloginindb1#!#00014FB9#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin3#!#00014FFF#!#db2#!#English#!#YES#!#NO ~~END~~ ~~START~~ @@ -166,11 +77,12 @@ GO ~~START~~ varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar jdbc_user#!#00004000#!#master#!#English#!#YES#!#NO -testlogin#!#000160C9#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin#!#00016105#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin2#!#00016117#!#master#!#English#!#NO#!#NO -testloginindb1#!#0001611F#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin3#!#00016164#!#db2#!#English#!#NO#!#NO +testlogin#!#00014F5C#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin#!#00014F98#!#master#!#English#!#YES#!#NO +testloginwithoutusers#!#00014FAA#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin2#!#00014FB1#!#master#!#English#!#YES#!#NO +testloginindb1#!#00014FB9#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin3#!#00014FFF#!#db2#!#English#!#YES#!#NO ~~END~~ ~~ROW COUNT: 1~~ @@ -198,11 +110,12 @@ GO ~~START~~ varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar jdbc_user#!#00004000#!#master#!#English#!#YES#!#NO -testlogin#!#000160C9#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin#!#00016105#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin2#!#00016117#!#master#!#English#!#NO#!#NO -testloginindb1#!#0001611F#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin3#!#00016164#!#db2#!#English#!#NO#!#NO +testlogin#!#00014F5C#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin#!#00014F98#!#master#!#English#!#YES#!#NO +testloginwithoutusers#!#00014FAA#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin2#!#00014FB1#!#master#!#English#!#YES#!#NO +testloginindb1#!#00014FB9#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin3#!#00014FFF#!#db2#!#English#!#YES#!#NO ~~END~~ ~~START~~ @@ -239,12 +152,11 @@ jdbc_user#!#tempdb#!#dbo#!#User ~~END~~ --- tsql user=jdbc_user password=12345678 EXEC sp_helplogins 'testlogin' GO ~~START~~ varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar -testlogin#!#000160C9#!#master#!#English#!#NO#!#NO +testlogin#!#00014F5C#!#master#!#English#!#YES#!#NO ~~END~~ ~~START~~ @@ -254,12 +166,11 @@ testlogin#!#master#!#userof_testlogin#!#User ~~END~~ --- tsql user=jdbc_user password=12345678 EXEC sp_helplogins 'testloginwithsecurityadmin' GO ~~START~~ varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar -testloginwithsecurityadmin#!#00016105#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin#!#00014F98#!#master#!#English#!#YES#!#NO ~~END~~ ~~START~~ @@ -269,12 +180,11 @@ testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User ~~END~~ --- tsql user=jdbc_user password=12345678 EXEC sp_helplogins 'testloginwithsecurityadmin2' GO ~~START~~ varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar -testloginwithsecurityadmin2#!#00016117#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin2#!#00014FB1#!#master#!#English#!#YES#!#NO ~~END~~ ~~START~~ @@ -284,12 +194,11 @@ testloginwithsecurityadmin2#!#db1#!#userof_testloginwithsecurityadmin2#!#User ~~END~~ --- tsql user=jdbc_user password=12345678 EXEC sp_helplogins 'testloginwithsecurityadmin2 ' GO ~~START~~ varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar -testloginwithsecurityadmin2#!#00016117#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin2#!#00014FB1#!#master#!#English#!#YES#!#NO ~~END~~ ~~START~~ @@ -299,7 +208,6 @@ testloginwithsecurityadmin2#!#db1#!#userof_testloginwithsecurityadmin2#!#User ~~END~~ --- tsql user=jdbc_user password=12345678 EXEC sp_helplogins ' testloginwithsecurityadmin2 ' GO ~~START~~ @@ -311,7 +219,6 @@ varchar#!#varchar#!#varchar#!#varchar ~~END~~ --- tsql user=jdbc_user password=12345678 EXEC sp_helplogins ' ' GO ~~START~~ diff --git a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix index 7741ffadb54..307b51452fb 100644 --- a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix +++ b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix @@ -2,46 +2,38 @@ drop user if exists userof_testlogin GO --- tsql drop login testlogin GO --- tsql drop user if exists userof_testloginwithsecurityadmin GO --- tsql drop user if exists userof_testloginwithsecurityadmin_indb1 GO --- tsql drop login testloginwithsecurityadmin GO --- tsql drop database db1 GO --- tsql drop user if exists userof_testloginwithsecurityadmin2 GO --- tsql drop login testloginwithsecurityadmin2 GO --- tsql drop login testloginwithsecurityadmin3 GO --- tsql drop database db2 GO --- tsql drop login testloginindb1 GO --- tsql drop user if exists userof_testloginindb1 +GO + +drop login testloginwithoutusers GO \ No newline at end of file diff --git a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-prepare.mix b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-prepare.mix new file mode 100644 index 00000000000..6ce2af535d0 --- /dev/null +++ b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-prepare.mix @@ -0,0 +1,72 @@ +-- create login with user in master with db_securityadmin role +-- tsql +create login testlogin with password = '12345678' +create user userof_testlogin for login testlogin +GO + +alter role db_securityadmin add member userof_testlogin +GO + +-- create a dummy db +create database db1 +GO + +-- create a login with user in master with securityadmin server role +create login testloginwithsecurityadmin with password = '12345678' +create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin +GO + +alter server role securityadmin add member testloginwithsecurityadmin +GO + +-- create another user for login testloginwithsecurityadmin in db1 +use db1 +GO +create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin +GO + +use master +GO + +-- create a login which does not have any users +create login testloginwithoutusers with password = '12345678' +GO + +-- create a login which is a member of securityadmin server role +-- and has a user with db_securityadmin role in db1 +create login testloginwithsecurityadmin2 with password = '12345678' +GO + +alter server role securityadmin add member testloginwithsecurityadmin2 +GO + +-- create a login and a user in db1 +create login testloginindb1 with password = '12345678' +GO + +use db1 +GO + +create user userof_testloginindb1 for login testloginindb1 +GO + +create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 +GO + +alter role db_securityadmin add member userof_testloginwithsecurityadmin2 +GO + + +-- create a login which is a member of securityadmin server role +-- with a default database and ownership on db2 +create database db2 +GO + +create login testloginwithsecurityadmin3 with password = '12345678', default_database = db2 +GO + +alter server role securityadmin add member testloginwithsecurityadmin3 +GO + +alter AUTHORIZATION on database::db2 to testloginwithsecurityadmin3 +GO diff --git a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix index 0d66e779f91..5e07532a4e5 100644 --- a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix +++ b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix @@ -1,95 +1,4 @@ --- prepare script for sp_helplogins - --- create login with user in master with db_securityadmin role --- tsql -create login testlogin with password = '12345678' -create user userof_testlogin for login testlogin -GO - --- tsql -alter role db_securityadmin add member userof_testlogin -GO - --- create a dummy db --- tsql -create database db1 -GO - --- create a login with user in master with securityadmin server role --- tsql -create login testloginwithsecurityadmin with password = '12345678' -create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin -GO - --- tsql -alter server role securityadmin add member testloginwithsecurityadmin -GO - --- create another user for login testloginwithsecurityadmin in db1 --- tsql -use db1 -GO -create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin -GO - --- tsql -use master -GO - --- create a login which is a member of securityadmin server role --- and has a user with db_securityadmin role in db1 --- tsql -create login testloginwithsecurityadmin2 with password = '12345678' -GO - --- tsql -alter server role securityadmin add member testloginwithsecurityadmin2 -GO - --- create a login and a user in db1 --- tsql -create login testloginindb1 with password = '12345678' -GO - --- tsql -use db1 -GO - --- tsql -create user userof_testloginindb1 for login testloginindb1 -GO - --- tsql -create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 -GO - --- tsql -alter role db_securityadmin add member userof_testloginwithsecurityadmin2 -GO - - --- create a login which is a member of securityadmin server role --- with a default database and ownership on db2 --- tsql -create database db2 -GO - --- tsql -create login testloginwithsecurityadmin3 with password = '12345678', default_database = db2 -GO - --- tsql -alter server role securityadmin add member testloginwithsecurityadmin3 -GO - --- tsql -alter AUTHORIZATION on database::db2 to testloginwithsecurityadmin3 -GO - - --- verify script for sp_helplogins - --- tsql +-- tsql user=jdbc_user password=12345678 EXEC sp_helplogins GO @@ -113,27 +22,21 @@ GO EXEC sp_helplogins 'jdbc_user' GO --- tsql user=jdbc_user password=12345678 EXEC sp_helplogins 'testlogin' GO --- tsql user=jdbc_user password=12345678 EXEC sp_helplogins 'testloginwithsecurityadmin' GO --- tsql user=jdbc_user password=12345678 EXEC sp_helplogins 'testloginwithsecurityadmin2' GO --- tsql user=jdbc_user password=12345678 EXEC sp_helplogins 'testloginwithsecurityadmin2 ' GO --- tsql user=jdbc_user password=12345678 EXEC sp_helplogins ' testloginwithsecurityadmin2 ' GO --- tsql user=jdbc_user password=12345678 EXEC sp_helplogins ' ' GO From 68f7149d461ba3e24af3a230333366ec8f921901 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Mon, 5 May 2025 19:58:02 +0000 Subject: [PATCH 04/54] Rectified upgrade scripts --- .../babelfishpg_tsql--5.2.0--5.3.0.sql | 162 +++++++++--------- 1 file changed, 85 insertions(+), 77 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index f3b267f58ce..3492fb707bb 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -112,9 +112,29 @@ END; $$ LANGUAGE plpgsql IMMUTABLE; + +CREATE OR REPLACE VIEW sys.all_database_users AS +SELECT DISTINCT +CASE + WHEN Ext.orig_username = 'dbo' THEN Base3.oid + WHEN Ext.orig_username = 'guest' THEN 0 + ELSE Base2.oid +END AS oid +FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_user_ext AS Ext +ON Base.rolname = Ext.rolname +LEFT OUTER JOIN pg_catalog.pg_roles Base2 +ON Ext.login_name = Base2.rolname +LEFT OUTER JOIN sys.babelfish_sysdatabases AS Db +ON Ext.database_name COLLATE sys.database_default = Db.name +LEFT OUTER JOIN pg_catalog.pg_roles AS Base3 +ON Db.owner = Base3.rolname +WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL; +GRANT SELECT on sys.all_database_users TO PUBLIC; + CREATE OR REPLACE PROCEDURE sys.sp_helplogins() LANGUAGE pltsql AS $$ +DECLARE @current_username sys.nvarchar(128) BEGIN IF is_srvrolemember('securityadmin') = 0 @@ -123,79 +143,73 @@ BEGIN RETURN 1; END + SET @current_username = sys.suser_name(); + SELECT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Dp.name IS NOT NULL THEN 'YES' + WHEN Dp.oid IS NOT NULL THEN 'YES' ELSE 'NO' END as AUser, 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname - LEFT JOIN sys.database_principals Dp ON Dp.sid = CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) -- In order to find out if a login has any users associated with it + LEFT JOIN sys.all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it WHERE LExt.type NOT IN ('R', 'Z'); CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) SELECT UExt2.database_name as database_name, - UExt1.orig_username as role_name, - UExt2.login_name as member_login + UExt1.orig_username as role_name, + UExt2.login_name as member_login FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') - AND UExt2.login_name = sys.suser_name() + AND UExt2.login_name = @current_username SELECT - CASE ISNULL(UExt.login_name, '') - WHEN '' THEN CAST(Db.owner AS sys.SYSNAME) - ELSE CAST(UExt.login_name AS sys.SYSNAME) - END AS LoginName, - CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, - CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - 'User' AS UserOrAlias + CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, + 'User' AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name WHERE UExt.type != 'R' AND UExt.orig_username != 'guest' AND has_dbaccess(UExt.database_name) = 1 AND ( - is_srvrolemember('sysadmin') = 1 OR + is_srvrolemember('sysadmin') = 1 OR EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR - UExt.login_name = LOWER(sys.suser_name()) OR + UExt.login_name = LOWER(@current_username) OR ISNULL(UExt.login_name, '') = '' - ) + ) UNION SELECT - CASE ISNULL(UExt2.login_name, '') - WHEN '' THEN CAST(Db.owner AS sys.SYSNAME) - ELSE CAST(UExt2.login_name AS sys.SYSNAME) - END AS LoginName, + CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, 'Member of' AS UserOrAlias FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name - WHERE UExt1.type = 'R' AND - UExt2.orig_username != 'db_owner' AND - has_dbaccess(UExt2.database_name) = 1 AND + WHERE has_dbaccess(UExt2.database_name) = 1 AND ( - is_srvrolemember('sysadmin') = 1 OR - UExt2.login_name = LOWER(sys.suser_name()) OR - ISNULL(UExt2.login_name, '') = '' - ) + is_srvrolemember('sysadmin') = 1 OR + UExt2.login_name = LOWER(@current_username) OR + ISNULL(UExt2.login_name, '') = '' + ) RETURN 0; END; @@ -205,10 +219,12 @@ GRANT EXECUTE ON PROCEDURE sys.sp_helplogins() TO PUBLIC; CREATE OR REPLACE PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) LANGUAGE pltsql AS $$ +DECLARE @current_username sys.nvarchar(128) DECLARE @input_loginname sys.SYSNAME; BEGIN SET @input_loginname = sys.RTRIM(@loginname); + SET @current_username = sys.suser_name(); IF is_srvrolemember('securityadmin') = 0 BEGIN @@ -218,82 +234,74 @@ BEGIN SELECT * FROM ( - SELECT - CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, - CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, - CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, - CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, - CASE - WHEN Dp.name IS NOT NULL THEN 'YES' - ELSE 'NO' - END as AUser, - 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins - FROM pg_catalog.pg_roles AS Base - INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname - LEFT JOIN sys.database_principals Dp ON Dp.sid = CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) -- In order to find out if a login has any users associated with it - WHERE LExt.type NOT IN ('R', 'Z') - ) + SELECT + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, + CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, + CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, + CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, + CASE + WHEN Dp.oid IS NOT NULL THEN 'YES' + ELSE 'NO' + END as AUser, + 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins + FROM pg_catalog.pg_roles AS Base + INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname + LEFT JOIN sys.all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it + WHERE LExt.type NOT IN ('R', 'Z') + ) WHERE LoginName = @input_loginname; CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) SELECT UExt2.database_name as database_name, - UExt1.orig_username as role_name, - UExt2.login_name as member_login + UExt1.orig_username as role_name, + UExt2.login_name as member_login FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') - AND UExt2.login_name = sys.suser_name() + AND UExt2.login_name = @current_username SELECT * FROM ( - SELECT - CASE ISNULL(UExt.login_name, '') - WHEN '' THEN CAST(Db.owner AS sys.SYSNAME) - ELSE CAST(UExt.login_name AS sys.SYSNAME) - END AS LoginName, - CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, - CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - 'User' AS UserOrAlias + SELECT + CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, + 'User' AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name WHERE UExt.type != 'R' AND - UExt.orig_username != 'guest' AND - has_dbaccess(UExt.database_name) = 1 AND - ( - is_srvrolemember('sysadmin') = 1 OR - EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR - UExt.login_name = LOWER(sys.suser_name()) OR - ISNULL(UExt.login_name, '') = '' - ) + UExt.orig_username != 'guest' AND + has_dbaccess(UExt.database_name) = 1 AND + ( + is_srvrolemember('sysadmin') = 1 OR + EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR + UExt.login_name = LOWER(@current_username) OR + ISNULL(UExt.login_name, '') = '' + ) UNION SELECT - CASE ISNULL(UExt2.login_name, '') - WHEN '' THEN CAST(Db.owner AS sys.SYSNAME) - ELSE CAST(UExt2.login_name AS sys.SYSNAME) - END AS LoginName, + CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, 'Member of' AS UserOrAlias FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name - WHERE UExt1.type = 'R' AND - UExt2.orig_username != 'db_owner' AND - has_dbaccess(UExt2.database_name) = 1 AND - ( - is_srvrolemember('sysadmin') = 1 OR - UExt2.login_name = LOWER(sys.suser_name()) OR - ISNULL(UExt2.login_name, '') = '' - ) - ) + WHERE has_dbaccess(UExt2.database_name) = 1 AND + ( + is_srvrolemember('sysadmin') = 1 OR + UExt2.login_name = LOWER(@current_username) OR + ISNULL(UExt2.login_name, '') = '' + ) + ) WHERE LoginName = @input_loginname; RETURN 0; From f442c9148e57d7edb8ae5cdd24e3f56ddce6ce40 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Tue, 6 May 2025 03:38:58 +0000 Subject: [PATCH 05/54] Removing upgrade script to test test-failures --- .../babelfishpg_tsql--5.2.0--5.3.0.sql | 390 +++++++++--------- 1 file changed, 195 insertions(+), 195 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index 3492fb707bb..8515686fbaf 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -113,201 +113,201 @@ $$ LANGUAGE plpgsql IMMUTABLE; -CREATE OR REPLACE VIEW sys.all_database_users AS -SELECT DISTINCT -CASE - WHEN Ext.orig_username = 'dbo' THEN Base3.oid - WHEN Ext.orig_username = 'guest' THEN 0 - ELSE Base2.oid -END AS oid -FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_user_ext AS Ext -ON Base.rolname = Ext.rolname -LEFT OUTER JOIN pg_catalog.pg_roles Base2 -ON Ext.login_name = Base2.rolname -LEFT OUTER JOIN sys.babelfish_sysdatabases AS Db -ON Ext.database_name COLLATE sys.database_default = Db.name -LEFT OUTER JOIN pg_catalog.pg_roles AS Base3 -ON Db.owner = Base3.rolname -WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL; -GRANT SELECT on sys.all_database_users TO PUBLIC; - -CREATE OR REPLACE PROCEDURE sys.sp_helplogins() -LANGUAGE pltsql -AS $$ -DECLARE @current_username sys.nvarchar(128) -BEGIN - - IF is_srvrolemember('securityadmin') = 0 - BEGIN - RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 1; - END - - SET @current_username = sys.suser_name(); - - SELECT - CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, - CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, - CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, - CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, - CASE - WHEN Dp.oid IS NOT NULL THEN 'YES' - ELSE 'NO' - END as AUser, - 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins - FROM pg_catalog.pg_roles AS Base - INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname - LEFT JOIN sys.all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it - WHERE LExt.type NOT IN ('R', 'Z'); - - CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) - INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) - SELECT - UExt2.database_name as database_name, - UExt1.orig_username as role_name, - UExt2.login_name as member_login - FROM pg_catalog.pg_auth_members AS Authmbr - INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid - INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname - WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') - AND UExt2.login_name = @current_username - - SELECT - CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, - CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - 'User' AS UserOrAlias - FROM sys.babelfish_authid_user_ext UExt - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name - WHERE UExt.type != 'R' AND - UExt.orig_username != 'guest' AND - has_dbaccess(UExt.database_name) = 1 AND - ( - is_srvrolemember('sysadmin') = 1 OR - EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR - UExt.login_name = LOWER(@current_username) OR - ISNULL(UExt.login_name, '') = '' - ) - - UNION - - SELECT - CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, - CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, - 'Member of' AS UserOrAlias - FROM pg_catalog.pg_auth_members AS Authmbr - INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid - INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name - WHERE has_dbaccess(UExt2.database_name) = 1 AND - ( - is_srvrolemember('sysadmin') = 1 OR - UExt2.login_name = LOWER(@current_username) OR - ISNULL(UExt2.login_name, '') = '' - ) - - RETURN 0; -END; -$$; -GRANT EXECUTE ON PROCEDURE sys.sp_helplogins() TO PUBLIC; - -CREATE OR REPLACE PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) -LANGUAGE pltsql -AS $$ -DECLARE @current_username sys.nvarchar(128) -DECLARE @input_loginname sys.SYSNAME; -BEGIN - - SET @input_loginname = sys.RTRIM(@loginname); - SET @current_username = sys.suser_name(); - - IF is_srvrolemember('securityadmin') = 0 - BEGIN - RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 1; - END - - SELECT * FROM - ( - SELECT - CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, - CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, - CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, - CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, - CASE - WHEN Dp.oid IS NOT NULL THEN 'YES' - ELSE 'NO' - END as AUser, - 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins - FROM pg_catalog.pg_roles AS Base - INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname - LEFT JOIN sys.all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it - WHERE LExt.type NOT IN ('R', 'Z') - ) - WHERE LoginName = @input_loginname; - - CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) - INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) - SELECT - UExt2.database_name as database_name, - UExt1.orig_username as role_name, - UExt2.login_name as member_login - FROM pg_catalog.pg_auth_members AS Authmbr - INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid - INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname - WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') - AND UExt2.login_name = @current_username - - SELECT * FROM - ( - SELECT - CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, - CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - 'User' AS UserOrAlias - FROM sys.babelfish_authid_user_ext UExt - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name - WHERE UExt.type != 'R' AND - UExt.orig_username != 'guest' AND - has_dbaccess(UExt.database_name) = 1 AND - ( - is_srvrolemember('sysadmin') = 1 OR - EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR - UExt.login_name = LOWER(@current_username) OR - ISNULL(UExt.login_name, '') = '' - ) - UNION - SELECT - CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, - CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, - 'Member of' AS UserOrAlias - FROM pg_catalog.pg_auth_members AS Authmbr - INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid - INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name - WHERE has_dbaccess(UExt2.database_name) = 1 AND - ( - is_srvrolemember('sysadmin') = 1 OR - UExt2.login_name = LOWER(@current_username) OR - ISNULL(UExt2.login_name, '') = '' - ) - ) - WHERE LoginName = @input_loginname; - - RETURN 0; -END; -$$; -GRANT EXECUTE ON PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) TO PUBLIC; +-- CREATE OR REPLACE VIEW sys.all_database_users AS +-- SELECT DISTINCT +-- CASE +-- WHEN Ext.orig_username = 'dbo' THEN Base3.oid +-- WHEN Ext.orig_username = 'guest' THEN 0 +-- ELSE Base2.oid +-- END AS oid +-- FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_user_ext AS Ext +-- ON Base.rolname = Ext.rolname +-- LEFT OUTER JOIN pg_catalog.pg_roles Base2 +-- ON Ext.login_name = Base2.rolname +-- LEFT OUTER JOIN sys.babelfish_sysdatabases AS Db +-- ON Ext.database_name COLLATE sys.database_default = Db.name +-- LEFT OUTER JOIN pg_catalog.pg_roles AS Base3 +-- ON Db.owner = Base3.rolname +-- WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL; +-- GRANT SELECT on sys.all_database_users TO PUBLIC; + +-- CREATE OR REPLACE PROCEDURE sys.sp_helplogins() +-- LANGUAGE pltsql +-- AS $$ +-- DECLARE @current_username sys.nvarchar(128) +-- BEGIN + +-- IF is_srvrolemember('securityadmin') = 0 +-- BEGIN +-- RAISERROR('User does not have permission to perform this action.', 16, 1); +-- RETURN 1; +-- END + +-- SET @current_username = sys.suser_name(); + +-- SELECT +-- CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, +-- CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, +-- CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, +-- CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, +-- CASE +-- WHEN Dp.oid IS NOT NULL THEN 'YES' +-- ELSE 'NO' +-- END as AUser, +-- 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins +-- FROM pg_catalog.pg_roles AS Base +-- INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname +-- LEFT JOIN sys.all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it +-- WHERE LExt.type NOT IN ('R', 'Z'); + +-- CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) +-- INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) +-- SELECT +-- UExt2.database_name as database_name, +-- UExt1.orig_username as role_name, +-- UExt2.login_name as member_login +-- FROM pg_catalog.pg_auth_members AS Authmbr +-- INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid +-- INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member +-- INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname +-- INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname +-- WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') +-- AND UExt2.login_name = @current_username + +-- SELECT +-- CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, +-- CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, +-- CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, +-- 'User' AS UserOrAlias +-- FROM sys.babelfish_authid_user_ext UExt +-- LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name +-- WHERE UExt.type != 'R' AND +-- UExt.orig_username != 'guest' AND +-- has_dbaccess(UExt.database_name) = 1 AND +-- ( +-- is_srvrolemember('sysadmin') = 1 OR +-- EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR +-- UExt.login_name = LOWER(@current_username) OR +-- ISNULL(UExt.login_name, '') = '' +-- ) + +-- UNION + +-- SELECT +-- CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, +-- CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, +-- CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, +-- 'Member of' AS UserOrAlias +-- FROM pg_catalog.pg_auth_members AS Authmbr +-- INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid +-- INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member +-- INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' +-- INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' +-- LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name +-- WHERE has_dbaccess(UExt2.database_name) = 1 AND +-- ( +-- is_srvrolemember('sysadmin') = 1 OR +-- UExt2.login_name = LOWER(@current_username) OR +-- ISNULL(UExt2.login_name, '') = '' +-- ) + +-- RETURN 0; +-- END; +-- $$; +-- GRANT EXECUTE ON PROCEDURE sys.sp_helplogins() TO PUBLIC; + +-- CREATE OR REPLACE PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) +-- LANGUAGE pltsql +-- AS $$ +-- DECLARE @current_username sys.nvarchar(128) +-- DECLARE @input_loginname sys.SYSNAME; +-- BEGIN + +-- SET @input_loginname = sys.RTRIM(@loginname); +-- SET @current_username = sys.suser_name(); + +-- IF is_srvrolemember('securityadmin') = 0 +-- BEGIN +-- RAISERROR('User does not have permission to perform this action.', 16, 1); +-- RETURN 1; +-- END + +-- SELECT * FROM +-- ( +-- SELECT +-- CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, +-- CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, +-- CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, +-- CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, +-- CASE +-- WHEN Dp.oid IS NOT NULL THEN 'YES' +-- ELSE 'NO' +-- END as AUser, +-- 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins +-- FROM pg_catalog.pg_roles AS Base +-- INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname +-- LEFT JOIN sys.all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it +-- WHERE LExt.type NOT IN ('R', 'Z') +-- ) +-- WHERE LoginName = @input_loginname; + +-- CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) +-- INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) +-- SELECT +-- UExt2.database_name as database_name, +-- UExt1.orig_username as role_name, +-- UExt2.login_name as member_login +-- FROM pg_catalog.pg_auth_members AS Authmbr +-- INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid +-- INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member +-- INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname +-- INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname +-- WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') +-- AND UExt2.login_name = @current_username + +-- SELECT * FROM +-- ( +-- SELECT +-- CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, +-- CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, +-- CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, +-- 'User' AS UserOrAlias +-- FROM sys.babelfish_authid_user_ext UExt +-- LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name +-- WHERE UExt.type != 'R' AND +-- UExt.orig_username != 'guest' AND +-- has_dbaccess(UExt.database_name) = 1 AND +-- ( +-- is_srvrolemember('sysadmin') = 1 OR +-- EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR +-- UExt.login_name = LOWER(@current_username) OR +-- ISNULL(UExt.login_name, '') = '' +-- ) +-- UNION +-- SELECT +-- CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, +-- CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, +-- CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, +-- 'Member of' AS UserOrAlias +-- FROM pg_catalog.pg_auth_members AS Authmbr +-- INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid +-- INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member +-- INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' +-- INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' +-- LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name +-- WHERE has_dbaccess(UExt2.database_name) = 1 AND +-- ( +-- is_srvrolemember('sysadmin') = 1 OR +-- UExt2.login_name = LOWER(@current_username) OR +-- ISNULL(UExt2.login_name, '') = '' +-- ) +-- ) +-- WHERE LoginName = @input_loginname; + +-- RETURN 0; +-- END; +-- $$; +-- GRANT EXECUTE ON PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) TO PUBLIC; CREATE OR REPLACE VIEW sys.server_permissions AS WITH super_user AS (SELECT datdba AS super_user FROM pg_database WHERE datname = CURRENT_DATABASE()) From 89a9344f4d57e3e411fa9ed198d5e6e5046f6cfe Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Tue, 6 May 2025 05:10:10 +0000 Subject: [PATCH 06/54] Added prepare script to ignore in jdbc_schedule --- .../babelfishpg_tsql--5.2.0--5.3.0.sql | 390 +++++++++--------- test/JDBC/jdbc_schedule | 1 + 2 files changed, 196 insertions(+), 195 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index 8515686fbaf..3492fb707bb 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -113,201 +113,201 @@ $$ LANGUAGE plpgsql IMMUTABLE; --- CREATE OR REPLACE VIEW sys.all_database_users AS --- SELECT DISTINCT --- CASE --- WHEN Ext.orig_username = 'dbo' THEN Base3.oid --- WHEN Ext.orig_username = 'guest' THEN 0 --- ELSE Base2.oid --- END AS oid --- FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_user_ext AS Ext --- ON Base.rolname = Ext.rolname --- LEFT OUTER JOIN pg_catalog.pg_roles Base2 --- ON Ext.login_name = Base2.rolname --- LEFT OUTER JOIN sys.babelfish_sysdatabases AS Db --- ON Ext.database_name COLLATE sys.database_default = Db.name --- LEFT OUTER JOIN pg_catalog.pg_roles AS Base3 --- ON Db.owner = Base3.rolname --- WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL; --- GRANT SELECT on sys.all_database_users TO PUBLIC; - --- CREATE OR REPLACE PROCEDURE sys.sp_helplogins() --- LANGUAGE pltsql --- AS $$ --- DECLARE @current_username sys.nvarchar(128) --- BEGIN - --- IF is_srvrolemember('securityadmin') = 0 --- BEGIN --- RAISERROR('User does not have permission to perform this action.', 16, 1); --- RETURN 1; --- END - --- SET @current_username = sys.suser_name(); - --- SELECT --- CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, --- CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, --- CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, --- CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, --- CASE --- WHEN Dp.oid IS NOT NULL THEN 'YES' --- ELSE 'NO' --- END as AUser, --- 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins --- FROM pg_catalog.pg_roles AS Base --- INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname --- LEFT JOIN sys.all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it --- WHERE LExt.type NOT IN ('R', 'Z'); - --- CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) --- INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) --- SELECT --- UExt2.database_name as database_name, --- UExt1.orig_username as role_name, --- UExt2.login_name as member_login --- FROM pg_catalog.pg_auth_members AS Authmbr --- INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid --- INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member --- INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname --- INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname --- WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') --- AND UExt2.login_name = @current_username - --- SELECT --- CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, --- CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, --- CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, --- 'User' AS UserOrAlias --- FROM sys.babelfish_authid_user_ext UExt --- LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name --- WHERE UExt.type != 'R' AND --- UExt.orig_username != 'guest' AND --- has_dbaccess(UExt.database_name) = 1 AND --- ( --- is_srvrolemember('sysadmin') = 1 OR --- EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR --- UExt.login_name = LOWER(@current_username) OR --- ISNULL(UExt.login_name, '') = '' --- ) - --- UNION - --- SELECT --- CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, --- CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, --- CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, --- 'Member of' AS UserOrAlias --- FROM pg_catalog.pg_auth_members AS Authmbr --- INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid --- INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member --- INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' --- INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' --- LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name --- WHERE has_dbaccess(UExt2.database_name) = 1 AND --- ( --- is_srvrolemember('sysadmin') = 1 OR --- UExt2.login_name = LOWER(@current_username) OR --- ISNULL(UExt2.login_name, '') = '' --- ) - --- RETURN 0; --- END; --- $$; --- GRANT EXECUTE ON PROCEDURE sys.sp_helplogins() TO PUBLIC; - --- CREATE OR REPLACE PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) --- LANGUAGE pltsql --- AS $$ --- DECLARE @current_username sys.nvarchar(128) --- DECLARE @input_loginname sys.SYSNAME; --- BEGIN - --- SET @input_loginname = sys.RTRIM(@loginname); --- SET @current_username = sys.suser_name(); - --- IF is_srvrolemember('securityadmin') = 0 --- BEGIN --- RAISERROR('User does not have permission to perform this action.', 16, 1); --- RETURN 1; --- END - --- SELECT * FROM --- ( --- SELECT --- CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, --- CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, --- CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, --- CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, --- CASE --- WHEN Dp.oid IS NOT NULL THEN 'YES' --- ELSE 'NO' --- END as AUser, --- 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins --- FROM pg_catalog.pg_roles AS Base --- INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname --- LEFT JOIN sys.all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it --- WHERE LExt.type NOT IN ('R', 'Z') --- ) --- WHERE LoginName = @input_loginname; - --- CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) --- INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) --- SELECT --- UExt2.database_name as database_name, --- UExt1.orig_username as role_name, --- UExt2.login_name as member_login --- FROM pg_catalog.pg_auth_members AS Authmbr --- INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid --- INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member --- INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname --- INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname --- WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') --- AND UExt2.login_name = @current_username - --- SELECT * FROM --- ( --- SELECT --- CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, --- CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, --- CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, --- 'User' AS UserOrAlias --- FROM sys.babelfish_authid_user_ext UExt --- LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name --- WHERE UExt.type != 'R' AND --- UExt.orig_username != 'guest' AND --- has_dbaccess(UExt.database_name) = 1 AND --- ( --- is_srvrolemember('sysadmin') = 1 OR --- EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR --- UExt.login_name = LOWER(@current_username) OR --- ISNULL(UExt.login_name, '') = '' --- ) --- UNION --- SELECT --- CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, --- CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, --- CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, --- 'Member of' AS UserOrAlias --- FROM pg_catalog.pg_auth_members AS Authmbr --- INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid --- INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member --- INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' --- INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' --- LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name --- WHERE has_dbaccess(UExt2.database_name) = 1 AND --- ( --- is_srvrolemember('sysadmin') = 1 OR --- UExt2.login_name = LOWER(@current_username) OR --- ISNULL(UExt2.login_name, '') = '' --- ) --- ) --- WHERE LoginName = @input_loginname; - --- RETURN 0; --- END; --- $$; --- GRANT EXECUTE ON PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) TO PUBLIC; +CREATE OR REPLACE VIEW sys.all_database_users AS +SELECT DISTINCT +CASE + WHEN Ext.orig_username = 'dbo' THEN Base3.oid + WHEN Ext.orig_username = 'guest' THEN 0 + ELSE Base2.oid +END AS oid +FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_user_ext AS Ext +ON Base.rolname = Ext.rolname +LEFT OUTER JOIN pg_catalog.pg_roles Base2 +ON Ext.login_name = Base2.rolname +LEFT OUTER JOIN sys.babelfish_sysdatabases AS Db +ON Ext.database_name COLLATE sys.database_default = Db.name +LEFT OUTER JOIN pg_catalog.pg_roles AS Base3 +ON Db.owner = Base3.rolname +WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL; +GRANT SELECT on sys.all_database_users TO PUBLIC; + +CREATE OR REPLACE PROCEDURE sys.sp_helplogins() +LANGUAGE pltsql +AS $$ +DECLARE @current_username sys.nvarchar(128) +BEGIN + + IF is_srvrolemember('securityadmin') = 0 + BEGIN + RAISERROR('User does not have permission to perform this action.', 16, 1); + RETURN 1; + END + + SET @current_username = sys.suser_name(); + + SELECT + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, + CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, + CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, + CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, + CASE + WHEN Dp.oid IS NOT NULL THEN 'YES' + ELSE 'NO' + END as AUser, + 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins + FROM pg_catalog.pg_roles AS Base + INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname + LEFT JOIN sys.all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it + WHERE LExt.type NOT IN ('R', 'Z'); + + CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) + INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) + SELECT + UExt2.database_name as database_name, + UExt1.orig_username as role_name, + UExt2.login_name as member_login + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') + AND UExt2.login_name = @current_username + + SELECT + CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, + 'User' AS UserOrAlias + FROM sys.babelfish_authid_user_ext UExt + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name + WHERE UExt.type != 'R' AND + UExt.orig_username != 'guest' AND + has_dbaccess(UExt.database_name) = 1 AND + ( + is_srvrolemember('sysadmin') = 1 OR + EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR + UExt.login_name = LOWER(@current_username) OR + ISNULL(UExt.login_name, '') = '' + ) + + UNION + + SELECT + CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, + 'Member of' AS UserOrAlias + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name + WHERE has_dbaccess(UExt2.database_name) = 1 AND + ( + is_srvrolemember('sysadmin') = 1 OR + UExt2.login_name = LOWER(@current_username) OR + ISNULL(UExt2.login_name, '') = '' + ) + + RETURN 0; +END; +$$; +GRANT EXECUTE ON PROCEDURE sys.sp_helplogins() TO PUBLIC; + +CREATE OR REPLACE PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) +LANGUAGE pltsql +AS $$ +DECLARE @current_username sys.nvarchar(128) +DECLARE @input_loginname sys.SYSNAME; +BEGIN + + SET @input_loginname = sys.RTRIM(@loginname); + SET @current_username = sys.suser_name(); + + IF is_srvrolemember('securityadmin') = 0 + BEGIN + RAISERROR('User does not have permission to perform this action.', 16, 1); + RETURN 1; + END + + SELECT * FROM + ( + SELECT + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, + CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, + CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, + CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, + CASE + WHEN Dp.oid IS NOT NULL THEN 'YES' + ELSE 'NO' + END as AUser, + 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins + FROM pg_catalog.pg_roles AS Base + INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname + LEFT JOIN sys.all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it + WHERE LExt.type NOT IN ('R', 'Z') + ) + WHERE LoginName = @input_loginname; + + CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) + INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) + SELECT + UExt2.database_name as database_name, + UExt1.orig_username as role_name, + UExt2.login_name as member_login + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') + AND UExt2.login_name = @current_username + + SELECT * FROM + ( + SELECT + CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, + 'User' AS UserOrAlias + FROM sys.babelfish_authid_user_ext UExt + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name + WHERE UExt.type != 'R' AND + UExt.orig_username != 'guest' AND + has_dbaccess(UExt.database_name) = 1 AND + ( + is_srvrolemember('sysadmin') = 1 OR + EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR + UExt.login_name = LOWER(@current_username) OR + ISNULL(UExt.login_name, '') = '' + ) + UNION + SELECT + CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, + 'Member of' AS UserOrAlias + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name + WHERE has_dbaccess(UExt2.database_name) = 1 AND + ( + is_srvrolemember('sysadmin') = 1 OR + UExt2.login_name = LOWER(@current_username) OR + ISNULL(UExt2.login_name, '') = '' + ) + ) + WHERE LoginName = @input_loginname; + + RETURN 0; +END; +$$; +GRANT EXECUTE ON PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) TO PUBLIC; CREATE OR REPLACE VIEW sys.server_permissions AS WITH super_user AS (SELECT datdba AS super_user FROM pg_database WHERE datname = CURRENT_DATABASE()) diff --git a/test/JDBC/jdbc_schedule b/test/JDBC/jdbc_schedule index ead3505a002..319508229e6 100644 --- a/test/JDBC/jdbc_schedule +++ b/test/JDBC/jdbc_schedule @@ -581,5 +581,6 @@ ignore#!#sys-fn-varbintohexsubstring-before-16_10-or-17_6-vu-verify ignore#!#sys-fn-varbintohexsubstring-before-16_10-or-17_6-vu-cleanup # More info: BABEL-5742 +ignore#!#Test-sp_helplogins-vu-prepare ignore#!#Test-sp_helplogins-vu-verify ignore#!#Test-sp_helplogins-vu-cleanup \ No newline at end of file From 5d9038d5bc789f981727fc897cc6283521fddfd4 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Tue, 6 May 2025 05:41:31 +0000 Subject: [PATCH 07/54] Added view all_database_users to expected of upgrade validation --- test/python/expected/upgrade_validation/expected_dependency.out | 1 + 1 file changed, 1 insertion(+) diff --git a/test/python/expected/upgrade_validation/expected_dependency.out b/test/python/expected/upgrade_validation/expected_dependency.out index 70f00e7bc10..e8c31844637 100644 --- a/test/python/expected/upgrade_validation/expected_dependency.out +++ b/test/python/expected/upgrade_validation/expected_dependency.out @@ -981,6 +981,7 @@ View information_schema_tsql.columns_internal View information_schema_tsql.constraint_column_usage View information_schema_tsql.domains View information_schema_tsql.routines +View sys.all_database_users View sys.all_sql_modules_internal View sys.assembly_modules View sys.babelfish_has_perms_by_name_permissions From 55db312905b73afe7f8b932dfce8af98b9790ca7 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Tue, 6 May 2025 12:30:25 +0000 Subject: [PATCH 08/54] Added wrapper around original stored proc to reduce duplication and rectified tests --- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 142 +++++++---------- .../babelfishpg_tsql--5.2.0--5.3.0.sql | 143 +++++++---------- .../Test-sp_helplogins-vu-cleanup.out | 7 + .../Test-sp_helplogins-vu-prepare.out | 50 ++++++ .../expected/Test-sp_helplogins-vu-verify.out | 144 +++++++++--------- .../Test-sp_helplogins-vu-cleanup.mix | 7 + .../Test-sp_helplogins-vu-prepare.mix | 50 ++++++ .../Test-sp_helplogins-vu-verify.mix | 24 +-- test/JDBC/upgrade/latest/schedule | 1 + 9 files changed, 320 insertions(+), 248 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index 4e6352b8bbd..9525e0cfacb 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3773,21 +3773,17 @@ ON Db.owner = Base3.rolname WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL; GRANT SELECT on sys.all_database_users TO PUBLIC; -CREATE OR REPLACE PROCEDURE sys.sp_helplogins() +CREATE OR REPLACE PROCEDURE sys.sp_helplogins_internal_logins() LANGUAGE pltsql AS $$ -DECLARE @current_username sys.nvarchar(128) BEGIN - - IF is_srvrolemember('securityadmin') = 0 + IF is_srvrolemember('securityadmin') = 0 BEGIN RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 1; + RETURN 1; END - SET @current_username = sys.suser_name(); - - SELECT + SELECT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, @@ -3802,7 +3798,25 @@ BEGIN LEFT JOIN sys.all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it WHERE LExt.type NOT IN ('R', 'Z'); - CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) + RETURN 0; +END; +$$; + +CREATE OR REPLACE PROCEDURE sys.sp_helplogins_internal_user_mappings() +LANGUAGE pltsql +AS $$ +DECLARE @current_username sys.nvarchar(128) +BEGIN + + IF is_srvrolemember('securityadmin') = 0 + BEGIN + RAISERROR('User does not have permission to perform this action.', 16, 1); + RETURN 1; + END + + SET @current_username = sys.suser_name(); + + CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) SELECT UExt2.database_name as database_name, @@ -3818,7 +3832,7 @@ BEGIN SELECT CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt.database_name AS sys.SYSNAME) AS DBName, CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, 'User' AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt @@ -3832,12 +3846,10 @@ BEGIN UExt.login_name = LOWER(@current_username) OR ISNULL(UExt.login_name, '') = '' ) - UNION - SELECT CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, 'Member of' AS UserOrAlias FROM pg_catalog.pg_auth_members AS Authmbr @@ -3852,6 +3864,28 @@ BEGIN UExt2.login_name = LOWER(@current_username) OR ISNULL(UExt2.login_name, '') = '' ) + RETURN 0; +END; +$$; + +CREATE OR REPLACE PROCEDURE sys.sp_helplogins() +LANGUAGE pltsql +AS $$ +DECLARE @error_on_logins INT +DECLARE @error_on_user_mappings INT +BEGIN + SET NOCOUNT ON; + + CREATE TABLE #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) + INSERT INTO #sp_helplogins_internal_logins_temp EXEC @error_on_logins = sp_helplogins_internal_logins; + + CREATE TABLE #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) + INSERT INTO #sp_helplogins_internal_user_mappings_temp EXEC @error_on_user_mappings = sp_helplogins_internal_user_mappings; + + SET NOCOUNT OFF; + + SELECT * FROM #sp_helplogins_internal_logins_temp; + SELECT * FROM #sp_helplogins_internal_user_mappings_temp; RETURN 0; END; @@ -3861,12 +3895,10 @@ GRANT EXECUTE ON PROCEDURE sys.sp_helplogins() TO PUBLIC; CREATE OR REPLACE PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) LANGUAGE pltsql AS $$ -DECLARE @current_username sys.nvarchar(128) DECLARE @input_loginname sys.SYSNAME; BEGIN SET @input_loginname = sys.RTRIM(@loginname); - SET @current_username = sys.suser_name(); IF is_srvrolemember('securityadmin') = 0 BEGIN @@ -3874,76 +3906,20 @@ BEGIN RETURN 1; END - SELECT * FROM - ( - SELECT - CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, - CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, - CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, - CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, - CASE - WHEN Dp.oid IS NOT NULL THEN 'YES' - ELSE 'NO' - END as AUser, - 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins - FROM pg_catalog.pg_roles AS Base - INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname - LEFT JOIN sys.all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it - WHERE LExt.type NOT IN ('R', 'Z') - ) - WHERE LoginName = @input_loginname; + SET NOCOUNT ON; - CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) - INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) - SELECT - UExt2.database_name as database_name, - UExt1.orig_username as role_name, - UExt2.login_name as member_login - FROM pg_catalog.pg_auth_members AS Authmbr - INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid - INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname - WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') - AND UExt2.login_name = @current_username + CREATE TABLE #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) + INSERT INTO #sp_helplogins_internal_logins_temp EXEC sp_helplogins_internal_logins; - SELECT * FROM - ( - SELECT - CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, - CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - 'User' AS UserOrAlias - FROM sys.babelfish_authid_user_ext UExt - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name - WHERE UExt.type != 'R' AND - UExt.orig_username != 'guest' AND - has_dbaccess(UExt.database_name) = 1 AND - ( - is_srvrolemember('sysadmin') = 1 OR - EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR - UExt.login_name = LOWER(@current_username) OR - ISNULL(UExt.login_name, '') = '' - ) - UNION - SELECT - CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, - CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, - 'Member of' AS UserOrAlias - FROM pg_catalog.pg_auth_members AS Authmbr - INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid - INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name - WHERE has_dbaccess(UExt2.database_name) = 1 AND - ( - is_srvrolemember('sysadmin') = 1 OR - UExt2.login_name = LOWER(@current_username) OR - ISNULL(UExt2.login_name, '') = '' - ) - ) + CREATE TABLE #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) + INSERT INTO #sp_helplogins_internal_user_mappings_temp EXEC sp_helplogins_internal_user_mappings; + + SET NOCOUNT OFF; + + SELECT * FROM #sp_helplogins_internal_logins_temp + WHERE LoginName = @input_loginname; + + SELECT * FROM #sp_helplogins_internal_user_mappings_temp WHERE LoginName = @input_loginname; RETURN 0; diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index 3492fb707bb..9d81f9ef35c 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -112,7 +112,6 @@ END; $$ LANGUAGE plpgsql IMMUTABLE; - CREATE OR REPLACE VIEW sys.all_database_users AS SELECT DISTINCT CASE @@ -131,21 +130,17 @@ ON Db.owner = Base3.rolname WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL; GRANT SELECT on sys.all_database_users TO PUBLIC; -CREATE OR REPLACE PROCEDURE sys.sp_helplogins() +CREATE OR REPLACE PROCEDURE sys.sp_helplogins_internal_logins() LANGUAGE pltsql AS $$ -DECLARE @current_username sys.nvarchar(128) BEGIN - - IF is_srvrolemember('securityadmin') = 0 + IF is_srvrolemember('securityadmin') = 0 BEGIN RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 1; + RETURN 1; END - SET @current_username = sys.suser_name(); - - SELECT + SELECT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, @@ -160,7 +155,25 @@ BEGIN LEFT JOIN sys.all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it WHERE LExt.type NOT IN ('R', 'Z'); - CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) + RETURN 0; +END; +$$; + +CREATE OR REPLACE PROCEDURE sys.sp_helplogins_internal_user_mappings() +LANGUAGE pltsql +AS $$ +DECLARE @current_username sys.nvarchar(128) +BEGIN + + IF is_srvrolemember('securityadmin') = 0 + BEGIN + RAISERROR('User does not have permission to perform this action.', 16, 1); + RETURN 1; + END + + SET @current_username = sys.suser_name(); + + CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) SELECT UExt2.database_name as database_name, @@ -176,7 +189,7 @@ BEGIN SELECT CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt.database_name AS sys.SYSNAME) AS DBName, CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, 'User' AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt @@ -190,12 +203,10 @@ BEGIN UExt.login_name = LOWER(@current_username) OR ISNULL(UExt.login_name, '') = '' ) - UNION - SELECT CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, + CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, 'Member of' AS UserOrAlias FROM pg_catalog.pg_auth_members AS Authmbr @@ -210,6 +221,28 @@ BEGIN UExt2.login_name = LOWER(@current_username) OR ISNULL(UExt2.login_name, '') = '' ) + RETURN 0; +END; +$$; + +CREATE OR REPLACE PROCEDURE sys.sp_helplogins() +LANGUAGE pltsql +AS $$ +DECLARE @error_on_logins INT +DECLARE @error_on_user_mappings INT +BEGIN + SET NOCOUNT ON; + + CREATE TABLE #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) + INSERT INTO #sp_helplogins_internal_logins_temp EXEC @error_on_logins = sp_helplogins_internal_logins; + + CREATE TABLE #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) + INSERT INTO #sp_helplogins_internal_user_mappings_temp EXEC @error_on_user_mappings = sp_helplogins_internal_user_mappings; + + SET NOCOUNT OFF; + + SELECT * FROM #sp_helplogins_internal_logins_temp; + SELECT * FROM #sp_helplogins_internal_user_mappings_temp; RETURN 0; END; @@ -219,12 +252,10 @@ GRANT EXECUTE ON PROCEDURE sys.sp_helplogins() TO PUBLIC; CREATE OR REPLACE PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) LANGUAGE pltsql AS $$ -DECLARE @current_username sys.nvarchar(128) DECLARE @input_loginname sys.SYSNAME; BEGIN SET @input_loginname = sys.RTRIM(@loginname); - SET @current_username = sys.suser_name(); IF is_srvrolemember('securityadmin') = 0 BEGIN @@ -232,76 +263,20 @@ BEGIN RETURN 1; END - SELECT * FROM - ( - SELECT - CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, - CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, - CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, - CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, - CASE - WHEN Dp.oid IS NOT NULL THEN 'YES' - ELSE 'NO' - END as AUser, - 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins - FROM pg_catalog.pg_roles AS Base - INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname - LEFT JOIN sys.all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it - WHERE LExt.type NOT IN ('R', 'Z') - ) - WHERE LoginName = @input_loginname; + SET NOCOUNT ON; - CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) - INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) - SELECT - UExt2.database_name as database_name, - UExt1.orig_username as role_name, - UExt2.login_name as member_login - FROM pg_catalog.pg_auth_members AS Authmbr - INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid - INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname - WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') - AND UExt2.login_name = @current_username + CREATE TABLE #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) + INSERT INTO #sp_helplogins_internal_logins_temp EXEC sp_helplogins_internal_logins; + + CREATE TABLE #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) + INSERT INTO #sp_helplogins_internal_user_mappings_temp EXEC sp_helplogins_internal_user_mappings; + + SET NOCOUNT OFF; + + SELECT * FROM #sp_helplogins_internal_logins_temp + WHERE LoginName = @input_loginname; - SELECT * FROM - ( - SELECT - CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt.database_name AS sys.SYSNAME) AS DefDBName, - CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - 'User' AS UserOrAlias - FROM sys.babelfish_authid_user_ext UExt - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name - WHERE UExt.type != 'R' AND - UExt.orig_username != 'guest' AND - has_dbaccess(UExt.database_name) = 1 AND - ( - is_srvrolemember('sysadmin') = 1 OR - EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR - UExt.login_name = LOWER(@current_username) OR - ISNULL(UExt.login_name, '') = '' - ) - UNION - SELECT - CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt2.database_name AS sys.SYSNAME) AS DefDBName, - CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, - 'Member of' AS UserOrAlias - FROM pg_catalog.pg_auth_members AS Authmbr - INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid - INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name - WHERE has_dbaccess(UExt2.database_name) = 1 AND - ( - is_srvrolemember('sysadmin') = 1 OR - UExt2.login_name = LOWER(@current_username) OR - ISNULL(UExt2.login_name, '') = '' - ) - ) + SELECT * FROM #sp_helplogins_internal_user_mappings_temp WHERE LoginName = @input_loginname; RETURN 0; diff --git a/test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out b/test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out index a73fc38a48d..60275a25ab2 100644 --- a/test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out +++ b/test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out @@ -37,3 +37,10 @@ GO drop login testloginwithoutusers GO + +-- psql +drop procedure sys.sp_helplogins_vu_test; +GO + +drop procedure sys.sp_helplogins_vu_test_with_input; +GO diff --git a/test/JDBC/expected/Test-sp_helplogins-vu-prepare.out b/test/JDBC/expected/Test-sp_helplogins-vu-prepare.out index f64538a51e7..7ca374591db 100644 --- a/test/JDBC/expected/Test-sp_helplogins-vu-prepare.out +++ b/test/JDBC/expected/Test-sp_helplogins-vu-prepare.out @@ -1,3 +1,53 @@ +-- psql + + + + +-- sp_helplogins returns two result sets +-- creating test sp by omitting sid since it is an identifier which will change on every run +create procedure sys.sp_helplogins_vu_test() +language pltsql +as $$ +begin + SET NOCOUNT ON; + create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) + insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; + create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) + insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; + SET NOCOUNT OFF; + SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp; + SELECT * FROM #sp_helplogins_internal_user_mappings_temp; +end; +$$; +GO + + + + + + + + +create procedure sys.sp_helplogins_vu_test_with_input("@loginname" sys.SYSNAME) +language pltsql +as $$ +declare @input_loginname sys.SYSNAME; +begin + SET @input_loginname = sys.RTRIM(@loginname); + SET NOCOUNT ON; + create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) + insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; + create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) + insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; + SET NOCOUNT OFF; + SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp + where loginname = @input_loginname + SELECT * FROM #sp_helplogins_internal_user_mappings_temp + where loginname = @input_loginname +end; +$$; +GO + -- tsql -- create login with user in master with db_securityadmin role create login testlogin with password = '12345678' diff --git a/test/JDBC/expected/Test-sp_helplogins-vu-verify.out b/test/JDBC/expected/Test-sp_helplogins-vu-verify.out index 78fa4f4be8a..dc865602e5b 100644 --- a/test/JDBC/expected/Test-sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/Test-sp_helplogins-vu-verify.out @@ -1,19 +1,19 @@ -- tsql user=jdbc_user password=12345678 -EXEC sp_helplogins +EXEC sp_helplogins_vu_test GO ~~START~~ -varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar -jdbc_user#!#00004000#!#master#!#English#!#YES#!#NO -testlogin#!#00014F5C#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin#!#00014F98#!#master#!#English#!#YES#!#NO -testloginwithoutusers#!#00014FAA#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin2#!#00014FB1#!#master#!#English#!#YES#!#NO -testloginindb1#!#00014FB9#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin3#!#00014FFF#!#db2#!#English#!#YES#!#NO +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +jdbc_user#!#master#!#English#!#YES#!#NO +testlogin#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +testloginindb1#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin3#!#db2#!#English#!#YES#!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#nvarchar jdbc_user#!#db1#!#db_owner#!#Member of jdbc_user#!#db1#!#dbo#!#User jdbc_user#!#master#!#db_owner#!#Member of @@ -35,29 +35,37 @@ testloginwithsecurityadmin3#!#db2#!#dbo#!#User -- tsql user=testlogin password=12345678 -EXEC sp_helplogins +EXEC sp_helplogins_vu_test GO ~~ERROR (Code: 50000)~~ ~~ERROR (Message: User does not have permission to perform this action.)~~ +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar +~~END~~ + -- tsql user=testloginwithsecurityadmin password=12345678 -EXEC sp_helplogins +EXEC sp_helplogins_vu_test GO ~~START~~ -varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar -jdbc_user#!#00004000#!#master#!#English#!#YES#!#NO -testlogin#!#00014F5C#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin#!#00014F98#!#master#!#English#!#YES#!#NO -testloginwithoutusers#!#00014FAA#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin2#!#00014FB1#!#master#!#English#!#YES#!#NO -testloginindb1#!#00014FB9#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin3#!#00014FFF#!#db2#!#English#!#YES#!#NO +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +jdbc_user#!#master#!#English#!#YES#!#NO +testlogin#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +testloginindb1#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin3#!#db2#!#English#!#YES#!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#nvarchar jdbc_user#!#db1#!#db_owner#!#Member of jdbc_user#!#db1#!#dbo#!#User jdbc_user#!#master#!#db_owner#!#Member of @@ -72,23 +80,21 @@ testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User -- tsql user=testloginwithsecurityadmin2 password=12345678 -EXEC sp_helplogins +EXEC sp_helplogins_vu_test GO ~~START~~ -varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar -jdbc_user#!#00004000#!#master#!#English#!#YES#!#NO -testlogin#!#00014F5C#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin#!#00014F98#!#master#!#English#!#YES#!#NO -testloginwithoutusers#!#00014FAA#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin2#!#00014FB1#!#master#!#English#!#YES#!#NO -testloginindb1#!#00014FB9#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin3#!#00014FFF#!#db2#!#English#!#YES#!#NO +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +jdbc_user#!#master#!#English#!#YES#!#NO +testlogin#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +testloginindb1#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin3#!#db2#!#English#!#YES#!#NO ~~END~~ -~~ROW COUNT: 1~~ - ~~START~~ -varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#nvarchar jdbc_user#!#db1#!#db_owner#!#Member of jdbc_user#!#db1#!#dbo#!#User jdbc_user#!#master#!#db_owner#!#Member of @@ -105,21 +111,21 @@ testloginwithsecurityadmin2#!#db1#!#userof_testloginwithsecurityadmin2#!#User -- tsql user=testloginwithsecurityadmin3 password=12345678 -EXEC sp_helplogins +EXEC sp_helplogins_vu_test GO ~~START~~ -varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar -jdbc_user#!#00004000#!#master#!#English#!#YES#!#NO -testlogin#!#00014F5C#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin#!#00014F98#!#master#!#English#!#YES#!#NO -testloginwithoutusers#!#00014FAA#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin2#!#00014FB1#!#master#!#English#!#YES#!#NO -testloginindb1#!#00014FB9#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin3#!#00014FFF#!#db2#!#English#!#YES#!#NO +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +jdbc_user#!#master#!#English#!#YES#!#NO +testlogin#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +testloginindb1#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin3#!#db2#!#English#!#YES#!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#nvarchar jdbc_user#!#master#!#db_owner#!#Member of jdbc_user#!#master#!#dbo#!#User jdbc_user#!#msdb#!#db_owner#!#Member of @@ -132,15 +138,15 @@ testloginwithsecurityadmin3#!#db2#!#dbo#!#User -- tsql user=jdbc_user password=12345678 -EXEC sp_helplogins 'jdbc_user' +EXEC sp_helplogins_vu_test_with_input 'jdbc_user' GO ~~START~~ -varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar -jdbc_user#!#00004000#!#master#!#English#!#YES#!#NO +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +jdbc_user#!#master#!#English#!#YES#!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#nvarchar jdbc_user#!#db1#!#db_owner#!#Member of jdbc_user#!#db1#!#dbo#!#User jdbc_user#!#master#!#db_owner#!#Member of @@ -152,81 +158,81 @@ jdbc_user#!#tempdb#!#dbo#!#User ~~END~~ -EXEC sp_helplogins 'testlogin' +EXEC sp_helplogins_vu_test_with_input 'testlogin' GO ~~START~~ -varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar -testlogin#!#00014F5C#!#master#!#English#!#YES#!#NO +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +testlogin#!#master#!#English#!#YES#!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#nvarchar testlogin#!#master#!#db_securityadmin#!#Member of testlogin#!#master#!#userof_testlogin#!#User ~~END~~ -EXEC sp_helplogins 'testloginwithsecurityadmin' +EXEC sp_helplogins_vu_test_with_input 'testloginwithsecurityadmin' GO ~~START~~ -varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar -testloginwithsecurityadmin#!#00014F98#!#master#!#English#!#YES#!#NO +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#nvarchar testloginwithsecurityadmin#!#db1#!#userof_testloginwithsecurityadmin_indb1#!#User testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User ~~END~~ -EXEC sp_helplogins 'testloginwithsecurityadmin2' +EXEC sp_helplogins_vu_test_with_input 'testloginwithsecurityadmin2' GO ~~START~~ -varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar -testloginwithsecurityadmin2#!#00014FB1#!#master#!#English#!#YES#!#NO +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#nvarchar testloginwithsecurityadmin2#!#db1#!#db_securityadmin#!#Member of testloginwithsecurityadmin2#!#db1#!#userof_testloginwithsecurityadmin2#!#User ~~END~~ -EXEC sp_helplogins 'testloginwithsecurityadmin2 ' +EXEC sp_helplogins_vu_test_with_input 'testloginwithsecurityadmin2 ' GO ~~START~~ -varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar -testloginwithsecurityadmin2#!#00014FB1#!#master#!#English#!#YES#!#NO +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#nvarchar testloginwithsecurityadmin2#!#db1#!#db_securityadmin#!#Member of testloginwithsecurityadmin2#!#db1#!#userof_testloginwithsecurityadmin2#!#User ~~END~~ -EXEC sp_helplogins ' testloginwithsecurityadmin2 ' +EXEC sp_helplogins_vu_test_with_input ' testloginwithsecurityadmin2 ' GO ~~START~~ -varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#nvarchar ~~END~~ -EXEC sp_helplogins ' ' +EXEC sp_helplogins_vu_test_with_input ' ' GO ~~START~~ -varchar#!#varbinary#!#varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#nvarchar ~~END~~ diff --git a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix index 307b51452fb..276a3fe24ce 100644 --- a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix +++ b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix @@ -36,4 +36,11 @@ drop user if exists userof_testloginindb1 GO drop login testloginwithoutusers +GO + +-- psql +drop procedure sys.sp_helplogins_vu_test; +GO + +drop procedure sys.sp_helplogins_vu_test_with_input; GO \ No newline at end of file diff --git a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-prepare.mix b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-prepare.mix index 6ce2af535d0..2048602457b 100644 --- a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-prepare.mix +++ b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-prepare.mix @@ -1,3 +1,53 @@ +-- sp_helplogins returns two result sets +-- creating test sp by omitting sid since it is an identifier which will change on every run +-- psql +create procedure sys.sp_helplogins_vu_test() +language pltsql +as $$ +begin + SET NOCOUNT ON; + + create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) + insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; + + create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) + insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; + + SET NOCOUNT OFF; + + SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp; + SELECT * FROM #sp_helplogins_internal_user_mappings_temp; +end; +$$; +GO + +create procedure sys.sp_helplogins_vu_test_with_input("@loginname" sys.SYSNAME) +language pltsql +as $$ +declare @input_loginname sys.SYSNAME; +begin + + SET @input_loginname = sys.RTRIM(@loginname); + + SET NOCOUNT ON; + + create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) + insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; + + create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) + insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; + + SET NOCOUNT OFF; + + SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp + where loginname = @input_loginname + + SELECT * FROM #sp_helplogins_internal_user_mappings_temp + where loginname = @input_loginname +end; +$$; +GO + -- create login with user in master with db_securityadmin role -- tsql create login testlogin with password = '12345678' diff --git a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix index 5e07532a4e5..f29211e09e7 100644 --- a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix +++ b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix @@ -1,42 +1,42 @@ -- tsql user=jdbc_user password=12345678 -EXEC sp_helplogins +EXEC sp_helplogins_vu_test GO -- tsql user=testlogin password=12345678 -EXEC sp_helplogins +EXEC sp_helplogins_vu_test GO -- tsql user=testloginwithsecurityadmin password=12345678 -EXEC sp_helplogins +EXEC sp_helplogins_vu_test GO -- tsql user=testloginwithsecurityadmin2 password=12345678 -EXEC sp_helplogins +EXEC sp_helplogins_vu_test GO -- tsql user=testloginwithsecurityadmin3 password=12345678 -EXEC sp_helplogins +EXEC sp_helplogins_vu_test GO -- tsql user=jdbc_user password=12345678 -EXEC sp_helplogins 'jdbc_user' +EXEC sp_helplogins_vu_test_with_input 'jdbc_user' GO -EXEC sp_helplogins 'testlogin' +EXEC sp_helplogins_vu_test_with_input 'testlogin' GO -EXEC sp_helplogins 'testloginwithsecurityadmin' +EXEC sp_helplogins_vu_test_with_input 'testloginwithsecurityadmin' GO -EXEC sp_helplogins 'testloginwithsecurityadmin2' +EXEC sp_helplogins_vu_test_with_input 'testloginwithsecurityadmin2' GO -EXEC sp_helplogins 'testloginwithsecurityadmin2 ' +EXEC sp_helplogins_vu_test_with_input 'testloginwithsecurityadmin2 ' GO -EXEC sp_helplogins ' testloginwithsecurityadmin2 ' +EXEC sp_helplogins_vu_test_with_input ' testloginwithsecurityadmin2 ' GO -EXEC sp_helplogins ' ' +EXEC sp_helplogins_vu_test_with_input ' ' GO diff --git a/test/JDBC/upgrade/latest/schedule b/test/JDBC/upgrade/latest/schedule index c83edfb70f4..30be7aa46a2 100644 --- a/test/JDBC/upgrade/latest/schedule +++ b/test/JDBC/upgrade/latest/schedule @@ -453,6 +453,7 @@ Test-sp_rename Test-sp_rename-dep Test-sp_set_session_context Test-sp_set_session_context-dep +Test-sp_helplogins Test-Role-Member TestSQLVariant TestTableType From 2f1dc51849bb503352fd21809344bed445f15f22 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Tue, 6 May 2025 12:36:48 +0000 Subject: [PATCH 09/54] Removed view from expected of upgrade validation --- test/python/expected/upgrade_validation/expected_dependency.out | 1 - 1 file changed, 1 deletion(-) diff --git a/test/python/expected/upgrade_validation/expected_dependency.out b/test/python/expected/upgrade_validation/expected_dependency.out index e8c31844637..70f00e7bc10 100644 --- a/test/python/expected/upgrade_validation/expected_dependency.out +++ b/test/python/expected/upgrade_validation/expected_dependency.out @@ -981,7 +981,6 @@ View information_schema_tsql.columns_internal View information_schema_tsql.constraint_column_usage View information_schema_tsql.domains View information_schema_tsql.routines -View sys.all_database_users View sys.all_sql_modules_internal View sys.assembly_modules View sys.babelfish_has_perms_by_name_permissions From 8ccfbc00223c41e87f4d0ecc7dd72efeae6b78ac Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Tue, 6 May 2025 15:33:46 +0000 Subject: [PATCH 10/54] Rectified testcases --- .../Test-sp_helplogins-vu-cleanup.out | 8 +- .../Test-sp_helplogins-vu-prepare.out | 34 ++++--- .../expected/Test-sp_helplogins-vu-verify.out | 98 +++++++++---------- .../Test-sp_helplogins-vu-cleanup.mix | 8 +- .../Test-sp_helplogins-vu-prepare.mix | 34 ++++--- .../Test-sp_helplogins-vu-verify.mix | 4 +- 6 files changed, 97 insertions(+), 89 deletions(-) diff --git a/test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out b/test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out index 60275a25ab2..2b915b4ac49 100644 --- a/test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out +++ b/test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out @@ -1,8 +1,8 @@ -- tsql user=jdbc_user password=12345678 database=master -drop user if exists userof_testlogin +drop user if exists userof_sp_helplogins_testlogin GO -drop login testlogin +drop login sp_helplogins_testlogin GO drop user if exists userof_testloginwithsecurityadmin @@ -14,7 +14,7 @@ GO drop login testloginwithsecurityadmin GO -drop database db1 +drop database sp_helplogins_db1 GO drop user if exists userof_testloginwithsecurityadmin2 @@ -26,7 +26,7 @@ GO drop login testloginwithsecurityadmin3 GO -drop database db2 +drop database sp_helplogins_db2 GO drop login testloginindb1 diff --git a/test/JDBC/expected/Test-sp_helplogins-vu-prepare.out b/test/JDBC/expected/Test-sp_helplogins-vu-prepare.out index 7ca374591db..34bcb9113f8 100644 --- a/test/JDBC/expected/Test-sp_helplogins-vu-prepare.out +++ b/test/JDBC/expected/Test-sp_helplogins-vu-prepare.out @@ -15,8 +15,10 @@ begin create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; SET NOCOUNT OFF; - SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp; - SELECT * FROM #sp_helplogins_internal_user_mappings_temp; + SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp + order by loginname; + SELECT * FROM #sp_helplogins_internal_user_mappings_temp + order by loginname; end; $$; GO @@ -42,23 +44,25 @@ begin SET NOCOUNT OFF; SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp where loginname = @input_loginname + order by loginname; SELECT * FROM #sp_helplogins_internal_user_mappings_temp where loginname = @input_loginname + order by loginname; end; $$; GO -- tsql -- create login with user in master with db_securityadmin role -create login testlogin with password = '12345678' -create user userof_testlogin for login testlogin +create login sp_helplogins_testlogin with password = '12345678' +create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin GO -alter role db_securityadmin add member userof_testlogin +alter role db_securityadmin add member userof_sp_helplogins_testlogin GO -- create a dummy db -create database db1 +create database sp_helplogins_db1 GO -- create a login with user in master with securityadmin server role @@ -69,8 +73,8 @@ GO alter server role securityadmin add member testloginwithsecurityadmin GO --- create another user for login testloginwithsecurityadmin in db1 -use db1 +-- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 +use sp_helplogins_db1 GO create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin GO @@ -83,18 +87,18 @@ create login testloginwithoutusers with password = '12345678' GO -- create a login which is a member of securityadmin server role --- and has a user with db_securityadmin role in db1 +-- and has a user with db_securityadmin role in sp_helplogins_db1 create login testloginwithsecurityadmin2 with password = '12345678' GO alter server role securityadmin add member testloginwithsecurityadmin2 GO --- create a login and a user in db1 +-- create a login and a user in sp_helplogins_db1 create login testloginindb1 with password = '12345678' GO -use db1 +use sp_helplogins_db1 GO create user userof_testloginindb1 for login testloginindb1 @@ -108,15 +112,15 @@ GO -- create a login which is a member of securityadmin server role --- with a default database and ownership on db2 -create database db2 +-- with a default database and ownership on sp_helplogins_db2 +create database sp_helplogins_db2 GO -create login testloginwithsecurityadmin3 with password = '12345678', default_database = db2 +create login testloginwithsecurityadmin3 with password = '12345678', default_database = sp_helplogins_db2 GO alter server role securityadmin add member testloginwithsecurityadmin3 GO -alter AUTHORIZATION on database::db2 to testloginwithsecurityadmin3 +alter AUTHORIZATION on database::sp_helplogins_db2 to testloginwithsecurityadmin3 GO diff --git a/test/JDBC/expected/Test-sp_helplogins-vu-verify.out b/test/JDBC/expected/Test-sp_helplogins-vu-verify.out index dc865602e5b..4f3458889a3 100644 --- a/test/JDBC/expected/Test-sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/Test-sp_helplogins-vu-verify.out @@ -4,37 +4,37 @@ GO ~~START~~ varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar jdbc_user#!#master#!#English#!#YES#!#NO -testlogin#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO +testloginindb1#!#master#!#English#!#YES#!#NO testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -testloginindb1#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin3#!#db2#!#English#!#YES#!#NO +testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO ~~END~~ ~~START~~ varchar#!#varchar#!#varchar#!#nvarchar -jdbc_user#!#db1#!#db_owner#!#Member of -jdbc_user#!#db1#!#dbo#!#User jdbc_user#!#master#!#db_owner#!#Member of jdbc_user#!#master#!#dbo#!#User jdbc_user#!#msdb#!#db_owner#!#Member of jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of +jdbc_user#!#sp_helplogins_db1#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of jdbc_user#!#tempdb#!#dbo#!#User -testlogin#!#master#!#db_securityadmin#!#Member of -testlogin#!#master#!#userof_testlogin#!#User -testloginindb1#!#db1#!#userof_testloginindb1#!#User -testloginwithsecurityadmin#!#db1#!#userof_testloginwithsecurityadmin_indb1#!#User +sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of +sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User +testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User -testloginwithsecurityadmin2#!#db1#!#db_securityadmin#!#Member of -testloginwithsecurityadmin2#!#db1#!#userof_testloginwithsecurityadmin2#!#User -testloginwithsecurityadmin3#!#db2#!#db_owner#!#Member of -testloginwithsecurityadmin3#!#db2#!#dbo#!#User +testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User +testloginwithsecurityadmin3#!#sp_helplogins_db2#!#db_owner#!#Member of +testloginwithsecurityadmin3#!#sp_helplogins_db2#!#dbo#!#User ~~END~~ --- tsql user=testlogin password=12345678 +-- tsql user=sp_helplogins_testlogin password=12345678 EXEC sp_helplogins_vu_test GO ~~ERROR (Code: 50000)~~ @@ -56,26 +56,26 @@ GO ~~START~~ varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar jdbc_user#!#master#!#English#!#YES#!#NO -testlogin#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO +testloginindb1#!#master#!#English#!#YES#!#NO testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -testloginindb1#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin3#!#db2#!#English#!#YES#!#NO +testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO ~~END~~ ~~START~~ varchar#!#varchar#!#varchar#!#nvarchar -jdbc_user#!#db1#!#db_owner#!#Member of -jdbc_user#!#db1#!#dbo#!#User jdbc_user#!#master#!#db_owner#!#Member of jdbc_user#!#master#!#dbo#!#User jdbc_user#!#msdb#!#db_owner#!#Member of jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of +jdbc_user#!#sp_helplogins_db1#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of jdbc_user#!#tempdb#!#dbo#!#User -testloginwithsecurityadmin#!#db1#!#userof_testloginwithsecurityadmin_indb1#!#User testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User +testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User ~~END~~ @@ -85,28 +85,28 @@ GO ~~START~~ varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar jdbc_user#!#master#!#English#!#YES#!#NO -testlogin#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO +testloginindb1#!#master#!#English#!#YES#!#NO testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -testloginindb1#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin3#!#db2#!#English#!#YES#!#NO +testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO ~~END~~ ~~START~~ varchar#!#varchar#!#varchar#!#nvarchar -jdbc_user#!#db1#!#db_owner#!#Member of -jdbc_user#!#db1#!#dbo#!#User jdbc_user#!#master#!#db_owner#!#Member of jdbc_user#!#master#!#dbo#!#User jdbc_user#!#msdb#!#db_owner#!#Member of jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of +jdbc_user#!#sp_helplogins_db1#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of jdbc_user#!#tempdb#!#dbo#!#User -testloginindb1#!#db1#!#userof_testloginindb1#!#User -testloginwithsecurityadmin#!#db1#!#userof_testloginwithsecurityadmin_indb1#!#User -testloginwithsecurityadmin2#!#db1#!#db_securityadmin#!#Member of -testloginwithsecurityadmin2#!#db1#!#userof_testloginwithsecurityadmin2#!#User +testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User +testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User ~~END~~ @@ -116,12 +116,12 @@ GO ~~START~~ varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar jdbc_user#!#master#!#English#!#YES#!#NO -testlogin#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO +testloginindb1#!#master#!#English#!#YES#!#NO testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -testloginindb1#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin3#!#db2#!#English#!#YES#!#NO +testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO ~~END~~ ~~START~~ @@ -132,8 +132,8 @@ jdbc_user#!#msdb#!#db_owner#!#Member of jdbc_user#!#msdb#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of jdbc_user#!#tempdb#!#dbo#!#User -testloginwithsecurityadmin3#!#db2#!#db_owner#!#Member of -testloginwithsecurityadmin3#!#db2#!#dbo#!#User +testloginwithsecurityadmin3#!#sp_helplogins_db2#!#db_owner#!#Member of +testloginwithsecurityadmin3#!#sp_helplogins_db2#!#dbo#!#User ~~END~~ @@ -147,28 +147,28 @@ jdbc_user#!#master#!#English#!#YES#!#NO ~~START~~ varchar#!#varchar#!#varchar#!#nvarchar -jdbc_user#!#db1#!#db_owner#!#Member of -jdbc_user#!#db1#!#dbo#!#User jdbc_user#!#master#!#db_owner#!#Member of jdbc_user#!#master#!#dbo#!#User jdbc_user#!#msdb#!#db_owner#!#Member of jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of +jdbc_user#!#sp_helplogins_db1#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of jdbc_user#!#tempdb#!#dbo#!#User ~~END~~ -EXEC sp_helplogins_vu_test_with_input 'testlogin' +EXEC sp_helplogins_vu_test_with_input 'sp_helplogins_testlogin' GO ~~START~~ varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -testlogin#!#master#!#English#!#YES#!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO ~~END~~ ~~START~~ varchar#!#varchar#!#varchar#!#nvarchar -testlogin#!#master#!#db_securityadmin#!#Member of -testlogin#!#master#!#userof_testlogin#!#User +sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of +sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User ~~END~~ @@ -181,8 +181,8 @@ testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO ~~START~~ varchar#!#varchar#!#varchar#!#nvarchar -testloginwithsecurityadmin#!#db1#!#userof_testloginwithsecurityadmin_indb1#!#User testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User +testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User ~~END~~ @@ -195,8 +195,8 @@ testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO ~~START~~ varchar#!#varchar#!#varchar#!#nvarchar -testloginwithsecurityadmin2#!#db1#!#db_securityadmin#!#Member of -testloginwithsecurityadmin2#!#db1#!#userof_testloginwithsecurityadmin2#!#User +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User ~~END~~ @@ -209,8 +209,8 @@ testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO ~~START~~ varchar#!#varchar#!#varchar#!#nvarchar -testloginwithsecurityadmin2#!#db1#!#db_securityadmin#!#Member of -testloginwithsecurityadmin2#!#db1#!#userof_testloginwithsecurityadmin2#!#User +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User ~~END~~ diff --git a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix index 276a3fe24ce..10599eb826c 100644 --- a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix +++ b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix @@ -1,8 +1,8 @@ -- tsql user=jdbc_user password=12345678 database=master -drop user if exists userof_testlogin +drop user if exists userof_sp_helplogins_testlogin GO -drop login testlogin +drop login sp_helplogins_testlogin GO drop user if exists userof_testloginwithsecurityadmin @@ -14,7 +14,7 @@ GO drop login testloginwithsecurityadmin GO -drop database db1 +drop database sp_helplogins_db1 GO drop user if exists userof_testloginwithsecurityadmin2 @@ -26,7 +26,7 @@ GO drop login testloginwithsecurityadmin3 GO -drop database db2 +drop database sp_helplogins_db2 GO drop login testloginindb1 diff --git a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-prepare.mix b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-prepare.mix index 2048602457b..746caff53b8 100644 --- a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-prepare.mix +++ b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-prepare.mix @@ -15,8 +15,10 @@ begin SET NOCOUNT OFF; - SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp; - SELECT * FROM #sp_helplogins_internal_user_mappings_temp; + SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp + order by loginname; + SELECT * FROM #sp_helplogins_internal_user_mappings_temp + order by loginname; end; $$; GO @@ -41,24 +43,26 @@ begin SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp where loginname = @input_loginname + order by loginname; SELECT * FROM #sp_helplogins_internal_user_mappings_temp where loginname = @input_loginname + order by loginname; end; $$; GO -- create login with user in master with db_securityadmin role -- tsql -create login testlogin with password = '12345678' -create user userof_testlogin for login testlogin +create login sp_helplogins_testlogin with password = '12345678' +create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin GO -alter role db_securityadmin add member userof_testlogin +alter role db_securityadmin add member userof_sp_helplogins_testlogin GO -- create a dummy db -create database db1 +create database sp_helplogins_db1 GO -- create a login with user in master with securityadmin server role @@ -69,8 +73,8 @@ GO alter server role securityadmin add member testloginwithsecurityadmin GO --- create another user for login testloginwithsecurityadmin in db1 -use db1 +-- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 +use sp_helplogins_db1 GO create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin GO @@ -83,18 +87,18 @@ create login testloginwithoutusers with password = '12345678' GO -- create a login which is a member of securityadmin server role --- and has a user with db_securityadmin role in db1 +-- and has a user with db_securityadmin role in sp_helplogins_db1 create login testloginwithsecurityadmin2 with password = '12345678' GO alter server role securityadmin add member testloginwithsecurityadmin2 GO --- create a login and a user in db1 +-- create a login and a user in sp_helplogins_db1 create login testloginindb1 with password = '12345678' GO -use db1 +use sp_helplogins_db1 GO create user userof_testloginindb1 for login testloginindb1 @@ -108,15 +112,15 @@ GO -- create a login which is a member of securityadmin server role --- with a default database and ownership on db2 -create database db2 +-- with a default database and ownership on sp_helplogins_db2 +create database sp_helplogins_db2 GO -create login testloginwithsecurityadmin3 with password = '12345678', default_database = db2 +create login testloginwithsecurityadmin3 with password = '12345678', default_database = sp_helplogins_db2 GO alter server role securityadmin add member testloginwithsecurityadmin3 GO -alter AUTHORIZATION on database::db2 to testloginwithsecurityadmin3 +alter AUTHORIZATION on database::sp_helplogins_db2 to testloginwithsecurityadmin3 GO diff --git a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix index f29211e09e7..cec6c1117fe 100644 --- a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix +++ b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix @@ -2,7 +2,7 @@ EXEC sp_helplogins_vu_test GO --- tsql user=testlogin password=12345678 +-- tsql user=sp_helplogins_testlogin password=12345678 EXEC sp_helplogins_vu_test GO @@ -22,7 +22,7 @@ GO EXEC sp_helplogins_vu_test_with_input 'jdbc_user' GO -EXEC sp_helplogins_vu_test_with_input 'testlogin' +EXEC sp_helplogins_vu_test_with_input 'sp_helplogins_testlogin' GO EXEC sp_helplogins_vu_test_with_input 'testloginwithsecurityadmin' From f48e50c4fa6cf9fda57aaebac77eb5745ffe03eb Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Tue, 6 May 2025 18:50:37 +0000 Subject: [PATCH 11/54] Rectified jdbc_schedule --- contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql | 13 ++----------- .../sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql | 13 ++----------- test/JDBC/jdbc_schedule | 5 ----- 3 files changed, 4 insertions(+), 27 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index 9525e0cfacb..a0af0f24e25 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3871,16 +3871,14 @@ $$; CREATE OR REPLACE PROCEDURE sys.sp_helplogins() LANGUAGE pltsql AS $$ -DECLARE @error_on_logins INT -DECLARE @error_on_user_mappings INT BEGIN SET NOCOUNT ON; CREATE TABLE #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - INSERT INTO #sp_helplogins_internal_logins_temp EXEC @error_on_logins = sp_helplogins_internal_logins; + INSERT INTO #sp_helplogins_internal_logins_temp EXEC sp_helplogins_internal_logins; CREATE TABLE #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - INSERT INTO #sp_helplogins_internal_user_mappings_temp EXEC @error_on_user_mappings = sp_helplogins_internal_user_mappings; + INSERT INTO #sp_helplogins_internal_user_mappings_temp EXEC sp_helplogins_internal_user_mappings; SET NOCOUNT OFF; @@ -3899,13 +3897,6 @@ DECLARE @input_loginname sys.SYSNAME; BEGIN SET @input_loginname = sys.RTRIM(@loginname); - - IF is_srvrolemember('securityadmin') = 0 - BEGIN - RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 1; - END - SET NOCOUNT ON; CREATE TABLE #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index 9d81f9ef35c..95b6a395007 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -228,16 +228,14 @@ $$; CREATE OR REPLACE PROCEDURE sys.sp_helplogins() LANGUAGE pltsql AS $$ -DECLARE @error_on_logins INT -DECLARE @error_on_user_mappings INT BEGIN SET NOCOUNT ON; CREATE TABLE #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - INSERT INTO #sp_helplogins_internal_logins_temp EXEC @error_on_logins = sp_helplogins_internal_logins; + INSERT INTO #sp_helplogins_internal_logins_temp EXEC sp_helplogins_internal_logins; CREATE TABLE #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - INSERT INTO #sp_helplogins_internal_user_mappings_temp EXEC @error_on_user_mappings = sp_helplogins_internal_user_mappings; + INSERT INTO #sp_helplogins_internal_user_mappings_temp EXEC sp_helplogins_internal_user_mappings; SET NOCOUNT OFF; @@ -256,13 +254,6 @@ DECLARE @input_loginname sys.SYSNAME; BEGIN SET @input_loginname = sys.RTRIM(@loginname); - - IF is_srvrolemember('securityadmin') = 0 - BEGIN - RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 1; - END - SET NOCOUNT ON; CREATE TABLE #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) diff --git a/test/JDBC/jdbc_schedule b/test/JDBC/jdbc_schedule index 319508229e6..2cc8da0d149 100644 --- a/test/JDBC/jdbc_schedule +++ b/test/JDBC/jdbc_schedule @@ -579,8 +579,3 @@ ignore#!#test_constraint_like-16-6-vu-cleanup ignore#!#sys-fn-varbintohexsubstring-before-16_10-or-17_6-vu-prepare ignore#!#sys-fn-varbintohexsubstring-before-16_10-or-17_6-vu-verify ignore#!#sys-fn-varbintohexsubstring-before-16_10-or-17_6-vu-cleanup - -# More info: BABEL-5742 -ignore#!#Test-sp_helplogins-vu-prepare -ignore#!#Test-sp_helplogins-vu-verify -ignore#!#Test-sp_helplogins-vu-cleanup \ No newline at end of file From df9840903e27e270c8cc65507fdea5a0c78ec169 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Tue, 6 May 2025 19:38:28 +0000 Subject: [PATCH 12/54] Added internal view to expected upgrade and sql validation --- .../expected/sql_validation_framework/expected_create.out | 8 ++++++-- .../expected/sql_validation_framework/expected_drop.out | 4 ++-- .../expected/upgrade_validation/expected_dependency.out | 1 + 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/test/python/expected/sql_validation_framework/expected_create.out b/test/python/expected/sql_validation_framework/expected_create.out index bec807e2b37..ee2d9039cda 100644 --- a/test/python/expected/sql_validation_framework/expected_create.out +++ b/test/python/expected/sql_validation_framework/expected_create.out @@ -15,8 +15,8 @@ Could not find tests for function sys.bbf_is_role_member Could not find tests for function sys.bbf_pivot Could not find tests for function sys.bbf_xmlexist Could not find tests for function sys.columns_internal -Could not find tests for function sys.date_bucket_internal_helper Could not find tests for function sys.dateadd_internal +Could not find tests for function sys.date_bucket_internal_helper Could not find tests for function sys.datediff_internal Could not find tests for function sys.datepart_internal Could not find tests for function sys.default_domain @@ -77,6 +77,7 @@ Could not find tests for procedure sys.babel_drop_all_logins Could not find tests for procedure sys.babel_initialize_logins Could not find tests for procedure sys.printarg Could not find tests for procedure sys.sp_describe_cursor +Could not find tests for procedure sys.sp_helplogins Could not find tests for table sys.babelfish_helpcollation Could not find tests for table sys.babelfish_partition_function Could not find tests for table sys.babelfish_partition_scheme @@ -86,6 +87,7 @@ Could not find tests for table sys.spt_datatype_info_table Could not find tests for table sys.versions Could not find tests for view babelfish_has_perms_by_name_permissions Could not find tests for view information_schema_tsql.columns_internal +Could not find tests for view sys.all_database_users Could not find tests for view sys.all_sql_modules_internal Could not find tests for view sys.pg_namespace_ext Could not find tests for view sys.shipped_objects_not_in_sys @@ -116,8 +118,8 @@ Could not find upgrade tests for function sys.bbf_xmlexist Could not find upgrade tests for function sys.columns_internal Could not find upgrade tests for function sys.cursor_rows Could not find upgrade tests for function sys.cursor_status -Could not find upgrade tests for function sys.date_bucket_internal_helper Could not find upgrade tests for function sys.dateadd_internal +Could not find upgrade tests for function sys.date_bucket_internal_helper Could not find upgrade tests for function sys.datediff_internal Could not find upgrade tests for function sys.datepart_internal Could not find upgrade tests for function sys.default_domain @@ -189,6 +191,7 @@ Could not find upgrade tests for procedure sys.printarg Could not find upgrade tests for procedure sys.sp_column_privileges Could not find upgrade tests for procedure sys.sp_cursor_list Could not find upgrade tests for procedure sys.sp_describe_cursor +Could not find upgrade tests for procedure sys.sp_helplogins Could not find upgrade tests for procedure sys.sp_oledb_ro_usrname Could not find upgrade tests for procedure sys.sp_prepare Could not find upgrade tests for procedure sys.sp_reset_connection @@ -204,6 +207,7 @@ Could not find upgrade tests for table sys.spt_datatype_info_table Could not find upgrade tests for table sys.versions Could not find upgrade tests for view babelfish_has_perms_by_name_permissions Could not find upgrade tests for view information_schema_tsql.columns_internal +Could not find upgrade tests for view sys.all_database_users Could not find upgrade tests for view sys.all_sql_modules_internal Could not find upgrade tests for view sys.pg_namespace_ext Could not find upgrade tests for view sys.shipped_objects_not_in_sys diff --git a/test/python/expected/sql_validation_framework/expected_drop.out b/test/python/expected/sql_validation_framework/expected_drop.out index d2653537b07..f1f0480e362 100644 --- a/test/python/expected/sql_validation_framework/expected_drop.out +++ b/test/python/expected/sql_validation_framework/expected_drop.out @@ -36,7 +36,9 @@ Unexpected drop found for function sys.babelfish_update_server_collation_name in Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--2.8.0--3.0.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--2.9.0--3.0.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.0.0--3.1.0.sql +Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.10.0--4.0.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.1.0--3.2.0.sql +Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.11.0--4.0.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.2.0--3.3.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.3.0--3.4.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.4.0--4.0.0.sql @@ -45,8 +47,6 @@ Unexpected drop found for function sys.babelfish_update_server_collation_name in Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.7.0--4.0.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.8.0--4.0.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.9.0--4.0.0.sql -Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.10.0--4.0.0.sql -Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.11.0--4.0.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--4.0.0--4.1.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--4.1.0--4.2.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--4.2.0--4.3.0.sql diff --git a/test/python/expected/upgrade_validation/expected_dependency.out b/test/python/expected/upgrade_validation/expected_dependency.out index 70f00e7bc10..e8c31844637 100644 --- a/test/python/expected/upgrade_validation/expected_dependency.out +++ b/test/python/expected/upgrade_validation/expected_dependency.out @@ -981,6 +981,7 @@ View information_schema_tsql.columns_internal View information_schema_tsql.constraint_column_usage View information_schema_tsql.domains View information_schema_tsql.routines +View sys.all_database_users View sys.all_sql_modules_internal View sys.assembly_modules View sys.babelfish_has_perms_by_name_permissions From 9bc8e3b3913e87639fc6a096bb22e7126d962227 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Tue, 6 May 2025 21:25:43 +0000 Subject: [PATCH 13/54] Trying to rectify tests --- test/JDBC/expected/Test-sp_helplogins-vu-verify.out | 6 ------ 1 file changed, 6 deletions(-) diff --git a/test/JDBC/expected/Test-sp_helplogins-vu-verify.out b/test/JDBC/expected/Test-sp_helplogins-vu-verify.out index 4f3458889a3..9a0dc17b4ed 100644 --- a/test/JDBC/expected/Test-sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/Test-sp_helplogins-vu-verify.out @@ -68,8 +68,6 @@ testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO varchar#!#varchar#!#varchar#!#nvarchar jdbc_user#!#master#!#db_owner#!#Member of jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of jdbc_user#!#sp_helplogins_db1#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of @@ -97,8 +95,6 @@ testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO varchar#!#varchar#!#varchar#!#nvarchar jdbc_user#!#master#!#db_owner#!#Member of jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of jdbc_user#!#sp_helplogins_db1#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of @@ -128,8 +124,6 @@ testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO varchar#!#varchar#!#varchar#!#nvarchar jdbc_user#!#master#!#db_owner#!#Member of jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of jdbc_user#!#tempdb#!#dbo#!#User testloginwithsecurityadmin3#!#sp_helplogins_db2#!#db_owner#!#Member of From 5d695e2bdea590dcd3bdc6b6c501068a4f8caa05 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Wed, 7 May 2025 05:36:25 +0000 Subject: [PATCH 14/54] Rectified to fix database collation failures --- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 48 ++++++---------- .../babelfishpg_tsql--5.2.0--5.3.0.sql | 48 ++++++---------- .../Test-sp_helplogins-vu-prepare.mix | 54 ------------------ .../Test-sp_helplogins-vu-verify.mix | 55 +++++++++++++++++++ 4 files changed, 91 insertions(+), 114 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index a0af0f24e25..ae81e63a298 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3773,6 +3773,19 @@ ON Db.owner = Base3.rolname WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL; GRANT SELECT on sys.all_database_users TO PUBLIC; +CREATE OR REPLACE VIEW sys.db_role_mapping AS +SELECT + UExt2.database_name as database_name, + UExt1.orig_username as role_name, + UExt2.login_name as member_login +FROM pg_catalog.pg_auth_members AS Authmbr +INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid +INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member +INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname +INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname +WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin'); +GRANT SELECT on sys.db_role_mapping TO PUBLIC; + CREATE OR REPLACE PROCEDURE sys.sp_helplogins_internal_logins() LANGUAGE pltsql AS $$ @@ -3816,33 +3829,19 @@ BEGIN SET @current_username = sys.suser_name(); - CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) - INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) - SELECT - UExt2.database_name as database_name, - UExt1.orig_username as role_name, - UExt2.login_name as member_login - FROM pg_catalog.pg_auth_members AS Authmbr - INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid - INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname - WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') - AND UExt2.login_name = @current_username - SELECT CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, 'User' AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name COLLATE database_default WHERE UExt.type != 'R' AND UExt.orig_username != 'guest' AND has_dbaccess(UExt.database_name) = 1 AND ( is_srvrolemember('sysadmin') = 1 OR - EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR + EXISTS (SELECT 1 from sys.db_role_mapping WHERE database_name = UExt.database_name AND member_login = @current_username) OR UExt.login_name = LOWER(@current_username) OR ISNULL(UExt.login_name, '') = '' ) @@ -3857,7 +3856,7 @@ BEGIN INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name COLLATE database_default WHERE has_dbaccess(UExt2.database_name) = 1 AND ( is_srvrolemember('sysadmin') = 1 OR @@ -3872,19 +3871,8 @@ CREATE OR REPLACE PROCEDURE sys.sp_helplogins() LANGUAGE pltsql AS $$ BEGIN - SET NOCOUNT ON; - - CREATE TABLE #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - INSERT INTO #sp_helplogins_internal_logins_temp EXEC sp_helplogins_internal_logins; - - CREATE TABLE #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - INSERT INTO #sp_helplogins_internal_user_mappings_temp EXEC sp_helplogins_internal_user_mappings; - - SET NOCOUNT OFF; - - SELECT * FROM #sp_helplogins_internal_logins_temp; - SELECT * FROM #sp_helplogins_internal_user_mappings_temp; - + EXEC sp_helplogins_internal_logins; + EXEC sp_helplogins_internal_user_mappings; RETURN 0; END; $$; diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index 95b6a395007..21f7f9a1d26 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -130,6 +130,19 @@ ON Db.owner = Base3.rolname WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL; GRANT SELECT on sys.all_database_users TO PUBLIC; +CREATE OR REPLACE VIEW sys.db_role_mapping AS +SELECT + UExt2.database_name as database_name, + UExt1.orig_username as role_name, + UExt2.login_name as member_login +FROM pg_catalog.pg_auth_members AS Authmbr +INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid +INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member +INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname +INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname +WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin'); +GRANT SELECT on sys.db_role_mapping TO PUBLIC; + CREATE OR REPLACE PROCEDURE sys.sp_helplogins_internal_logins() LANGUAGE pltsql AS $$ @@ -173,33 +186,19 @@ BEGIN SET @current_username = sys.suser_name(); - CREATE TABLE #DB_ROLE_MAPPING(database_name sys.nvarchar(128), role_name sys.nvarchar(128), member_login sys.nvarchar(128)) - INSERT INTO #DB_ROLE_MAPPING(database_name, role_name, member_login) - SELECT - UExt2.database_name as database_name, - UExt1.orig_username as role_name, - UExt2.login_name as member_login - FROM pg_catalog.pg_auth_members AS Authmbr - INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid - INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname - WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') - AND UExt2.login_name = @current_username - SELECT CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, 'User' AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name COLLATE database_default WHERE UExt.type != 'R' AND UExt.orig_username != 'guest' AND has_dbaccess(UExt.database_name) = 1 AND ( is_srvrolemember('sysadmin') = 1 OR - EXISTS (SELECT 1 from #DB_ROLE_MAPPING WHERE database_name = UExt.database_name) OR + EXISTS (SELECT 1 from sys.db_role_mapping WHERE database_name = UExt.database_name AND member_login = @current_username) OR UExt.login_name = LOWER(@current_username) OR ISNULL(UExt.login_name, '') = '' ) @@ -214,7 +213,7 @@ BEGIN INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name COLLATE database_default WHERE has_dbaccess(UExt2.database_name) = 1 AND ( is_srvrolemember('sysadmin') = 1 OR @@ -229,19 +228,8 @@ CREATE OR REPLACE PROCEDURE sys.sp_helplogins() LANGUAGE pltsql AS $$ BEGIN - SET NOCOUNT ON; - - CREATE TABLE #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - INSERT INTO #sp_helplogins_internal_logins_temp EXEC sp_helplogins_internal_logins; - - CREATE TABLE #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - INSERT INTO #sp_helplogins_internal_user_mappings_temp EXEC sp_helplogins_internal_user_mappings; - - SET NOCOUNT OFF; - - SELECT * FROM #sp_helplogins_internal_logins_temp; - SELECT * FROM #sp_helplogins_internal_user_mappings_temp; - + EXEC sp_helplogins_internal_logins; + EXEC sp_helplogins_internal_user_mappings; RETURN 0; END; $$; diff --git a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-prepare.mix b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-prepare.mix index 746caff53b8..363f12f9cac 100644 --- a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-prepare.mix +++ b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-prepare.mix @@ -1,57 +1,3 @@ --- sp_helplogins returns two result sets --- creating test sp by omitting sid since it is an identifier which will change on every run --- psql -create procedure sys.sp_helplogins_vu_test() -language pltsql -as $$ -begin - SET NOCOUNT ON; - - create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; - - create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; - - SET NOCOUNT OFF; - - SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp - order by loginname; - SELECT * FROM #sp_helplogins_internal_user_mappings_temp - order by loginname; -end; -$$; -GO - -create procedure sys.sp_helplogins_vu_test_with_input("@loginname" sys.SYSNAME) -language pltsql -as $$ -declare @input_loginname sys.SYSNAME; -begin - - SET @input_loginname = sys.RTRIM(@loginname); - - SET NOCOUNT ON; - - create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; - - create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; - - SET NOCOUNT OFF; - - SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp - where loginname = @input_loginname - order by loginname; - - SELECT * FROM #sp_helplogins_internal_user_mappings_temp - where loginname = @input_loginname - order by loginname; -end; -$$; -GO - -- create login with user in master with db_securityadmin role -- tsql create login sp_helplogins_testlogin with password = '12345678' diff --git a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix index cec6c1117fe..669802bc79f 100644 --- a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix +++ b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix @@ -1,3 +1,58 @@ +-- sp_helplogins returns two result sets +-- creating test sp by omitting sid since it is an identifier which will change on every run +-- psql +create procedure sys.sp_helplogins_vu_test() +language pltsql +as $$ +begin + SET NOCOUNT ON; + + create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) + insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; + + create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) + insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; + + SET NOCOUNT OFF; + + SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp + order by loginname; + SELECT * FROM #sp_helplogins_internal_user_mappings_temp + order by loginname; +end; +$$; +GO + +create procedure sys.sp_helplogins_vu_test_with_input("@loginname" sys.SYSNAME) +language pltsql +as $$ +declare @input_loginname sys.SYSNAME; +begin + + SET @input_loginname = sys.RTRIM(@loginname); + + SET NOCOUNT ON; + + create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) + insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; + + create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) + insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; + + SET NOCOUNT OFF; + + SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp + where loginname = @input_loginname + order by loginname; + + SELECT * FROM #sp_helplogins_internal_user_mappings_temp + where loginname = @input_loginname + order by loginname; +end; +$$; +GO + + -- tsql user=jdbc_user password=12345678 EXEC sp_helplogins_vu_test GO From fd42f89e4645cdb51f5e5814f38ef98b88179a9b Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Wed, 7 May 2025 06:21:55 +0000 Subject: [PATCH 15/54] Rectified testcases and added test for internal views --- .../Test-sp_helplogins-vu-prepare.out | 54 ---------------- .../expected/Test-sp_helplogins-vu-verify.out | 61 +++++++++++++++++++ .../sys_db_role_mapping-vu-prepare.out | 10 +++ .../sys_db_role_mapping-vu-verify.out | 26 ++++++++ .../views/sys_db_role_mapping-vu-prepare.sql | 10 +++ .../views/sys_db_role_mapping-vu-verify.sql | 11 ++++ test/JDBC/upgrade/latest/schedule | 1 + 7 files changed, 119 insertions(+), 54 deletions(-) create mode 100644 test/JDBC/expected/sys_db_role_mapping-vu-prepare.out create mode 100644 test/JDBC/expected/sys_db_role_mapping-vu-verify.out create mode 100644 test/JDBC/input/views/sys_db_role_mapping-vu-prepare.sql create mode 100644 test/JDBC/input/views/sys_db_role_mapping-vu-verify.sql diff --git a/test/JDBC/expected/Test-sp_helplogins-vu-prepare.out b/test/JDBC/expected/Test-sp_helplogins-vu-prepare.out index 34bcb9113f8..3bd359380eb 100644 --- a/test/JDBC/expected/Test-sp_helplogins-vu-prepare.out +++ b/test/JDBC/expected/Test-sp_helplogins-vu-prepare.out @@ -1,57 +1,3 @@ --- psql - - - - --- sp_helplogins returns two result sets --- creating test sp by omitting sid since it is an identifier which will change on every run -create procedure sys.sp_helplogins_vu_test() -language pltsql -as $$ -begin - SET NOCOUNT ON; - create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; - create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; - SET NOCOUNT OFF; - SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp - order by loginname; - SELECT * FROM #sp_helplogins_internal_user_mappings_temp - order by loginname; -end; -$$; -GO - - - - - - - - -create procedure sys.sp_helplogins_vu_test_with_input("@loginname" sys.SYSNAME) -language pltsql -as $$ -declare @input_loginname sys.SYSNAME; -begin - SET @input_loginname = sys.RTRIM(@loginname); - SET NOCOUNT ON; - create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; - create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; - SET NOCOUNT OFF; - SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp - where loginname = @input_loginname - order by loginname; - SELECT * FROM #sp_helplogins_internal_user_mappings_temp - where loginname = @input_loginname - order by loginname; -end; -$$; -GO - -- tsql -- create login with user in master with db_securityadmin role create login sp_helplogins_testlogin with password = '12345678' diff --git a/test/JDBC/expected/Test-sp_helplogins-vu-verify.out b/test/JDBC/expected/Test-sp_helplogins-vu-verify.out index 9a0dc17b4ed..38b0f4a8f43 100644 --- a/test/JDBC/expected/Test-sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/Test-sp_helplogins-vu-verify.out @@ -1,3 +1,58 @@ +-- psql + + + + +-- sp_helplogins returns two result sets +-- creating test sp by omitting sid since it is an identifier which will change on every run +create procedure sys.sp_helplogins_vu_test() +language pltsql +as $$ +begin + SET NOCOUNT ON; + create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) + insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; + create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) + insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; + SET NOCOUNT OFF; + SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp + order by loginname; + SELECT * FROM #sp_helplogins_internal_user_mappings_temp + order by loginname; +end; +$$; +GO + + + + + + + + +create procedure sys.sp_helplogins_vu_test_with_input("@loginname" sys.SYSNAME) +language pltsql +as $$ +declare @input_loginname sys.SYSNAME; +begin + SET @input_loginname = sys.RTRIM(@loginname); + SET NOCOUNT ON; + create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) + insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; + create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) + insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; + SET NOCOUNT OFF; + SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp + where loginname = @input_loginname + order by loginname; + SELECT * FROM #sp_helplogins_internal_user_mappings_temp + where loginname = @input_loginname + order by loginname; +end; +$$; +GO + + -- tsql user=jdbc_user password=12345678 EXEC sp_helplogins_vu_test GO @@ -68,6 +123,8 @@ testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO varchar#!#varchar#!#varchar#!#nvarchar jdbc_user#!#master#!#db_owner#!#Member of jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of jdbc_user#!#sp_helplogins_db1#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of @@ -95,6 +152,8 @@ testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO varchar#!#varchar#!#varchar#!#nvarchar jdbc_user#!#master#!#db_owner#!#Member of jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of jdbc_user#!#sp_helplogins_db1#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of @@ -124,6 +183,8 @@ testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO varchar#!#varchar#!#varchar#!#nvarchar jdbc_user#!#master#!#db_owner#!#Member of jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of jdbc_user#!#tempdb#!#dbo#!#User testloginwithsecurityadmin3#!#sp_helplogins_db2#!#db_owner#!#Member of diff --git a/test/JDBC/expected/sys_db_role_mapping-vu-prepare.out b/test/JDBC/expected/sys_db_role_mapping-vu-prepare.out new file mode 100644 index 00000000000..f2b77a2d625 --- /dev/null +++ b/test/JDBC/expected/sys_db_role_mapping-vu-prepare.out @@ -0,0 +1,10 @@ +-- create a login and user which is a member of db_securityadmin role +-- tsql +create login sys_db_role_mapping_vu_login with password = '12345678'; +GO + +create user userof_sys_db_role_mapping_vu_login for login sys_db_role_mapping_vu_login +GO + +alter role db_securityadmin add member userof_sys_db_role_mapping_vu_login; +GO diff --git a/test/JDBC/expected/sys_db_role_mapping-vu-verify.out b/test/JDBC/expected/sys_db_role_mapping-vu-verify.out new file mode 100644 index 00000000000..e34c2f48941 --- /dev/null +++ b/test/JDBC/expected/sys_db_role_mapping-vu-verify.out @@ -0,0 +1,26 @@ +select * from sys.db_role_mapping where ISNULL(member_login, '') != '' order by database_name; +GO +~~START~~ +nvarchar#!#nvarchar#!#varchar +master#!#db_securityadmin#!#sys_db_role_mapping_vu_login +~~END~~ + + +select * from sys.db_role_mapping where ISNULL(member_login, '') = '' order by database_name; +GO +~~START~~ +nvarchar#!#nvarchar#!#varchar +master#!#db_accessadmin#!# +master#!#db_securityadmin#!# +msdb#!#db_accessadmin#!# +msdb#!#db_securityadmin#!# +tempdb#!#db_accessadmin#!# +tempdb#!#db_securityadmin#!# +~~END~~ + + +drop user if exists userof_sys_db_role_mapping_vu_login +GO + +drop login sys_db_role_mapping_vu_login +GO diff --git a/test/JDBC/input/views/sys_db_role_mapping-vu-prepare.sql b/test/JDBC/input/views/sys_db_role_mapping-vu-prepare.sql new file mode 100644 index 00000000000..8b7f0d11172 --- /dev/null +++ b/test/JDBC/input/views/sys_db_role_mapping-vu-prepare.sql @@ -0,0 +1,10 @@ +-- create a login and user which is a member of db_securityadmin role +-- tsql +create login sys_db_role_mapping_vu_login with password = '12345678'; +GO + +create user userof_sys_db_role_mapping_vu_login for login sys_db_role_mapping_vu_login +GO + +alter role db_securityadmin add member userof_sys_db_role_mapping_vu_login; +GO \ No newline at end of file diff --git a/test/JDBC/input/views/sys_db_role_mapping-vu-verify.sql b/test/JDBC/input/views/sys_db_role_mapping-vu-verify.sql new file mode 100644 index 00000000000..f9da8db58b0 --- /dev/null +++ b/test/JDBC/input/views/sys_db_role_mapping-vu-verify.sql @@ -0,0 +1,11 @@ +select * from sys.db_role_mapping where ISNULL(member_login, '') != '' order by database_name; +GO + +select * from sys.db_role_mapping where ISNULL(member_login, '') = '' order by database_name; +GO + +drop user if exists userof_sys_db_role_mapping_vu_login +GO + +drop login sys_db_role_mapping_vu_login +GO \ No newline at end of file diff --git a/test/JDBC/upgrade/latest/schedule b/test/JDBC/upgrade/latest/schedule index 30be7aa46a2..4d96be16909 100644 --- a/test/JDBC/upgrade/latest/schedule +++ b/test/JDBC/upgrade/latest/schedule @@ -621,3 +621,4 @@ round_return_type_test alter-view test_conv_int_to_varbinary_binary babel_varbinary +sys_db_role_mapping \ No newline at end of file From 85e306da03a36220a63f4caf043479c662e7d4ce Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Wed, 7 May 2025 06:53:46 +0000 Subject: [PATCH 16/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- test/JDBC/expected/Test-sp_helplogins-vu-verify.out | 6 ------ .../expected/upgrade_validation/expected_dependency.out | 1 + 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/test/JDBC/expected/Test-sp_helplogins-vu-verify.out b/test/JDBC/expected/Test-sp_helplogins-vu-verify.out index 38b0f4a8f43..8f5b38447b6 100644 --- a/test/JDBC/expected/Test-sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/Test-sp_helplogins-vu-verify.out @@ -123,8 +123,6 @@ testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO varchar#!#varchar#!#varchar#!#nvarchar jdbc_user#!#master#!#db_owner#!#Member of jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of jdbc_user#!#sp_helplogins_db1#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of @@ -152,8 +150,6 @@ testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO varchar#!#varchar#!#varchar#!#nvarchar jdbc_user#!#master#!#db_owner#!#Member of jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of jdbc_user#!#sp_helplogins_db1#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of @@ -183,8 +179,6 @@ testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO varchar#!#varchar#!#varchar#!#nvarchar jdbc_user#!#master#!#db_owner#!#Member of jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of jdbc_user#!#tempdb#!#dbo#!#User testloginwithsecurityadmin3#!#sp_helplogins_db2#!#db_owner#!#Member of diff --git a/test/python/expected/upgrade_validation/expected_dependency.out b/test/python/expected/upgrade_validation/expected_dependency.out index e8c31844637..437d26e6626 100644 --- a/test/python/expected/upgrade_validation/expected_dependency.out +++ b/test/python/expected/upgrade_validation/expected_dependency.out @@ -991,6 +991,7 @@ View sys.database_files View sys.database_filestream_options View sys.database_recovery_status View sys.database_role_members +View sys.db_role_mapping View sys.dm_hadr_cluster View sys.dm_hadr_database_replica_states View sys.dm_os_host_info From 26f75bb8485dc5f8f58c46066f01136d8d72e272 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Wed, 7 May 2025 13:35:18 +0000 Subject: [PATCH 17/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 118 ++++--- .../babelfishpg_tsql--5.2.0--5.3.0.sql | 118 ++++--- .../BABEL-5742-sp_helplogins-vu-cleanup.out} | 3 - .../BABEL-5742-sp_helplogins-vu-prepare.out | 72 +++++ .../BABEL-5742-sp_helplogins-vu-verify.out | 291 ++++++++++++++++++ .../sys_db_role_mapping-vu-prepare.out | 10 - .../sys_db_role_mapping-vu-verify.out | 26 -- .../BABEL-5742-sp_helplogins-vu-cleanup.mix | 43 +++ ...> BABEL-5742-sp_helplogins-vu-prepare.mix} | 0 .../BABEL-5742-sp_helplogins-vu-verify.mix | 99 ++++++ .../Test-sp_helplogins-vu-verify.mix | 97 ------ .../views/sys_db_role_mapping-vu-prepare.sql | 10 - .../views/sys_db_role_mapping-vu-verify.sql | 11 - test/JDBC/upgrade/latest/schedule | 5 +- .../expected_dependency.out | 2 - 15 files changed, 623 insertions(+), 282 deletions(-) rename test/JDBC/{input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix => expected/BABEL-5742-sp_helplogins-vu-cleanup.out} (92%) create mode 100644 test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out create mode 100644 test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out delete mode 100644 test/JDBC/expected/sys_db_role_mapping-vu-prepare.out delete mode 100644 test/JDBC/expected/sys_db_role_mapping-vu-verify.out create mode 100644 test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-cleanup.mix rename test/JDBC/input/storedProcedures/{Test-sp_helplogins-vu-prepare.mix => BABEL-5742-sp_helplogins-vu-prepare.mix} (100%) create mode 100644 test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix delete mode 100644 test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix delete mode 100644 test/JDBC/input/views/sys_db_role_mapping-vu-prepare.sql delete mode 100644 test/JDBC/input/views/sys_db_role_mapping-vu-verify.sql diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index ae81e63a298..cd1e1c799a4 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3755,37 +3755,6 @@ END; $$ LANGUAGE pltsql; GRANT EXECUTE ON PROCEDURE sys.sp_procedure_params_100_managed TO PUBLIC; -CREATE OR REPLACE VIEW sys.all_database_users AS -SELECT DISTINCT -CASE - WHEN Ext.orig_username = 'dbo' THEN Base3.oid - WHEN Ext.orig_username = 'guest' THEN 0 - ELSE Base2.oid -END AS oid -FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_user_ext AS Ext -ON Base.rolname = Ext.rolname -LEFT OUTER JOIN pg_catalog.pg_roles Base2 -ON Ext.login_name = Base2.rolname -LEFT OUTER JOIN sys.babelfish_sysdatabases AS Db -ON Ext.database_name COLLATE sys.database_default = Db.name -LEFT OUTER JOIN pg_catalog.pg_roles AS Base3 -ON Db.owner = Base3.rolname -WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL; -GRANT SELECT on sys.all_database_users TO PUBLIC; - -CREATE OR REPLACE VIEW sys.db_role_mapping AS -SELECT - UExt2.database_name as database_name, - UExt1.orig_username as role_name, - UExt2.login_name as member_login -FROM pg_catalog.pg_auth_members AS Authmbr -INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid -INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member -INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname -INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname -WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin'); -GRANT SELECT on sys.db_role_mapping TO PUBLIC; - CREATE OR REPLACE PROCEDURE sys.sp_helplogins_internal_logins() LANGUAGE pltsql AS $$ @@ -3793,9 +3762,25 @@ BEGIN IF is_srvrolemember('securityadmin') = 0 BEGIN RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 1; + RETURN 0; END + SELECT DISTINCT + CASE + WHEN Ext.orig_username = 'dbo' THEN Base3.oid + WHEN Ext.orig_username = 'guest' THEN 0 + ELSE Base2.oid + END AS oid INTO #all_database_users + FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_user_ext AS Ext + ON Base.rolname = Ext.rolname + LEFT OUTER JOIN pg_catalog.pg_roles Base2 + ON Ext.login_name = Base2.rolname + LEFT OUTER JOIN sys.babelfish_sysdatabases AS Db + ON Ext.database_name COLLATE database_default = Db.name + LEFT OUTER JOIN pg_catalog.pg_roles AS Base3 + ON Db.owner = Base3.rolname + WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL; + SELECT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, @@ -3808,7 +3793,7 @@ BEGIN 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname - LEFT JOIN sys.all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it + LEFT JOIN #all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it WHERE LExt.type NOT IN ('R', 'Z'); RETURN 0; @@ -3824,9 +3809,20 @@ BEGIN IF is_srvrolemember('securityadmin') = 0 BEGIN RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 1; + RETURN 0; END + SELECT + UExt2.database_name as database_name, + UExt1.orig_username as role_name, + UExt2.login_name as member_login INTO #db_role_mapping + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin'); + SET @current_username = sys.suser_name(); SELECT @@ -3841,7 +3837,7 @@ BEGIN has_dbaccess(UExt.database_name) = 1 AND ( is_srvrolemember('sysadmin') = 1 OR - EXISTS (SELECT 1 from sys.db_role_mapping WHERE database_name = UExt.database_name AND member_login = @current_username) OR + EXISTS (SELECT 1 from #db_role_mapping WHERE database_name = UExt.database_name AND member_login = @current_username) OR UExt.login_name = LOWER(@current_username) OR ISNULL(UExt.login_name, '') = '' ) @@ -3867,41 +3863,43 @@ BEGIN END; $$; -CREATE OR REPLACE PROCEDURE sys.sp_helplogins() -LANGUAGE pltsql -AS $$ -BEGIN - EXEC sp_helplogins_internal_logins; - EXEC sp_helplogins_internal_user_mappings; - RETURN 0; -END; -$$; -GRANT EXECUTE ON PROCEDURE sys.sp_helplogins() TO PUBLIC; - -CREATE OR REPLACE PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) +CREATE OR REPLACE PROCEDURE sys.sp_helplogins(IN "@loginname" sys.sysname DEFAULT NULL) LANGUAGE pltsql AS $$ -DECLARE @input_loginname sys.SYSNAME; +DECLARE @input_loginname sys.sysname; BEGIN - SET @input_loginname = sys.RTRIM(@loginname); - SET NOCOUNT ON; + IF is_srvrolemember('securityadmin') = 0 + BEGIN + RAISERROR('User does not have permission to perform this action.', 16, 1); + RETURN 0; + END - CREATE TABLE #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - INSERT INTO #sp_helplogins_internal_logins_temp EXEC sp_helplogins_internal_logins; + IF @loginname IS NULL + BEGIN + EXEC sp_helplogins_internal_logins; + EXEC sp_helplogins_internal_user_mappings; + END + ELSE + BEGIN + SET @input_loginname = sys.RTRIM(@loginname); + SET NOCOUNT ON; - CREATE TABLE #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - INSERT INTO #sp_helplogins_internal_user_mappings_temp EXEC sp_helplogins_internal_user_mappings; + CREATE TABLE #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) + INSERT INTO #sp_helplogins_internal_logins_temp EXEC sp_helplogins_internal_logins; - SET NOCOUNT OFF; + CREATE TABLE #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) + INSERT INTO #sp_helplogins_internal_user_mappings_temp EXEC sp_helplogins_internal_user_mappings; - SELECT * FROM #sp_helplogins_internal_logins_temp - WHERE LoginName = @input_loginname; + SET NOCOUNT OFF; - SELECT * FROM #sp_helplogins_internal_user_mappings_temp - WHERE LoginName = @input_loginname; + SELECT * FROM #sp_helplogins_internal_logins_temp + WHERE LoginName = @input_loginname; + SELECT * FROM #sp_helplogins_internal_user_mappings_temp + WHERE LoginName = @input_loginname; + END; RETURN 0; END; $$; -GRANT EXECUTE ON PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) TO PUBLIC; \ No newline at end of file +GRANT EXECUTE ON PROCEDURE sys.sp_helplogins TO PUBLIC; \ No newline at end of file diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index 21f7f9a1d26..8c62c18e9cb 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -112,37 +112,6 @@ END; $$ LANGUAGE plpgsql IMMUTABLE; -CREATE OR REPLACE VIEW sys.all_database_users AS -SELECT DISTINCT -CASE - WHEN Ext.orig_username = 'dbo' THEN Base3.oid - WHEN Ext.orig_username = 'guest' THEN 0 - ELSE Base2.oid -END AS oid -FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_user_ext AS Ext -ON Base.rolname = Ext.rolname -LEFT OUTER JOIN pg_catalog.pg_roles Base2 -ON Ext.login_name = Base2.rolname -LEFT OUTER JOIN sys.babelfish_sysdatabases AS Db -ON Ext.database_name COLLATE sys.database_default = Db.name -LEFT OUTER JOIN pg_catalog.pg_roles AS Base3 -ON Db.owner = Base3.rolname -WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL; -GRANT SELECT on sys.all_database_users TO PUBLIC; - -CREATE OR REPLACE VIEW sys.db_role_mapping AS -SELECT - UExt2.database_name as database_name, - UExt1.orig_username as role_name, - UExt2.login_name as member_login -FROM pg_catalog.pg_auth_members AS Authmbr -INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid -INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member -INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname -INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname -WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin'); -GRANT SELECT on sys.db_role_mapping TO PUBLIC; - CREATE OR REPLACE PROCEDURE sys.sp_helplogins_internal_logins() LANGUAGE pltsql AS $$ @@ -150,9 +119,25 @@ BEGIN IF is_srvrolemember('securityadmin') = 0 BEGIN RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 1; + RETURN 0; END + SELECT DISTINCT + CASE + WHEN Ext.orig_username = 'dbo' THEN Base3.oid + WHEN Ext.orig_username = 'guest' THEN 0 + ELSE Base2.oid + END AS oid INTO #all_database_users + FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_user_ext AS Ext + ON Base.rolname = Ext.rolname + LEFT OUTER JOIN pg_catalog.pg_roles Base2 + ON Ext.login_name = Base2.rolname + LEFT OUTER JOIN sys.babelfish_sysdatabases AS Db + ON Ext.database_name COLLATE database_default = Db.name + LEFT OUTER JOIN pg_catalog.pg_roles AS Base3 + ON Db.owner = Base3.rolname + WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL; + SELECT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, @@ -165,7 +150,7 @@ BEGIN 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname - LEFT JOIN sys.all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it + LEFT JOIN #all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it WHERE LExt.type NOT IN ('R', 'Z'); RETURN 0; @@ -181,9 +166,20 @@ BEGIN IF is_srvrolemember('securityadmin') = 0 BEGIN RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 1; + RETURN 0; END + SELECT + UExt2.database_name as database_name, + UExt1.orig_username as role_name, + UExt2.login_name as member_login INTO #db_role_mapping + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin'); + SET @current_username = sys.suser_name(); SELECT @@ -198,7 +194,7 @@ BEGIN has_dbaccess(UExt.database_name) = 1 AND ( is_srvrolemember('sysadmin') = 1 OR - EXISTS (SELECT 1 from sys.db_role_mapping WHERE database_name = UExt.database_name AND member_login = @current_username) OR + EXISTS (SELECT 1 from #db_role_mapping WHERE database_name = UExt.database_name AND member_login = @current_username) OR UExt.login_name = LOWER(@current_username) OR ISNULL(UExt.login_name, '') = '' ) @@ -224,44 +220,46 @@ BEGIN END; $$; -CREATE OR REPLACE PROCEDURE sys.sp_helplogins() -LANGUAGE pltsql -AS $$ -BEGIN - EXEC sp_helplogins_internal_logins; - EXEC sp_helplogins_internal_user_mappings; - RETURN 0; -END; -$$; -GRANT EXECUTE ON PROCEDURE sys.sp_helplogins() TO PUBLIC; - -CREATE OR REPLACE PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) +CREATE OR REPLACE PROCEDURE sys.sp_helplogins(IN "@loginname" sys.sysname DEFAULT NULL) LANGUAGE pltsql AS $$ -DECLARE @input_loginname sys.SYSNAME; +DECLARE @input_loginname sys.sysname; BEGIN - SET @input_loginname = sys.RTRIM(@loginname); - SET NOCOUNT ON; + IF is_srvrolemember('securityadmin') = 0 + BEGIN + RAISERROR('User does not have permission to perform this action.', 16, 1); + RETURN 0; + END - CREATE TABLE #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - INSERT INTO #sp_helplogins_internal_logins_temp EXEC sp_helplogins_internal_logins; + IF @loginname IS NULL + BEGIN + EXEC sp_helplogins_internal_logins; + EXEC sp_helplogins_internal_user_mappings; + END + ELSE + BEGIN + SET @input_loginname = sys.RTRIM(@loginname); + SET NOCOUNT ON; - CREATE TABLE #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - INSERT INTO #sp_helplogins_internal_user_mappings_temp EXEC sp_helplogins_internal_user_mappings; + CREATE TABLE #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) + INSERT INTO #sp_helplogins_internal_logins_temp EXEC sp_helplogins_internal_logins; - SET NOCOUNT OFF; + CREATE TABLE #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) + INSERT INTO #sp_helplogins_internal_user_mappings_temp EXEC sp_helplogins_internal_user_mappings; - SELECT * FROM #sp_helplogins_internal_logins_temp - WHERE LoginName = @input_loginname; + SET NOCOUNT OFF; - SELECT * FROM #sp_helplogins_internal_user_mappings_temp - WHERE LoginName = @input_loginname; + SELECT * FROM #sp_helplogins_internal_logins_temp + WHERE LoginName = @input_loginname; + SELECT * FROM #sp_helplogins_internal_user_mappings_temp + WHERE LoginName = @input_loginname; + END; RETURN 0; END; $$; -GRANT EXECUTE ON PROCEDURE sys.sp_helplogins("@loginname" sys.SYSNAME) TO PUBLIC; +GRANT EXECUTE ON PROCEDURE sys.sp_helplogins TO PUBLIC; CREATE OR REPLACE VIEW sys.server_permissions AS WITH super_user AS (SELECT datdba AS super_user FROM pg_database WHERE datname = CURRENT_DATABASE()) diff --git a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-cleanup.out similarity index 92% rename from test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix rename to test/JDBC/expected/BABEL-5742-sp_helplogins-vu-cleanup.out index 10599eb826c..2f090f507b3 100644 --- a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-cleanup.mix +++ b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-cleanup.out @@ -41,6 +41,3 @@ GO -- psql drop procedure sys.sp_helplogins_vu_test; GO - -drop procedure sys.sp_helplogins_vu_test_with_input; -GO \ No newline at end of file diff --git a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out new file mode 100644 index 00000000000..3bd359380eb --- /dev/null +++ b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out @@ -0,0 +1,72 @@ +-- tsql +-- create login with user in master with db_securityadmin role +create login sp_helplogins_testlogin with password = '12345678' +create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin +GO + +alter role db_securityadmin add member userof_sp_helplogins_testlogin +GO + +-- create a dummy db +create database sp_helplogins_db1 +GO + +-- create a login with user in master with securityadmin server role +create login testloginwithsecurityadmin with password = '12345678' +create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin +GO + +alter server role securityadmin add member testloginwithsecurityadmin +GO + +-- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 +use sp_helplogins_db1 +GO +create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin +GO + +use master +GO + +-- create a login which does not have any users +create login testloginwithoutusers with password = '12345678' +GO + +-- create a login which is a member of securityadmin server role +-- and has a user with db_securityadmin role in sp_helplogins_db1 +create login testloginwithsecurityadmin2 with password = '12345678' +GO + +alter server role securityadmin add member testloginwithsecurityadmin2 +GO + +-- create a login and a user in sp_helplogins_db1 +create login testloginindb1 with password = '12345678' +GO + +use sp_helplogins_db1 +GO + +create user userof_testloginindb1 for login testloginindb1 +GO + +create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 +GO + +alter role db_securityadmin add member userof_testloginwithsecurityadmin2 +GO + + +-- create a login which is a member of securityadmin server role +-- with a default database and ownership on sp_helplogins_db2 +create database sp_helplogins_db2 +GO + +create login testloginwithsecurityadmin3 with password = '12345678', default_database = sp_helplogins_db2 +GO + +alter server role securityadmin add member testloginwithsecurityadmin3 +GO + +alter AUTHORIZATION on database::sp_helplogins_db2 to testloginwithsecurityadmin3 +GO diff --git a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out new file mode 100644 index 00000000000..c7aca08e1d1 --- /dev/null +++ b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out @@ -0,0 +1,291 @@ +-- psql + + + + + + + + + +-- sp_helplogins returns two result sets +-- creating test sp by omitting sid since it is an identifier which will change on every run +create procedure sys.sp_helplogins_vu_test(IN "@loginname" sys.sysname DEFAULT NULL) +language pltsql +as $$ +declare @input_loginname sys.sysname +begin + IF is_srvrolemember('securityadmin') = 0 + BEGIN + RAISERROR('User does not have permission to perform this action.', 16, 1); + RETURN 0; + END + IF @loginname IS NULL + BEGIN + SET NOCOUNT ON; + create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) + insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; + create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) + insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; + SET NOCOUNT OFF; + + select loginname, DefDBName, DefLangName, AUser, ARemote from #sp_helplogins_internal_logins_temp + order by loginname; + select * FROM #sp_helplogins_internal_user_mappings_temp + order by loginname; + END + ELSE + BEGIN + SET @input_loginname = sys.RTRIM(@loginname); + SET NOCOUNT ON; + create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) + insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; + create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) + insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; + SET NOCOUNT OFF; + SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp + where loginname = @input_loginname + order by loginname; + SELECT * FROM #sp_helplogins_internal_user_mappings_temp + where loginname = @input_loginname + order by loginname; + END; + RETURN 0; +end; +$$; +GO + + +-- tsql user=jdbc_user password=12345678 +EXEC sp_helplogins_vu_test +GO +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +jdbc_user#!#master#!#English#!#YES#!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO +testlogin#!#master#!#English#!#NO#!#NO +testloginindb1#!#master#!#English#!#YES#!#NO +testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar +jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of +jdbc_user#!#sp_helplogins_db1#!#dbo#!#User +jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#dbo#!#User +sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of +sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User +testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User +testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User +testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User +testloginwithsecurityadmin3#!#sp_helplogins_db2#!#db_owner#!#Member of +testloginwithsecurityadmin3#!#sp_helplogins_db2#!#dbo#!#User +~~END~~ + + +-- tsql user=sp_helplogins_testlogin password=12345678 +EXEC sp_helplogins_vu_test +GO +~~ERROR (Code: 50000)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + + +-- tsql user=testloginwithsecurityadmin password=12345678 +EXEC sp_helplogins_vu_test +GO +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +jdbc_user#!#master#!#English#!#YES#!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO +testlogin#!#master#!#English#!#NO#!#NO +testloginindb1#!#master#!#English#!#YES#!#NO +testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar +jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of +jdbc_user#!#sp_helplogins_db1#!#dbo#!#User +jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#dbo#!#User +testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User +testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User +~~END~~ + + +-- tsql user=testloginwithsecurityadmin2 password=12345678 +EXEC sp_helplogins_vu_test +GO +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +jdbc_user#!#master#!#English#!#YES#!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO +testlogin#!#master#!#English#!#NO#!#NO +testloginindb1#!#master#!#English#!#YES#!#NO +testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar +jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of +jdbc_user#!#sp_helplogins_db1#!#dbo#!#User +jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#dbo#!#User +testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User +testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User +~~END~~ + + +-- tsql user=testloginwithsecurityadmin3 password=12345678 +EXEC sp_helplogins_vu_test +GO +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +jdbc_user#!#master#!#English#!#YES#!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO +testlogin#!#master#!#English#!#NO#!#NO +testloginindb1#!#master#!#English#!#YES#!#NO +testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar +jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#dbo#!#User +testloginwithsecurityadmin3#!#sp_helplogins_db2#!#db_owner#!#Member of +testloginwithsecurityadmin3#!#sp_helplogins_db2#!#dbo#!#User +~~END~~ + + +-- tsql user=jdbc_user password=12345678 +EXEC sp_helplogins_vu_test 'jdbc_user' +GO +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +jdbc_user#!#master#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar +jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of +jdbc_user#!#sp_helplogins_db1#!#dbo#!#User +jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#dbo#!#User +~~END~~ + + +EXEC sp_helplogins_vu_test 'sp_helplogins_testlogin' +GO +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar +sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of +sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User +~~END~~ + + +EXEC sp_helplogins_vu_test 'testloginwithsecurityadmin' +GO +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar +testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User +testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User +~~END~~ + + +EXEC sp_helplogins_vu_test 'testloginwithsecurityadmin2' +GO +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User +~~END~~ + + +EXEC sp_helplogins_vu_test 'testloginwithsecurityadmin2 ' +GO +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User +~~END~~ + + +EXEC sp_helplogins_vu_test ' testloginwithsecurityadmin2 ' +GO +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar +~~END~~ + + +EXEC sp_helplogins_vu_test ' ' +GO +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#nvarchar +~~END~~ + diff --git a/test/JDBC/expected/sys_db_role_mapping-vu-prepare.out b/test/JDBC/expected/sys_db_role_mapping-vu-prepare.out deleted file mode 100644 index f2b77a2d625..00000000000 --- a/test/JDBC/expected/sys_db_role_mapping-vu-prepare.out +++ /dev/null @@ -1,10 +0,0 @@ --- create a login and user which is a member of db_securityadmin role --- tsql -create login sys_db_role_mapping_vu_login with password = '12345678'; -GO - -create user userof_sys_db_role_mapping_vu_login for login sys_db_role_mapping_vu_login -GO - -alter role db_securityadmin add member userof_sys_db_role_mapping_vu_login; -GO diff --git a/test/JDBC/expected/sys_db_role_mapping-vu-verify.out b/test/JDBC/expected/sys_db_role_mapping-vu-verify.out deleted file mode 100644 index e34c2f48941..00000000000 --- a/test/JDBC/expected/sys_db_role_mapping-vu-verify.out +++ /dev/null @@ -1,26 +0,0 @@ -select * from sys.db_role_mapping where ISNULL(member_login, '') != '' order by database_name; -GO -~~START~~ -nvarchar#!#nvarchar#!#varchar -master#!#db_securityadmin#!#sys_db_role_mapping_vu_login -~~END~~ - - -select * from sys.db_role_mapping where ISNULL(member_login, '') = '' order by database_name; -GO -~~START~~ -nvarchar#!#nvarchar#!#varchar -master#!#db_accessadmin#!# -master#!#db_securityadmin#!# -msdb#!#db_accessadmin#!# -msdb#!#db_securityadmin#!# -tempdb#!#db_accessadmin#!# -tempdb#!#db_securityadmin#!# -~~END~~ - - -drop user if exists userof_sys_db_role_mapping_vu_login -GO - -drop login sys_db_role_mapping_vu_login -GO diff --git a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-cleanup.mix b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-cleanup.mix new file mode 100644 index 00000000000..67fa8c54e2e --- /dev/null +++ b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-cleanup.mix @@ -0,0 +1,43 @@ +-- tsql user=jdbc_user password=12345678 database=master +drop user if exists userof_sp_helplogins_testlogin +GO + +drop login sp_helplogins_testlogin +GO + +drop user if exists userof_testloginwithsecurityadmin +GO + +drop user if exists userof_testloginwithsecurityadmin_indb1 +GO + +drop login testloginwithsecurityadmin +GO + +drop database sp_helplogins_db1 +GO + +drop user if exists userof_testloginwithsecurityadmin2 +GO + +drop login testloginwithsecurityadmin2 +GO + +drop login testloginwithsecurityadmin3 +GO + +drop database sp_helplogins_db2 +GO + +drop login testloginindb1 +GO + +drop user if exists userof_testloginindb1 +GO + +drop login testloginwithoutusers +GO + +-- psql +drop procedure sys.sp_helplogins_vu_test; +GO \ No newline at end of file diff --git a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-prepare.mix b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-prepare.mix similarity index 100% rename from test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-prepare.mix rename to test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-prepare.mix diff --git a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix new file mode 100644 index 00000000000..1250bbcf6ba --- /dev/null +++ b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix @@ -0,0 +1,99 @@ +-- sp_helplogins returns two result sets +-- creating test sp by omitting sid since it is an identifier which will change on every run +-- psql +create procedure sys.sp_helplogins_vu_test(IN "@loginname" sys.sysname DEFAULT NULL) +language pltsql +as $$ +declare @input_loginname sys.sysname +begin + + IF is_srvrolemember('securityadmin') = 0 + BEGIN + RAISERROR('User does not have permission to perform this action.', 16, 1); + RETURN 0; + END + + IF @loginname IS NULL + BEGIN + SET NOCOUNT ON; + create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) + insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; + + create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) + insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; + SET NOCOUNT OFF; + + select loginname, DefDBName, DefLangName, AUser, ARemote from #sp_helplogins_internal_logins_temp + order by loginname; + select * FROM #sp_helplogins_internal_user_mappings_temp + order by loginname; + END + ELSE + BEGIN + SET @input_loginname = sys.RTRIM(@loginname); + + SET NOCOUNT ON; + + create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) + insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; + + create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) + insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; + + SET NOCOUNT OFF; + + SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp + where loginname = @input_loginname + order by loginname; + + SELECT * FROM #sp_helplogins_internal_user_mappings_temp + where loginname = @input_loginname + order by loginname; + END; + RETURN 0; +end; +$$; +GO + + +-- tsql user=jdbc_user password=12345678 +EXEC sp_helplogins_vu_test +GO + +-- tsql user=sp_helplogins_testlogin password=12345678 +EXEC sp_helplogins_vu_test +GO + +-- tsql user=testloginwithsecurityadmin password=12345678 +EXEC sp_helplogins_vu_test +GO + +-- tsql user=testloginwithsecurityadmin2 password=12345678 +EXEC sp_helplogins_vu_test +GO + +-- tsql user=testloginwithsecurityadmin3 password=12345678 +EXEC sp_helplogins_vu_test +GO + +-- tsql user=jdbc_user password=12345678 +EXEC sp_helplogins_vu_test 'jdbc_user' +GO + +EXEC sp_helplogins_vu_test 'sp_helplogins_testlogin' +GO + +EXEC sp_helplogins_vu_test 'testloginwithsecurityadmin' +GO + +EXEC sp_helplogins_vu_test 'testloginwithsecurityadmin2' +GO + +EXEC sp_helplogins_vu_test 'testloginwithsecurityadmin2 ' +GO + +EXEC sp_helplogins_vu_test ' testloginwithsecurityadmin2 ' +GO + +EXEC sp_helplogins_vu_test ' ' +GO \ No newline at end of file diff --git a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix deleted file mode 100644 index 669802bc79f..00000000000 --- a/test/JDBC/input/storedProcedures/Test-sp_helplogins-vu-verify.mix +++ /dev/null @@ -1,97 +0,0 @@ --- sp_helplogins returns two result sets --- creating test sp by omitting sid since it is an identifier which will change on every run --- psql -create procedure sys.sp_helplogins_vu_test() -language pltsql -as $$ -begin - SET NOCOUNT ON; - - create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; - - create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; - - SET NOCOUNT OFF; - - SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp - order by loginname; - SELECT * FROM #sp_helplogins_internal_user_mappings_temp - order by loginname; -end; -$$; -GO - -create procedure sys.sp_helplogins_vu_test_with_input("@loginname" sys.SYSNAME) -language pltsql -as $$ -declare @input_loginname sys.SYSNAME; -begin - - SET @input_loginname = sys.RTRIM(@loginname); - - SET NOCOUNT ON; - - create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; - - create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; - - SET NOCOUNT OFF; - - SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp - where loginname = @input_loginname - order by loginname; - - SELECT * FROM #sp_helplogins_internal_user_mappings_temp - where loginname = @input_loginname - order by loginname; -end; -$$; -GO - - --- tsql user=jdbc_user password=12345678 -EXEC sp_helplogins_vu_test -GO - --- tsql user=sp_helplogins_testlogin password=12345678 -EXEC sp_helplogins_vu_test -GO - --- tsql user=testloginwithsecurityadmin password=12345678 -EXEC sp_helplogins_vu_test -GO - --- tsql user=testloginwithsecurityadmin2 password=12345678 -EXEC sp_helplogins_vu_test -GO - --- tsql user=testloginwithsecurityadmin3 password=12345678 -EXEC sp_helplogins_vu_test -GO - --- tsql user=jdbc_user password=12345678 -EXEC sp_helplogins_vu_test_with_input 'jdbc_user' -GO - -EXEC sp_helplogins_vu_test_with_input 'sp_helplogins_testlogin' -GO - -EXEC sp_helplogins_vu_test_with_input 'testloginwithsecurityadmin' -GO - -EXEC sp_helplogins_vu_test_with_input 'testloginwithsecurityadmin2' -GO - -EXEC sp_helplogins_vu_test_with_input 'testloginwithsecurityadmin2 ' -GO - -EXEC sp_helplogins_vu_test_with_input ' testloginwithsecurityadmin2 ' -GO - -EXEC sp_helplogins_vu_test_with_input ' ' -GO - diff --git a/test/JDBC/input/views/sys_db_role_mapping-vu-prepare.sql b/test/JDBC/input/views/sys_db_role_mapping-vu-prepare.sql deleted file mode 100644 index 8b7f0d11172..00000000000 --- a/test/JDBC/input/views/sys_db_role_mapping-vu-prepare.sql +++ /dev/null @@ -1,10 +0,0 @@ --- create a login and user which is a member of db_securityadmin role --- tsql -create login sys_db_role_mapping_vu_login with password = '12345678'; -GO - -create user userof_sys_db_role_mapping_vu_login for login sys_db_role_mapping_vu_login -GO - -alter role db_securityadmin add member userof_sys_db_role_mapping_vu_login; -GO \ No newline at end of file diff --git a/test/JDBC/input/views/sys_db_role_mapping-vu-verify.sql b/test/JDBC/input/views/sys_db_role_mapping-vu-verify.sql deleted file mode 100644 index f9da8db58b0..00000000000 --- a/test/JDBC/input/views/sys_db_role_mapping-vu-verify.sql +++ /dev/null @@ -1,11 +0,0 @@ -select * from sys.db_role_mapping where ISNULL(member_login, '') != '' order by database_name; -GO - -select * from sys.db_role_mapping where ISNULL(member_login, '') = '' order by database_name; -GO - -drop user if exists userof_sys_db_role_mapping_vu_login -GO - -drop login sys_db_role_mapping_vu_login -GO \ No newline at end of file diff --git a/test/JDBC/upgrade/latest/schedule b/test/JDBC/upgrade/latest/schedule index 4d96be16909..145f77e1583 100644 --- a/test/JDBC/upgrade/latest/schedule +++ b/test/JDBC/upgrade/latest/schedule @@ -453,7 +453,7 @@ Test-sp_rename Test-sp_rename-dep Test-sp_set_session_context Test-sp_set_session_context-dep -Test-sp_helplogins +BABEL-5742-sp_helplogins Test-Role-Member TestSQLVariant TestTableType @@ -620,5 +620,4 @@ forjson-escape round_return_type_test alter-view test_conv_int_to_varbinary_binary -babel_varbinary -sys_db_role_mapping \ No newline at end of file +babel_varbinary \ No newline at end of file diff --git a/test/python/expected/upgrade_validation/expected_dependency.out b/test/python/expected/upgrade_validation/expected_dependency.out index 437d26e6626..70f00e7bc10 100644 --- a/test/python/expected/upgrade_validation/expected_dependency.out +++ b/test/python/expected/upgrade_validation/expected_dependency.out @@ -981,7 +981,6 @@ View information_schema_tsql.columns_internal View information_schema_tsql.constraint_column_usage View information_schema_tsql.domains View information_schema_tsql.routines -View sys.all_database_users View sys.all_sql_modules_internal View sys.assembly_modules View sys.babelfish_has_perms_by_name_permissions @@ -991,7 +990,6 @@ View sys.database_files View sys.database_filestream_options View sys.database_recovery_status View sys.database_role_members -View sys.db_role_mapping View sys.dm_hadr_cluster View sys.dm_hadr_database_replica_states View sys.dm_os_host_info From 4cc439ef6f37678236eb65a06b5bd2ac72edba59 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Wed, 7 May 2025 14:50:43 +0000 Subject: [PATCH 18/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out | 4 ---- test/JDBC/singledb_jdbc_schedule | 5 +++-- .../expected/sql_validation_framework/expected_create.out | 2 -- 3 files changed, 3 insertions(+), 8 deletions(-) diff --git a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out index c7aca08e1d1..dd0bbae1bd8 100644 --- a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out @@ -63,7 +63,6 @@ GO varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar jdbc_user#!#master#!#English#!#YES#!#NO sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -testlogin#!#master#!#English#!#NO#!#NO testloginindb1#!#master#!#English#!#YES#!#NO testloginwithoutusers#!#master#!#English#!#NO#!#NO testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO @@ -108,7 +107,6 @@ GO varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar jdbc_user#!#master#!#English#!#YES#!#NO sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -testlogin#!#master#!#English#!#NO#!#NO testloginindb1#!#master#!#English#!#YES#!#NO testloginwithoutusers#!#master#!#English#!#NO#!#NO testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO @@ -138,7 +136,6 @@ GO varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar jdbc_user#!#master#!#English#!#YES#!#NO sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -testlogin#!#master#!#English#!#NO#!#NO testloginindb1#!#master#!#English#!#YES#!#NO testloginwithoutusers#!#master#!#English#!#NO#!#NO testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO @@ -170,7 +167,6 @@ GO varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar jdbc_user#!#master#!#English#!#YES#!#NO sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -testlogin#!#master#!#English#!#NO#!#NO testloginindb1#!#master#!#English#!#YES#!#NO testloginwithoutusers#!#master#!#English#!#NO#!#NO testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO diff --git a/test/JDBC/singledb_jdbc_schedule b/test/JDBC/singledb_jdbc_schedule index 3d998c0e8b7..51fbb4a01bb 100644 --- a/test/JDBC/singledb_jdbc_schedule +++ b/test/JDBC/singledb_jdbc_schedule @@ -3,8 +3,9 @@ # 2. To ignore any test file, add an entry like ignore#!# # because these inherently execute with more than one db -ignore#!#Test-sp_helplogins-vu-verify -ignore#!#Test-sp_helplogins-vu-cleanup +ignore#!#BABEL-5742-sp_helplogins-vu-prepare +ignore#!#BABEL-5742-sp_helplogins-vu-verify +ignore#!#BABEL-5742-sp_helplogins-vu-cleanup ignore#!#test_db_collation-vu-prepare ignore#!#test_db_collation-vu-verify diff --git a/test/python/expected/sql_validation_framework/expected_create.out b/test/python/expected/sql_validation_framework/expected_create.out index ee2d9039cda..22eeb69a446 100644 --- a/test/python/expected/sql_validation_framework/expected_create.out +++ b/test/python/expected/sql_validation_framework/expected_create.out @@ -87,7 +87,6 @@ Could not find tests for table sys.spt_datatype_info_table Could not find tests for table sys.versions Could not find tests for view babelfish_has_perms_by_name_permissions Could not find tests for view information_schema_tsql.columns_internal -Could not find tests for view sys.all_database_users Could not find tests for view sys.all_sql_modules_internal Could not find tests for view sys.pg_namespace_ext Could not find tests for view sys.shipped_objects_not_in_sys @@ -207,7 +206,6 @@ Could not find upgrade tests for table sys.spt_datatype_info_table Could not find upgrade tests for table sys.versions Could not find upgrade tests for view babelfish_has_perms_by_name_permissions Could not find upgrade tests for view information_schema_tsql.columns_internal -Could not find upgrade tests for view sys.all_database_users Could not find upgrade tests for view sys.all_sql_modules_internal Could not find upgrade tests for view sys.pg_namespace_ext Could not find upgrade tests for view sys.shipped_objects_not_in_sys From 398125e1e15329a903ae5fb79050cd63d2e601a7 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Wed, 7 May 2025 18:22:45 +0000 Subject: [PATCH 19/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- test/JDBC/upgrade/latest/schedule | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/JDBC/upgrade/latest/schedule b/test/JDBC/upgrade/latest/schedule index 145f77e1583..9555569a9ab 100644 --- a/test/JDBC/upgrade/latest/schedule +++ b/test/JDBC/upgrade/latest/schedule @@ -453,7 +453,7 @@ Test-sp_rename Test-sp_rename-dep Test-sp_set_session_context Test-sp_set_session_context-dep -BABEL-5742-sp_helplogins +# BABEL-5742-sp_helplogins Test-Role-Member TestSQLVariant TestTableType From 9b50dbdc06ff20fe237d49e823da93481d5bd0a5 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Wed, 7 May 2025 18:26:37 +0000 Subject: [PATCH 20/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../Test-sp_helplogins-vu-cleanup.out | 46 --- .../Test-sp_helplogins-vu-prepare.out | 72 ----- .../expected/Test-sp_helplogins-vu-verify.out | 287 ------------------ 3 files changed, 405 deletions(-) delete mode 100644 test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out delete mode 100644 test/JDBC/expected/Test-sp_helplogins-vu-prepare.out delete mode 100644 test/JDBC/expected/Test-sp_helplogins-vu-verify.out diff --git a/test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out b/test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out deleted file mode 100644 index 2b915b4ac49..00000000000 --- a/test/JDBC/expected/Test-sp_helplogins-vu-cleanup.out +++ /dev/null @@ -1,46 +0,0 @@ --- tsql user=jdbc_user password=12345678 database=master -drop user if exists userof_sp_helplogins_testlogin -GO - -drop login sp_helplogins_testlogin -GO - -drop user if exists userof_testloginwithsecurityadmin -GO - -drop user if exists userof_testloginwithsecurityadmin_indb1 -GO - -drop login testloginwithsecurityadmin -GO - -drop database sp_helplogins_db1 -GO - -drop user if exists userof_testloginwithsecurityadmin2 -GO - -drop login testloginwithsecurityadmin2 -GO - -drop login testloginwithsecurityadmin3 -GO - -drop database sp_helplogins_db2 -GO - -drop login testloginindb1 -GO - -drop user if exists userof_testloginindb1 -GO - -drop login testloginwithoutusers -GO - --- psql -drop procedure sys.sp_helplogins_vu_test; -GO - -drop procedure sys.sp_helplogins_vu_test_with_input; -GO diff --git a/test/JDBC/expected/Test-sp_helplogins-vu-prepare.out b/test/JDBC/expected/Test-sp_helplogins-vu-prepare.out deleted file mode 100644 index 3bd359380eb..00000000000 --- a/test/JDBC/expected/Test-sp_helplogins-vu-prepare.out +++ /dev/null @@ -1,72 +0,0 @@ --- tsql --- create login with user in master with db_securityadmin role -create login sp_helplogins_testlogin with password = '12345678' -create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin -GO - -alter role db_securityadmin add member userof_sp_helplogins_testlogin -GO - --- create a dummy db -create database sp_helplogins_db1 -GO - --- create a login with user in master with securityadmin server role -create login testloginwithsecurityadmin with password = '12345678' -create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin -GO - -alter server role securityadmin add member testloginwithsecurityadmin -GO - --- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 -use sp_helplogins_db1 -GO -create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin -GO - -use master -GO - --- create a login which does not have any users -create login testloginwithoutusers with password = '12345678' -GO - --- create a login which is a member of securityadmin server role --- and has a user with db_securityadmin role in sp_helplogins_db1 -create login testloginwithsecurityadmin2 with password = '12345678' -GO - -alter server role securityadmin add member testloginwithsecurityadmin2 -GO - --- create a login and a user in sp_helplogins_db1 -create login testloginindb1 with password = '12345678' -GO - -use sp_helplogins_db1 -GO - -create user userof_testloginindb1 for login testloginindb1 -GO - -create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 -GO - -alter role db_securityadmin add member userof_testloginwithsecurityadmin2 -GO - - --- create a login which is a member of securityadmin server role --- with a default database and ownership on sp_helplogins_db2 -create database sp_helplogins_db2 -GO - -create login testloginwithsecurityadmin3 with password = '12345678', default_database = sp_helplogins_db2 -GO - -alter server role securityadmin add member testloginwithsecurityadmin3 -GO - -alter AUTHORIZATION on database::sp_helplogins_db2 to testloginwithsecurityadmin3 -GO diff --git a/test/JDBC/expected/Test-sp_helplogins-vu-verify.out b/test/JDBC/expected/Test-sp_helplogins-vu-verify.out deleted file mode 100644 index 8f5b38447b6..00000000000 --- a/test/JDBC/expected/Test-sp_helplogins-vu-verify.out +++ /dev/null @@ -1,287 +0,0 @@ --- psql - - - - --- sp_helplogins returns two result sets --- creating test sp by omitting sid since it is an identifier which will change on every run -create procedure sys.sp_helplogins_vu_test() -language pltsql -as $$ -begin - SET NOCOUNT ON; - create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; - create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; - SET NOCOUNT OFF; - SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp - order by loginname; - SELECT * FROM #sp_helplogins_internal_user_mappings_temp - order by loginname; -end; -$$; -GO - - - - - - - - -create procedure sys.sp_helplogins_vu_test_with_input("@loginname" sys.SYSNAME) -language pltsql -as $$ -declare @input_loginname sys.SYSNAME; -begin - SET @input_loginname = sys.RTRIM(@loginname); - SET NOCOUNT ON; - create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; - create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; - SET NOCOUNT OFF; - SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp - where loginname = @input_loginname - order by loginname; - SELECT * FROM #sp_helplogins_internal_user_mappings_temp - where loginname = @input_loginname - order by loginname; -end; -$$; -GO - - --- tsql user=jdbc_user password=12345678 -EXEC sp_helplogins_vu_test -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -jdbc_user#!#master#!#English#!#YES#!#NO -sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -testloginindb1#!#master#!#English#!#YES#!#NO -testloginwithoutusers#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -jdbc_user#!#master#!#db_owner#!#Member of -jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User -jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of -jdbc_user#!#sp_helplogins_db1#!#dbo#!#User -jdbc_user#!#tempdb#!#db_owner#!#Member of -jdbc_user#!#tempdb#!#dbo#!#User -sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of -sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User -testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User -testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User -testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User -testloginwithsecurityadmin3#!#sp_helplogins_db2#!#db_owner#!#Member of -testloginwithsecurityadmin3#!#sp_helplogins_db2#!#dbo#!#User -~~END~~ - - --- tsql user=sp_helplogins_testlogin password=12345678 -EXEC sp_helplogins_vu_test -GO -~~ERROR (Code: 50000)~~ - -~~ERROR (Message: User does not have permission to perform this action.)~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -~~END~~ - - --- tsql user=testloginwithsecurityadmin password=12345678 -EXEC sp_helplogins_vu_test -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -jdbc_user#!#master#!#English#!#YES#!#NO -sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -testloginindb1#!#master#!#English#!#YES#!#NO -testloginwithoutusers#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -jdbc_user#!#master#!#db_owner#!#Member of -jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of -jdbc_user#!#sp_helplogins_db1#!#dbo#!#User -jdbc_user#!#tempdb#!#db_owner#!#Member of -jdbc_user#!#tempdb#!#dbo#!#User -testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User -testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User -~~END~~ - - --- tsql user=testloginwithsecurityadmin2 password=12345678 -EXEC sp_helplogins_vu_test -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -jdbc_user#!#master#!#English#!#YES#!#NO -sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -testloginindb1#!#master#!#English#!#YES#!#NO -testloginwithoutusers#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -jdbc_user#!#master#!#db_owner#!#Member of -jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of -jdbc_user#!#sp_helplogins_db1#!#dbo#!#User -jdbc_user#!#tempdb#!#db_owner#!#Member of -jdbc_user#!#tempdb#!#dbo#!#User -testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User -testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User -~~END~~ - - --- tsql user=testloginwithsecurityadmin3 password=12345678 -EXEC sp_helplogins_vu_test -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -jdbc_user#!#master#!#English#!#YES#!#NO -sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -testloginindb1#!#master#!#English#!#YES#!#NO -testloginwithoutusers#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -jdbc_user#!#master#!#db_owner#!#Member of -jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#tempdb#!#db_owner#!#Member of -jdbc_user#!#tempdb#!#dbo#!#User -testloginwithsecurityadmin3#!#sp_helplogins_db2#!#db_owner#!#Member of -testloginwithsecurityadmin3#!#sp_helplogins_db2#!#dbo#!#User -~~END~~ - - --- tsql user=jdbc_user password=12345678 -EXEC sp_helplogins_vu_test_with_input 'jdbc_user' -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -jdbc_user#!#master#!#English#!#YES#!#NO -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -jdbc_user#!#master#!#db_owner#!#Member of -jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User -jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of -jdbc_user#!#sp_helplogins_db1#!#dbo#!#User -jdbc_user#!#tempdb#!#db_owner#!#Member of -jdbc_user#!#tempdb#!#dbo#!#User -~~END~~ - - -EXEC sp_helplogins_vu_test_with_input 'sp_helplogins_testlogin' -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of -sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User -~~END~~ - - -EXEC sp_helplogins_vu_test_with_input 'testloginwithsecurityadmin' -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User -testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User -~~END~~ - - -EXEC sp_helplogins_vu_test_with_input 'testloginwithsecurityadmin2' -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User -~~END~~ - - -EXEC sp_helplogins_vu_test_with_input 'testloginwithsecurityadmin2 ' -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User -~~END~~ - - -EXEC sp_helplogins_vu_test_with_input ' testloginwithsecurityadmin2 ' -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -~~END~~ - - -EXEC sp_helplogins_vu_test_with_input ' ' -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -~~END~~ - - From 24255649a390aa63efa1fae013dd0a8ee7486d1b Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Mon, 12 May 2025 10:00:38 +0000 Subject: [PATCH 21/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .github/scripts/scan-warnings.sh | 4 ++-- .../BABEL-5742-sp_helplogins-vu-verify.out | 14 ++++++++++++-- .../BABEL-5742-sp_helplogins-vu-verify.mix | 14 ++++++++++++-- 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/.github/scripts/scan-warnings.sh b/.github/scripts/scan-warnings.sh index 342e3fdfd36..685ee5b0aca 100644 --- a/.github/scripts/scan-warnings.sh +++ b/.github/scripts/scan-warnings.sh @@ -49,8 +49,8 @@ if [[ "$SNAPSHOT_ACTIVE_COUNT" -ne 44 ]]; then ERROR_FOUND=true fi -if [[ "$LEAK_COUNT" -ne 350 ]]; then - echo "Error: Expected 324 leak warnings, but found $LEAK_COUNT" +if [[ "$LEAK_COUNT" -ne 394 ]]; then + echo "Error: Expected 394 leak warnings, but found $LEAK_COUNT" ERROR_FOUND=true fi diff --git a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out index dd0bbae1bd8..e0530612cb4 100644 --- a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out @@ -10,6 +10,12 @@ -- sp_helplogins returns two result sets -- creating test sp by omitting sid since it is an identifier which will change on every run +-- since this is a server level proc, we need to filter out only results with objects which are created within the scope of this test +-- in order to avoid interference with other tests +-- hence adding filter conditions on logins, users and db_name +-- logins = ['jdbc_user', 'sp_helplogins_testlogin', 'testloginwithsecurityadmin3', 'testloginindb1', 'testloginwithsecurityadmin2', 'testloginwithoutusers', 'testloginwithsecurityadmin'] +-- dbs = ['sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb'] +-- users = ['userof_sp_helplogins_testlogin', 'userof_testloginwithsecurityadmin_indb1', 'userof_testloginwithsecurityadmin', 'userof_testloginwithsecurityadmin2', 'userof_testloginindb1'] create procedure sys.sp_helplogins_vu_test(IN "@loginname" sys.sysname DEFAULT NULL) language pltsql as $$ @@ -30,8 +36,12 @@ begin SET NOCOUNT OFF; select loginname, DefDBName, DefLangName, AUser, ARemote from #sp_helplogins_internal_logins_temp + where loginname in ('jdbc_user', 'sp_helplogins_testlogin', 'testloginwithsecurityadmin3', 'testloginindb1', 'testloginwithsecurityadmin2', 'testloginwithoutusers', 'testloginwithsecurityadmin') and + DefDBName in ('sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb') order by loginname; select * FROM #sp_helplogins_internal_user_mappings_temp + where loginname in ('jdbc_user', 'sp_helplogins_testlogin', 'testloginwithsecurityadmin3', 'testloginindb1', 'testloginwithsecurityadmin2', 'testloginwithoutusers', 'testloginwithsecurityadmin') and + DBName in ('sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb') order by loginname; END ELSE @@ -44,10 +54,10 @@ begin insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; SET NOCOUNT OFF; SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp - where loginname = @input_loginname + where loginname = @input_loginname and DefDBName in ('sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb') order by loginname; SELECT * FROM #sp_helplogins_internal_user_mappings_temp - where loginname = @input_loginname + where loginname = @input_loginname and DBName in ('sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb') order by loginname; END; RETURN 0; diff --git a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix index 1250bbcf6ba..cd0c605e623 100644 --- a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix +++ b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix @@ -1,5 +1,11 @@ -- sp_helplogins returns two result sets -- creating test sp by omitting sid since it is an identifier which will change on every run +-- since this is a server level proc, we need to filter out only results with objects which are created within the scope of this test +-- in order to avoid interference with other tests +-- hence adding filter conditions on logins, users and db_name +-- logins = ['jdbc_user', 'sp_helplogins_testlogin', 'testloginwithsecurityadmin3', 'testloginindb1', 'testloginwithsecurityadmin2', 'testloginwithoutusers', 'testloginwithsecurityadmin'] +-- dbs = ['sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb'] +-- users = ['userof_sp_helplogins_testlogin', 'userof_testloginwithsecurityadmin_indb1', 'userof_testloginwithsecurityadmin', 'userof_testloginwithsecurityadmin2', 'userof_testloginindb1'] -- psql create procedure sys.sp_helplogins_vu_test(IN "@loginname" sys.sysname DEFAULT NULL) language pltsql @@ -24,8 +30,12 @@ begin SET NOCOUNT OFF; select loginname, DefDBName, DefLangName, AUser, ARemote from #sp_helplogins_internal_logins_temp + where loginname in ('jdbc_user', 'sp_helplogins_testlogin', 'testloginwithsecurityadmin3', 'testloginindb1', 'testloginwithsecurityadmin2', 'testloginwithoutusers', 'testloginwithsecurityadmin') and + DefDBName in ('sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb') order by loginname; select * FROM #sp_helplogins_internal_user_mappings_temp + where loginname in ('jdbc_user', 'sp_helplogins_testlogin', 'testloginwithsecurityadmin3', 'testloginindb1', 'testloginwithsecurityadmin2', 'testloginwithoutusers', 'testloginwithsecurityadmin') and + DBName in ('sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb') order by loginname; END ELSE @@ -43,11 +53,11 @@ begin SET NOCOUNT OFF; SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp - where loginname = @input_loginname + where loginname = @input_loginname and DefDBName in ('sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb') order by loginname; SELECT * FROM #sp_helplogins_internal_user_mappings_temp - where loginname = @input_loginname + where loginname = @input_loginname and DBName in ('sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb') order by loginname; END; RETURN 0; From 663a31627f0b784ec381ca99545b5048a7b01b5c Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Mon, 12 May 2025 10:07:14 +0000 Subject: [PATCH 22/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- test/JDBC/upgrade/latest/schedule | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/JDBC/upgrade/latest/schedule b/test/JDBC/upgrade/latest/schedule index 9555569a9ab..145f77e1583 100644 --- a/test/JDBC/upgrade/latest/schedule +++ b/test/JDBC/upgrade/latest/schedule @@ -453,7 +453,7 @@ Test-sp_rename Test-sp_rename-dep Test-sp_set_session_context Test-sp_set_session_context-dep -# BABEL-5742-sp_helplogins +BABEL-5742-sp_helplogins Test-Role-Member TestSQLVariant TestTableType From 5da07e6d08a05416b5773e3c17294bb388842e11 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Mon, 12 May 2025 11:55:35 +0000 Subject: [PATCH 23/54] Added statements for understanding dump-restore failure Signed-off-by: Ayush Shah --- .../BABEL-5742-sp_helplogins-vu-verify.out | 29 ++++++++++++++++++- .../BABEL-5742-sp_helplogins-vu-verify.mix | 9 +++++- 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out index e0530612cb4..8f699a0bba3 100644 --- a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out @@ -65,8 +65,21 @@ end; $$; GO - -- tsql user=jdbc_user password=12345678 +SELECT db_name() +GO +~~START~~ +nvarchar +master +~~END~~ + +SELECT suser_name() +GO +~~START~~ +nvarchar +jdbc_user +~~END~~ + EXEC sp_helplogins_vu_test GO ~~START~~ @@ -171,6 +184,20 @@ testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityad -- tsql user=testloginwithsecurityadmin3 password=12345678 +SELECT db_name() +GO +~~START~~ +nvarchar +master +~~END~~ + +SELECT suser_name() +GO +~~START~~ +nvarchar +testloginwithsecurityadmin3 +~~END~~ + EXEC sp_helplogins_vu_test GO ~~START~~ diff --git a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix index cd0c605e623..872b6021e61 100644 --- a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix +++ b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix @@ -65,8 +65,11 @@ end; $$; GO - -- tsql user=jdbc_user password=12345678 +SELECT db_name() +GO +SELECT suser_name() +GO EXEC sp_helplogins_vu_test GO @@ -83,6 +86,10 @@ EXEC sp_helplogins_vu_test GO -- tsql user=testloginwithsecurityadmin3 password=12345678 +SELECT db_name() +GO +SELECT suser_name() +GO EXEC sp_helplogins_vu_test GO From 2c483cc8aaad8639bbb001e4dd76313f4e7c5c2e Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Mon, 12 May 2025 14:05:24 +0000 Subject: [PATCH 24/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../dump-restore-util/action.yml | 9 ++- .../BABEL-5742-sp_helplogins-vu-cleanup.out | 6 -- .../BABEL-5742-sp_helplogins-vu-prepare.out | 15 ----- .../BABEL-5742-sp_helplogins-vu-verify.out | 60 ------------------- .../BABEL-5742-sp_helplogins-vu-cleanup.mix | 6 -- .../BABEL-5742-sp_helplogins-vu-prepare.mix | 17 +----- .../BABEL-5742-sp_helplogins-vu-verify.mix | 12 ---- 7 files changed, 8 insertions(+), 117 deletions(-) diff --git a/.github/composite-actions/dump-restore-util/action.yml b/.github/composite-actions/dump-restore-util/action.yml index e99b61fa48d..99aa512fe7e 100644 --- a/.github/composite-actions/dump-restore-util/action.yml +++ b/.github/composite-actions/dump-restore-util/action.yml @@ -104,7 +104,8 @@ runs: # Get the list of all the Babelfish logins in a file query="SELECT orig_loginname, default_database_name, default_language_name, type, \ - pg_has_role(rolname, 'sysadmin', 'member') AS is_sysadmin_member \ + pg_has_role(rolname, 'sysadmin', 'member') AS is_sysadmin_member, \ + pg_has_role(rolname, 'securityadmin', 'member') AS is_securityadmin_member \ FROM sys.babelfish_authid_login_ext \ WHERE rolname NOT IN ('jdbc_user', 'sysadmin', 'bbf_role_admin', 'test@ABC');" ~/${{ inputs.pg_new_dir }}/bin/psql -v ON_ERROR_STOP=1 -h localhost -d babelfish_db -U jdbc_user -c "$query" > ~/upgrade/logins_file.txt @@ -229,13 +230,14 @@ runs: done < <(tail -n +3 ~/upgrade/domains_file.txt | head -n -2) # Loop through the list of all the Babelfish logins and create them one by one. - while IFS='|' read -r name db lang type sa; do + while IFS='|' read -r name db lang type sa seca; do # Remove leading and trailing spaces orig_loginname="$(echo "${name}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" def_db="$(echo "${db}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" def_lang="$(echo "${lang}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" login_type="$(echo "${type}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" is_sysadmin_member="$(echo "${sa}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" + is_securityadmin_member="$(echo "${seca}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" if [[ $login_type == 'U' ]];then sqlcmd -S localhost -U jdbc_user -P 12345678 -Q "CREATE LOGIN [$orig_loginname] FROM WINDOWS WITH default_database = [$def_db], default_language = [$def_lang];" else @@ -244,6 +246,9 @@ runs: if [[ $is_sysadmin_member == 't' ]];then sqlcmd -S localhost -U jdbc_user -P 12345678 -Q "ALTER ROLE sysadmin ADD MEMBER [$orig_loginname];" fi + if [[ $is_securityadmin_member == 't' ]];then + sqlcmd -S localhost -U jdbc_user -P 12345678 -Q "ALTER ROLE securityadmin ADD MEMBER [$orig_loginname];" + fi done < <(tail -n +3 ~/upgrade/logins_file.txt | head -n -2) # Link the orphaned users to logins diff --git a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-cleanup.out b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-cleanup.out index 2f090f507b3..0d053e58e1b 100644 --- a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-cleanup.out +++ b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-cleanup.out @@ -23,12 +23,6 @@ GO drop login testloginwithsecurityadmin2 GO -drop login testloginwithsecurityadmin3 -GO - -drop database sp_helplogins_db2 -GO - drop login testloginindb1 GO diff --git a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out index 3bd359380eb..9b46fff58ff 100644 --- a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out +++ b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out @@ -55,18 +55,3 @@ GO alter role db_securityadmin add member userof_testloginwithsecurityadmin2 GO - - --- create a login which is a member of securityadmin server role --- with a default database and ownership on sp_helplogins_db2 -create database sp_helplogins_db2 -GO - -create login testloginwithsecurityadmin3 with password = '12345678', default_database = sp_helplogins_db2 -GO - -alter server role securityadmin add member testloginwithsecurityadmin3 -GO - -alter AUTHORIZATION on database::sp_helplogins_db2 to testloginwithsecurityadmin3 -GO diff --git a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out index 8f699a0bba3..147150c43c1 100644 --- a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out @@ -66,20 +66,6 @@ $$; GO -- tsql user=jdbc_user password=12345678 -SELECT db_name() -GO -~~START~~ -nvarchar -master -~~END~~ - -SELECT suser_name() -GO -~~START~~ -nvarchar -jdbc_user -~~END~~ - EXEC sp_helplogins_vu_test GO ~~START~~ @@ -90,7 +76,6 @@ testloginindb1#!#master#!#English#!#YES#!#NO testloginwithoutusers#!#master#!#English#!#NO#!#NO testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO ~~END~~ ~~START~~ @@ -110,8 +95,6 @@ testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User -testloginwithsecurityadmin3#!#sp_helplogins_db2#!#db_owner#!#Member of -testloginwithsecurityadmin3#!#sp_helplogins_db2#!#dbo#!#User ~~END~~ @@ -134,7 +117,6 @@ testloginindb1#!#master#!#English#!#YES#!#NO testloginwithoutusers#!#master#!#English#!#NO#!#NO testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO ~~END~~ ~~START~~ @@ -163,7 +145,6 @@ testloginindb1#!#master#!#English#!#YES#!#NO testloginwithoutusers#!#master#!#English#!#NO#!#NO testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO ~~END~~ ~~START~~ @@ -183,47 +164,6 @@ testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityad ~~END~~ --- tsql user=testloginwithsecurityadmin3 password=12345678 -SELECT db_name() -GO -~~START~~ -nvarchar -master -~~END~~ - -SELECT suser_name() -GO -~~START~~ -nvarchar -testloginwithsecurityadmin3 -~~END~~ - -EXEC sp_helplogins_vu_test -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -jdbc_user#!#master#!#English#!#YES#!#NO -sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -testloginindb1#!#master#!#English#!#YES#!#NO -testloginwithoutusers#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin3#!#sp_helplogins_db2#!#English#!#YES#!#NO -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -jdbc_user#!#master#!#db_owner#!#Member of -jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User -jdbc_user#!#tempdb#!#db_owner#!#Member of -jdbc_user#!#tempdb#!#dbo#!#User -testloginwithsecurityadmin3#!#sp_helplogins_db2#!#db_owner#!#Member of -testloginwithsecurityadmin3#!#sp_helplogins_db2#!#dbo#!#User -~~END~~ - - -- tsql user=jdbc_user password=12345678 EXEC sp_helplogins_vu_test 'jdbc_user' GO diff --git a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-cleanup.mix b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-cleanup.mix index 67fa8c54e2e..db3031292cf 100644 --- a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-cleanup.mix +++ b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-cleanup.mix @@ -23,12 +23,6 @@ GO drop login testloginwithsecurityadmin2 GO -drop login testloginwithsecurityadmin3 -GO - -drop database sp_helplogins_db2 -GO - drop login testloginindb1 GO diff --git a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-prepare.mix b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-prepare.mix index 363f12f9cac..eec1408a1e6 100644 --- a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-prepare.mix +++ b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-prepare.mix @@ -54,19 +54,4 @@ create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityad GO alter role db_securityadmin add member userof_testloginwithsecurityadmin2 -GO - - --- create a login which is a member of securityadmin server role --- with a default database and ownership on sp_helplogins_db2 -create database sp_helplogins_db2 -GO - -create login testloginwithsecurityadmin3 with password = '12345678', default_database = sp_helplogins_db2 -GO - -alter server role securityadmin add member testloginwithsecurityadmin3 -GO - -alter AUTHORIZATION on database::sp_helplogins_db2 to testloginwithsecurityadmin3 -GO +GO \ No newline at end of file diff --git a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix index 872b6021e61..094a668e304 100644 --- a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix +++ b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix @@ -66,10 +66,6 @@ $$; GO -- tsql user=jdbc_user password=12345678 -SELECT db_name() -GO -SELECT suser_name() -GO EXEC sp_helplogins_vu_test GO @@ -85,14 +81,6 @@ GO EXEC sp_helplogins_vu_test GO --- tsql user=testloginwithsecurityadmin3 password=12345678 -SELECT db_name() -GO -SELECT suser_name() -GO -EXEC sp_helplogins_vu_test -GO - -- tsql user=jdbc_user password=12345678 EXEC sp_helplogins_vu_test 'jdbc_user' GO From bca0d80bbd3bd6373f69cc9523927dcb827e0c1a Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Mon, 12 May 2025 17:00:46 +0000 Subject: [PATCH 25/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .github/scripts/scan-warnings.sh | 4 +- .../BABEL-5742-sp_helplogins-vu-prepare.out | 45 ---------------- .../BABEL-5742-sp_helplogins-vu-verify.out | 51 +++++++++++++++++- .../BABEL-5742-sp_helplogins-vu-prepare.mix | 45 ---------------- .../BABEL-5742-sp_helplogins-vu-verify.mix | 53 +++++++++++++++++-- 5 files changed, 101 insertions(+), 97 deletions(-) diff --git a/.github/scripts/scan-warnings.sh b/.github/scripts/scan-warnings.sh index 685ee5b0aca..71e3003efbb 100644 --- a/.github/scripts/scan-warnings.sh +++ b/.github/scripts/scan-warnings.sh @@ -49,8 +49,8 @@ if [[ "$SNAPSHOT_ACTIVE_COUNT" -ne 44 ]]; then ERROR_FOUND=true fi -if [[ "$LEAK_COUNT" -ne 394 ]]; then - echo "Error: Expected 394 leak warnings, but found $LEAK_COUNT" +if [[ "$LEAK_COUNT" -ne 390 ]]; then + echo "Error: Expected 390 leak warnings, but found $LEAK_COUNT" ERROR_FOUND=true fi diff --git a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out index 9b46fff58ff..260df08bd3e 100644 --- a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out +++ b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out @@ -10,48 +10,3 @@ GO -- create a dummy db create database sp_helplogins_db1 GO - --- create a login with user in master with securityadmin server role -create login testloginwithsecurityadmin with password = '12345678' -create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin -GO - -alter server role securityadmin add member testloginwithsecurityadmin -GO - --- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 -use sp_helplogins_db1 -GO -create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin -GO - -use master -GO - --- create a login which does not have any users -create login testloginwithoutusers with password = '12345678' -GO - --- create a login which is a member of securityadmin server role --- and has a user with db_securityadmin role in sp_helplogins_db1 -create login testloginwithsecurityadmin2 with password = '12345678' -GO - -alter server role securityadmin add member testloginwithsecurityadmin2 -GO - --- create a login and a user in sp_helplogins_db1 -create login testloginindb1 with password = '12345678' -GO - -use sp_helplogins_db1 -GO - -create user userof_testloginindb1 for login testloginindb1 -GO - -create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 -GO - -alter role db_securityadmin add member userof_testloginwithsecurityadmin2 -GO diff --git a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out index 147150c43c1..b587c860763 100644 --- a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out @@ -1,3 +1,50 @@ +-- tsql +-- creating logins because instance level dump/restore does not migrate logins +-- create a login with user in master with securityadmin server role +create login testloginwithsecurityadmin with password = '12345678' +create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin +GO + +alter server role securityadmin add member testloginwithsecurityadmin +GO + +-- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 +use sp_helplogins_db1 +GO +create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin +GO + +use master +GO + +-- create a login which does not have any users +create login testloginwithoutusers with password = '12345678' +GO + +-- create a login which is a member of securityadmin server role +-- and has a user with db_securityadmin role in sp_helplogins_db1 +create login testloginwithsecurityadmin2 with password = '12345678' +GO + +alter server role securityadmin add member testloginwithsecurityadmin2 +GO + +-- create a login and a user in sp_helplogins_db1 +create login testloginindb1 with password = '12345678' +GO + +use sp_helplogins_db1 +GO + +create user userof_testloginindb1 for login testloginindb1 +GO + +create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 +GO + +alter role db_securityadmin add member userof_testloginwithsecurityadmin2 +GO + -- psql @@ -13,8 +60,8 @@ -- since this is a server level proc, we need to filter out only results with objects which are created within the scope of this test -- in order to avoid interference with other tests -- hence adding filter conditions on logins, users and db_name --- logins = ['jdbc_user', 'sp_helplogins_testlogin', 'testloginwithsecurityadmin3', 'testloginindb1', 'testloginwithsecurityadmin2', 'testloginwithoutusers', 'testloginwithsecurityadmin'] --- dbs = ['sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb'] +-- logins = ['jdbc_user', 'sp_helplogins_testlogin', 'testloginindb1', 'testloginwithsecurityadmin2', 'testloginwithoutusers', 'testloginwithsecurityadmin'] +-- dbs = ['sp_helplogins_db1', 'master', 'msdb', 'tempdb'] -- users = ['userof_sp_helplogins_testlogin', 'userof_testloginwithsecurityadmin_indb1', 'userof_testloginwithsecurityadmin', 'userof_testloginwithsecurityadmin2', 'userof_testloginindb1'] create procedure sys.sp_helplogins_vu_test(IN "@loginname" sys.sysname DEFAULT NULL) language pltsql diff --git a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-prepare.mix b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-prepare.mix index eec1408a1e6..8feb9d7c8c8 100644 --- a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-prepare.mix +++ b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-prepare.mix @@ -9,49 +9,4 @@ GO -- create a dummy db create database sp_helplogins_db1 -GO - --- create a login with user in master with securityadmin server role -create login testloginwithsecurityadmin with password = '12345678' -create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin -GO - -alter server role securityadmin add member testloginwithsecurityadmin -GO - --- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 -use sp_helplogins_db1 -GO -create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin -GO - -use master -GO - --- create a login which does not have any users -create login testloginwithoutusers with password = '12345678' -GO - --- create a login which is a member of securityadmin server role --- and has a user with db_securityadmin role in sp_helplogins_db1 -create login testloginwithsecurityadmin2 with password = '12345678' -GO - -alter server role securityadmin add member testloginwithsecurityadmin2 -GO - --- create a login and a user in sp_helplogins_db1 -create login testloginindb1 with password = '12345678' -GO - -use sp_helplogins_db1 -GO - -create user userof_testloginindb1 for login testloginindb1 -GO - -create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 -GO - -alter role db_securityadmin add member userof_testloginwithsecurityadmin2 GO \ No newline at end of file diff --git a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix index 094a668e304..edbf6f997ec 100644 --- a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix +++ b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix @@ -1,12 +1,59 @@ +-- tsql +-- creating logins because instance level dump/restore does not migrate logins +-- create a login with user in master with securityadmin server role +create login testloginwithsecurityadmin with password = '12345678' +create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin +GO + +alter server role securityadmin add member testloginwithsecurityadmin +GO + +-- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 +use sp_helplogins_db1 +GO +create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin +GO + +use master +GO + +-- create a login which does not have any users +create login testloginwithoutusers with password = '12345678' +GO + +-- create a login which is a member of securityadmin server role +-- and has a user with db_securityadmin role in sp_helplogins_db1 +create login testloginwithsecurityadmin2 with password = '12345678' +GO + +alter server role securityadmin add member testloginwithsecurityadmin2 +GO + +-- create a login and a user in sp_helplogins_db1 +create login testloginindb1 with password = '12345678' +GO + +use sp_helplogins_db1 +GO + +create user userof_testloginindb1 for login testloginindb1 +GO + +create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 +GO + +alter role db_securityadmin add member userof_testloginwithsecurityadmin2 +GO + +-- psql -- sp_helplogins returns two result sets -- creating test sp by omitting sid since it is an identifier which will change on every run -- since this is a server level proc, we need to filter out only results with objects which are created within the scope of this test -- in order to avoid interference with other tests -- hence adding filter conditions on logins, users and db_name --- logins = ['jdbc_user', 'sp_helplogins_testlogin', 'testloginwithsecurityadmin3', 'testloginindb1', 'testloginwithsecurityadmin2', 'testloginwithoutusers', 'testloginwithsecurityadmin'] --- dbs = ['sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb'] +-- logins = ['jdbc_user', 'sp_helplogins_testlogin', 'testloginindb1', 'testloginwithsecurityadmin2', 'testloginwithoutusers', 'testloginwithsecurityadmin'] +-- dbs = ['sp_helplogins_db1', 'master', 'msdb', 'tempdb'] -- users = ['userof_sp_helplogins_testlogin', 'userof_testloginwithsecurityadmin_indb1', 'userof_testloginwithsecurityadmin', 'userof_testloginwithsecurityadmin2', 'userof_testloginindb1'] --- psql create procedure sys.sp_helplogins_vu_test(IN "@loginname" sys.sysname DEFAULT NULL) language pltsql as $$ From 371d20f334486ca7a84e2cf2122828b54ff31e3f Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Mon, 12 May 2025 18:06:52 +0000 Subject: [PATCH 26/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../expected/BABEL-5742-sp_helplogins-vu-prepare.out | 9 --------- .../expected/BABEL-5742-sp_helplogins-vu-verify.out | 10 ++++++++++ .../BABEL-5742-sp_helplogins-vu-prepare.mix | 9 --------- .../BABEL-5742-sp_helplogins-vu-verify.mix | 10 ++++++++++ 4 files changed, 20 insertions(+), 18 deletions(-) diff --git a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out index 260df08bd3e..105060117f7 100644 --- a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out +++ b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out @@ -1,12 +1,3 @@ --- tsql --- create login with user in master with db_securityadmin role -create login sp_helplogins_testlogin with password = '12345678' -create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin -GO - -alter role db_securityadmin add member userof_sp_helplogins_testlogin -GO - -- create a dummy db create database sp_helplogins_db1 GO diff --git a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out index b587c860763..35ad47b5507 100644 --- a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out @@ -1,6 +1,16 @@ -- tsql + -- creating logins because instance level dump/restore does not migrate logins -- create a login with user in master with securityadmin server role +-- create login with user in master with db_securityadmin role +create login sp_helplogins_testlogin with password = '12345678' +create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin +GO + +alter role db_securityadmin add member userof_sp_helplogins_testlogin +GO + + create login testloginwithsecurityadmin with password = '12345678' create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin GO diff --git a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-prepare.mix b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-prepare.mix index 8feb9d7c8c8..2f4d82eb9fe 100644 --- a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-prepare.mix +++ b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-prepare.mix @@ -1,12 +1,3 @@ --- create login with user in master with db_securityadmin role --- tsql -create login sp_helplogins_testlogin with password = '12345678' -create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin -GO - -alter role db_securityadmin add member userof_sp_helplogins_testlogin -GO - -- create a dummy db create database sp_helplogins_db1 GO \ No newline at end of file diff --git a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix index edbf6f997ec..02872a1f055 100644 --- a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix +++ b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix @@ -1,6 +1,16 @@ -- tsql -- creating logins because instance level dump/restore does not migrate logins -- create a login with user in master with securityadmin server role + +-- create login with user in master with db_securityadmin role +create login sp_helplogins_testlogin with password = '12345678' +create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin +GO + +alter role db_securityadmin add member userof_sp_helplogins_testlogin +GO + + create login testloginwithsecurityadmin with password = '12345678' create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin GO From ad1d51933208c96a9a5437698be7af3668f5c2a8 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Thu, 15 May 2025 05:27:50 +0000 Subject: [PATCH 27/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- contrib/babelfishpg_tds/babelfishpg_tds--1.0.0.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/babelfishpg_tds/babelfishpg_tds--1.0.0.sql b/contrib/babelfishpg_tds/babelfishpg_tds--1.0.0.sql index 575b0c3bae3..d57277b324b 100644 --- a/contrib/babelfishpg_tds/babelfishpg_tds--1.0.0.sql +++ b/contrib/babelfishpg_tds/babelfishpg_tds--1.0.0.sql @@ -8,7 +8,7 @@ RETURNS text AS 'MODULE_PATHNAME' LANGUAGE C VOLATILE STRICT; -CREATE FUNCTION sys.inject_fault( +CREATE FUNCTION sys.inject_fault( faultname text, num_occurrences int4, tamper_byte int4) From 119924b68a2b8e54f95a73182d807a31448fcfc3 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Tue, 20 May 2025 12:52:11 +0000 Subject: [PATCH 28/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../babelfishpg_tds--1.0.0.sql | 2 +- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 66 +++++++++++-------- 2 files changed, 38 insertions(+), 30 deletions(-) diff --git a/contrib/babelfishpg_tds/babelfishpg_tds--1.0.0.sql b/contrib/babelfishpg_tds/babelfishpg_tds--1.0.0.sql index d57277b324b..575b0c3bae3 100644 --- a/contrib/babelfishpg_tds/babelfishpg_tds--1.0.0.sql +++ b/contrib/babelfishpg_tds/babelfishpg_tds--1.0.0.sql @@ -8,7 +8,7 @@ RETURNS text AS 'MODULE_PATHNAME' LANGUAGE C VOLATILE STRICT; -CREATE FUNCTION sys.inject_fault( +CREATE FUNCTION sys.inject_fault( faultname text, num_occurrences int4, tamper_byte int4) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index cd1e1c799a4..fc38bb0b284 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3765,21 +3765,25 @@ BEGIN RETURN 0; END - SELECT DISTINCT - CASE - WHEN Ext.orig_username = 'dbo' THEN Base3.oid - WHEN Ext.orig_username = 'guest' THEN 0 - ELSE Base2.oid - END AS oid INTO #all_database_users - FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_user_ext AS Ext - ON Base.rolname = Ext.rolname - LEFT OUTER JOIN pg_catalog.pg_roles Base2 - ON Ext.login_name = Base2.rolname - LEFT OUTER JOIN sys.babelfish_sysdatabases AS Db - ON Ext.database_name COLLATE database_default = Db.name - LEFT OUTER JOIN pg_catalog.pg_roles AS Base3 - ON Db.owner = Base3.rolname - WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL; + WITH all_database_users(oid) + AS + ( + SELECT DISTINCT + CASE + WHEN Ext.orig_username = 'dbo' THEN Base3.oid + WHEN Ext.orig_username = 'guest' THEN 0 + ELSE Base2.oid + END AS oid + FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_user_ext AS Ext + ON Base.rolname = Ext.rolname + LEFT OUTER JOIN pg_catalog.pg_roles Base2 + ON Ext.login_name = Base2.rolname + LEFT OUTER JOIN sys.babelfish_sysdatabases AS Db + ON Ext.database_name COLLATE database_default = Db.name + LEFT OUTER JOIN pg_catalog.pg_roles AS Base3 + ON Db.owner = Base3.rolname + WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL + ) SELECT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, @@ -3793,7 +3797,7 @@ BEGIN 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname - LEFT JOIN #all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it + LEFT JOIN all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it WHERE LExt.type NOT IN ('R', 'Z'); RETURN 0; @@ -3812,20 +3816,24 @@ BEGIN RETURN 0; END - SELECT - UExt2.database_name as database_name, - UExt1.orig_username as role_name, - UExt2.login_name as member_login INTO #db_role_mapping - FROM pg_catalog.pg_auth_members AS Authmbr - INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid - INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname - WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin'); - SET @current_username = sys.suser_name(); - SELECT + WITH db_role_mapping(database_name, role_name, member_login) + AS + ( + SELECT + UExt2.database_name as database_name, + UExt1.orig_username as role_name, + UExt2.login_name as member_login + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') + ) + + SELECT CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, @@ -3837,7 +3845,7 @@ BEGIN has_dbaccess(UExt.database_name) = 1 AND ( is_srvrolemember('sysadmin') = 1 OR - EXISTS (SELECT 1 from #db_role_mapping WHERE database_name = UExt.database_name AND member_login = @current_username) OR + EXISTS (SELECT 1 from db_role_mapping WHERE database_name = UExt.database_name AND member_login = @current_username) OR UExt.login_name = LOWER(@current_username) OR ISNULL(UExt.login_name, '') = '' ) From aa9f842663f4017090d5ea6f05ac8cfb8913a5f5 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Wed, 21 May 2025 20:28:15 +0000 Subject: [PATCH 29/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 53 ++++++++++--------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index fc38bb0b284..e14da88c2fa 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3760,10 +3760,10 @@ LANGUAGE pltsql AS $$ BEGIN IF is_srvrolemember('securityadmin') = 0 - BEGIN - RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 0; - END + BEGIN + RAISERROR('User does not have permission to perform this action.', 16, 1); + RETURN 0; + END WITH all_database_users(oid) AS @@ -3786,19 +3786,19 @@ BEGIN ) SELECT - CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, - CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, - CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, - CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, - CASE - WHEN Dp.oid IS NOT NULL THEN 'YES' - ELSE 'NO' - END as AUser, - 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins - FROM pg_catalog.pg_roles AS Base - INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname - LEFT JOIN all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it - WHERE LExt.type NOT IN ('R', 'Z'); + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, + CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, + CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, + CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, + CASE + WHEN Dp.oid IS NOT NULL THEN 'YES' + ELSE 'NO' + END as AUser, + 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins + FROM pg_catalog.pg_roles AS Base + INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname + LEFT JOIN all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it + WHERE LExt.type NOT IN ('R', 'Z'); RETURN 0; END; @@ -3808,6 +3808,7 @@ CREATE OR REPLACE PROCEDURE sys.sp_helplogins_internal_user_mappings() LANGUAGE pltsql AS $$ DECLARE @current_username sys.nvarchar(128) +DECLARE @is_sysadmin BIT BEGIN IF is_srvrolemember('securityadmin') = 0 @@ -3816,14 +3817,14 @@ BEGIN RETURN 0; END - SET @current_username = sys.suser_name(); + SET @current_username = LOWER(sys.suser_name()); + SET @is_sysadmin = is_srvrolemember('sysadmin'); - WITH db_role_mapping(database_name, role_name, member_login) + WITH db_role_mapping(database_name, member_login) AS ( SELECT UExt2.database_name as database_name, - UExt1.orig_username as role_name, UExt2.login_name as member_login FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid @@ -3844,10 +3845,10 @@ BEGIN UExt.orig_username != 'guest' AND has_dbaccess(UExt.database_name) = 1 AND ( - is_srvrolemember('sysadmin') = 1 OR - EXISTS (SELECT 1 from db_role_mapping WHERE database_name = UExt.database_name AND member_login = @current_username) OR - UExt.login_name = LOWER(@current_username) OR - ISNULL(UExt.login_name, '') = '' + @is_sysadmin = 1 OR + UExt.login_name = @current_username OR + ISNULL(UExt.login_name, '') = '' OR + EXISTS (SELECT 1 from db_role_mapping WHERE database_name = UExt.database_name AND member_login = @current_username) ) UNION SELECT @@ -3863,8 +3864,8 @@ BEGIN LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name COLLATE database_default WHERE has_dbaccess(UExt2.database_name) = 1 AND ( - is_srvrolemember('sysadmin') = 1 OR - UExt2.login_name = LOWER(@current_username) OR + @is_sysadmin = 1 OR + UExt2.login_name = @current_username OR ISNULL(UExt2.login_name, '') = '' ) RETURN 0; From 511b6b9924a6d7f3b8f448e1aa664c0ee724cbcd Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Wed, 21 May 2025 20:47:53 +0000 Subject: [PATCH 30/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 58 +++++++++---------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index e14da88c2fa..f124d2732d0 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3762,7 +3762,7 @@ BEGIN IF is_srvrolemember('securityadmin') = 0 BEGIN RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 0; + RETURN 0; END WITH all_database_users(oid) @@ -3812,10 +3812,10 @@ DECLARE @is_sysadmin BIT BEGIN IF is_srvrolemember('securityadmin') = 0 - BEGIN - RAISERROR('User does not have permission to perform this action.', 16, 1); + BEGIN + RAISERROR('User does not have permission to perform this action.', 16, 1); RETURN 0; - END + END SET @current_username = LOWER(sys.suser_name()); SET @is_sysadmin = is_srvrolemember('sysadmin'); @@ -3835,36 +3835,36 @@ BEGIN ) SELECT - CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, 'User' AS UserOrAlias - FROM sys.babelfish_authid_user_ext UExt - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name COLLATE database_default - WHERE UExt.type != 'R' AND - UExt.orig_username != 'guest' AND - has_dbaccess(UExt.database_name) = 1 AND - ( - @is_sysadmin = 1 OR + FROM sys.babelfish_authid_user_ext UExt + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name COLLATE database_default + WHERE UExt.type != 'R' AND + UExt.orig_username != 'guest' AND + has_dbaccess(UExt.database_name) = 1 AND + ( + @is_sysadmin = 1 OR UExt.login_name = @current_username OR ISNULL(UExt.login_name, '') = '' OR EXISTS (SELECT 1 from db_role_mapping WHERE database_name = UExt.database_name AND member_login = @current_username) - ) - UNION - SELECT + ) + UNION + SELECT CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, - CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, - 'Member of' AS UserOrAlias - FROM pg_catalog.pg_auth_members AS Authmbr - INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid - INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name COLLATE database_default - WHERE has_dbaccess(UExt2.database_name) = 1 AND + CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, + CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, + 'Member of' AS UserOrAlias + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name COLLATE database_default + WHERE has_dbaccess(UExt2.database_name) = 1 AND ( - @is_sysadmin = 1 OR + @is_sysadmin = 1 OR UExt2.login_name = @current_username OR ISNULL(UExt2.login_name, '') = '' ) @@ -3879,10 +3879,10 @@ DECLARE @input_loginname sys.sysname; BEGIN IF is_srvrolemember('securityadmin') = 0 - BEGIN - RAISERROR('User does not have permission to perform this action.', 16, 1); + BEGIN + RAISERROR('User does not have permission to perform this action.', 16, 1); RETURN 0; - END + END IF @loginname IS NULL BEGIN From 2764fc9af8cc51c332ef2722bf4d8887a206d822 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Thu, 22 May 2025 07:09:16 +0000 Subject: [PATCH 31/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .github/scripts/scan-warnings.sh | 4 +- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 257 ++++++++-------- .../babelfishpg_tsql--5.2.0--5.3.0.sql | 258 ++++++++-------- .../expected/z_sp_helplogins-vu-cleanup.out | 39 +++ .../expected/z_sp_helplogins-vu-prepare.out | 3 + .../expected/z_sp_helplogins-vu-verify.out | 276 ++++++++++++++++++ .../z_sp_helplogins-vu-cleanup.mix | 39 +++ .../z_sp_helplogins-vu-prepare.mix | 3 + .../z_sp_helplogins-vu-verify.mix | 111 +++++++ test/JDBC/jdbc_schedule | 2 +- .../java/com/sqlsamples/CompareResults.java | 50 ++-- .../java/com/sqlsamples/FilterConditions.java | 15 + .../com/sqlsamples/JDBCCallableStatement.java | 2 +- .../java/com/sqlsamples/JDBCMetadata.java | 36 +-- .../com/sqlsamples/JDBCPreparedStatement.java | 2 +- .../java/com/sqlsamples/JDBCStatement.java | 4 +- .../main/java/com/sqlsamples/batch_run.java | 22 +- test/JDBC/upgrade/latest/schedule | 2 +- .../expected_create.out | 2 - 19 files changed, 803 insertions(+), 324 deletions(-) create mode 100644 test/JDBC/expected/z_sp_helplogins-vu-cleanup.out create mode 100644 test/JDBC/expected/z_sp_helplogins-vu-prepare.out create mode 100644 test/JDBC/expected/z_sp_helplogins-vu-verify.out create mode 100644 test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix create mode 100644 test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix create mode 100644 test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix create mode 100644 test/JDBC/src/main/java/com/sqlsamples/FilterConditions.java diff --git a/.github/scripts/scan-warnings.sh b/.github/scripts/scan-warnings.sh index 71e3003efbb..342e3fdfd36 100644 --- a/.github/scripts/scan-warnings.sh +++ b/.github/scripts/scan-warnings.sh @@ -49,8 +49,8 @@ if [[ "$SNAPSHOT_ACTIVE_COUNT" -ne 44 ]]; then ERROR_FOUND=true fi -if [[ "$LEAK_COUNT" -ne 390 ]]; then - echo "Error: Expected 390 leak warnings, but found $LEAK_COUNT" +if [[ "$LEAK_COUNT" -ne 350 ]]; then + echo "Error: Expected 324 leak warnings, but found $LEAK_COUNT" ERROR_FOUND=true fi diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index f124d2732d0..3ddcc885f69 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3755,58 +3755,10 @@ END; $$ LANGUAGE pltsql; GRANT EXECUTE ON PROCEDURE sys.sp_procedure_params_100_managed TO PUBLIC; -CREATE OR REPLACE PROCEDURE sys.sp_helplogins_internal_logins() -LANGUAGE pltsql -AS $$ -BEGIN - IF is_srvrolemember('securityadmin') = 0 - BEGIN - RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 0; - END - - WITH all_database_users(oid) - AS - ( - SELECT DISTINCT - CASE - WHEN Ext.orig_username = 'dbo' THEN Base3.oid - WHEN Ext.orig_username = 'guest' THEN 0 - ELSE Base2.oid - END AS oid - FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_user_ext AS Ext - ON Base.rolname = Ext.rolname - LEFT OUTER JOIN pg_catalog.pg_roles Base2 - ON Ext.login_name = Base2.rolname - LEFT OUTER JOIN sys.babelfish_sysdatabases AS Db - ON Ext.database_name COLLATE database_default = Db.name - LEFT OUTER JOIN pg_catalog.pg_roles AS Base3 - ON Db.owner = Base3.rolname - WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL - ) - - SELECT - CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, - CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, - CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, - CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, - CASE - WHEN Dp.oid IS NOT NULL THEN 'YES' - ELSE 'NO' - END as AUser, - 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins - FROM pg_catalog.pg_roles AS Base - INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname - LEFT JOIN all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it - WHERE LExt.type NOT IN ('R', 'Z'); - - RETURN 0; -END; -$$; - -CREATE OR REPLACE PROCEDURE sys.sp_helplogins_internal_user_mappings() +CREATE OR REPLACE PROCEDURE sys.sp_helplogins(IN "@loginname" sys.sysname DEFAULT NULL) LANGUAGE pltsql AS $$ +DECLARE @input_loginname sys.sysname; DECLARE @current_username sys.nvarchar(128) DECLARE @is_sysadmin BIT BEGIN @@ -3817,98 +3769,123 @@ BEGIN RETURN 0; END - SET @current_username = LOWER(sys.suser_name()); - SET @is_sysadmin = is_srvrolemember('sysadmin'); - - WITH db_role_mapping(database_name, member_login) - AS - ( - SELECT - UExt2.database_name as database_name, - UExt2.login_name as member_login - FROM pg_catalog.pg_auth_members AS Authmbr - INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid - INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname - WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') - ) - - SELECT - CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt.database_name AS sys.SYSNAME) AS DBName, - CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - 'User' AS UserOrAlias - FROM sys.babelfish_authid_user_ext UExt - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name COLLATE database_default - WHERE UExt.type != 'R' AND - UExt.orig_username != 'guest' AND - has_dbaccess(UExt.database_name) = 1 AND - ( - @is_sysadmin = 1 OR - UExt.login_name = @current_username OR - ISNULL(UExt.login_name, '') = '' OR - EXISTS (SELECT 1 from db_role_mapping WHERE database_name = UExt.database_name AND member_login = @current_username) - ) - UNION - SELECT - CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, - CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, - 'Member of' AS UserOrAlias - FROM pg_catalog.pg_auth_members AS Authmbr - INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid - INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name COLLATE database_default - WHERE has_dbaccess(UExt2.database_name) = 1 AND - ( - @is_sysadmin = 1 OR - UExt2.login_name = @current_username OR - ISNULL(UExt2.login_name, '') = '' - ) - RETURN 0; -END; -$$; - -CREATE OR REPLACE PROCEDURE sys.sp_helplogins(IN "@loginname" sys.sysname DEFAULT NULL) -LANGUAGE pltsql -AS $$ -DECLARE @input_loginname sys.sysname; -BEGIN - - IF is_srvrolemember('securityadmin') = 0 - BEGIN - RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 0; + SET @current_username = LOWER(sys.suser_name()); + SET @is_sysadmin = is_srvrolemember('sysadmin'); + + IF @loginname IS NULL + BEGIN + SELECT DISTINCT + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, + CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, + CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, + CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, + CASE + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname THEN 'YES' + WHEN Db.owner = LExt.orig_loginname THEN 'YES' + ELSE 'NO' + END AS AUser, + CAST('NO' AS VARCHAR(8)) AS ARemote -- Currently we do not support linking local logins to remote logins + FROM pg_catalog.pg_roles AS Base + INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname + LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' + LEFT JOIN sys.babelfish_sysdatabases AS Db ON LExt.default_database_name COLLATE database_default = Db.name + WHERE LExt.type NOT IN ('R', 'Z') + + SELECT + CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt.database_name AS sys.SYSNAME) AS DBName, + CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, + 'User' AS UserOrAlias + FROM sys.babelfish_authid_user_ext UExt + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name COLLATE database_default + WHERE UExt.type != 'R' AND + UExt.orig_username != 'guest' AND + has_dbaccess(UExt.database_name) = 1 AND + ( + @is_sysadmin = 1 OR + UExt.login_name = @current_username OR + ISNULL(UExt.login_name, '') = '' OR + EXISTS ( + SELECT 1 + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') AND UExt2.database_name = UExt.database_name AND UExt2.login_name = @current_username + ) + ) + UNION + SELECT + CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, + CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, + 'Member of' AS UserOrAlias + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name COLLATE database_default + WHERE + has_dbaccess(UExt2.database_name) = 1 AND + ( + @is_sysadmin = 1 OR + UExt2.login_name = @current_username OR + ISNULL(UExt2.login_name, '') = '' + ) END + ELSE + BEGIN - IF @loginname IS NULL - BEGIN - EXEC sp_helplogins_internal_logins; - EXEC sp_helplogins_internal_user_mappings; - END - ELSE - BEGIN - SET @input_loginname = sys.RTRIM(@loginname); - SET NOCOUNT ON; - - CREATE TABLE #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - INSERT INTO #sp_helplogins_internal_logins_temp EXEC sp_helplogins_internal_logins; - - CREATE TABLE #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - INSERT INTO #sp_helplogins_internal_user_mappings_temp EXEC sp_helplogins_internal_user_mappings; - - SET NOCOUNT OFF; - - SELECT * FROM #sp_helplogins_internal_logins_temp - WHERE LoginName = @input_loginname; - - SELECT * FROM #sp_helplogins_internal_user_mappings_temp - WHERE LoginName = @input_loginname; - END; - RETURN 0; + SET @input_loginname = sys.RTRIM(@loginname); + + SELECT DISTINCT + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, + CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, + CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, + CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, + CASE + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname THEN 'YES' + WHEN Db.owner = LExt.orig_loginname THEN 'YES' + ELSE 'NO' + END AS AUser, + CAST('NO' AS VARCHAR(8)) AS ARemote -- Currently we do not support linking local logins to remote logins + FROM pg_catalog.pg_roles AS Base + INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname + LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' + LEFT JOIN sys.babelfish_sysdatabases AS Db ON LExt.default_database_name COLLATE database_default = Db.name + WHERE LExt.type NOT IN ('R', 'Z') AND LExt.orig_loginname = @input_loginname + + SELECT + CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt.database_name AS sys.SYSNAME) AS DBName, + CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, + 'User' AS UserOrAlias + FROM sys.babelfish_authid_user_ext UExt + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name COLLATE database_default + WHERE UExt.type != 'R' AND + UExt.orig_username != 'guest' AND + has_dbaccess(UExt.database_name) = 1 AND + COALESCE(NULLIF(UExt.login_name, ''), Db.owner) = @input_loginname + UNION + SELECT + CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, + CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, + 'Member of' AS UserOrAlias + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name COLLATE database_default + WHERE + has_dbaccess(UExt2.database_name) = 1 AND + COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) = @input_loginname + END; + + RETURN 0; END; $$; GRANT EXECUTE ON PROCEDURE sys.sp_helplogins TO PUBLIC; \ No newline at end of file diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index 4b302b82064..9406bf7f808 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -119,151 +119,137 @@ END; $$ LANGUAGE plpgsql IMMUTABLE; -CREATE OR REPLACE PROCEDURE sys.sp_helplogins_internal_logins() -LANGUAGE pltsql -AS $$ -BEGIN - IF is_srvrolemember('securityadmin') = 0 - BEGIN - RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 0; - END - - SELECT DISTINCT - CASE - WHEN Ext.orig_username = 'dbo' THEN Base3.oid - WHEN Ext.orig_username = 'guest' THEN 0 - ELSE Base2.oid - END AS oid INTO #all_database_users - FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_user_ext AS Ext - ON Base.rolname = Ext.rolname - LEFT OUTER JOIN pg_catalog.pg_roles Base2 - ON Ext.login_name = Base2.rolname - LEFT OUTER JOIN sys.babelfish_sysdatabases AS Db - ON Ext.database_name COLLATE database_default = Db.name - LEFT OUTER JOIN pg_catalog.pg_roles AS Base3 - ON Db.owner = Base3.rolname - WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL; - - SELECT - CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, - CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, - CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, - CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, - CASE - WHEN Dp.oid IS NOT NULL THEN 'YES' - ELSE 'NO' - END as AUser, - 'NO' AS ARemote -- Currently we do not support linking local logins to remote logins - FROM pg_catalog.pg_roles AS Base - INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname - LEFT JOIN #all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it - WHERE LExt.type NOT IN ('R', 'Z'); - - RETURN 0; -END; -$$; - -CREATE OR REPLACE PROCEDURE sys.sp_helplogins_internal_user_mappings() -LANGUAGE pltsql -AS $$ -DECLARE @current_username sys.nvarchar(128) -BEGIN - - IF is_srvrolemember('securityadmin') = 0 - BEGIN - RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 0; - END - - SELECT - UExt2.database_name as database_name, - UExt1.orig_username as role_name, - UExt2.login_name as member_login INTO #db_role_mapping - FROM pg_catalog.pg_auth_members AS Authmbr - INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid - INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname - WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin'); - - SET @current_username = sys.suser_name(); - - SELECT - CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt.database_name AS sys.SYSNAME) AS DBName, - CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - 'User' AS UserOrAlias - FROM sys.babelfish_authid_user_ext UExt - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name COLLATE database_default - WHERE UExt.type != 'R' AND - UExt.orig_username != 'guest' AND - has_dbaccess(UExt.database_name) = 1 AND - ( - is_srvrolemember('sysadmin') = 1 OR - EXISTS (SELECT 1 from #db_role_mapping WHERE database_name = UExt.database_name AND member_login = @current_username) OR - UExt.login_name = LOWER(@current_username) OR - ISNULL(UExt.login_name, '') = '' - ) - UNION - SELECT - CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, - CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, - 'Member of' AS UserOrAlias - FROM pg_catalog.pg_auth_members AS Authmbr - INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid - INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name COLLATE database_default - WHERE has_dbaccess(UExt2.database_name) = 1 AND - ( - is_srvrolemember('sysadmin') = 1 OR - UExt2.login_name = LOWER(@current_username) OR - ISNULL(UExt2.login_name, '') = '' - ) - RETURN 0; -END; -$$; - CREATE OR REPLACE PROCEDURE sys.sp_helplogins(IN "@loginname" sys.sysname DEFAULT NULL) LANGUAGE pltsql AS $$ DECLARE @input_loginname sys.sysname; +DECLARE @current_username sys.nvarchar(128) +DECLARE @is_sysadmin BIT BEGIN IF is_srvrolemember('securityadmin') = 0 - BEGIN - RAISERROR('User does not have permission to perform this action.', 16, 1); + BEGIN + RAISERROR('User does not have permission to perform this action.', 16, 1); RETURN 0; - END - - IF @loginname IS NULL - BEGIN - EXEC sp_helplogins_internal_logins; - EXEC sp_helplogins_internal_user_mappings; - END - ELSE - BEGIN - SET @input_loginname = sys.RTRIM(@loginname); - SET NOCOUNT ON; - - CREATE TABLE #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - INSERT INTO #sp_helplogins_internal_logins_temp EXEC sp_helplogins_internal_logins; - - CREATE TABLE #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - INSERT INTO #sp_helplogins_internal_user_mappings_temp EXEC sp_helplogins_internal_user_mappings; - - SET NOCOUNT OFF; - - SELECT * FROM #sp_helplogins_internal_logins_temp - WHERE LoginName = @input_loginname; + END - SELECT * FROM #sp_helplogins_internal_user_mappings_temp - WHERE LoginName = @input_loginname; - END; - RETURN 0; + SET @current_username = LOWER(sys.suser_name()); + SET @is_sysadmin = is_srvrolemember('sysadmin'); + + IF @loginname IS NULL + BEGIN + SELECT DISTINCT + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, + CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, + CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, + CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, + CASE + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname THEN 'YES' + WHEN Db.owner = LExt.orig_loginname THEN 'YES' + ELSE 'NO' + END AS AUser, + CAST('NO' AS VARCHAR(8)) AS ARemote -- Currently we do not support linking local logins to remote logins + FROM pg_catalog.pg_roles AS Base + INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname + LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' + LEFT JOIN sys.babelfish_sysdatabases AS Db ON LExt.default_database_name COLLATE database_default = Db.name + WHERE LExt.type NOT IN ('R', 'Z') + + SELECT + CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt.database_name AS sys.SYSNAME) AS DBName, + CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, + 'User' AS UserOrAlias + FROM sys.babelfish_authid_user_ext UExt + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name COLLATE database_default + WHERE UExt.type != 'R' AND + UExt.orig_username != 'guest' AND + has_dbaccess(UExt.database_name) = 1 AND + ( + @is_sysadmin = 1 OR + UExt.login_name = @current_username OR + ISNULL(UExt.login_name, '') = '' OR + EXISTS ( + SELECT 1 + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname + WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') AND UExt2.database_name = UExt.database_name AND UExt2.login_name = @current_username + ) + ) + UNION + SELECT + CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, + CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, + 'Member of' AS UserOrAlias + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name COLLATE database_default + WHERE + has_dbaccess(UExt2.database_name) = 1 AND + ( + @is_sysadmin = 1 OR + UExt2.login_name = @current_username OR + ISNULL(UExt2.login_name, '') = '' + ) + END + ELSE + BEGIN + + SET @input_loginname = sys.RTRIM(@loginname); + + SELECT DISTINCT + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, + CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, + CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, + CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, + CASE + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname THEN 'YES' + WHEN Db.owner = LExt.orig_loginname THEN 'YES' + ELSE 'NO' + END AS AUser, + CAST('NO' AS VARCHAR(8)) AS ARemote -- Currently we do not support linking local logins to remote logins + FROM pg_catalog.pg_roles AS Base + INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname + LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' + LEFT JOIN sys.babelfish_sysdatabases AS Db ON LExt.default_database_name COLLATE database_default = Db.name + WHERE LExt.type NOT IN ('R', 'Z') AND LExt.orig_loginname = @input_loginname + + SELECT + CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt.database_name AS sys.SYSNAME) AS DBName, + CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, + 'User' AS UserOrAlias + FROM sys.babelfish_authid_user_ext UExt + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name COLLATE database_default + WHERE UExt.type != 'R' AND + UExt.orig_username != 'guest' AND + has_dbaccess(UExt.database_name) = 1 AND + COALESCE(NULLIF(UExt.login_name, ''), Db.owner) = @input_loginname + UNION + SELECT + CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, + CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, + 'Member of' AS UserOrAlias + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name COLLATE database_default + WHERE + has_dbaccess(UExt2.database_name) = 1 AND + COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) = @input_loginname + END; + + RETURN 0; END; $$; GRANT EXECUTE ON PROCEDURE sys.sp_helplogins TO PUBLIC; diff --git a/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out b/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out new file mode 100644 index 00000000000..8de2be985eb --- /dev/null +++ b/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out @@ -0,0 +1,39 @@ +-- tsql user=jdbc_user password=12345678 database=master +drop user if exists userof_sp_helplogins_testlogin +GO + +drop login sp_helplogins_testlogin +GO + +drop user if exists userof_testloginwithsecurityadmin +GO + +drop user if exists userof_testloginwithsecurityadmin_indb1 +GO + +drop login testloginwithsecurityadmin +GO + +drop database sp_helplogins_db1 +GO + +drop user if exists userof_testloginwithsecurityadmin2 +GO + +drop login testloginwithsecurityadmin2 +GO + +drop login testloginindb1 +GO + +drop user if exists userof_testloginindb1 +GO + +drop login testloginwithoutusers +GO + +drop user if exists u_testloginwithotherdefdb +GO + +drop login testloginwithotherdefdb +GO diff --git a/test/JDBC/expected/z_sp_helplogins-vu-prepare.out b/test/JDBC/expected/z_sp_helplogins-vu-prepare.out new file mode 100644 index 00000000000..105060117f7 --- /dev/null +++ b/test/JDBC/expected/z_sp_helplogins-vu-prepare.out @@ -0,0 +1,3 @@ +-- create a dummy db +create database sp_helplogins_db1 +GO diff --git a/test/JDBC/expected/z_sp_helplogins-vu-verify.out b/test/JDBC/expected/z_sp_helplogins-vu-verify.out new file mode 100644 index 00000000000..75c50c177a2 --- /dev/null +++ b/test/JDBC/expected/z_sp_helplogins-vu-verify.out @@ -0,0 +1,276 @@ +-- tsql + +-- creating logins because instance level dump/restore does not migrate logins +-- create a login with user in master with securityadmin server role +-- create login with user in master with db_securityadmin role +create login sp_helplogins_testlogin with password = '12345678' +create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin +GO + +alter role db_securityadmin add member userof_sp_helplogins_testlogin +GO + + +create login testloginwithsecurityadmin with password = '12345678' +create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin +GO + +alter server role securityadmin add member testloginwithsecurityadmin +GO + +-- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 +use sp_helplogins_db1 +GO +create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin +GO + +use master +GO + +-- create a login which does not have any users +create login testloginwithoutusers with password = '12345678' +GO + +-- create a login which is a member of securityadmin server role +-- and has a user with db_securityadmin role in sp_helplogins_db1 +create login testloginwithsecurityadmin2 with password = '12345678' +GO + +alter server role securityadmin add member testloginwithsecurityadmin2 +GO + +-- create a login and a user in sp_helplogins_db1 +create login testloginindb1 with password = '12345678' +GO + +use sp_helplogins_db1 +GO + +create user userof_testloginindb1 for login testloginindb1 +GO + +create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 +GO + +alter role db_securityadmin add member userof_testloginwithsecurityadmin2 +GO + +create login testloginwithotherdefdb with password = '12345678', default_database = sp_helplogins_db1 +GO + +create user u_testloginwithotherdefdb for login testloginwithotherdefdb +GO + +-- tsql user=jdbc_user password=12345678 +-- ignore_columns 2 +EXEC sp_helplogins +GO +~~START~~ +varchar#!#varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#master#!#English#!#YES#!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO +testloginindb1#!#master#!#English#!#YES#!#NO +testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES#!#NO +testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of +jdbc_user#!#sp_helplogins_db1#!#dbo#!#User +jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#dbo#!#User +sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of +sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User +testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User +testloginwithotherdefdb#!#sp_helplogins_db1#!#u_testloginwithotherdefdb#!#User +testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User +testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User +~~END~~ + + +-- tsql user=sp_helplogins_testlogin password=12345678 +-- ignore_columns 2 +EXEC sp_helplogins +GO +~~ERROR (Code: 50000)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + + +-- tsql user=testloginwithsecurityadmin password=12345678 +-- ignore_columns 2 +EXEC sp_helplogins +GO +~~START~~ +varchar#!#varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#master#!#English#!#YES#!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO +testloginindb1#!#master#!#English#!#YES#!#NO +testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES#!#NO +testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of +jdbc_user#!#sp_helplogins_db1#!#dbo#!#User +jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#dbo#!#User +testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User +testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User +~~END~~ + + +-- tsql user=testloginwithsecurityadmin2 password=12345678 +-- ignore_columns 2 +EXEC sp_helplogins +GO +~~START~~ +varchar#!#varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#master#!#English#!#YES#!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO +testloginindb1#!#master#!#English#!#YES#!#NO +testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES#!#NO +testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of +jdbc_user#!#sp_helplogins_db1#!#dbo#!#User +jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#dbo#!#User +testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User +testloginwithotherdefdb#!#sp_helplogins_db1#!#u_testloginwithotherdefdb#!#User +testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User +~~END~~ + + +-- tsql user=jdbc_user password=12345678 +-- ignore_columns 2 +EXEC sp_helplogins 'jdbc_user' +GO +~~START~~ +varchar#!#varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#master#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of +jdbc_user#!#sp_helplogins_db1#!#dbo#!#User +jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#dbo#!#User +~~END~~ + + +-- ignore_columns 2 +EXEC sp_helplogins 'sp_helplogins_testlogin' +GO +~~START~~ +varchar#!#varchar#!#varchar#!#varchar#!#varchar +sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of +sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User +~~END~~ + + +-- ignore_columns 2 +EXEC sp_helplogins 'testloginwithsecurityadmin' +GO +~~START~~ +varchar#!#varchar#!#varchar#!#varchar#!#varchar +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User +testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User +~~END~~ + + +-- ignore_columns 2 +EXEC sp_helplogins 'testloginwithsecurityadmin2' +GO +~~START~~ +varchar#!#varchar#!#varchar#!#varchar#!#varchar +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User +~~END~~ + + +-- ignore_columns 2 +EXEC sp_helplogins 'testloginwithsecurityadmin2 ' +GO +~~START~~ +varchar#!#varchar#!#varchar#!#varchar#!#varchar +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User +~~END~~ + + +-- ignore_columns 2 +EXEC sp_helplogins ' testloginwithsecurityadmin2 ' +GO +~~START~~ +varchar#!#varchar#!#varchar#!#varchar#!#varchar +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +~~END~~ + + +-- ignore_columns 2 +EXEC sp_helplogins ' ' +GO +~~START~~ +varchar#!#varchar#!#varchar#!#varchar#!#varchar +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +~~END~~ + diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix new file mode 100644 index 00000000000..1f711677f22 --- /dev/null +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix @@ -0,0 +1,39 @@ +-- tsql user=jdbc_user password=12345678 database=master +drop user if exists userof_sp_helplogins_testlogin +GO + +drop login sp_helplogins_testlogin +GO + +drop user if exists userof_testloginwithsecurityadmin +GO + +drop user if exists userof_testloginwithsecurityadmin_indb1 +GO + +drop login testloginwithsecurityadmin +GO + +drop database sp_helplogins_db1 +GO + +drop user if exists userof_testloginwithsecurityadmin2 +GO + +drop login testloginwithsecurityadmin2 +GO + +drop login testloginindb1 +GO + +drop user if exists userof_testloginindb1 +GO + +drop login testloginwithoutusers +GO + +drop user if exists u_testloginwithotherdefdb +GO + +drop login testloginwithotherdefdb +GO \ No newline at end of file diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix new file mode 100644 index 00000000000..2f4d82eb9fe --- /dev/null +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix @@ -0,0 +1,3 @@ +-- create a dummy db +create database sp_helplogins_db1 +GO \ No newline at end of file diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix new file mode 100644 index 00000000000..ecb0d581ee1 --- /dev/null +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix @@ -0,0 +1,111 @@ +-- tsql +-- creating logins because instance level dump/restore does not migrate logins +-- create a login with user in master with securityadmin server role + +-- create login with user in master with db_securityadmin role +create login sp_helplogins_testlogin with password = '12345678' +create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin +GO + +alter role db_securityadmin add member userof_sp_helplogins_testlogin +GO + + +create login testloginwithsecurityadmin with password = '12345678' +create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin +GO + +alter server role securityadmin add member testloginwithsecurityadmin +GO + +-- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 +use sp_helplogins_db1 +GO +create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin +GO + +use master +GO + +-- create a login which does not have any users +create login testloginwithoutusers with password = '12345678' +GO + +-- create a login which is a member of securityadmin server role +-- and has a user with db_securityadmin role in sp_helplogins_db1 +create login testloginwithsecurityadmin2 with password = '12345678' +GO + +alter server role securityadmin add member testloginwithsecurityadmin2 +GO + +-- create a login and a user in sp_helplogins_db1 +create login testloginindb1 with password = '12345678' +GO + +use sp_helplogins_db1 +GO + +create user userof_testloginindb1 for login testloginindb1 +GO + +create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 +GO + +alter role db_securityadmin add member userof_testloginwithsecurityadmin2 +GO + +create login testloginwithotherdefdb with password = '12345678', default_database = sp_helplogins_db1 +GO + +create user u_testloginwithotherdefdb for login testloginwithotherdefdb +GO + +-- tsql user=jdbc_user password=12345678 +-- ignore_columns 2 +EXEC sp_helplogins +GO + +-- tsql user=sp_helplogins_testlogin password=12345678 +-- ignore_columns 2 +EXEC sp_helplogins +GO + +-- tsql user=testloginwithsecurityadmin password=12345678 +-- ignore_columns 2 +EXEC sp_helplogins +GO + +-- tsql user=testloginwithsecurityadmin2 password=12345678 +-- ignore_columns 2 +EXEC sp_helplogins +GO + +-- tsql user=jdbc_user password=12345678 +-- ignore_columns 2 +EXEC sp_helplogins 'jdbc_user' +GO + +-- ignore_columns 2 +EXEC sp_helplogins 'sp_helplogins_testlogin' +GO + +-- ignore_columns 2 +EXEC sp_helplogins 'testloginwithsecurityadmin' +GO + +-- ignore_columns 2 +EXEC sp_helplogins 'testloginwithsecurityadmin2' +GO + +-- ignore_columns 2 +EXEC sp_helplogins 'testloginwithsecurityadmin2 ' +GO + +-- ignore_columns 2 +EXEC sp_helplogins ' testloginwithsecurityadmin2 ' +GO + +-- ignore_columns 2 +EXEC sp_helplogins ' ' +GO \ No newline at end of file diff --git a/test/JDBC/jdbc_schedule b/test/JDBC/jdbc_schedule index d71232d6983..ff9008020e8 100644 --- a/test/JDBC/jdbc_schedule +++ b/test/JDBC/jdbc_schedule @@ -8,7 +8,7 @@ # new line # 6. If you want the framework to not run certain files, use: ignore#!# -all + all # TODO ignore#!#charindex_and_replace_CIAI_collations diff --git a/test/JDBC/src/main/java/com/sqlsamples/CompareResults.java b/test/JDBC/src/main/java/com/sqlsamples/CompareResults.java index 639c98f05f1..d86911075ed 100644 --- a/test/JDBC/src/main/java/com/sqlsamples/CompareResults.java +++ b/test/JDBC/src/main/java/com/sqlsamples/CompareResults.java @@ -23,7 +23,7 @@ public class CompareResults { // function to write result set into a file - public static void writeResultSetToFile(BufferedWriter bw, ResultSet rs, Logger logger) { + public static void writeResultSetToFile(BufferedWriter bw, ResultSet rs, Logger logger, FilterConditions filterConditions) { try { bw.write("~~START~~"); bw.newLine(); @@ -32,30 +32,36 @@ public static void writeResultSetToFile(BufferedWriter bw, ResultSet rs, Logger int cols = rsmd.getColumnCount(); if (outputColumnName) { - for (int i = 1; i <= cols; i++) { - bw.write(rsmd.getColumnName(i)); - if (i != cols) bw.write("#!#"); + for (int i = 1; i <= cols; i++) { + if (shouldNotIgnoreColumn(filterConditions, i)) { + bw.write(rsmd.getColumnName(i)); + if (i != cols) bw.write("#!#"); + } } bw.newLine(); - } + } for (int i = 1; i <= cols; i++) { - bw.write(rsmd.getColumnTypeName(i)); - if (i != cols) bw.write("#!#"); + if (shouldNotIgnoreColumn(filterConditions, i)) { + bw.write(rsmd.getColumnTypeName(i)); + if (i != cols) bw.write("#!#"); + } } bw.newLine(); while (rs.next()) { for (int i = 1; i <= cols; i++) { - if(isNull(rs.getObject(i))){ - bw.write(""); - } else { - String str = rs.getString(i); - str = str.replaceAll("[\r\n]+", ""); - bw.write(str); - } + if (shouldNotIgnoreColumn(filterConditions, i)) { + if(isNull(rs.getObject(i))){ + bw.write(""); + } else { + String str = rs.getString(i); + str = str.replaceAll("[\r\n]+", ""); + bw.write(str); + } - if (i != cols) bw.write("#!#"); + if (i != cols) bw.write("#!#"); + } } bw.newLine(); } @@ -73,6 +79,10 @@ public static void writeResultSetToFile(BufferedWriter bw, ResultSet rs, Logger } } + private static boolean shouldNotIgnoreColumn(FilterConditions filterConditions, int col) { + return isNull(filterConditions) || isNull(filterConditions.getColsToIgnore()) || !filterConditions.getColsToIgnore().contains(col); + } + // function to write the tuple, result set cursor is pointing to, into a file public static void writeCursorResultSetToFile(BufferedWriter bw, ResultSet cursor, Logger logger) { try { @@ -135,9 +145,8 @@ public static void writeWarningToFile(BufferedWriter bw, SQLWarning sqlwarn, Log } // processes all the results sequentially that we get from executing a JDBC Statement - static void processResults(Statement stmt, BufferedWriter bw, int resultsProcessed, boolean resultSetExist, boolean warningExist, Logger logger) { + static void processResults(Statement stmt, BufferedWriter bw, int resultsProcessed, boolean resultSetExist, boolean warningExist, Logger logger, FilterConditions filterConditions) { int updateCount = -9; // initialize to impossible value - while (true) { boolean exceptionOccurred = true; do { @@ -152,7 +161,7 @@ static void processResults(Statement stmt, BufferedWriter bw, int resultsProcess } resultsProcessed++; } while (exceptionOccurred); - + if ((!resultSetExist) && (updateCount == -1)) { break; } @@ -166,7 +175,10 @@ static void processResults(Statement stmt, BufferedWriter bw, int resultsProcess } if (resultSetExist) { try (ResultSet rs = stmt.getResultSet()) { - writeResultSetToFile(bw, rs, logger); + if (resultsProcessed == 1) + writeResultSetToFile(bw, rs, logger, filterConditions); + else + writeResultSetToFile(bw, rs, logger, null); } catch (SQLException e) { handleSQLExceptionWithFile(e, bw, logger); } diff --git a/test/JDBC/src/main/java/com/sqlsamples/FilterConditions.java b/test/JDBC/src/main/java/com/sqlsamples/FilterConditions.java new file mode 100644 index 00000000000..196eeea700a --- /dev/null +++ b/test/JDBC/src/main/java/com/sqlsamples/FilterConditions.java @@ -0,0 +1,15 @@ +package com.sqlsamples; +import java.util.Set; +import java.util.HashSet; + +public class FilterConditions { + public FilterConditions(final Set colsToIgnore) { + this.colsToIgnore = colsToIgnore; + } + + private Set colsToIgnore; + + public Set getColsToIgnore() { + return this.colsToIgnore; + } +} \ No newline at end of file diff --git a/test/JDBC/src/main/java/com/sqlsamples/JDBCCallableStatement.java b/test/JDBC/src/main/java/com/sqlsamples/JDBCCallableStatement.java index a6e1c3eb2be..1e53054e3ed 100644 --- a/test/JDBC/src/main/java/com/sqlsamples/JDBCCallableStatement.java +++ b/test/JDBC/src/main/java/com/sqlsamples/JDBCCallableStatement.java @@ -58,7 +58,7 @@ void testCallableStatementWithFile(String[] result, BufferedWriter bw, String st handleSQLExceptionWithFile(e, bw, logger); resultsProcessed++; } - CompareResults.processResults(cstmt_bbl, bw, resultsProcessed, resultSetExist, warningExist, logger); + CompareResults.processResults(cstmt_bbl, bw, resultsProcessed, resultSetExist, warningExist, logger, null); } catch (IOException ioe) { logger.error("IO Exception: " + ioe.getMessage(), ioe); } diff --git a/test/JDBC/src/main/java/com/sqlsamples/JDBCMetadata.java b/test/JDBC/src/main/java/com/sqlsamples/JDBCMetadata.java index 746a2df1e72..1c06f688cc4 100644 --- a/test/JDBC/src/main/java/com/sqlsamples/JDBCMetadata.java +++ b/test/JDBC/src/main/java/com/sqlsamples/JDBCMetadata.java @@ -49,7 +49,7 @@ static void testDatabaseMetadata(BufferedWriter bw, Logger logger, Connection co private static void testGetCatalogs(BufferedWriter bw, Logger logger, DatabaseMetaData dbmeta) throws SQLException { ResultSet rs = dbmeta.getCatalogs(); - CompareResults.writeResultSetToFile(bw, rs, logger); + CompareResults.writeResultSetToFile(bw, rs, logger, null); } private static void testGetColumnPrivileges(BufferedWriter bw, Logger logger, DatabaseMetaData dbmeta, String data) throws SQLException { @@ -63,7 +63,7 @@ private static void testGetColumnPrivileges(BufferedWriter bw, Logger logger, Da String table = parts[2]; String column = parts[3]; ResultSet rs = dbmeta.getColumnPrivileges(catalog, schema, table, column); - CompareResults.writeResultSetToFile(bw, rs, logger); + CompareResults.writeResultSetToFile(bw, rs, logger, null); } private static void testGetTables(BufferedWriter bw, Logger logger, DatabaseMetaData dbmeta, String data) throws SQLException { @@ -80,7 +80,7 @@ private static void testGetTables(BufferedWriter bw, Logger logger, DatabaseMeta types = Arrays.copyOfRange(parts, 3, parts.length); } ResultSet rs = dbmeta.getTables(catalog, schema, table, types); - CompareResults.writeResultSetToFile(bw, rs, logger); + CompareResults.writeResultSetToFile(bw, rs, logger, null); } private static void testGetColumns(BufferedWriter bw, Logger logger, DatabaseMetaData dbmeta, String data) throws SQLException { @@ -97,7 +97,7 @@ private static void testGetColumns(BufferedWriter bw, Logger logger, DatabaseMet column = parts[3]; } ResultSet rs = dbmeta.getColumns(catalog, schema, table, column); - CompareResults.writeResultSetToFile(bw, rs, logger); + CompareResults.writeResultSetToFile(bw, rs, logger, null); } private static void testGetFunctions(BufferedWriter bw, Logger logger, DatabaseMetaData dbmeta, String data) throws SQLException { @@ -113,7 +113,7 @@ private static void testGetFunctions(BufferedWriter bw, Logger logger, DatabaseM function = parts[2]; } ResultSet rs = dbmeta.getFunctions(catalog, schema, function); - CompareResults.writeResultSetToFile(bw, rs, logger); + CompareResults.writeResultSetToFile(bw, rs, logger, null); } private static void testGetFunctionColumns(BufferedWriter bw, Logger logger, DatabaseMetaData dbmeta, String data) throws SQLException { @@ -130,7 +130,7 @@ private static void testGetFunctionColumns(BufferedWriter bw, Logger logger, Dat column = parts[3]; } ResultSet rs = dbmeta.getFunctionColumns(catalog, schema, function, column); - CompareResults.writeResultSetToFile(bw, rs, logger); + CompareResults.writeResultSetToFile(bw, rs, logger, null); } private static void testGetBestRowIdentifier(BufferedWriter bw, Logger logger, DatabaseMetaData dbmeta, String data) throws SQLException { @@ -145,7 +145,7 @@ private static void testGetBestRowIdentifier(BufferedWriter bw, Logger logger, D int scope = Integer.parseInt(parts[3]); boolean nullable = Boolean.parseBoolean(parts[4]); ResultSet rs = dbmeta.getBestRowIdentifier(catalog, schema, table, scope, nullable); - CompareResults.writeResultSetToFile(bw, rs, logger); + CompareResults.writeResultSetToFile(bw, rs, logger, null); } private static void testGetCrossReference(BufferedWriter bw, Logger logger, DatabaseMetaData dbmeta, String data) throws SQLException { @@ -161,7 +161,7 @@ private static void testGetCrossReference(BufferedWriter bw, Logger logger, Data String schema2 = parts[4]; String table2 = parts[5]; ResultSet rs = dbmeta.getCrossReference(catalog1, schema1, table1, catalog2, schema2, table2); - CompareResults.writeResultSetToFile(bw, rs, logger); + CompareResults.writeResultSetToFile(bw, rs, logger, null); } private static void testGetExportedKeys(BufferedWriter bw, Logger logger, DatabaseMetaData dbmeta, String data) throws SQLException { @@ -174,7 +174,7 @@ private static void testGetExportedKeys(BufferedWriter bw, Logger logger, Databa String schema = parts[1]; String table = parts[2]; ResultSet rs = dbmeta.getExportedKeys(catalog, schema, table); - CompareResults.writeResultSetToFile(bw, rs, logger); + CompareResults.writeResultSetToFile(bw, rs, logger, null); } private static void testGetImportedKeys(BufferedWriter bw, Logger logger, DatabaseMetaData dbmeta, String data) throws SQLException { @@ -187,7 +187,7 @@ private static void testGetImportedKeys(BufferedWriter bw, Logger logger, Databa String schema = parts[1]; String table = parts[2]; ResultSet rs = dbmeta.getImportedKeys(catalog, schema, table); - CompareResults.writeResultSetToFile(bw, rs, logger); + CompareResults.writeResultSetToFile(bw, rs, logger, null); } private static void testGetIndexInfo(BufferedWriter bw, Logger logger, DatabaseMetaData dbmeta, String data) throws SQLException { @@ -202,7 +202,7 @@ private static void testGetIndexInfo(BufferedWriter bw, Logger logger, DatabaseM boolean unique = Boolean.parseBoolean(parts[3]); boolean approximate = Boolean.parseBoolean(parts[4]); ResultSet rs = dbmeta.getIndexInfo(catalog, schema, table, unique, approximate); - CompareResults.writeResultSetToFile(bw, rs, logger); + CompareResults.writeResultSetToFile(bw, rs, logger, null); } private static void testGetMaxConnections(BufferedWriter bw, DatabaseMetaData dbmeta) throws SQLException, IOException { @@ -229,7 +229,7 @@ private static void testGetPrimaryKeys(BufferedWriter bw, Logger logger, Databas String schema = parts[1]; String table = parts[2]; ResultSet rs = dbmeta.getPrimaryKeys(catalog, schema, table); - CompareResults.writeResultSetToFile(bw, rs, logger); + CompareResults.writeResultSetToFile(bw, rs, logger, null); } private static void testGetProcedureColumns(BufferedWriter bw, Logger logger, DatabaseMetaData dbmeta, String data) throws SQLException { @@ -246,7 +246,7 @@ private static void testGetProcedureColumns(BufferedWriter bw, Logger logger, Da column = parts[3]; } ResultSet rs = dbmeta.getProcedureColumns(catalog, schema, procedure, column); - CompareResults.writeResultSetToFile(bw, rs, logger); + CompareResults.writeResultSetToFile(bw, rs, logger, null); } private static void testGetProcedures(BufferedWriter bw, Logger logger, DatabaseMetaData dbmeta, String data) throws SQLException { @@ -262,7 +262,7 @@ private static void testGetProcedures(BufferedWriter bw, Logger logger, Database procedure = parts[2]; } ResultSet rs = dbmeta.getProcedures(catalog, schema, procedure); - CompareResults.writeResultSetToFile(bw, rs, logger); + CompareResults.writeResultSetToFile(bw, rs, logger, null); } private static void testGetSchemas(BufferedWriter bw, Logger logger, DatabaseMetaData dbmeta, String data) throws SQLException { @@ -277,7 +277,7 @@ private static void testGetSchemas(BufferedWriter bw, Logger logger, DatabaseMet schema = parts[1]; } ResultSet rs = dbmeta.getSchemas(catalog, schema); - CompareResults.writeResultSetToFile(bw, rs, logger); + CompareResults.writeResultSetToFile(bw, rs, logger, null); } private static void testGetTablePrivileges(BufferedWriter bw, Logger logger, DatabaseMetaData dbmeta, String data) throws SQLException { @@ -290,12 +290,12 @@ private static void testGetTablePrivileges(BufferedWriter bw, Logger logger, Dat String schema = parts[1]; String table = parts[2]; ResultSet rs = dbmeta.getTablePrivileges(catalog, schema, table); - CompareResults.writeResultSetToFile(bw, rs, logger); + CompareResults.writeResultSetToFile(bw, rs, logger, null); } private static void testGetTypeInfo(BufferedWriter bw, Logger logger, DatabaseMetaData dbmeta) throws SQLException { ResultSet rs = dbmeta.getTypeInfo(); - CompareResults.writeResultSetToFile(bw, rs, logger); + CompareResults.writeResultSetToFile(bw, rs, logger, null); } private static void testGetUserName(BufferedWriter bw, DatabaseMetaData dbmeta) throws SQLException, IOException { @@ -322,6 +322,6 @@ private static void testGetVersionColumns(BufferedWriter bw, Logger logger, Data String schema = parts[1]; String table = parts[2]; ResultSet rs = dbmeta.getVersionColumns(catalog, schema, table); - CompareResults.writeResultSetToFile(bw, rs, logger); + CompareResults.writeResultSetToFile(bw, rs, logger, null); } } diff --git a/test/JDBC/src/main/java/com/sqlsamples/JDBCPreparedStatement.java b/test/JDBC/src/main/java/com/sqlsamples/JDBCPreparedStatement.java index 33d7d806624..1ebd453c911 100644 --- a/test/JDBC/src/main/java/com/sqlsamples/JDBCPreparedStatement.java +++ b/test/JDBC/src/main/java/com/sqlsamples/JDBCPreparedStatement.java @@ -63,7 +63,7 @@ void testPreparedStatementWithFile(String[] result, BufferedWriter bw, String st handleSQLExceptionWithFile(e, bw, logger); resultsProcessed++; } - CompareResults.processResults(pstmt_bbl, bw, resultsProcessed, resultSetExist, warningExist, logger); + CompareResults.processResults(pstmt_bbl, bw, resultsProcessed, resultSetExist, warningExist, logger, null); } catch (IOException ioe) { logger.error("IO Exception: " + ioe.getMessage(), ioe); } diff --git a/test/JDBC/src/main/java/com/sqlsamples/JDBCStatement.java b/test/JDBC/src/main/java/com/sqlsamples/JDBCStatement.java index 903d920d3e4..b7b81e30e1c 100644 --- a/test/JDBC/src/main/java/com/sqlsamples/JDBCStatement.java +++ b/test/JDBC/src/main/java/com/sqlsamples/JDBCStatement.java @@ -32,7 +32,7 @@ void closeStatements(BufferedWriter bw, Logger logger) { } // function to write output of executed statement to a file - void testStatementWithFile(String SQL, BufferedWriter bw, String strLine, Logger logger){ + void testStatementWithFile(String SQL, BufferedWriter bw, String strLine, Logger logger, FilterConditions filterConditions){ try { bw.write(strLine); bw.newLine(); @@ -49,7 +49,7 @@ void testStatementWithFile(String SQL, BufferedWriter bw, String strLine, Logger handleSQLExceptionWithFile(e, bw, logger); resultsProcessed++; } - CompareResults.processResults(stmt_bbl, bw, resultsProcessed, resultSetExist, warningExist,logger); + CompareResults.processResults(stmt_bbl, bw, resultsProcessed, resultSetExist, warningExist, logger, filterConditions); } catch (IOException ioe) { logger.error("IO Exception: " + ioe.getMessage(), ioe); } diff --git a/test/JDBC/src/main/java/com/sqlsamples/batch_run.java b/test/JDBC/src/main/java/com/sqlsamples/batch_run.java index 4098ac87437..41029100c0f 100644 --- a/test/JDBC/src/main/java/com/sqlsamples/batch_run.java +++ b/test/JDBC/src/main/java/com/sqlsamples/batch_run.java @@ -4,6 +4,9 @@ import java.io.*; import java.sql.*; +import java.util.Set; +import java.util.HashSet; +import java.util.Arrays; import static com.sqlsamples.Config.*; import static com.sqlsamples.Statistics.exec_times; @@ -52,6 +55,7 @@ static void batch_run_sql(Connection con_bbl, BufferedWriter bw, String testFile DataInputStream in; BufferedReader br; boolean bashMode = false; + FilterConditions filterConditions = null; fstream = new FileInputStream(testFilePath); // get the object of DataInputStream @@ -301,6 +305,18 @@ static void batch_run_sql(Connection con_bbl, BufferedWriter bw, String testFile checkSingleDbModeExpected = true; continue; } + + if (strLine.toLowerCase().startsWith("-- ignore_columns")) { + String[] parts = strLine.split("-- ignore_columns\\s+"); + Set colsToIgnore = new HashSet<>(); + if (parts.length > 1) { + String[] numbers = parts[1].split(","); + for (String num : numbers) { + colsToIgnore.add(Integer.parseInt(num.trim())); + } + filterConditions = new FilterConditions(colsToIgnore); + } + } // execute statement as a normal SQL statement if (isSQLFile) { if (!strLine.equalsIgnoreCase("GO")) { @@ -343,7 +359,11 @@ static void batch_run_sql(Connection con_bbl, BufferedWriter bw, String testFile jdbcStatement.closeStatements(bw, logger); jdbcStatement.createStatements(con_bbl, bw, logger); - jdbcStatement.testStatementWithFile(SQL, bw, strLine, logger); + jdbcStatement.testStatementWithFile(SQL, bw, strLine, logger, filterConditions); + } + // reset certain objects after first sql batch + if (strLine.equalsIgnoreCase("GO")) { + filterConditions = null; } long endTime = System.nanoTime(); long duration = (endTime - startTime); diff --git a/test/JDBC/upgrade/latest/schedule b/test/JDBC/upgrade/latest/schedule index 7c486316552..72edb2ee13a 100644 --- a/test/JDBC/upgrade/latest/schedule +++ b/test/JDBC/upgrade/latest/schedule @@ -455,7 +455,7 @@ Test-sp_rename Test-sp_rename-dep Test-sp_set_session_context Test-sp_set_session_context-dep -BABEL-5742-sp_helplogins +z_sp_helplogins Test-Role-Member TestSQLVariant TestTableType diff --git a/test/python/expected/sql_validation_framework/expected_create.out b/test/python/expected/sql_validation_framework/expected_create.out index 22eeb69a446..33c672c4809 100644 --- a/test/python/expected/sql_validation_framework/expected_create.out +++ b/test/python/expected/sql_validation_framework/expected_create.out @@ -77,7 +77,6 @@ Could not find tests for procedure sys.babel_drop_all_logins Could not find tests for procedure sys.babel_initialize_logins Could not find tests for procedure sys.printarg Could not find tests for procedure sys.sp_describe_cursor -Could not find tests for procedure sys.sp_helplogins Could not find tests for table sys.babelfish_helpcollation Could not find tests for table sys.babelfish_partition_function Could not find tests for table sys.babelfish_partition_scheme @@ -190,7 +189,6 @@ Could not find upgrade tests for procedure sys.printarg Could not find upgrade tests for procedure sys.sp_column_privileges Could not find upgrade tests for procedure sys.sp_cursor_list Could not find upgrade tests for procedure sys.sp_describe_cursor -Could not find upgrade tests for procedure sys.sp_helplogins Could not find upgrade tests for procedure sys.sp_oledb_ro_usrname Could not find upgrade tests for procedure sys.sp_prepare Could not find upgrade tests for procedure sys.sp_reset_connection From 3befb69ee5bdc61623e8f9ae7be5d320bee8988a Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Fri, 23 May 2025 12:40:27 +0000 Subject: [PATCH 32/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../BABEL-5742-sp_helplogins-vu-cleanup.out | 37 -- .../BABEL-5742-sp_helplogins-vu-prepare.out | 3 - .../BABEL-5742-sp_helplogins-vu-verify.out | 321 ------------------ .../BABEL-5742-sp_helplogins-vu-cleanup.mix | 37 -- .../BABEL-5742-sp_helplogins-vu-prepare.mix | 3 - .../BABEL-5742-sp_helplogins-vu-verify.mix | 161 --------- test/JDBC/jdbc_schedule | 2 +- .../expected_create.out | 4 +- .../expected_drop.out | 4 +- 9 files changed, 5 insertions(+), 567 deletions(-) delete mode 100644 test/JDBC/expected/BABEL-5742-sp_helplogins-vu-cleanup.out delete mode 100644 test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out delete mode 100644 test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out delete mode 100644 test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-cleanup.mix delete mode 100644 test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-prepare.mix delete mode 100644 test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix diff --git a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-cleanup.out b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-cleanup.out deleted file mode 100644 index 0d053e58e1b..00000000000 --- a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-cleanup.out +++ /dev/null @@ -1,37 +0,0 @@ --- tsql user=jdbc_user password=12345678 database=master -drop user if exists userof_sp_helplogins_testlogin -GO - -drop login sp_helplogins_testlogin -GO - -drop user if exists userof_testloginwithsecurityadmin -GO - -drop user if exists userof_testloginwithsecurityadmin_indb1 -GO - -drop login testloginwithsecurityadmin -GO - -drop database sp_helplogins_db1 -GO - -drop user if exists userof_testloginwithsecurityadmin2 -GO - -drop login testloginwithsecurityadmin2 -GO - -drop login testloginindb1 -GO - -drop user if exists userof_testloginindb1 -GO - -drop login testloginwithoutusers -GO - --- psql -drop procedure sys.sp_helplogins_vu_test; -GO diff --git a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out deleted file mode 100644 index 105060117f7..00000000000 --- a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-prepare.out +++ /dev/null @@ -1,3 +0,0 @@ --- create a dummy db -create database sp_helplogins_db1 -GO diff --git a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out b/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out deleted file mode 100644 index 35ad47b5507..00000000000 --- a/test/JDBC/expected/BABEL-5742-sp_helplogins-vu-verify.out +++ /dev/null @@ -1,321 +0,0 @@ --- tsql - --- creating logins because instance level dump/restore does not migrate logins --- create a login with user in master with securityadmin server role --- create login with user in master with db_securityadmin role -create login sp_helplogins_testlogin with password = '12345678' -create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin -GO - -alter role db_securityadmin add member userof_sp_helplogins_testlogin -GO - - -create login testloginwithsecurityadmin with password = '12345678' -create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin -GO - -alter server role securityadmin add member testloginwithsecurityadmin -GO - --- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 -use sp_helplogins_db1 -GO -create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin -GO - -use master -GO - --- create a login which does not have any users -create login testloginwithoutusers with password = '12345678' -GO - --- create a login which is a member of securityadmin server role --- and has a user with db_securityadmin role in sp_helplogins_db1 -create login testloginwithsecurityadmin2 with password = '12345678' -GO - -alter server role securityadmin add member testloginwithsecurityadmin2 -GO - --- create a login and a user in sp_helplogins_db1 -create login testloginindb1 with password = '12345678' -GO - -use sp_helplogins_db1 -GO - -create user userof_testloginindb1 for login testloginindb1 -GO - -create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 -GO - -alter role db_securityadmin add member userof_testloginwithsecurityadmin2 -GO - --- psql - - - - - - - - - --- sp_helplogins returns two result sets --- creating test sp by omitting sid since it is an identifier which will change on every run --- since this is a server level proc, we need to filter out only results with objects which are created within the scope of this test --- in order to avoid interference with other tests --- hence adding filter conditions on logins, users and db_name --- logins = ['jdbc_user', 'sp_helplogins_testlogin', 'testloginindb1', 'testloginwithsecurityadmin2', 'testloginwithoutusers', 'testloginwithsecurityadmin'] --- dbs = ['sp_helplogins_db1', 'master', 'msdb', 'tempdb'] --- users = ['userof_sp_helplogins_testlogin', 'userof_testloginwithsecurityadmin_indb1', 'userof_testloginwithsecurityadmin', 'userof_testloginwithsecurityadmin2', 'userof_testloginindb1'] -create procedure sys.sp_helplogins_vu_test(IN "@loginname" sys.sysname DEFAULT NULL) -language pltsql -as $$ -declare @input_loginname sys.sysname -begin - IF is_srvrolemember('securityadmin') = 0 - BEGIN - RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 0; - END - IF @loginname IS NULL - BEGIN - SET NOCOUNT ON; - create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; - create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; - SET NOCOUNT OFF; - - select loginname, DefDBName, DefLangName, AUser, ARemote from #sp_helplogins_internal_logins_temp - where loginname in ('jdbc_user', 'sp_helplogins_testlogin', 'testloginwithsecurityadmin3', 'testloginindb1', 'testloginwithsecurityadmin2', 'testloginwithoutusers', 'testloginwithsecurityadmin') and - DefDBName in ('sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb') - order by loginname; - select * FROM #sp_helplogins_internal_user_mappings_temp - where loginname in ('jdbc_user', 'sp_helplogins_testlogin', 'testloginwithsecurityadmin3', 'testloginindb1', 'testloginwithsecurityadmin2', 'testloginwithoutusers', 'testloginwithsecurityadmin') and - DBName in ('sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb') - order by loginname; - END - ELSE - BEGIN - SET @input_loginname = sys.RTRIM(@loginname); - SET NOCOUNT ON; - create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; - create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; - SET NOCOUNT OFF; - SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp - where loginname = @input_loginname and DefDBName in ('sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb') - order by loginname; - SELECT * FROM #sp_helplogins_internal_user_mappings_temp - where loginname = @input_loginname and DBName in ('sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb') - order by loginname; - END; - RETURN 0; -end; -$$; -GO - --- tsql user=jdbc_user password=12345678 -EXEC sp_helplogins_vu_test -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -jdbc_user#!#master#!#English#!#YES#!#NO -sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -testloginindb1#!#master#!#English#!#YES#!#NO -testloginwithoutusers#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -jdbc_user#!#master#!#db_owner#!#Member of -jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User -jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of -jdbc_user#!#sp_helplogins_db1#!#dbo#!#User -jdbc_user#!#tempdb#!#db_owner#!#Member of -jdbc_user#!#tempdb#!#dbo#!#User -sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of -sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User -testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User -testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User -testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User -~~END~~ - - --- tsql user=sp_helplogins_testlogin password=12345678 -EXEC sp_helplogins_vu_test -GO -~~ERROR (Code: 50000)~~ - -~~ERROR (Message: User does not have permission to perform this action.)~~ - - --- tsql user=testloginwithsecurityadmin password=12345678 -EXEC sp_helplogins_vu_test -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -jdbc_user#!#master#!#English#!#YES#!#NO -sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -testloginindb1#!#master#!#English#!#YES#!#NO -testloginwithoutusers#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -jdbc_user#!#master#!#db_owner#!#Member of -jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User -jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of -jdbc_user#!#sp_helplogins_db1#!#dbo#!#User -jdbc_user#!#tempdb#!#db_owner#!#Member of -jdbc_user#!#tempdb#!#dbo#!#User -testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User -testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User -~~END~~ - - --- tsql user=testloginwithsecurityadmin2 password=12345678 -EXEC sp_helplogins_vu_test -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -jdbc_user#!#master#!#English#!#YES#!#NO -sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -testloginindb1#!#master#!#English#!#YES#!#NO -testloginwithoutusers#!#master#!#English#!#NO#!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -jdbc_user#!#master#!#db_owner#!#Member of -jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User -jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of -jdbc_user#!#sp_helplogins_db1#!#dbo#!#User -jdbc_user#!#tempdb#!#db_owner#!#Member of -jdbc_user#!#tempdb#!#dbo#!#User -testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User -testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User -~~END~~ - - --- tsql user=jdbc_user password=12345678 -EXEC sp_helplogins_vu_test 'jdbc_user' -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -jdbc_user#!#master#!#English#!#YES#!#NO -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -jdbc_user#!#master#!#db_owner#!#Member of -jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User -jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of -jdbc_user#!#sp_helplogins_db1#!#dbo#!#User -jdbc_user#!#tempdb#!#db_owner#!#Member of -jdbc_user#!#tempdb#!#dbo#!#User -~~END~~ - - -EXEC sp_helplogins_vu_test 'sp_helplogins_testlogin' -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of -sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User -~~END~~ - - -EXEC sp_helplogins_vu_test 'testloginwithsecurityadmin' -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User -testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User -~~END~~ - - -EXEC sp_helplogins_vu_test 'testloginwithsecurityadmin2' -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User -~~END~~ - - -EXEC sp_helplogins_vu_test 'testloginwithsecurityadmin2 ' -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User -~~END~~ - - -EXEC sp_helplogins_vu_test ' testloginwithsecurityadmin2 ' -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -~~END~~ - - -EXEC sp_helplogins_vu_test ' ' -GO -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar#!#nvarchar -~~END~~ - -~~START~~ -varchar#!#varchar#!#varchar#!#nvarchar -~~END~~ - diff --git a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-cleanup.mix b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-cleanup.mix deleted file mode 100644 index db3031292cf..00000000000 --- a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-cleanup.mix +++ /dev/null @@ -1,37 +0,0 @@ --- tsql user=jdbc_user password=12345678 database=master -drop user if exists userof_sp_helplogins_testlogin -GO - -drop login sp_helplogins_testlogin -GO - -drop user if exists userof_testloginwithsecurityadmin -GO - -drop user if exists userof_testloginwithsecurityadmin_indb1 -GO - -drop login testloginwithsecurityadmin -GO - -drop database sp_helplogins_db1 -GO - -drop user if exists userof_testloginwithsecurityadmin2 -GO - -drop login testloginwithsecurityadmin2 -GO - -drop login testloginindb1 -GO - -drop user if exists userof_testloginindb1 -GO - -drop login testloginwithoutusers -GO - --- psql -drop procedure sys.sp_helplogins_vu_test; -GO \ No newline at end of file diff --git a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-prepare.mix b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-prepare.mix deleted file mode 100644 index 2f4d82eb9fe..00000000000 --- a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-prepare.mix +++ /dev/null @@ -1,3 +0,0 @@ --- create a dummy db -create database sp_helplogins_db1 -GO \ No newline at end of file diff --git a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix deleted file mode 100644 index 02872a1f055..00000000000 --- a/test/JDBC/input/storedProcedures/BABEL-5742-sp_helplogins-vu-verify.mix +++ /dev/null @@ -1,161 +0,0 @@ --- tsql --- creating logins because instance level dump/restore does not migrate logins --- create a login with user in master with securityadmin server role - --- create login with user in master with db_securityadmin role -create login sp_helplogins_testlogin with password = '12345678' -create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin -GO - -alter role db_securityadmin add member userof_sp_helplogins_testlogin -GO - - -create login testloginwithsecurityadmin with password = '12345678' -create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin -GO - -alter server role securityadmin add member testloginwithsecurityadmin -GO - --- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 -use sp_helplogins_db1 -GO -create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin -GO - -use master -GO - --- create a login which does not have any users -create login testloginwithoutusers with password = '12345678' -GO - --- create a login which is a member of securityadmin server role --- and has a user with db_securityadmin role in sp_helplogins_db1 -create login testloginwithsecurityadmin2 with password = '12345678' -GO - -alter server role securityadmin add member testloginwithsecurityadmin2 -GO - --- create a login and a user in sp_helplogins_db1 -create login testloginindb1 with password = '12345678' -GO - -use sp_helplogins_db1 -GO - -create user userof_testloginindb1 for login testloginindb1 -GO - -create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 -GO - -alter role db_securityadmin add member userof_testloginwithsecurityadmin2 -GO - --- psql --- sp_helplogins returns two result sets --- creating test sp by omitting sid since it is an identifier which will change on every run --- since this is a server level proc, we need to filter out only results with objects which are created within the scope of this test --- in order to avoid interference with other tests --- hence adding filter conditions on logins, users and db_name --- logins = ['jdbc_user', 'sp_helplogins_testlogin', 'testloginindb1', 'testloginwithsecurityadmin2', 'testloginwithoutusers', 'testloginwithsecurityadmin'] --- dbs = ['sp_helplogins_db1', 'master', 'msdb', 'tempdb'] --- users = ['userof_sp_helplogins_testlogin', 'userof_testloginwithsecurityadmin_indb1', 'userof_testloginwithsecurityadmin', 'userof_testloginwithsecurityadmin2', 'userof_testloginindb1'] -create procedure sys.sp_helplogins_vu_test(IN "@loginname" sys.sysname DEFAULT NULL) -language pltsql -as $$ -declare @input_loginname sys.sysname -begin - - IF is_srvrolemember('securityadmin') = 0 - BEGIN - RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 0; - END - - IF @loginname IS NULL - BEGIN - SET NOCOUNT ON; - create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; - - create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; - SET NOCOUNT OFF; - - select loginname, DefDBName, DefLangName, AUser, ARemote from #sp_helplogins_internal_logins_temp - where loginname in ('jdbc_user', 'sp_helplogins_testlogin', 'testloginwithsecurityadmin3', 'testloginindb1', 'testloginwithsecurityadmin2', 'testloginwithoutusers', 'testloginwithsecurityadmin') and - DefDBName in ('sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb') - order by loginname; - select * FROM #sp_helplogins_internal_user_mappings_temp - where loginname in ('jdbc_user', 'sp_helplogins_testlogin', 'testloginwithsecurityadmin3', 'testloginindb1', 'testloginwithsecurityadmin2', 'testloginwithoutusers', 'testloginwithsecurityadmin') and - DBName in ('sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb') - order by loginname; - END - ELSE - BEGIN - SET @input_loginname = sys.RTRIM(@loginname); - - SET NOCOUNT ON; - - create table #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8)) - insert into #sp_helplogins_internal_logins_temp exec sp_helplogins_internal_logins; - - create table #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16)) - insert into #sp_helplogins_internal_user_mappings_temp exec sp_helplogins_internal_user_mappings; - - SET NOCOUNT OFF; - - SELECT loginname, DefDBName, DefLangName, AUser, ARemote FROM #sp_helplogins_internal_logins_temp - where loginname = @input_loginname and DefDBName in ('sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb') - order by loginname; - - SELECT * FROM #sp_helplogins_internal_user_mappings_temp - where loginname = @input_loginname and DBName in ('sp_helplogins_db2', 'sp_helplogins_db1', 'master', 'msdb', 'tempdb') - order by loginname; - END; - RETURN 0; -end; -$$; -GO - --- tsql user=jdbc_user password=12345678 -EXEC sp_helplogins_vu_test -GO - --- tsql user=sp_helplogins_testlogin password=12345678 -EXEC sp_helplogins_vu_test -GO - --- tsql user=testloginwithsecurityadmin password=12345678 -EXEC sp_helplogins_vu_test -GO - --- tsql user=testloginwithsecurityadmin2 password=12345678 -EXEC sp_helplogins_vu_test -GO - --- tsql user=jdbc_user password=12345678 -EXEC sp_helplogins_vu_test 'jdbc_user' -GO - -EXEC sp_helplogins_vu_test 'sp_helplogins_testlogin' -GO - -EXEC sp_helplogins_vu_test 'testloginwithsecurityadmin' -GO - -EXEC sp_helplogins_vu_test 'testloginwithsecurityadmin2' -GO - -EXEC sp_helplogins_vu_test 'testloginwithsecurityadmin2 ' -GO - -EXEC sp_helplogins_vu_test ' testloginwithsecurityadmin2 ' -GO - -EXEC sp_helplogins_vu_test ' ' -GO \ No newline at end of file diff --git a/test/JDBC/jdbc_schedule b/test/JDBC/jdbc_schedule index ff9008020e8..d71232d6983 100644 --- a/test/JDBC/jdbc_schedule +++ b/test/JDBC/jdbc_schedule @@ -8,7 +8,7 @@ # new line # 6. If you want the framework to not run certain files, use: ignore#!# - all +all # TODO ignore#!#charindex_and_replace_CIAI_collations diff --git a/test/python/expected/sql_validation_framework/expected_create.out b/test/python/expected/sql_validation_framework/expected_create.out index 33c672c4809..bec807e2b37 100644 --- a/test/python/expected/sql_validation_framework/expected_create.out +++ b/test/python/expected/sql_validation_framework/expected_create.out @@ -15,8 +15,8 @@ Could not find tests for function sys.bbf_is_role_member Could not find tests for function sys.bbf_pivot Could not find tests for function sys.bbf_xmlexist Could not find tests for function sys.columns_internal -Could not find tests for function sys.dateadd_internal Could not find tests for function sys.date_bucket_internal_helper +Could not find tests for function sys.dateadd_internal Could not find tests for function sys.datediff_internal Could not find tests for function sys.datepart_internal Could not find tests for function sys.default_domain @@ -116,8 +116,8 @@ Could not find upgrade tests for function sys.bbf_xmlexist Could not find upgrade tests for function sys.columns_internal Could not find upgrade tests for function sys.cursor_rows Could not find upgrade tests for function sys.cursor_status -Could not find upgrade tests for function sys.dateadd_internal Could not find upgrade tests for function sys.date_bucket_internal_helper +Could not find upgrade tests for function sys.dateadd_internal Could not find upgrade tests for function sys.datediff_internal Could not find upgrade tests for function sys.datepart_internal Could not find upgrade tests for function sys.default_domain diff --git a/test/python/expected/sql_validation_framework/expected_drop.out b/test/python/expected/sql_validation_framework/expected_drop.out index 5325b5e21f7..844ad8cde61 100644 --- a/test/python/expected/sql_validation_framework/expected_drop.out +++ b/test/python/expected/sql_validation_framework/expected_drop.out @@ -36,9 +36,7 @@ Unexpected drop found for function sys.babelfish_update_server_collation_name in Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--2.8.0--3.0.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--2.9.0--3.0.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.0.0--3.1.0.sql -Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.10.0--4.0.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.1.0--3.2.0.sql -Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.11.0--4.0.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.2.0--3.3.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.3.0--3.4.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.4.0--4.0.0.sql @@ -47,6 +45,8 @@ Unexpected drop found for function sys.babelfish_update_server_collation_name in Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.7.0--4.0.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.8.0--4.0.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.9.0--4.0.0.sql +Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.10.0--4.0.0.sql +Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--3.11.0--4.0.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--4.0.0--4.1.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--4.1.0--4.2.0.sql Unexpected drop found for function sys.babelfish_update_server_collation_name in file babelfishpg_tsql--4.2.0--4.3.0.sql From 19b2dae0cdf8ece654cc34d9321c30c153e39eb5 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Fri, 23 May 2025 18:47:17 +0000 Subject: [PATCH 33/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- test/JDBC/singledb_jdbc_schedule | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/JDBC/singledb_jdbc_schedule b/test/JDBC/singledb_jdbc_schedule index 51fbb4a01bb..87fd2c626fb 100644 --- a/test/JDBC/singledb_jdbc_schedule +++ b/test/JDBC/singledb_jdbc_schedule @@ -3,9 +3,9 @@ # 2. To ignore any test file, add an entry like ignore#!# # because these inherently execute with more than one db -ignore#!#BABEL-5742-sp_helplogins-vu-prepare -ignore#!#BABEL-5742-sp_helplogins-vu-verify -ignore#!#BABEL-5742-sp_helplogins-vu-cleanup +ignore#!#z_sp_helplogins-vu-prepare +ignore#!#z_sp_helplogins-vu-verify +ignore#!#z_sp_helplogins-vu-cleanup ignore#!#test_db_collation-vu-prepare ignore#!#test_db_collation-vu-verify From e458cde7270aac948799f188b3dcce3633cc8b3e Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Fri, 23 May 2025 21:04:37 +0000 Subject: [PATCH 34/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 26 ++++++++++--------- .../babelfishpg_tsql--5.2.0--5.3.0.sql | 26 ++++++++++--------- 2 files changed, 28 insertions(+), 24 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index 3ddcc885f69..bb7d2793ea8 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3780,15 +3780,15 @@ BEGIN CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname THEN 'YES' - WHEN Db.owner = LExt.orig_loginname THEN 'YES' + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname COLLATE database_default THEN 'YES' + WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN 'YES' ELSE 'NO' END AS AUser, CAST('NO' AS VARCHAR(8)) AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' - LEFT JOIN sys.babelfish_sysdatabases AS Db ON LExt.default_database_name COLLATE database_default = Db.name + LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name WHERE LExt.type NOT IN ('R', 'Z') SELECT @@ -3797,7 +3797,7 @@ BEGIN CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, 'User' AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name COLLATE database_default + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name WHERE UExt.type != 'R' AND UExt.orig_username != 'guest' AND has_dbaccess(UExt.database_name) = 1 AND @@ -3812,7 +3812,9 @@ BEGIN INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname - WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') AND UExt2.database_name = UExt.database_name AND UExt2.login_name = @current_username + WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') + AND UExt2.database_name = UExt.database_name + AND UExt2.login_name = @current_username ) ) UNION @@ -3826,7 +3828,7 @@ BEGIN INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name COLLATE database_default + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt1.database_name WHERE has_dbaccess(UExt2.database_name) = 1 AND ( @@ -3846,15 +3848,15 @@ BEGIN CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname THEN 'YES' - WHEN Db.owner = LExt.orig_loginname THEN 'YES' + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname COLLATE database_default THEN 'YES' + WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN 'YES' ELSE 'NO' END AS AUser, CAST('NO' AS VARCHAR(8)) AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' - LEFT JOIN sys.babelfish_sysdatabases AS Db ON LExt.default_database_name COLLATE database_default = Db.name + LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name WHERE LExt.type NOT IN ('R', 'Z') AND LExt.orig_loginname = @input_loginname SELECT @@ -3863,7 +3865,7 @@ BEGIN CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, 'User' AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name COLLATE database_default + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name WHERE UExt.type != 'R' AND UExt.orig_username != 'guest' AND has_dbaccess(UExt.database_name) = 1 AND @@ -3879,10 +3881,10 @@ BEGIN INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name COLLATE database_default + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt1.database_name WHERE has_dbaccess(UExt2.database_name) = 1 AND - COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) = @input_loginname + COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) = @input_loginname END; RETURN 0; diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index 9406bf7f808..68ae60cd7a5 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -144,15 +144,15 @@ BEGIN CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname THEN 'YES' - WHEN Db.owner = LExt.orig_loginname THEN 'YES' + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname COLLATE database_default THEN 'YES' + WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN 'YES' ELSE 'NO' END AS AUser, CAST('NO' AS VARCHAR(8)) AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' - LEFT JOIN sys.babelfish_sysdatabases AS Db ON LExt.default_database_name COLLATE database_default = Db.name + LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name WHERE LExt.type NOT IN ('R', 'Z') SELECT @@ -161,7 +161,7 @@ BEGIN CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, 'User' AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name COLLATE database_default + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name WHERE UExt.type != 'R' AND UExt.orig_username != 'guest' AND has_dbaccess(UExt.database_name) = 1 AND @@ -176,7 +176,9 @@ BEGIN INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname - WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') AND UExt2.database_name = UExt.database_name AND UExt2.login_name = @current_username + WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') + AND UExt2.database_name = UExt.database_name + AND UExt2.login_name = @current_username ) ) UNION @@ -190,7 +192,7 @@ BEGIN INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name COLLATE database_default + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt1.database_name WHERE has_dbaccess(UExt2.database_name) = 1 AND ( @@ -210,15 +212,15 @@ BEGIN CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname THEN 'YES' - WHEN Db.owner = LExt.orig_loginname THEN 'YES' + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname COLLATE database_default THEN 'YES' + WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN 'YES' ELSE 'NO' END AS AUser, CAST('NO' AS VARCHAR(8)) AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' - LEFT JOIN sys.babelfish_sysdatabases AS Db ON LExt.default_database_name COLLATE database_default = Db.name + LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name WHERE LExt.type NOT IN ('R', 'Z') AND LExt.orig_loginname = @input_loginname SELECT @@ -227,7 +229,7 @@ BEGIN CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, 'User' AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name COLLATE database_default + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name WHERE UExt.type != 'R' AND UExt.orig_username != 'guest' AND has_dbaccess(UExt.database_name) = 1 AND @@ -243,10 +245,10 @@ BEGIN INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name COLLATE database_default + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt1.database_name WHERE has_dbaccess(UExt2.database_name) = 1 AND - COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) = @input_loginname + COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) = @input_loginname END; RETURN 0; From 3c2d64535763263f8b5c2504c17321681186bc06 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Fri, 23 May 2025 22:01:42 +0000 Subject: [PATCH 35/54] testing to find out failures in GA where tests are not able to get msdb for a specific testcase --- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 39 +++++++++++++++++++ .../babelfishpg_tsql--5.2.0--5.3.0.sql | 39 +++++++++++++++++++ 2 files changed, 78 insertions(+) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index bb7d2793ea8..bf377048f50 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3790,6 +3790,45 @@ BEGIN LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name WHERE LExt.type NOT IN ('R', 'Z') + + + + + + + -- trying to find out failures in GA where tests are not able to get msdb for a specific testcase + SELECT + CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt.database_name AS sys.SYSNAME) AS DBName, + CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, + 'User' AS UserOrAlias, + has_dbaccess(UExt.database_name) + FROM sys.babelfish_authid_user_ext UExt + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name + WHERE UExt.type != 'R' AND + UExt.orig_username != 'guest' + + + SELECT + CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, + CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, + 'Member of' AS UserOrAlias, + has_dbaccess(UExt2.database_name), + UExt2.login_name + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt1.database_name; + + + + + + + SELECT CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index 68ae60cd7a5..9274e7cdf25 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -154,6 +154,45 @@ BEGIN LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name WHERE LExt.type NOT IN ('R', 'Z') + + + + + + + -- trying to find out failures in GA where tests are not able to get msdb for a specific testcase + SELECT + CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt.database_name AS sys.SYSNAME) AS DBName, + CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, + 'User' AS UserOrAlias, + has_dbaccess(UExt.database_name) + FROM sys.babelfish_authid_user_ext UExt + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name + WHERE UExt.type != 'R' AND + UExt.orig_username != 'guest' + + + SELECT + CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, + CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, + 'Member of' AS UserOrAlias, + has_dbaccess(UExt2.database_name), + UExt2.login_name + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' + INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt1.database_name; + + + + + + + SELECT CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, From 40a83d23a5a494a959b465703af0dd894d2f8086 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Sat, 24 May 2025 06:06:37 +0000 Subject: [PATCH 36/54] testing to find out failures in GA where tests are not able to get msdb for a specific testcase --- contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index bf377048f50..cf38a67fd0b 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3797,6 +3797,10 @@ BEGIN -- trying to find out failures in GA where tests are not able to get msdb for a specific testcase + + select database_name, orig_username, user_can_connect from sys.babelfish_authid_user_ext; + + SELECT CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, From 6c89c70f8df66467b3c618750ff86d2c52a66c60 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Sat, 24 May 2025 07:32:05 +0000 Subject: [PATCH 37/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 45 +------------------ .../BABEL_GRANT_CONNECT-vu-verify.out | 7 +++ .../input/BABEL_GRANT_CONNECT-vu-verify.mix | 7 +++ 3 files changed, 15 insertions(+), 44 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index cf38a67fd0b..44dc34982e1 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3790,50 +3790,7 @@ BEGIN LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name WHERE LExt.type NOT IN ('R', 'Z') - - - - - - - -- trying to find out failures in GA where tests are not able to get msdb for a specific testcase - - select database_name, orig_username, user_can_connect from sys.babelfish_authid_user_ext; - - - SELECT - CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt.database_name AS sys.SYSNAME) AS DBName, - CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - 'User' AS UserOrAlias, - has_dbaccess(UExt.database_name) - FROM sys.babelfish_authid_user_ext UExt - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name - WHERE UExt.type != 'R' AND - UExt.orig_username != 'guest' - - - SELECT - CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, - CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, - 'Member of' AS UserOrAlias, - has_dbaccess(UExt2.database_name), - UExt2.login_name - FROM pg_catalog.pg_auth_members AS Authmbr - INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid - INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt1.database_name; - - - - - - - - + SELECT CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, diff --git a/test/JDBC/expected/BABEL_GRANT_CONNECT-vu-verify.out b/test/JDBC/expected/BABEL_GRANT_CONNECT-vu-verify.out index 013bbe1c2e4..335d0098b24 100644 --- a/test/JDBC/expected/BABEL_GRANT_CONNECT-vu-verify.out +++ b/test/JDBC/expected/BABEL_GRANT_CONNECT-vu-verify.out @@ -213,3 +213,10 @@ int 1 ~~END~~ + +-- tsql +use msdb +go + +grant connect to guest +go diff --git a/test/JDBC/input/BABEL_GRANT_CONNECT-vu-verify.mix b/test/JDBC/input/BABEL_GRANT_CONNECT-vu-verify.mix index 35441082fc8..a7d0ad5f460 100644 --- a/test/JDBC/input/BABEL_GRANT_CONNECT-vu-verify.mix +++ b/test/JDBC/input/BABEL_GRANT_CONNECT-vu-verify.mix @@ -144,3 +144,10 @@ go select has_dbaccess('grant_connect_db1'); go + +-- tsql +use msdb +go + +grant connect to guest +go \ No newline at end of file From 223e37e18ed8392c4849445065d8d7bd5c980b10 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Sat, 24 May 2025 09:32:45 +0000 Subject: [PATCH 38/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- test/JDBC/expected/BABEL_GRANT_CONNECT-vu-verify.out | 7 ------- test/JDBC/expected/restricted_objects-vu-cleanup.out | 3 +++ test/JDBC/input/BABEL_GRANT_CONNECT-vu-verify.mix | 7 ------- test/JDBC/input/restricted_objects-vu-cleanup.mix | 3 +++ 4 files changed, 6 insertions(+), 14 deletions(-) diff --git a/test/JDBC/expected/BABEL_GRANT_CONNECT-vu-verify.out b/test/JDBC/expected/BABEL_GRANT_CONNECT-vu-verify.out index 335d0098b24..013bbe1c2e4 100644 --- a/test/JDBC/expected/BABEL_GRANT_CONNECT-vu-verify.out +++ b/test/JDBC/expected/BABEL_GRANT_CONNECT-vu-verify.out @@ -213,10 +213,3 @@ int 1 ~~END~~ - --- tsql -use msdb -go - -grant connect to guest -go diff --git a/test/JDBC/expected/restricted_objects-vu-cleanup.out b/test/JDBC/expected/restricted_objects-vu-cleanup.out index c3a95c0c220..7c58f8fcf71 100644 --- a/test/JDBC/expected/restricted_objects-vu-cleanup.out +++ b/test/JDBC/expected/restricted_objects-vu-cleanup.out @@ -104,3 +104,6 @@ GO DROP LOGIN babel_5146_user_l1; GO + +GRANT CONNECT TO guest; +GO diff --git a/test/JDBC/input/BABEL_GRANT_CONNECT-vu-verify.mix b/test/JDBC/input/BABEL_GRANT_CONNECT-vu-verify.mix index a7d0ad5f460..35441082fc8 100644 --- a/test/JDBC/input/BABEL_GRANT_CONNECT-vu-verify.mix +++ b/test/JDBC/input/BABEL_GRANT_CONNECT-vu-verify.mix @@ -144,10 +144,3 @@ go select has_dbaccess('grant_connect_db1'); go - --- tsql -use msdb -go - -grant connect to guest -go \ No newline at end of file diff --git a/test/JDBC/input/restricted_objects-vu-cleanup.mix b/test/JDBC/input/restricted_objects-vu-cleanup.mix index 109c6aea185..33b01910db1 100644 --- a/test/JDBC/input/restricted_objects-vu-cleanup.mix +++ b/test/JDBC/input/restricted_objects-vu-cleanup.mix @@ -93,4 +93,7 @@ USE msdb; GO DROP LOGIN babel_5146_user_l1; +GO + +GRANT CONNECT TO guest; GO \ No newline at end of file From 13e8f221a89c8adc9d595734452f08bab794ac9b Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Sat, 24 May 2025 11:28:36 +0000 Subject: [PATCH 39/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../babelfishpg_tsql--5.2.0--5.3.0.sql | 41 +------------------ .../BABEL_GRANT_CONNECT-vu-verify.out | 4 ++ .../input/BABEL_GRANT_CONNECT-vu-verify.mix | 4 ++ 3 files changed, 9 insertions(+), 40 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index 9274e7cdf25..242dbd1fe12 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -154,46 +154,7 @@ BEGIN LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name WHERE LExt.type NOT IN ('R', 'Z') - - - - - - - -- trying to find out failures in GA where tests are not able to get msdb for a specific testcase - SELECT - CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt.database_name AS sys.SYSNAME) AS DBName, - CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - 'User' AS UserOrAlias, - has_dbaccess(UExt.database_name) - FROM sys.babelfish_authid_user_ext UExt - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name - WHERE UExt.type != 'R' AND - UExt.orig_username != 'guest' - - - SELECT - CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, - CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, - CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, - 'Member of' AS UserOrAlias, - has_dbaccess(UExt2.database_name), - UExt2.login_name - FROM pg_catalog.pg_auth_members AS Authmbr - INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid - INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member - INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' - INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt1.database_name; - - - - - - - - + SELECT CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, diff --git a/test/JDBC/expected/BABEL_GRANT_CONNECT-vu-verify.out b/test/JDBC/expected/BABEL_GRANT_CONNECT-vu-verify.out index 013bbe1c2e4..bf9eb8e6109 100644 --- a/test/JDBC/expected/BABEL_GRANT_CONNECT-vu-verify.out +++ b/test/JDBC/expected/BABEL_GRANT_CONNECT-vu-verify.out @@ -59,6 +59,10 @@ go ~~ERROR (Message: User 'guest' cannot be dropped, it can only be disabled. The user is already disabled in the current database.)~~ +-- re-enabling connect on guest user +grant connect to guest; +go + -- reset the login password alter login grant_connect_abc with password = 'Babel123' go diff --git a/test/JDBC/input/BABEL_GRANT_CONNECT-vu-verify.mix b/test/JDBC/input/BABEL_GRANT_CONNECT-vu-verify.mix index 35441082fc8..f8e6dc8cf1a 100644 --- a/test/JDBC/input/BABEL_GRANT_CONNECT-vu-verify.mix +++ b/test/JDBC/input/BABEL_GRANT_CONNECT-vu-verify.mix @@ -39,6 +39,10 @@ go drop user guest; go +-- re-enabling connect on guest user +grant connect to guest; +go + -- reset the login password alter login grant_connect_abc with password = 'Babel123' go From 5d1fbf82d8ab28bfeb425595ff35a9108b4bec3c Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Mon, 26 May 2025 11:02:44 +0000 Subject: [PATCH 40/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .gitignore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index ffb331b6c89..2a395cf5c8c 100644 --- a/.gitignore +++ b/.gitignore @@ -18,8 +18,8 @@ test/JDBC/target/maven-status/* test/JDBC/target/surefire-reports/* test/JDBC/target/test-classes/* -contrib/babelfishpg_common/sql/babelfishpg_common--[0-9].[0-9].[0-9]--[0-9].[0-9].[0-9].sql -contrib/babelfishpg_common/sql/babelfishpg_common--[0-9].[0-9].[0-9].sql +contrib/babelfishpg_common/sql/babelfishpg_common--[0-9]*.[0-9]*.[0-9]*--[0-9]*.[0-9]*.[0-9]*.sql +contrib/babelfishpg_common/sql/babelfishpg_common--[0-9]*.[0-9]*.[0-9]*.sql contrib/babelfishpg_common/src/geo_parser.c contrib/babelfishpg_common/src/geo_scan.c contrib/babelfishpg_money/babelfishpg_money--[0-9].[0-9].[0-9].sql From 5474f104e66a4679d6740c2caab9569e0692043a Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Thu, 29 May 2025 10:17:34 +0000 Subject: [PATCH 41/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 28 +-- .../babelfishpg_tsql--5.2.0--5.3.0.sql | 186 +++++++++--------- test/JDBC/README.md | 24 +++ .../expected/z_sp_helplogins-vu-cleanup.out | 42 +++- .../expected/z_sp_helplogins-vu-prepare.out | 3 + .../expected/z_sp_helplogins-vu-verify.out | 78 +++++++- .../z_sp_helplogins-vu-cleanup.mix | 42 +++- .../z_sp_helplogins-vu-prepare.mix | 3 + .../z_sp_helplogins-vu-verify.mix | 49 ++++- 9 files changed, 333 insertions(+), 122 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index 44dc34982e1..1d0d7bcf360 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3763,7 +3763,7 @@ DECLARE @current_username sys.nvarchar(128) DECLARE @is_sysadmin BIT BEGIN - IF is_srvrolemember('securityadmin') = 0 + IF is_srvrolemember('securityadmin') = 0 BEGIN RAISERROR('User does not have permission to perform this action.', 16, 1); RETURN 0; @@ -3780,11 +3780,11 @@ BEGIN CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname COLLATE database_default THEN 'YES' - WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN 'YES' - ELSE 'NO' + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.varchar(5)) + WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.varchar(5)) + ELSE CAST('NO' AS sys.varchar(5)) END AS AUser, - CAST('NO' AS VARCHAR(8)) AS ARemote -- Currently we do not support linking local logins to remote logins + CAST('NO' AS sys.varchar(8)) AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' @@ -3795,7 +3795,7 @@ BEGIN CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - 'User' AS UserOrAlias + CAST('User' AS sys.varchar(8)) AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name WHERE UExt.type != 'R' AND @@ -3821,8 +3821,8 @@ BEGIN SELECT CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, - CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, - 'Member of' AS UserOrAlias + CAST(UExt1.orig_username AS sys.SYSNAME) AS UserName, + CAST('Member of' AS sys.varchar(10)) AS UserOrAlias FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member @@ -3848,11 +3848,11 @@ BEGIN CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname COLLATE database_default THEN 'YES' - WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN 'YES' - ELSE 'NO' + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.varchar(5)) + WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.varchar(5)) + ELSE CAST('NO' AS sys.varchar(5)) END AS AUser, - CAST('NO' AS VARCHAR(8)) AS ARemote -- Currently we do not support linking local logins to remote logins + CAST('NO' AS sys.varchar(8)) AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' @@ -3863,7 +3863,7 @@ BEGIN CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - 'User' AS UserOrAlias + CAST('User' AS sys.varchar(8)) AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name WHERE UExt.type != 'R' AND @@ -3875,7 +3875,7 @@ BEGIN CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, - 'Member of' AS UserOrAlias + CAST('Member of' AS sys.varchar(10)) AS UserOrAlias FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index 242dbd1fe12..e936ebf8426 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -119,6 +119,85 @@ END; $$ LANGUAGE plpgsql IMMUTABLE; +CREATE OR REPLACE VIEW sys.server_permissions AS +WITH super_user AS (SELECT datdba AS super_user FROM pg_database WHERE datname = CURRENT_DATABASE()) +SELECT +CAST(100 AS sys.tinyint) AS class, +CAST('SERVER' AS sys.nvarchar(60)) AS class_desc, +CAST(0 AS int) AS major_id, +CAST(0 AS int) AS minor_id, +CAST(Base.oid AS INT) AS grantee_principal_id, +CAST((SELECT super_user FROM super_user) AS INT) AS grantor_principal_id, +CAST('COSQ' AS sys.BPCHAR(4)) AS type, +CAST('CONNECT SQL' AS sys.nvarchar(128)) AS permission_name, +CAST('G' AS sys.BPCHAR(1)) AS state, +CAST('GRANT' AS sys.nvarchar(60)) AS state_desc +FROM pg_catalog.pg_roles AS Base +INNER JOIN sys.babelfish_authid_login_ext AS Ext ON Base.rolname = Ext.rolname +WHERE(pg_has_role(sys.suser_id(), 'sysadmin'::TEXT, 'MEMBER') + OR pg_has_role(sys.suser_id(), 'securityadmin'::TEXT, 'MEMBER') + OR Base.rolname = sys.suser_name() COLLATE sys.database_default + OR Base.rolname = (SELECT pg_get_userbyid(super_user) FROM super_user)) + AND Ext.type IN ('S', 'U') +UNION ALL +SELECT +CAST(105 AS sys.tinyint) AS class, +CAST('ENDPOINT' AS sys.nvarchar(60)) AS class_desc, +CAST(4 AS int) AS major_id, +CAST(0 AS int) AS minor_id, +CAST(2 AS INT) AS grantee_principal_id, +CAST((SELECT super_user FROM super_user) AS INT) AS grantor_principal_id, +CAST('CO' AS sys.BPCHAR(4)) AS type, +CAST('CONNECT' AS sys.nvarchar(128)) AS permission_name, +CAST('G' AS sys.BPCHAR(1)) AS state, +CAST('GRANT' AS sys.nvarchar(60)) AS state_desc; +GRANT SELECT ON sys.server_permissions TO PUBLIC; + +DO $$ +DECLARE + exception_message text; +BEGIN + ALTER VIEW sys.sql_logins RENAME TO sql_logins_deprecated_in_5_3_0; +EXCEPTION WHEN OTHERS THEN + GET STACKED DIAGNOSTICS + exception_message = MESSAGE_TEXT; + RAISE WARNING '%', exception_message; +END; +$$; + +CALL sys.babelfish_drop_deprecated_object('view', 'sys', 'sql_logins_deprecated_in_5_3_0'); + +CREATE OR REPLACE VIEW sys.sql_logins AS +WITH super_user AS (SELECT pg_get_userbyid(datdba) COLLATE sys.database_default AS super_user FROM pg_database WHERE datname = CURRENT_DATABASE()) +SELECT + CAST(Ext.orig_loginname AS sys.SYSNAME) AS name, + CAST(Base.oid AS INT) AS principal_id, + CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, + CAST('S' AS sys.BPCHAR(1)) AS type, + CAST('SQL_LOGIN' AS sys.NVARCHAR(60)) AS type_desc, + CAST(Ext.is_disabled AS INT) AS is_disabled, + CAST(Ext.create_date AS SYS.DATETIME) AS create_date, + CAST(Ext.modify_date AS SYS.DATETIME) AS modify_date, + CAST(Ext.default_database_name AS SYS.SYSNAME) AS default_database_name, + CAST(Ext.default_language_name AS SYS.SYSNAME) AS default_language_name, + CAST(Ext.credential_id AS INT) AS credential_id, + CAST( + CASE + WHEN Ext.orig_loginname = (SELECT super_user FROM super_user) THEN 0 + ELSE 1 + END + AS sys.BIT) AS is_policy_checked, + CAST(0 AS sys.BIT) AS is_expiration_checked, + CAST(NULL AS sys.varbinary(256)) AS password_hash +FROM pg_catalog.pg_roles AS Base +INNER JOIN sys.babelfish_authid_login_ext AS Ext ON Base.rolname = Ext.rolname +WHERE(pg_has_role(sys.suser_id(), 'sysadmin'::TEXT, 'MEMBER') + OR pg_has_role(sys.suser_id(), 'securityadmin'::TEXT, 'MEMBER') + OR Ext.orig_loginname = sys.suser_name() + OR Ext.orig_loginname = (SELECT super_user FROM super_user)) + AND Ext.type = 'S'; +GRANT SELECT ON sys.sql_logins TO PUBLIC; + CREATE OR REPLACE PROCEDURE sys.sp_helplogins(IN "@loginname" sys.sysname DEFAULT NULL) LANGUAGE pltsql AS $$ @@ -127,7 +206,7 @@ DECLARE @current_username sys.nvarchar(128) DECLARE @is_sysadmin BIT BEGIN - IF is_srvrolemember('securityadmin') = 0 + IF is_srvrolemember('securityadmin') = 0 BEGIN RAISERROR('User does not have permission to perform this action.', 16, 1); RETURN 0; @@ -144,11 +223,11 @@ BEGIN CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname COLLATE database_default THEN 'YES' - WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN 'YES' - ELSE 'NO' + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.varchar(5)) + WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.varchar(5)) + ELSE CAST('NO' AS sys.varchar(5)) END AS AUser, - CAST('NO' AS VARCHAR(8)) AS ARemote -- Currently we do not support linking local logins to remote logins + CAST('NO' AS sys.varchar(8)) AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' @@ -159,7 +238,7 @@ BEGIN CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - 'User' AS UserOrAlias + CAST('User' AS sys.varchar(8)) AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name WHERE UExt.type != 'R' AND @@ -185,8 +264,8 @@ BEGIN SELECT CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, - CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, - 'Member of' AS UserOrAlias + CAST(UExt1.orig_username AS sys.SYSNAME) AS UserName, + CAST('Member of' AS sys.varchar(10)) AS UserOrAlias FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member @@ -212,11 +291,11 @@ BEGIN CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname COLLATE database_default THEN 'YES' - WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN 'YES' - ELSE 'NO' + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.varchar(5)) + WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.varchar(5)) + ELSE CAST('NO' AS sys.varchar(5)) END AS AUser, - CAST('NO' AS VARCHAR(8)) AS ARemote -- Currently we do not support linking local logins to remote logins + CAST('NO' AS sys.varchar(8)) AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' @@ -227,7 +306,7 @@ BEGIN CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - 'User' AS UserOrAlias + CAST('User' AS sys.varchar(8)) AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name WHERE UExt.type != 'R' AND @@ -239,7 +318,7 @@ BEGIN CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, - 'Member of' AS UserOrAlias + CAST('Member of' AS sys.varchar(10)) AS UserOrAlias FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member @@ -256,85 +335,6 @@ END; $$; GRANT EXECUTE ON PROCEDURE sys.sp_helplogins TO PUBLIC; -CREATE OR REPLACE VIEW sys.server_permissions AS -WITH super_user AS (SELECT datdba AS super_user FROM pg_database WHERE datname = CURRENT_DATABASE()) -SELECT -CAST(100 AS sys.tinyint) AS class, -CAST('SERVER' AS sys.nvarchar(60)) AS class_desc, -CAST(0 AS int) AS major_id, -CAST(0 AS int) AS minor_id, -CAST(Base.oid AS INT) AS grantee_principal_id, -CAST((SELECT super_user FROM super_user) AS INT) AS grantor_principal_id, -CAST('COSQ' AS sys.BPCHAR(4)) AS type, -CAST('CONNECT SQL' AS sys.nvarchar(128)) AS permission_name, -CAST('G' AS sys.BPCHAR(1)) AS state, -CAST('GRANT' AS sys.nvarchar(60)) AS state_desc -FROM pg_catalog.pg_roles AS Base -INNER JOIN sys.babelfish_authid_login_ext AS Ext ON Base.rolname = Ext.rolname -WHERE(pg_has_role(sys.suser_id(), 'sysadmin'::TEXT, 'MEMBER') - OR pg_has_role(sys.suser_id(), 'securityadmin'::TEXT, 'MEMBER') - OR Base.rolname = sys.suser_name() COLLATE sys.database_default - OR Base.rolname = (SELECT pg_get_userbyid(super_user) FROM super_user)) - AND Ext.type IN ('S', 'U') -UNION ALL -SELECT -CAST(105 AS sys.tinyint) AS class, -CAST('ENDPOINT' AS sys.nvarchar(60)) AS class_desc, -CAST(4 AS int) AS major_id, -CAST(0 AS int) AS minor_id, -CAST(2 AS INT) AS grantee_principal_id, -CAST((SELECT super_user FROM super_user) AS INT) AS grantor_principal_id, -CAST('CO' AS sys.BPCHAR(4)) AS type, -CAST('CONNECT' AS sys.nvarchar(128)) AS permission_name, -CAST('G' AS sys.BPCHAR(1)) AS state, -CAST('GRANT' AS sys.nvarchar(60)) AS state_desc; -GRANT SELECT ON sys.server_permissions TO PUBLIC; - -DO $$ -DECLARE - exception_message text; -BEGIN - ALTER VIEW sys.sql_logins RENAME TO sql_logins_deprecated_in_5_3_0; -EXCEPTION WHEN OTHERS THEN - GET STACKED DIAGNOSTICS - exception_message = MESSAGE_TEXT; - RAISE WARNING '%', exception_message; -END; -$$; - -CALL sys.babelfish_drop_deprecated_object('view', 'sys', 'sql_logins_deprecated_in_5_3_0'); - -CREATE OR REPLACE VIEW sys.sql_logins AS -WITH super_user AS (SELECT pg_get_userbyid(datdba) COLLATE sys.database_default AS super_user FROM pg_database WHERE datname = CURRENT_DATABASE()) -SELECT - CAST(Ext.orig_loginname AS sys.SYSNAME) AS name, - CAST(Base.oid AS INT) AS principal_id, - CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, - CAST('S' AS sys.BPCHAR(1)) AS type, - CAST('SQL_LOGIN' AS sys.NVARCHAR(60)) AS type_desc, - CAST(Ext.is_disabled AS INT) AS is_disabled, - CAST(Ext.create_date AS SYS.DATETIME) AS create_date, - CAST(Ext.modify_date AS SYS.DATETIME) AS modify_date, - CAST(Ext.default_database_name AS SYS.SYSNAME) AS default_database_name, - CAST(Ext.default_language_name AS SYS.SYSNAME) AS default_language_name, - CAST(Ext.credential_id AS INT) AS credential_id, - CAST( - CASE - WHEN Ext.orig_loginname = (SELECT super_user FROM super_user) THEN 0 - ELSE 1 - END - AS sys.BIT) AS is_policy_checked, - CAST(0 AS sys.BIT) AS is_expiration_checked, - CAST(NULL AS sys.varbinary(256)) AS password_hash -FROM pg_catalog.pg_roles AS Base -INNER JOIN sys.babelfish_authid_login_ext AS Ext ON Base.rolname = Ext.rolname -WHERE(pg_has_role(sys.suser_id(), 'sysadmin'::TEXT, 'MEMBER') - OR pg_has_role(sys.suser_id(), 'securityadmin'::TEXT, 'MEMBER') - OR Ext.orig_loginname = sys.suser_name() - OR Ext.orig_loginname = (SELECT super_user FROM super_user)) - AND Ext.type = 'S'; -GRANT SELECT ON sys.sql_logins TO PUBLIC; - CREATE OR REPLACE FUNCTION sys.isnumeric(IN expr ANYELEMENT) RETURNS INTEGER AS 'babelfishpg_tsql', 'isnumeric' diff --git a/test/JDBC/README.md b/test/JDBC/README.md index e6cd1f72bf6..8003f5a16c7 100644 --- a/test/JDBC/README.md +++ b/test/JDBC/README.md @@ -371,6 +371,30 @@ GO Input file type: `.mix` +--- + +### Ignoring non-deterministic columns in the diff +In case there are columns like identifier which are non-deterministic and change across each run, you can ignore such columns without any SQL changes. Use the `-- ignore_columns` options and pass the column numbers to be ignored. +```sql +-- ignore_columns + +GO -- after this delimiter, the ignore_columns will be reset and not apply hereafter, unless specified again +``` + +**Note:** If there are multiple result sets, the specified columns will be ignored from the first result only. + +**Example:** +```sql +-- tsql +-- ignore_columns 2 +SELECT name, id FROM mytable1; +SELECT name FROM mytable2 +GO +``` + +In this case, the column number 2 i.e. the id will be ignored from the first result set and the second result set outputslike normal. + + --- ### **IMPORTANT** diff --git a/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out b/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out index 8de2be985eb..676d6519026 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out @@ -14,12 +14,6 @@ GO drop login testloginwithsecurityadmin GO -drop database sp_helplogins_db1 -GO - -drop user if exists userof_testloginwithsecurityadmin2 -GO - drop login testloginwithsecurityadmin2 GO @@ -37,3 +31,39 @@ GO drop login testloginwithotherdefdb GO + +use sp_helplogins_db1 +GO +alter role sp_helplogins_role drop member userof_testloginwithsecurityadmin2 +GO +drop role sp_helplogins_role; +GO +use master +GO + +drop user if exists userof_testloginwithsecurityadmin2 +GO + +drop user [userof@sp$chars*logins]; +drop login [sp_help@logins$with%sp*chars]; +GO + +-- creating login and user of longer lengths +declare @loginname sys.sysname = cast(repeat('a', 63) as sysname); +declare @username sys.sysname = cast(repeat('b', 63) as sysname); +declare @droploginstmt varchar(max) = 'DROP LOGIN [' + @loginName + ']'; +declare @dropuserstmt varchar(max) = 'DROP USER [' + @username + ']' +exec (@dropuserstmt) +exec (@droploginstmt) +GO + +drop user sp_helplogins_vu_windows_user; +drop login [helplogins\win] +GO + +drop database sp_helplogins_db1; +GO + + +drop database sp_helplogins_db2; +GO diff --git a/test/JDBC/expected/z_sp_helplogins-vu-prepare.out b/test/JDBC/expected/z_sp_helplogins-vu-prepare.out index 105060117f7..cbba548c7f4 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-prepare.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-prepare.out @@ -1,3 +1,6 @@ -- create a dummy db create database sp_helplogins_db1 GO + +create database sp_helplogins_db2 +GO diff --git a/test/JDBC/expected/z_sp_helplogins-vu-verify.out b/test/JDBC/expected/z_sp_helplogins-vu-verify.out index 75c50c177a2..ce751b2224c 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-verify.out @@ -1,6 +1,7 @@ -- tsql --- creating logins because instance level dump/restore does not migrate logins + +-- creating logins in verify because instance level dump/restore does not migrate logins -- create a login with user in master with securityadmin server role -- create login with user in master with db_securityadmin role create login sp_helplogins_testlogin with password = '12345678' @@ -61,13 +62,56 @@ GO create user u_testloginwithotherdefdb for login testloginwithotherdefdb GO +-- create database role +create role sp_helplogins_role; +alter role sp_helplogins_role add member userof_testloginwithsecurityadmin2 +GO + +-- add user to a fixed db role +alter role db_datareader add member u_testloginwithotherdefdb +GO + +use master; +GO + +-- create login and user with special chars +create login [sp_help@logins$with%sp*chars] with password = '12345678'; +create user [userof@sp$chars*logins] for login [sp_help@logins$with%sp*chars] +GO + +-- creating login and user of longer lengths +declare @loginname sys.sysname = cast(repeat('a', 63) as sysname); +declare @username sys.sysname = cast(repeat('b', 63) as sysname); +declare @pass varchar(10) = '12345678'; +declare @createloginstmt varchar(max) = 'CREATE LOGIN [' + @loginName + '] WITH PASSWORD = ''' + @pass + ''''; +declare @createuserstmt varchar(max) = 'CREATE USER [' + @username + '] FOR LOGIN [' + @loginname + ']' +exec (@createloginstmt) +exec (@createuserstmt) +GO + +-- create a windows login and user +create login [helplogins\win] from windows; +create user sp_helplogins_vu_windows_user for login [helplogins\win] +GO + +-- change owner of sp_helplogins_db2 to sp_help@logins$with%sp*chars +use sp_helplogins_db2 +GO +EXEC sp_changedbowner 'sp_help@logins$with%sp*chars' +GO +use master +GO + -- tsql user=jdbc_user password=12345678 -- ignore_columns 2 EXEC sp_helplogins GO ~~START~~ varchar#!#varchar#!#varchar#!#varchar#!#varchar +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES#!#NO +helplogins\win#!#master#!#English#!#YES#!#NO jdbc_user#!#master#!#English#!#YES#!#NO +sp_help@logins$with%sp*chars#!#master#!#English#!#YES#!#NO sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO testloginindb1#!#master#!#English#!#YES#!#NO testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES#!#NO @@ -78,6 +122,7 @@ testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO ~~START~~ varchar#!#varchar#!#varchar#!#varchar +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb#!#User jdbc_user#!#master#!#db_owner#!#Member of jdbc_user#!#master#!#dbo#!#User jdbc_user#!#msdb#!#db_owner#!#Member of @@ -86,14 +131,20 @@ jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of jdbc_user#!#sp_helplogins_db1#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of jdbc_user#!#tempdb#!#dbo#!#User +sp_help@logins$with%sp*chars#!#master#!#userof@sp$chars*logins#!#User +sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#db_owner#!#Member of +sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#dbo#!#User sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User +testloginwithotherdefdb#!#sp_helplogins_db1#!#db_datareader#!#Member of testloginwithotherdefdb#!#sp_helplogins_db1#!#u_testloginwithotherdefdb#!#User testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#Member of testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User +win@HELPLOGINS#!#master#!#sp_helplogins_vu_windows_user#!#User ~~END~~ @@ -112,7 +163,10 @@ EXEC sp_helplogins GO ~~START~~ varchar#!#varchar#!#varchar#!#varchar#!#varchar +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES#!#NO +helplogins\win#!#master#!#English#!#YES#!#NO jdbc_user#!#master#!#English#!#YES#!#NO +sp_help@logins$with%sp*chars#!#master#!#English#!#YES#!#NO sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO testloginindb1#!#master#!#English#!#YES#!#NO testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES#!#NO @@ -142,7 +196,10 @@ EXEC sp_helplogins GO ~~START~~ varchar#!#varchar#!#varchar#!#varchar#!#varchar +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES#!#NO +helplogins\win#!#master#!#English#!#YES#!#NO jdbc_user#!#master#!#English#!#YES#!#NO +sp_help@logins$with%sp*chars#!#master#!#English#!#YES#!#NO sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO testloginindb1#!#master#!#English#!#YES#!#NO testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES#!#NO @@ -165,6 +222,7 @@ testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User testloginwithotherdefdb#!#sp_helplogins_db1#!#u_testloginwithotherdefdb#!#User testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#Member of testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User ~~END~~ @@ -232,6 +290,7 @@ testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO ~~START~~ varchar#!#varchar#!#varchar#!#varchar testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#Member of testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User ~~END~~ @@ -247,6 +306,7 @@ testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO ~~START~~ varchar#!#varchar#!#varchar#!#varchar testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#Member of testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User ~~END~~ @@ -263,6 +323,22 @@ varchar#!#varchar#!#varchar#!#varchar ~~END~~ +-- ignore_columns 2 +EXEC sp_helplogins 'sp_help@logins$with%sp*chars' +GO +~~START~~ +varchar#!#varchar#!#varchar#!#varchar#!#varchar +sp_help@logins$with%sp*chars#!#master#!#English#!#YES#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +sp_help@logins$with%sp*chars#!#master#!#userof@sp$chars*logins#!#User +sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#db_owner#!#Member of +sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#dbo#!#User +~~END~~ + + -- ignore_columns 2 EXEC sp_helplogins ' ' GO diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix index 1f711677f22..ec5dd37f035 100644 --- a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix @@ -14,12 +14,6 @@ GO drop login testloginwithsecurityadmin GO -drop database sp_helplogins_db1 -GO - -drop user if exists userof_testloginwithsecurityadmin2 -GO - drop login testloginwithsecurityadmin2 GO @@ -36,4 +30,40 @@ drop user if exists u_testloginwithotherdefdb GO drop login testloginwithotherdefdb +GO + +use sp_helplogins_db1 +GO +alter role sp_helplogins_role drop member userof_testloginwithsecurityadmin2 +GO +drop role sp_helplogins_role; +GO +use master +GO + +drop user if exists userof_testloginwithsecurityadmin2 +GO + +drop user [userof@sp$chars*logins]; +drop login [sp_help@logins$with%sp*chars]; +GO + +-- creating login and user of longer lengths +declare @loginname sys.sysname = cast(repeat('a', 63) as sysname); +declare @username sys.sysname = cast(repeat('b', 63) as sysname); +declare @droploginstmt varchar(max) = 'DROP LOGIN [' + @loginName + ']'; +declare @dropuserstmt varchar(max) = 'DROP USER [' + @username + ']' +exec (@dropuserstmt) +exec (@droploginstmt) +GO + +drop user sp_helplogins_vu_windows_user; +drop login [helplogins\win] +GO + +drop database sp_helplogins_db1; +GO + + +drop database sp_helplogins_db2; GO \ No newline at end of file diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix index 2f4d82eb9fe..5afd52505b9 100644 --- a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix @@ -1,3 +1,6 @@ -- create a dummy db create database sp_helplogins_db1 +GO + +create database sp_helplogins_db2 GO \ No newline at end of file diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix index ecb0d581ee1..591e6c4a064 100644 --- a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix @@ -1,7 +1,8 @@ -- tsql --- creating logins because instance level dump/restore does not migrate logins --- create a login with user in master with securityadmin server role +-- creating logins in verify because instance level dump/restore does not migrate logins + +-- create a login with user in master with securityadmin server role -- create login with user in master with db_securityadmin role create login sp_helplogins_testlogin with password = '12345678' create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin @@ -61,6 +62,46 @@ GO create user u_testloginwithotherdefdb for login testloginwithotherdefdb GO +-- create database role +create role sp_helplogins_role; +alter role sp_helplogins_role add member userof_testloginwithsecurityadmin2 +GO + +-- add user to a fixed db role +alter role db_datareader add member u_testloginwithotherdefdb +GO + +use master; +GO + +-- create login and user with special chars +create login [sp_help@logins$with%sp*chars] with password = '12345678'; +create user [userof@sp$chars*logins] for login [sp_help@logins$with%sp*chars] +GO + +-- creating login and user of longer lengths +declare @loginname sys.sysname = cast(repeat('a', 63) as sysname); +declare @username sys.sysname = cast(repeat('b', 63) as sysname); +declare @pass varchar(10) = '12345678'; +declare @createloginstmt varchar(max) = 'CREATE LOGIN [' + @loginName + '] WITH PASSWORD = ''' + @pass + ''''; +declare @createuserstmt varchar(max) = 'CREATE USER [' + @username + '] FOR LOGIN [' + @loginname + ']' +exec (@createloginstmt) +exec (@createuserstmt) +GO + +-- create a windows login and user +create login [helplogins\win] from windows; +create user sp_helplogins_vu_windows_user for login [helplogins\win] +GO + +-- change owner of sp_helplogins_db2 to sp_help@logins$with%sp*chars +use sp_helplogins_db2 +GO +EXEC sp_changedbowner 'sp_help@logins$with%sp*chars' +GO +use master +GO + -- tsql user=jdbc_user password=12345678 -- ignore_columns 2 EXEC sp_helplogins @@ -106,6 +147,10 @@ GO EXEC sp_helplogins ' testloginwithsecurityadmin2 ' GO +-- ignore_columns 2 +EXEC sp_helplogins 'sp_help@logins$with%sp*chars' +GO + -- ignore_columns 2 EXEC sp_helplogins ' ' GO \ No newline at end of file From 03f307214cf729562cf8f52ac4af23905e25c217 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Thu, 29 May 2025 13:51:49 +0000 Subject: [PATCH 42/54] testing dump-restore --- test/JDBC/expected/z_sp_helplogins-vu-prepare.out | 9 +++++++++ test/JDBC/expected/z_sp_helplogins-vu-verify.out | 11 ----------- .../storedProcedures/z_sp_helplogins-vu-prepare.mix | 11 ++++++++++- .../storedProcedures/z_sp_helplogins-vu-verify.mix | 11 ----------- 4 files changed, 19 insertions(+), 23 deletions(-) diff --git a/test/JDBC/expected/z_sp_helplogins-vu-prepare.out b/test/JDBC/expected/z_sp_helplogins-vu-prepare.out index cbba548c7f4..f213dce56b8 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-prepare.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-prepare.out @@ -4,3 +4,12 @@ GO create database sp_helplogins_db2 GO + +-- create a login with user in master with securityadmin server role +-- create login with user in master with db_securityadmin role +create login sp_helplogins_testlogin with password = '12345678' +create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin +GO + +alter role db_securityadmin add member userof_sp_helplogins_testlogin +GO diff --git a/test/JDBC/expected/z_sp_helplogins-vu-verify.out b/test/JDBC/expected/z_sp_helplogins-vu-verify.out index ce751b2224c..6b18618814d 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-verify.out @@ -1,17 +1,6 @@ -- tsql - -- creating logins in verify because instance level dump/restore does not migrate logins --- create a login with user in master with securityadmin server role --- create login with user in master with db_securityadmin role -create login sp_helplogins_testlogin with password = '12345678' -create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin -GO - -alter role db_securityadmin add member userof_sp_helplogins_testlogin -GO - - create login testloginwithsecurityadmin with password = '12345678' create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin GO diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix index 5afd52505b9..f213dce56b8 100644 --- a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix @@ -3,4 +3,13 @@ create database sp_helplogins_db1 GO create database sp_helplogins_db2 -GO \ No newline at end of file +GO + +-- create a login with user in master with securityadmin server role +-- create login with user in master with db_securityadmin role +create login sp_helplogins_testlogin with password = '12345678' +create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin +GO + +alter role db_securityadmin add member userof_sp_helplogins_testlogin +GO diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix index 591e6c4a064..5da02f9cd30 100644 --- a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix @@ -1,17 +1,6 @@ -- tsql -- creating logins in verify because instance level dump/restore does not migrate logins - --- create a login with user in master with securityadmin server role --- create login with user in master with db_securityadmin role -create login sp_helplogins_testlogin with password = '12345678' -create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin -GO - -alter role db_securityadmin add member userof_sp_helplogins_testlogin -GO - - create login testloginwithsecurityadmin with password = '12345678' create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin GO From c32f7853e75b5bfb92f0e2bc2e70b454daf0b901 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Thu, 29 May 2025 15:20:03 +0000 Subject: [PATCH 43/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../expected/z_sp_helplogins-vu-prepare.out | 62 +++++++++++++++++- .../expected/z_sp_helplogins-vu-verify.out | 63 ++++--------------- .../z_sp_helplogins-vu-prepare.mix | 62 +++++++++++++++++- .../z_sp_helplogins-vu-verify.mix | 63 ++++--------------- 4 files changed, 148 insertions(+), 102 deletions(-) diff --git a/test/JDBC/expected/z_sp_helplogins-vu-prepare.out b/test/JDBC/expected/z_sp_helplogins-vu-prepare.out index f213dce56b8..06c3b973c90 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-prepare.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-prepare.out @@ -11,5 +11,65 @@ create login sp_helplogins_testlogin with password = '12345678' create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin GO -alter role db_securityadmin add member userof_sp_helplogins_testlogin +create login testloginwithsecurityadmin with password = '12345678' +create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin +GO + +-- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 +use sp_helplogins_db1 +GO +create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin +GO +use master +GO + +-- create a login which does not have any users +create login testloginwithoutusers with password = '12345678' +GO + +-- create a login which is a member of securityadmin server role +-- and has a user with db_securityadmin role in sp_helplogins_db1 +create login testloginwithsecurityadmin2 with password = '12345678' +GO + +-- create a login and a user in sp_helplogins_db1 +create login testloginindb1 with password = '12345678' +GO + +use sp_helplogins_db1 +GO + +create user userof_testloginindb1 for login testloginindb1 +GO + +create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 +GO + +create login testloginwithotherdefdb with password = '12345678', default_database = sp_helplogins_db1 +GO + +create user u_testloginwithotherdefdb for login testloginwithotherdefdb +GO + +use master; +GO + +-- create login and user with special chars +create login [sp_help@logins$with%sp*chars] with password = '12345678'; +create user [userof@sp$chars*logins] for login [sp_help@logins$with%sp*chars] +GO + +-- creating login and user of longer lengths +declare @loginname sys.sysname = cast(repeat('a', 63) as sysname); +declare @username sys.sysname = cast(repeat('b', 63) as sysname); +declare @pass varchar(10) = '12345678'; +declare @createloginstmt varchar(max) = 'CREATE LOGIN [' + @loginName + '] WITH PASSWORD = ''' + @pass + ''''; +declare @createuserstmt varchar(max) = 'CREATE USER [' + @username + '] FOR LOGIN [' + @loginname + ']' +exec (@createloginstmt) +exec (@createuserstmt) +GO + +-- create a windows login and user +create login [helplogins\win] from windows; +create user sp_helplogins_vu_windows_user for login [helplogins\win] GO diff --git a/test/JDBC/expected/z_sp_helplogins-vu-verify.out b/test/JDBC/expected/z_sp_helplogins-vu-verify.out index 6b18618814d..4ea9eb00e19 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-verify.out @@ -1,56 +1,42 @@ -- tsql - --- creating logins in verify because instance level dump/restore does not migrate logins -create login testloginwithsecurityadmin with password = '12345678' -create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin +-------- alter all logins password for dnr and upgrade +alter login sp_helplogins_testlogin with password = '12345678' GO -alter server role securityadmin add member testloginwithsecurityadmin +alter login testloginwithsecurityadmin with password = '12345678' GO --- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 -use sp_helplogins_db1 -GO -create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin +alter login testloginwithsecurityadmin2 with password = '12345678' GO -use master +alter login testloginwithotherdefdb with password = '12345678' GO --- create a login which does not have any users -create login testloginwithoutusers with password = '12345678' +alter login testloginwithoutusers with password = '12345678' GO --- create a login which is a member of securityadmin server role --- and has a user with db_securityadmin role in sp_helplogins_db1 -create login testloginwithsecurityadmin2 with password = '12345678' +alter login [sp_help@logins$with%sp*chars] with password = '12345678' GO -alter server role securityadmin add member testloginwithsecurityadmin2 +alter login testloginindb1 with password = '12345678' GO --- create a login and a user in sp_helplogins_db1 -create login testloginindb1 with password = '12345678' +-------- alter roles and add users and logins +alter role db_securityadmin add member userof_sp_helplogins_testlogin GO -use sp_helplogins_db1 +alter server role securityadmin add member testloginwithsecurityadmin GO -create user userof_testloginindb1 for login testloginindb1 +alter server role securityadmin add member testloginwithsecurityadmin2 GO -create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 +use sp_helplogins_db1 GO alter role db_securityadmin add member userof_testloginwithsecurityadmin2 GO -create login testloginwithotherdefdb with password = '12345678', default_database = sp_helplogins_db1 -GO - -create user u_testloginwithotherdefdb for login testloginwithotherdefdb -GO - -- create database role create role sp_helplogins_role; alter role sp_helplogins_role add member userof_testloginwithsecurityadmin2 @@ -60,29 +46,6 @@ GO alter role db_datareader add member u_testloginwithotherdefdb GO -use master; -GO - --- create login and user with special chars -create login [sp_help@logins$with%sp*chars] with password = '12345678'; -create user [userof@sp$chars*logins] for login [sp_help@logins$with%sp*chars] -GO - --- creating login and user of longer lengths -declare @loginname sys.sysname = cast(repeat('a', 63) as sysname); -declare @username sys.sysname = cast(repeat('b', 63) as sysname); -declare @pass varchar(10) = '12345678'; -declare @createloginstmt varchar(max) = 'CREATE LOGIN [' + @loginName + '] WITH PASSWORD = ''' + @pass + ''''; -declare @createuserstmt varchar(max) = 'CREATE USER [' + @username + '] FOR LOGIN [' + @loginname + ']' -exec (@createloginstmt) -exec (@createuserstmt) -GO - --- create a windows login and user -create login [helplogins\win] from windows; -create user sp_helplogins_vu_windows_user for login [helplogins\win] -GO - -- change owner of sp_helplogins_db2 to sp_help@logins$with%sp*chars use sp_helplogins_db2 GO diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix index f213dce56b8..907375a63a4 100644 --- a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix @@ -11,5 +11,65 @@ create login sp_helplogins_testlogin with password = '12345678' create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin GO -alter role db_securityadmin add member userof_sp_helplogins_testlogin +create login testloginwithsecurityadmin with password = '12345678' +create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin GO + +-- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 +use sp_helplogins_db1 +GO +create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin +GO +use master +GO + +-- create a login which does not have any users +create login testloginwithoutusers with password = '12345678' +GO + +-- create a login which is a member of securityadmin server role +-- and has a user with db_securityadmin role in sp_helplogins_db1 +create login testloginwithsecurityadmin2 with password = '12345678' +GO + +-- create a login and a user in sp_helplogins_db1 +create login testloginindb1 with password = '12345678' +GO + +use sp_helplogins_db1 +GO + +create user userof_testloginindb1 for login testloginindb1 +GO + +create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 +GO + +create login testloginwithotherdefdb with password = '12345678', default_database = sp_helplogins_db1 +GO + +create user u_testloginwithotherdefdb for login testloginwithotherdefdb +GO + +use master; +GO + +-- create login and user with special chars +create login [sp_help@logins$with%sp*chars] with password = '12345678'; +create user [userof@sp$chars*logins] for login [sp_help@logins$with%sp*chars] +GO + +-- creating login and user of longer lengths +declare @loginname sys.sysname = cast(repeat('a', 63) as sysname); +declare @username sys.sysname = cast(repeat('b', 63) as sysname); +declare @pass varchar(10) = '12345678'; +declare @createloginstmt varchar(max) = 'CREATE LOGIN [' + @loginName + '] WITH PASSWORD = ''' + @pass + ''''; +declare @createuserstmt varchar(max) = 'CREATE USER [' + @username + '] FOR LOGIN [' + @loginname + ']' +exec (@createloginstmt) +exec (@createuserstmt) +GO + +-- create a windows login and user +create login [helplogins\win] from windows; +create user sp_helplogins_vu_windows_user for login [helplogins\win] +GO \ No newline at end of file diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix index 5da02f9cd30..580776e25db 100644 --- a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix @@ -1,56 +1,42 @@ -- tsql --- creating logins in verify because instance level dump/restore does not migrate logins - -create login testloginwithsecurityadmin with password = '12345678' -create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin +-------- alter all logins password for dnr and upgrade +alter login sp_helplogins_testlogin with password = '12345678' GO -alter server role securityadmin add member testloginwithsecurityadmin +alter login testloginwithsecurityadmin with password = '12345678' GO --- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 -use sp_helplogins_db1 -GO -create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin +alter login testloginwithsecurityadmin2 with password = '12345678' GO -use master +alter login testloginwithotherdefdb with password = '12345678' GO --- create a login which does not have any users -create login testloginwithoutusers with password = '12345678' +alter login testloginwithoutusers with password = '12345678' GO --- create a login which is a member of securityadmin server role --- and has a user with db_securityadmin role in sp_helplogins_db1 -create login testloginwithsecurityadmin2 with password = '12345678' +alter login [sp_help@logins$with%sp*chars] with password = '12345678' GO -alter server role securityadmin add member testloginwithsecurityadmin2 +alter login testloginindb1 with password = '12345678' GO --- create a login and a user in sp_helplogins_db1 -create login testloginindb1 with password = '12345678' +-------- alter roles and add users and logins +alter role db_securityadmin add member userof_sp_helplogins_testlogin GO -use sp_helplogins_db1 +alter server role securityadmin add member testloginwithsecurityadmin GO -create user userof_testloginindb1 for login testloginindb1 +alter server role securityadmin add member testloginwithsecurityadmin2 GO -create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 +use sp_helplogins_db1 GO alter role db_securityadmin add member userof_testloginwithsecurityadmin2 GO -create login testloginwithotherdefdb with password = '12345678', default_database = sp_helplogins_db1 -GO - -create user u_testloginwithotherdefdb for login testloginwithotherdefdb -GO - -- create database role create role sp_helplogins_role; alter role sp_helplogins_role add member userof_testloginwithsecurityadmin2 @@ -60,29 +46,6 @@ GO alter role db_datareader add member u_testloginwithotherdefdb GO -use master; -GO - --- create login and user with special chars -create login [sp_help@logins$with%sp*chars] with password = '12345678'; -create user [userof@sp$chars*logins] for login [sp_help@logins$with%sp*chars] -GO - --- creating login and user of longer lengths -declare @loginname sys.sysname = cast(repeat('a', 63) as sysname); -declare @username sys.sysname = cast(repeat('b', 63) as sysname); -declare @pass varchar(10) = '12345678'; -declare @createloginstmt varchar(max) = 'CREATE LOGIN [' + @loginName + '] WITH PASSWORD = ''' + @pass + ''''; -declare @createuserstmt varchar(max) = 'CREATE USER [' + @username + '] FOR LOGIN [' + @loginname + ']' -exec (@createloginstmt) -exec (@createuserstmt) -GO - --- create a windows login and user -create login [helplogins\win] from windows; -create user sp_helplogins_vu_windows_user for login [helplogins\win] -GO - -- change owner of sp_helplogins_db2 to sp_help@logins$with%sp*chars use sp_helplogins_db2 GO From 6d06f275f71d8846d9ea712949f897e8d2a27355 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Thu, 29 May 2025 16:55:59 +0000 Subject: [PATCH 44/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../expected/securityadmin_role-vu-verify.out | 1700 +---------------- .../expected/z_sp_helplogins-vu-prepare.out | 20 - .../expected/z_sp_helplogins-vu-verify.out | 28 +- .../z_sp_helplogins-vu-prepare.mix | 20 - .../z_sp_helplogins-vu-verify.mix | 28 +- 5 files changed, 49 insertions(+), 1747 deletions(-) diff --git a/test/JDBC/expected/securityadmin_role-vu-verify.out b/test/JDBC/expected/securityadmin_role-vu-verify.out index e7c3b267bd6..7bf765ff08e 100644 --- a/test/JDBC/expected/securityadmin_role-vu-verify.out +++ b/test/JDBC/expected/securityadmin_role-vu-verify.out @@ -1,1699 +1 @@ --- tsql -select is_srvrolemember('sysadmin', 'securityadmin') -go -~~START~~ -int -0 -~~END~~ - - -select is_srvrolemember('securityadmin', 'sysadmin') -go -~~START~~ -int -0 -~~END~~ - - -select is_srvrolemember('securityadmin','securityadmin') -go -~~START~~ -int -0 -~~END~~ - - -alter login securityadmin_login1 with password='123' -go - -alter login no_securityadmin_login1 with password='123' -go - -TRUNCATE TABLE sadm_sp_helpsrvrolemember_tbl -GO - --- sp_helpsrvrolemember -INSERT INTO sadm_sp_helpsrvrolemember_tbl (ServerRole, MemberName, MemberSID) EXEC sp_helpsrvrolemember 'securityadmin' -GO - -SELECT ServerRole, MemberName, (CASE WHEN MemberSID IS NULL THEN 0 ELSE 1 END) FROM sadm_sp_helpsrvrolemember_tbl where MemberName like '%securityadmin%' -GO -~~START~~ -varchar#!#varchar#!#int -~~END~~ - - --- make login member of securityadmin -Alter server role securityadmin add member securityadmin_login1 -go - -select * from securityadmin_show_role_mem where MemberPrincipalName like 'jdbc_user' or MemberPrincipalName like '%securityadmin_%' -go -~~START~~ -varchar#!#varchar -sysadmin#!#jdbc_user -securityadmin#!#securityadmin_login1 -~~END~~ - - --- should error out -create login securityadmin with password = '123' -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: The Server principal 'securityadmin' already exists)~~ - - --- terminate-tsql-conn - --- tsql user=securityadmin_login1 password=123 --- Case 1 - positives --- securityadmin's login privileges --- alter server role securityadmin should be allowed -select bbf_is_member_of_role_nosuper(suser_id(), suser_id('securityadmin')) -go -~~START~~ -bit -1 -~~END~~ - - -select bbf_is_member_of_role_nosuper(suser_id(), suser_id('sysadmin')) -go -~~START~~ -bit -0 -~~END~~ - - -Alter server role securityadmin add member no_securityadmin_login1 -go - -Alter server role securityadmin drop member no_securityadmin_login1 -go - --- create login should be allowed --- windows login -create login [babel\securityadmin_l1] from windows; -go - --- password based login -create login securityadmin_l2 with password = '123' -go - --- alter login should be allowed --- password based login -alter login securityadmin_l2 with password = '123' -go - -ALTER LOGIN securityadmin_l2 WITH PASSWORD = '1234' OLD_PASSWORD = '123'; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: 'OLD_PASSWORD' is not currently supported in Babelfish. please use babelfishpg_tsql.escape_hatch_login_old_password to ignore)~~ - - -ALTER LOGIN securityadmin_l2 disable; -go - -ALTER LOGIN securityadmin_l2 enable; -go - -ALTER LOGIN securityadmin_l2 with default_database=securityadmin_db1; -go - --- windows login -alter login [babel\securityadmin_l1] with PASSWORD='123' -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Cannot use parameter PASSWORD for a windows login)~~ - - -ALTER LOGIN [babel\securityadmin_l1] WITH PASSWORD = '1234' OLD_PASSWORD = '123'; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: 'OLD_PASSWORD' is not currently supported in Babelfish. please use babelfishpg_tsql.escape_hatch_login_old_password to ignore)~~ - - -ALTER LOGIN [babel\securityadmin_l1] disable; -go - -ALTER LOGIN [babel\securityadmin_l1] enable; -go - -ALTER LOGIN [babel\securityadmin_l1] with default_database=securityadmin_db1; -go - --- make altering login member of securityadmin -Alter server role securityadmin add member securityadmin_l2 -go - --- alter securityadmin member login --- allowed -alter login securityadmin_l2 with password = '123' -go - --- drop login should be allowed --- password based login -drop login securityadmin_l2 -go - --- windows login -drop login [babel\securityadmin_l1] -go - --- grant server permissions (currently not supported) --- few examples -GRANT CONTROL SERVER TO no_securityadmin_login1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: 'GRANT Database' is not currently supported in Babelfish)~~ - - -GRANT ALTER ANY EVENT NOTIFICATION TO no_securityadmin_login1 WITH GRANT OPTION; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: 'GRANT Database' is not currently supported in Babelfish)~~ - - -GRANT ALTER ANY DATABASE TO no_securityadmin_login1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: 'GRANT Database' is not currently supported in Babelfish)~~ - - - --- terminate-tsql-conn user=securityadmin_login1 password=123 - --- tsql user=no_securityadmin_login1 password=123 --- grant database permissions (only connect is supported) --- allowed -use securityadmin_db1 -go - --- terminate-tsql-conn user=no_securityadmin_login1 password=123 - --- tsql user=securityadmin_login1 password=123 database=securityadmin_db1 -REVOKE CONNECT FROM no_securityadmin_user1 -go - --- unsupported -GRANT SHOWPLAN TO no_securityadmin_user1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: 'GRANT Database' is not currently supported in Babelfish)~~ - - -GRANT CREATE VIEW TO no_securityadmin_user1 WITH GRANT OPTION; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: 'GRANT Database' is not currently supported in Babelfish)~~ - - --- terminate-tsql-conn user=securityadmin_login1 password=123 database=securityadmin_db1 - --- tsql user=no_securityadmin_login1 password=123 --- connection revoked -use securityadmin_db1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: The server principal "no_securityadmin_login1" is not able to access the database "securityadmin_db1" under the current security context)~~ - - --- terminate-tsql-conn user=no_securityadmin_login1 password=123 - --- tsql user=securityadmin_login1 password=123 database=securityadmin_db1 --- revoke server permissions (currently not supported) --- few examples -REVOKE CONTROL SERVER FROM no_securityadmin_login1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: 'REVOKE Database' is not currently supported in Babelfish)~~ - - -REVOKE ALTER ANY EVENT NOTIFICATION FROM no_securityadmin_login1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: 'REVOKE Database' is not currently supported in Babelfish)~~ - - -REVOKE ALTER ANY DATABASE FROM no_securityadmin_login1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: 'REVOKE Database' is not currently supported in Babelfish)~~ - - --- grant database permissions (only connect is supported) -GRANT CONNECT TO no_securityadmin_user1 -go - --- terminate-tsql-conn user=securityadmin_login1 password=123 database=securityadmin_db1 - --- tsql user=no_securityadmin_login1 password=123 -use securityadmin_db1 -go - --- Check unprivileged login should not have access --- permission denied -EXEC sp_addlinkedsrvlogin 'Accounts', 'False' -GO -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: User does not have permission to perform this action.)~~ - - -EXEC sp_droplinkedsrvlogin 'Accounts', NULL -GO -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: User does not have permission to perform this action.)~~ - - -Alter server role securityadmin add member no_securityadmin_login1 -GO -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Current login no_securityadmin_login1 does not have permission to alter server role)~~ - - -Alter server role securityadmin drop member no_securityadmin_login1 -GO -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Current login no_securityadmin_login1 does not have permission to alter server role)~~ - - --- only current login and fixed server roles -SELECT name, type, type_desc, default_database_name, default_language_name, credential_id, owning_principal_id, is_fixed_role -FROM sys.server_principals ORDER BY name -GO -~~START~~ -varchar#!#char#!#nvarchar#!#varchar#!#varchar#!#int#!#int#!#bit -dbcreator#!#R#!#SERVER_ROLE#!##!#English#!##!#1#!#1 -jdbc_user#!#S#!#SQL_LOGIN#!#master#!#English#!#-1#!#-1#!#0 -no_securityadmin_login1#!#S#!#SQL_LOGIN#!#master#!#English#!#-1#!#-1#!#0 -public#!#R#!#SERVER_ROLE#!##!##!##!#1#!#0 -securityadmin#!#R#!#SERVER_ROLE#!##!#English#!##!#1#!#1 -sysadmin#!#R#!#SERVER_ROLE#!##!#English#!##!#1#!#1 -~~END~~ - - --- only current login -select name, type, usage from sys.login_token order by name; -go -~~START~~ -nvarchar#!#nvarchar#!#nvarchar -no_securityadmin_login1#!#SQL LOGIN#!#GRANT OR DENY -public#!#SERVER ROLE#!#GRANT OR DENY -~~END~~ - - --- terminate-tsql-conn user=no_securityadmin_login1 password=123 - --- tsql user=securityadmin_login1 password=123 --- unsupported -REVOKE SHOWPLAN FROM no_securityadmin_user1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: 'REVOKE Database' is not currently supported in Babelfish)~~ - - -REVOKE CREATE VIEW FROM no_securityadmin_user1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: 'REVOKE Database' is not currently supported in Babelfish)~~ - - --- System objects --- All rows of server_prinicipals view should be visible to securityadmin login --- limited rows should get displayed -SELECT name, type, type_desc, default_database_name, default_language_name, credential_id, owning_principal_id, is_fixed_role -FROM sys.server_principals -WHERE name in ('jdbc_user', 'sysadmin', 'public', 'securityadmin') ORDER BY name; -GO -~~START~~ -varchar#!#char#!#nvarchar#!#varchar#!#varchar#!#int#!#int#!#bit -jdbc_user#!#S#!#SQL_LOGIN#!#master#!#English#!#-1#!#-1#!#0 -public#!#R#!#SERVER_ROLE#!##!##!##!#1#!#0 -securityadmin#!#R#!#SERVER_ROLE#!##!#English#!##!#1#!#1 -sysadmin#!#R#!#SERVER_ROLE#!##!#English#!##!#1#!#1 -~~END~~ - - -SELECT name, type, type_desc, default_database_name, default_language_name, credential_id, owning_principal_id, is_fixed_role -FROM sys.server_principals name WHERE name like '%securityadmin%' ORDER BY name; -GO -~~START~~ -varchar#!#char#!#nvarchar#!#varchar#!#varchar#!#int#!#int#!#bit -no_securityadmin_login1#!#S#!#SQL_LOGIN#!#master#!#English#!#-1#!#-1#!#0 -securityadmin#!#R#!#SERVER_ROLE#!##!#English#!##!#1#!#1 -securityadmin_login1#!#S#!#SQL_LOGIN#!#master#!#English#!#-1#!#-1#!#0 -~~END~~ - - --- current login along with current fixed role should be visible -select name, type, usage from sys.login_token order by name; -go -~~START~~ -nvarchar#!#nvarchar#!#nvarchar -public#!#SERVER ROLE#!#GRANT OR DENY -securityadmin#!#SERVER ROLE#!#GRANT OR DENY -securityadmin_login1#!#SQL LOGIN#!#GRANT OR DENY -~~END~~ - - -select name, sysadmin, securityadmin from syslogins where name like '%securityadmin%' order by name -go -~~START~~ -varchar#!#int#!#int -no_securityadmin_login1#!#0#!#0 -securityadmin_login1#!#0#!#1 -~~END~~ - - --- should return 0 -select is_srvrolemember ('sysadmin') -go -~~START~~ -int -0 -~~END~~ - - --- should return 1 -select is_srvrolemember ('securityadmin') -go -~~START~~ -int -1 -~~END~~ - - -select is_srvrolemember ('securityadmin', 'securityadmin_login1') -go -~~START~~ -int -1 -~~END~~ - - --- terminate-tsql-conn user=securityadmin_login1 password=123 - --- psql -SET client_min_messages = 'error'; -CREATE EXTENSION IF NOT EXISTS tds_fdw; -GO - --- securityadmin should not have membership in database guest role -SELECT roleid::regrole, member::regrole FROM pg_auth_members WHERE member = 'securityadmin'::regrole; -go -~~START~~ -regrole#!#regrole -~~END~~ - - --- tsql --- Add localhost as linked server -EXEC sp_addlinkedserver @server = N'server_4229', @srvproduct=N'', @provider=N'SQLNCLI', @datasrc=N'localhost', @catalog=N'master' -GO - -EXEC sp_addlinkedserver 'Accounts' -GO - --- Add jdbc_user as linked server login -EXEC sp_addlinkedsrvlogin @rmtsrvname = 'server_4229', @useself = 'FALSE', @rmtuser = 'jdbc_user', @rmtpassword = '12345678' -GO - -drop database securityadmin_db1 -go - --- terminate-tsql-conn - --- tsql user=securityadmin_login1 password=123 -EXEC sp_addlinkedsrvlogin 'Accounts', 'False' -GO - -EXEC sp_droplinkedsrvlogin 'Accounts', NULL -GO - --- inside procedure -exec securityadmin_create_login_p1 -go - -exec securityadmin_alter_login_p1 -go - -exec securityadmin_add_mem_p1 -go - -exec securityadmin_drop_mem_p1 -go - -exec securityadmin_drop_login_p1 -go - --- terminate-tsql-conn user=securityadmin_login1 password=123 - --- tsql --- login is member of both securityadmin as well as sysadmin -drop user securityadmin_user1 -go - -Alter server role sysadmin add member securityadmin_login1 -go - -create database securityadmin_db1 -go - --- terminate-tsql-conn - --- psql --- should not have membership in database guest role -SELECT roleid::regrole, member::regrole FROM pg_auth_members WHERE member = 'securityadmin'::regrole; -go -~~START~~ -regrole#!#regrole -~~END~~ - - --- tsql user=securityadmin_login1 password=123 --- it should be able to connect to the database -use securityadmin_db1 -go - --- it should be dbo -select current_user -go -~~START~~ -varchar -dbo -~~END~~ - - --- both attribute should be true -select rolname, rolcreaterole, rolcreatedb from pg_roles where rolname = 'securityadmin_login1' -go -~~START~~ -varchar#!#bit#!#bit -securityadmin_login1#!#1#!#1 -~~END~~ - - --- terminate-tsql-conn user=securityadmin_login1 password=123 - --- tsql --- only member of securityadmin -alter server role sysadmin drop member securityadmin_login1 -go - -create user securityadmin_user1 for login securityadmin_login1 -go - --- terminate-tsql-conn - --- tsql user=securityadmin_login1 password=123 - --- only rolcreaterole attribute should be true -select rolname, rolcreaterole, rolcreatedb from pg_roles where rolname = 'securityadmin_login1' -go -~~START~~ -varchar#!#bit#!#bit -securityadmin_login1#!#1#!#0 -~~END~~ - - --- should be able to create/drop login -create login test_securityadmin_l1 with password ='123' -go - -drop login test_securityadmin_l1 -go - --- terminate-tsql-conn user=securityadmin_login1 password=123 - --- tsql --- only member of sysadmin -drop user securityadmin_user1 -go - -alter server role sysadmin add member securityadmin_login1 -go - -alter server role securityadmin drop member securityadmin_login1 -go - --- terminate-tsql-conn - --- tsql user=securityadmin_login1 password=123 - --- both attribute should be true -select rolname, rolcreaterole, rolcreatedb from pg_roles where rolname = 'securityadmin_login1' -go -~~START~~ -varchar#!#bit#!#bit -securityadmin_login1#!#1#!#1 -~~END~~ - - --- should be able to create/drop login -create login test_securityadmin_l1 with password ='123' -go - -drop login test_securityadmin_l1 -go - --- should return 1 -select is_srvrolemember ('sysadmin') -go -~~START~~ -int -1 -~~END~~ - - --- should return 1 -select is_srvrolemember ('securityadmin') -go -~~START~~ -int -1 -~~END~~ - - --- terminate-tsql-conn user=securityadmin_login1 password=123 - --- tsql --- make it member of securityadmin only -alter server role sysadmin drop member securityadmin_login1 -go - -alter server role securityadmin add member securityadmin_login1 -go - -drop user no_securityadmin_user1 -go - -alter server role sysadmin add member no_securityadmin_login1 -go - -create user securityadmin_user1 for login securityadmin_login1 -go - -TRUNCATE TABLE sadm_sp_helpsrvrolemember_tbl -GO - --- sp_helpsrvrolemember -INSERT INTO sadm_sp_helpsrvrolemember_tbl (ServerRole, MemberName, MemberSID) EXEC sp_helpsrvrolemember 'securityadmin' -GO -~~ROW COUNT: 1~~ - - -SELECT ServerRole, MemberName, (CASE WHEN MemberSID IS NULL THEN 0 ELSE 1 END) FROM sadm_sp_helpsrvrolemember_tbl where MemberName like '%securityadmin%' -GO -~~START~~ -varchar#!#varchar#!#int -securityadmin#!#securityadmin_login1#!#1 -~~END~~ - - --- terminate-tsql-conn - --- tsql user=securityadmin_login1 password=123 --- Case 2 - negatives --- alter server role sysadmin should give permission denied -Alter server role sysadmin add member no_securityadmin_login1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Current login securityadmin_login1 does not have permission to alter server role)~~ - - --- alter server role securityadmin add member db roles should error out -Alter server role securityadmin add member guest -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: role "guest" does not exist)~~ - - --- alter sysadmin login should give permission denied --- login which is altered is member of sysadmin -Alter login no_securityadmin_login1 with password ='123' -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Cannot alter the login 'no_securityadmin_login1', because it does not exist or you do not have permission.)~~ - - --- terminate-tsql-conn user=securityadmin_login1 password=123 - --- tsql --- make member of securityadmin as well -alter server role securityadmin add member no_securityadmin_login1 -go - --- terminate-tsql-conn - --- tsql user=securityadmin_login1 password=123 --- login which is altered is member of sysadmin and securityadmin both --- permission denied -Alter login no_securityadmin_login1 with password ='123' -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Cannot alter the login 'no_securityadmin_login1', because it does not exist or you do not have permission.)~~ - - --- terminate-tsql-conn user=securityadmin_login1 password=123 - --- tsql -alter server role securityadmin drop member no_securityadmin_login1 -go - -alter server role sysadmin drop member no_securityadmin_login1 -go - -create user no_securityadmin_user1 for login no_securityadmin_login1 -go - -create role dummy_role -go - -drop database securityadmin_db1 -go - --- terminate-tsql-conn - --- tsql user=securityadmin_login1 password=123 --- should error out -Alter server role securityadmin add member dummy_role -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: role "dummy_role" does not exist)~~ - - --- create database permission denied -create database perm_denied_db -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied to create database)~~ - - --- terminate-tsql-conn user=securityadmin_login1 password=123 - --- tsql -drop role dummy_role -go - -create database securityadmin_db1 -go - -use securityadmin_db1 -go - -create user securityadmin_user1 for login securityadmin_login1 -go - -create user no_securityadmin_user1 for login no_securityadmin_login1 -go - -use master -go - -GRANT select on securityadmin_tb1 to guest -go - --- terminate-tsql-conn - --- tsql user=securityadmin_login1 password=123 --- alter database permission denied -alter database securityadmin_db1 modify name = rename_db_database1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: User does not have permission to rename the database 'securityadmin_db1', the database does not exist, or the database is not in a state that allows access checks.)~~ - - -alter authorization on database::securityadmin_db1 to no_securityadmin_login1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Cannot find the principal 'no_securityadmin_login1', because it does not exist or you do not have permission.)~~ - - --- drop database permission denied -drop database securityadmin_db1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: must be owner of database securityadmin_db1)~~ - - --- securityadmin login's mapped user should not have any priv -select current_user, db_name() -go -~~START~~ -varchar#!#nvarchar -securityadmin_user1#!#master -~~END~~ - - --- should not be able to select on table -select * from securityadmin_tb1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for table securityadmin_tb1)~~ - - -select suser_name() -go -~~START~~ -nvarchar -securityadmin_login1 -~~END~~ - - --- allowed -create login securityadmin_l2 with password = '123' -go - --- create objects/user permission denied -create user securityadmin_l2 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: User does not have permission to perform this action.)~~ - - -create role securityadmin_role1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: User does not have permission to perform this action.)~~ - - -create schema perm_denied_scm -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for database babelfish_db)~~ - - -create view perm_denied_v1 as select 1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for schema master_dbo)~~ - - -create table perm_denied_tb1 (a int); -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for schema master_dbo)~~ - - -select 1 into perm_denied_tb2; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for schema master_dbo)~~ - - -create function perm_denied_func1() returns int as begin return 1 end; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for schema master_dbo)~~ - - -create procedure perm_denied_proc1 as begin select 1; end -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for schema master_dbo)~~ - - -create type perm_denied_typ1 from int; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for schema master_dbo)~~ - - -create index perm_denied_index1 on securityadmin_tb1(a); -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: must be owner of table securityadmin_tb1)~~ - - -CREATE FUNCTION perm_denied_func1() RETURNS TABLE AS RETURN ( SELECT 1 AS Value); -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for schema master_dbo)~~ - - --- DMLS on object permission denied -Alter user no_securityadmin_user1 with DEFAULT_SCHEMA=securityadmin_scm1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Current user does not have privileges to change schema)~~ - - -Alter role securityadmin_rol add member no_securityadmin_user1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Current login securityadmin_login1 does not have permission to alter role master_securityadmin_rol)~~ - - -Alter role securityadmin_rol drop member no_securityadmin_user1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Current login securityadmin_login1 does not have permission to alter role master_securityadmin_rol)~~ - - -Alter table securityadmin_tb1 add b int -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: must be owner of table securityadmin_tb1)~~ - - -Insert into securityadmin_tb1 values (1) -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for table securityadmin_tb1)~~ - - -UPDATE securityadmin_tb1 SET a = 2 where a = 1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for table securityadmin_tb1)~~ - - -DELETE FROM securityadmin_tb1 WHERE a = 1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for table securityadmin_tb1)~~ - - -TRUNCATE TABLE securityadmin_tb1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for table securityadmin_tb1)~~ - - -select * from securityadmin_tb1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for table securityadmin_tb1)~~ - - -select * from securityadmin_v1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for view securityadmin_v1)~~ - - -select securityadmin_func1() -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for function securityadmin_func1)~~ - - -exec securityadmin_proc1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for procedure securityadmin_proc1)~~ - - -Enable trigger securityadmin_tggr1 on securityadmin_tb1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: must be owner of table securityadmin_tb1)~~ - - -Disable trigger securityadmin_tggr1 on securityadmin_tb1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: must be owner of table securityadmin_tb1)~~ - - --- grant on objects permission denied -Grant select on securityadmin_tb1 to no_securityadmin_user1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for table securityadmin_tb1)~~ - - -Grant update on securityadmin_v1 to no_securityadmin_user1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for table securityadmin_v1)~~ - - -Grant update on securityadmin_v1 to no_securityadmin_user1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for table securityadmin_v1)~~ - - -Grant exec on securityadmin_func1 to no_securityadmin_user1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for function securityadmin_func1)~~ - - -Grant exec on securityadmin_proc1 to no_securityadmin_user1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for function securityadmin_proc1)~~ - - --- Revoke on objects permission denied -Revoke select on securityadmin_tb1 from no_securityadmin_user1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for table securityadmin_tb1)~~ - - -Revoke update on securityadmin_v1 from no_securityadmin_user1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for table securityadmin_v1)~~ - - -Revoke update on securityadmin_v1 from no_securityadmin_user1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for table securityadmin_v1)~~ - - -Revoke exec on securityadmin_func1 from no_securityadmin_user1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for function securityadmin_func1)~~ - - -Revoke exec on securityadmin_proc1 from no_securityadmin_user1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for function securityadmin_proc1)~~ - - --- grant on schema --- permission denied -grant select on securityadmin_v1 to no_securityadmin_user1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for table securityadmin_v1)~~ - -grant select on dbo.securityadmin_v1 to no_securityadmin_user1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for table securityadmin_v1)~~ - -grant execute on securityadmin_proc1 to no_securityadmin_user1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for function securityadmin_proc1)~~ - -grant execute on dbo.securityadmin_proc1 to no_securityadmin_user1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for function securityadmin_proc1)~~ - - --- revoke on schema --- permission denied -revoke select on securityadmin_v1 from no_securityadmin_user1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for table securityadmin_v1)~~ - -revoke select on dbo.securityadmin_v1 from no_securityadmin_user1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for table securityadmin_v1)~~ - -revoke execute on securityadmin_proc1 from no_securityadmin_user1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for function securityadmin_proc1)~~ - -revoke execute on dbo.securityadmin_proc1 from no_securityadmin_user1; -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: permission denied for function securityadmin_proc1)~~ - - --- drop object permission denied -drop user securityadmin_l2 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Cannot drop the user 'securityadmin_l2', because it does not exist or you do not have permission.)~~ - - -drop role securityadmin_rol -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Cannot drop the role 'securityadmin_rol', because it does not exist or you do not have permission.)~~ - - -drop schema securityadmin_scm1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: must be owner of schema master_securityadmin_scm1)~~ - - -drop view securityadmin_show_role_mem -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: must be owner of view securityadmin_show_role_mem)~~ - - -drop TRIGGER securityadmin_tggr1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: must be owner of relation securityadmin_tb1)~~ - - -drop table securityadmin_tb1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: must be owner of table securityadmin_tb1)~~ - - -drop view securityadmin_v1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: must be owner of view securityadmin_v1)~~ - - -drop function securityadmin_func1() -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: must be owner of function securityadmin_func1)~~ - - -drop procedure securityadmin_proc1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: must be owner of procedure securityadmin_proc1)~~ - - --- allowed drop login -drop login securityadmin_l2 -go - --- terminate-tsql-conn user=securityadmin_login1 password=123 - - --- tsql database=securityadmin_db1 --- securityadmin login should not get mapped to dbo if no user exist, it should disconnect -drop user securityadmin_user1 -go - --- terminate-tsql-conn database=securityadmin_db1 - --- tsql user=securityadmin_login1 password=123 --- it should disconnect -use securityadmin_db1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: The server principal "securityadmin_login1" is not able to access the database "securityadmin_db1" under the current security context)~~ - - --- tsql --- Case 3 - alter server role other than securityadmin and sysadmin should give unsupported -Alter server role false_role add member no_securityadmin_login1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Only fixed server role is supported in ALTER SERVER ROLE statement)~~ - - -Alter server role serveradmin add member no_securityadmin_login1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Fixed server role 'serveradmin' is currently not supported in Babelfish)~~ - - -Alter server role setupadmin add member no_securityadmin_login1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Fixed server role 'setupadmin' is currently not supported in Babelfish)~~ - - -Alter server role processadmin add member no_securityadmin_login1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Fixed server role 'processadmin' is currently not supported in Babelfish)~~ - - -Alter server role diskadmin add member no_securityadmin_login1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Fixed server role 'diskadmin' is currently not supported in Babelfish)~~ - - -Alter server role bulkadmin add member no_securityadmin_login1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Fixed server role 'bulkadmin' is currently not supported in Babelfish)~~ - - -Alter server role false_role drop member no_securityadmin_login1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Only fixed server role is supported in ALTER SERVER ROLE statement)~~ - - -Alter server role serveradmin drop member no_securityadmin_login1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Fixed server role 'serveradmin' is currently not supported in Babelfish)~~ - - -Alter server role setupadmin drop member no_securityadmin_login1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Fixed server role 'setupadmin' is currently not supported in Babelfish)~~ - - -Alter server role processadmin drop member no_securityadmin_login1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Fixed server role 'processadmin' is currently not supported in Babelfish)~~ - - -Alter server role diskadmin drop member no_securityadmin_login1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Fixed server role 'diskadmin' is currently not supported in Babelfish)~~ - - -Alter server role bulkadmin drop member no_securityadmin_login1 -go -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Fixed server role 'bulkadmin' is currently not supported in Babelfish)~~ - - --- terminate-tsql-conn user=securityadmin_login1 password=123 - --- tsql --- Case 4 - check unintended/unauthorized use of securityadmin -CREATE LOGIN securityadmin_restrict_new_login WITH password = '12345678'; -go - -ALTER SERVER ROLE sysadmin ADD MEMBER securityadmin_restrict_new_login; -GO - -select * from securityadmin_show_role_mem where MemberPrincipalName like 'jdbc_user' or MemberPrincipalName like '%securityadmin_%' -go -~~START~~ -varchar#!#varchar -sysadmin#!#jdbc_user -securityadmin#!#securityadmin_login1 -sysadmin#!#securityadmin_restrict_new_login -~~END~~ - - --- terminate-tsql-conn - --- tsql user=securityadmin_restrict_new_login password=12345678 -select * from securityadmin_show_role_mem where MemberPrincipalName like 'jdbc_user' or MemberPrincipalName like '%securityadmin_%' -go -~~START~~ -varchar#!#varchar -sysadmin#!#jdbc_user -securityadmin#!#securityadmin_login1 -sysadmin#!#securityadmin_restrict_new_login -~~END~~ - - -select bbf_is_member_of_role_nosuper(suser_id(), suser_id('securityadmin')) -go -~~START~~ -bit -0 -~~END~~ - - -select bbf_is_member_of_role_nosuper(suser_id(), suser_id('sysadmin')) -go -~~START~~ -bit -1 -~~END~~ - - -select is_srvrolemember ('sysadmin') -go -~~START~~ -int -1 -~~END~~ - - -select is_srvrolemember ('securityadmin') -go -~~START~~ -int -1 -~~END~~ - - -select current_user, db_name() -go -~~START~~ -varchar#!#nvarchar -dbo#!#master -~~END~~ - - -CREATE ROLE securityadmin_restrictions_role; -GO - - --- a tsql login should not be able to drop securityadmin explicitly from tsql port --- should be denied -ALTER ROLE securityadmin_restrictions_role ADD MEMBER securityadmin; -GO -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: role "master_securityadmin" does not exist)~~ - - -DROP LOGIN securityadmin; -GO -~~ERROR (Code: 33557097)~~ - -~~ERROR (Message: Cannot drop the login 'securityadmin', because it does not exist or you do not have permission.)~~ - - -DROP ROLE securityadmin_restrictions_role; -GO - --- terminate-tsql-conn user=securityadmin_restrict_new_login password=12345678 - --- psql -create role securityadmin_restrict_new_pg_role -go - --- psql user=securityadmin_restrict_new_login password=12345678 --- a tsql login should not be able to alter/grant/drop securityadmin from pg port -ALTER ROLE securityadmin NOCREATEROLE; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -ALTER ROLE securityadmin WITH PASSWORD '12345678'; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -ALTER ROLE securityadmin VALID UNTIL 'infinity'; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -ALTER ROLE securityadmin WITH CONNECTION LIMIT 1; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -GRANT securityadmin TO securityadmin_restrict_new_login; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -GRANT securityadmin TO securityadmin_restrict_new_pg_role -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -GRANT sysadmin TO securityadmin -go -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -GRANT securityadmin TO securityadmin -go -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -GRANT securityadmin_restrict_new_login TO securityadmin; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -REVOKE securityadmin FROM master_dbo; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -REVOKE master_dbo FROM securityadmin; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -DROP ROLE securityadmin; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be dropped or altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -SET SESSION AUTHORIZATION securityadmin; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: permission denied to set session authorization "securityadmin" - Server SQLState: 42501)~~ - - -SET ROLE securityadmin; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: permission denied to set role "securityadmin" - Server SQLState: 42501)~~ - - --- try granting object ownership to securityadmin -ALTER schema master_securityadmin_scm1 owner to securityadmin; -go -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: must be able to SET ROLE "securityadmin" - Server SQLState: 42501)~~ - - -ALTER table master_dbo.securityadmin_tb1 owner to securityadmin; -go -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: must be able to SET ROLE "securityadmin" - Server SQLState: 42501)~~ - - -ALTER procedure master_dbo.securityadmin_proc1 owner to securityadmin; -go -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: must be able to SET ROLE "securityadmin" - Server SQLState: 42501)~~ - - -ALTER function master_dbo.securityadmin_func1 owner to securityadmin; -go -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: must be able to SET ROLE "securityadmin" - Server SQLState: 42501)~~ - - --- psql --- drop role -drop role securityadmin_restrict_new_pg_role -go - --- normal PG user -CREATE USER securityadmin_restrictions_pg_user WITH LOGIN CREATEROLE PASSWORD '12345678' inherit; -go - --- psql user=securityadmin_restrictions_pg_user password=12345678 --- a normal psql user should not be able to alter/grant/drop securityadmin from pg port -ALTER ROLE securityadmin NOCREATEROLE; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - --- Altering a role by an underprivileged login should be restricted -alter user securityadmin_restrict_new_login with password '123' -go -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: permission denied to alter role - Detail: To change another role's password, the current user must have the CREATEROLE attribute and the ADMIN option on the role. - Server SQLState: 42501)~~ - - -ALTER ROLE securityadmin WITH PASSWORD '12345678'; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -ALTER ROLE securityadmin VALID UNTIL 'infinity'; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -ALTER ROLE securityadmin WITH CONNECTION LIMIT 1; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -GRANT securityadmin TO securityadmin_restrict_new_login; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -GRANT securityadmin_restrict_new_login TO securityadmin; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -REVOKE securityadmin FROM master_dbo; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -REVOKE sysadmin FROM securityadmin -go -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -REVOKE securityadmin FROM securityadmin -go -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -REVOKE master_dbo FROM securityadmin; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -DROP ROLE securityadmin; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be dropped or altered outside of a Babelfish session - Server SQLState: 42501)~~ - - -SET SESSION AUTHORIZATION securityadmin; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: permission denied to set session authorization "securityadmin" - Server SQLState: 42501)~~ - - -SET ROLE securityadmin; -GO -~~ERROR (Code: 0)~~ - -~~ERROR (Message: ERROR: permission denied to set role "securityadmin" - Server SQLState: 42501)~~ - - --- tsql -EXEC sp_dropserver 'server_4229', 'droplogins' -GO - -EXEC sp_dropserver 'Accounts', 'droplogins' -GO - --- terminate-tsql-conn - --- psql --- Drop extension only if not user mapping exists for bbf_server --- Needed so that same test can be reused in upgrade in conjunction --- with tests for OPENQUERY -DO -$$ -BEGIN -IF NOT EXISTS (SELECT * FROM pg_user_mappings WHERE srvname = 'bbf_server') THEN - SET client_min_messages = 'error'; - DROP EXTENSION tds_fdw CASCADE; -END IF; -END -$$ -GO - --- psql --- Need to terminate active session before cleaning up the login -SELECT pg_terminate_backend(pid) FROM pg_stat_get_activity(NULL) -WHERE sys.suser_name(usesysid) = 'securityadmin_restrict_new_login' AND backend_type = 'client backend' AND usesysid IS NOT NULL; -go -~~START~~ -bool -t -~~END~~ - - -DROP USER securityadmin_restrictions_pg_user; -GO - --- Wait to sync with another session -SELECT pg_sleep(1); -GO -~~START~~ -void - -~~END~~ - - --- tsql - -ALTER SERVER ROLE sysadmin drop MEMBER securityadmin_restrict_new_login; -GO - -DROP LOGIN securityadmin_restrict_new_login -GO +se \ No newline at end of file diff --git a/test/JDBC/expected/z_sp_helplogins-vu-prepare.out b/test/JDBC/expected/z_sp_helplogins-vu-prepare.out index 06c3b973c90..5188d6f553f 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-prepare.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-prepare.out @@ -11,27 +11,10 @@ create login sp_helplogins_testlogin with password = '12345678' create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin GO -create login testloginwithsecurityadmin with password = '12345678' -create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin -GO - --- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 -use sp_helplogins_db1 -GO -create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin -GO -use master -GO - -- create a login which does not have any users create login testloginwithoutusers with password = '12345678' GO --- create a login which is a member of securityadmin server role --- and has a user with db_securityadmin role in sp_helplogins_db1 -create login testloginwithsecurityadmin2 with password = '12345678' -GO - -- create a login and a user in sp_helplogins_db1 create login testloginindb1 with password = '12345678' GO @@ -42,9 +25,6 @@ GO create user userof_testloginindb1 for login testloginindb1 GO -create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 -GO - create login testloginwithotherdefdb with password = '12345678', default_database = sp_helplogins_db1 GO diff --git a/test/JDBC/expected/z_sp_helplogins-vu-verify.out b/test/JDBC/expected/z_sp_helplogins-vu-verify.out index 4ea9eb00e19..4cbc9805352 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-verify.out @@ -1,12 +1,32 @@ -- tsql --------- alter all logins password for dnr and upgrade -alter login sp_helplogins_testlogin with password = '12345678' + +-- creating dependent logins in verify +create login testloginwithsecurityadmin with password = '12345678' +create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin +GO + +-- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 +use sp_helplogins_db1 +GO +create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin +GO +use master GO -alter login testloginwithsecurityadmin with password = '12345678' +-- create a login which is a member of securityadmin server role +-- and has a user with db_securityadmin role in sp_helplogins_db1 +create login testloginwithsecurityadmin2 with password = '12345678' GO -alter login testloginwithsecurityadmin2 with password = '12345678' +use sp_helplogins_db1 +GO +create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 +GO +use master +GO + +-------- alter all logins password for dnr and upgrade +alter login sp_helplogins_testlogin with password = '12345678' GO alter login testloginwithotherdefdb with password = '12345678' diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix index 907375a63a4..97b2306db05 100644 --- a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix @@ -11,27 +11,10 @@ create login sp_helplogins_testlogin with password = '12345678' create user userof_sp_helplogins_testlogin for login sp_helplogins_testlogin GO -create login testloginwithsecurityadmin with password = '12345678' -create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin -GO - --- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 -use sp_helplogins_db1 -GO -create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin -GO -use master -GO - -- create a login which does not have any users create login testloginwithoutusers with password = '12345678' GO --- create a login which is a member of securityadmin server role --- and has a user with db_securityadmin role in sp_helplogins_db1 -create login testloginwithsecurityadmin2 with password = '12345678' -GO - -- create a login and a user in sp_helplogins_db1 create login testloginindb1 with password = '12345678' GO @@ -42,9 +25,6 @@ GO create user userof_testloginindb1 for login testloginindb1 GO -create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 -GO - create login testloginwithotherdefdb with password = '12345678', default_database = sp_helplogins_db1 GO diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix index 580776e25db..c83d7d77dcc 100644 --- a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix @@ -1,12 +1,32 @@ -- tsql --------- alter all logins password for dnr and upgrade -alter login sp_helplogins_testlogin with password = '12345678' + +-- creating dependent logins in verify +create login testloginwithsecurityadmin with password = '12345678' +create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin +GO + +-- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 +use sp_helplogins_db1 +GO +create user userof_testloginwithsecurityadmin_indb1 for login testloginwithsecurityadmin +GO +use master GO -alter login testloginwithsecurityadmin with password = '12345678' +-- create a login which is a member of securityadmin server role +-- and has a user with db_securityadmin role in sp_helplogins_db1 +create login testloginwithsecurityadmin2 with password = '12345678' GO -alter login testloginwithsecurityadmin2 with password = '12345678' +use sp_helplogins_db1 +GO +create user userof_testloginwithsecurityadmin2 for login testloginwithsecurityadmin2 +GO +use master +GO + +-------- alter all logins password for dnr and upgrade +alter login sp_helplogins_testlogin with password = '12345678' GO alter login testloginwithotherdefdb with password = '12345678' From 589aaa631f9bf0169a9ed0a078a019aa662142c6 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Thu, 29 May 2025 17:32:15 +0000 Subject: [PATCH 45/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../expected/securityadmin_role-vu-verify.out | 1700 ++++++++++++++++- 1 file changed, 1699 insertions(+), 1 deletion(-) diff --git a/test/JDBC/expected/securityadmin_role-vu-verify.out b/test/JDBC/expected/securityadmin_role-vu-verify.out index 7bf765ff08e..e7c3b267bd6 100644 --- a/test/JDBC/expected/securityadmin_role-vu-verify.out +++ b/test/JDBC/expected/securityadmin_role-vu-verify.out @@ -1 +1,1699 @@ -se \ No newline at end of file +-- tsql +select is_srvrolemember('sysadmin', 'securityadmin') +go +~~START~~ +int +0 +~~END~~ + + +select is_srvrolemember('securityadmin', 'sysadmin') +go +~~START~~ +int +0 +~~END~~ + + +select is_srvrolemember('securityadmin','securityadmin') +go +~~START~~ +int +0 +~~END~~ + + +alter login securityadmin_login1 with password='123' +go + +alter login no_securityadmin_login1 with password='123' +go + +TRUNCATE TABLE sadm_sp_helpsrvrolemember_tbl +GO + +-- sp_helpsrvrolemember +INSERT INTO sadm_sp_helpsrvrolemember_tbl (ServerRole, MemberName, MemberSID) EXEC sp_helpsrvrolemember 'securityadmin' +GO + +SELECT ServerRole, MemberName, (CASE WHEN MemberSID IS NULL THEN 0 ELSE 1 END) FROM sadm_sp_helpsrvrolemember_tbl where MemberName like '%securityadmin%' +GO +~~START~~ +varchar#!#varchar#!#int +~~END~~ + + +-- make login member of securityadmin +Alter server role securityadmin add member securityadmin_login1 +go + +select * from securityadmin_show_role_mem where MemberPrincipalName like 'jdbc_user' or MemberPrincipalName like '%securityadmin_%' +go +~~START~~ +varchar#!#varchar +sysadmin#!#jdbc_user +securityadmin#!#securityadmin_login1 +~~END~~ + + +-- should error out +create login securityadmin with password = '123' +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: The Server principal 'securityadmin' already exists)~~ + + +-- terminate-tsql-conn + +-- tsql user=securityadmin_login1 password=123 +-- Case 1 - positives +-- securityadmin's login privileges +-- alter server role securityadmin should be allowed +select bbf_is_member_of_role_nosuper(suser_id(), suser_id('securityadmin')) +go +~~START~~ +bit +1 +~~END~~ + + +select bbf_is_member_of_role_nosuper(suser_id(), suser_id('sysadmin')) +go +~~START~~ +bit +0 +~~END~~ + + +Alter server role securityadmin add member no_securityadmin_login1 +go + +Alter server role securityadmin drop member no_securityadmin_login1 +go + +-- create login should be allowed +-- windows login +create login [babel\securityadmin_l1] from windows; +go + +-- password based login +create login securityadmin_l2 with password = '123' +go + +-- alter login should be allowed +-- password based login +alter login securityadmin_l2 with password = '123' +go + +ALTER LOGIN securityadmin_l2 WITH PASSWORD = '1234' OLD_PASSWORD = '123'; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: 'OLD_PASSWORD' is not currently supported in Babelfish. please use babelfishpg_tsql.escape_hatch_login_old_password to ignore)~~ + + +ALTER LOGIN securityadmin_l2 disable; +go + +ALTER LOGIN securityadmin_l2 enable; +go + +ALTER LOGIN securityadmin_l2 with default_database=securityadmin_db1; +go + +-- windows login +alter login [babel\securityadmin_l1] with PASSWORD='123' +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot use parameter PASSWORD for a windows login)~~ + + +ALTER LOGIN [babel\securityadmin_l1] WITH PASSWORD = '1234' OLD_PASSWORD = '123'; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: 'OLD_PASSWORD' is not currently supported in Babelfish. please use babelfishpg_tsql.escape_hatch_login_old_password to ignore)~~ + + +ALTER LOGIN [babel\securityadmin_l1] disable; +go + +ALTER LOGIN [babel\securityadmin_l1] enable; +go + +ALTER LOGIN [babel\securityadmin_l1] with default_database=securityadmin_db1; +go + +-- make altering login member of securityadmin +Alter server role securityadmin add member securityadmin_l2 +go + +-- alter securityadmin member login +-- allowed +alter login securityadmin_l2 with password = '123' +go + +-- drop login should be allowed +-- password based login +drop login securityadmin_l2 +go + +-- windows login +drop login [babel\securityadmin_l1] +go + +-- grant server permissions (currently not supported) +-- few examples +GRANT CONTROL SERVER TO no_securityadmin_login1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: 'GRANT Database' is not currently supported in Babelfish)~~ + + +GRANT ALTER ANY EVENT NOTIFICATION TO no_securityadmin_login1 WITH GRANT OPTION; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: 'GRANT Database' is not currently supported in Babelfish)~~ + + +GRANT ALTER ANY DATABASE TO no_securityadmin_login1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: 'GRANT Database' is not currently supported in Babelfish)~~ + + + +-- terminate-tsql-conn user=securityadmin_login1 password=123 + +-- tsql user=no_securityadmin_login1 password=123 +-- grant database permissions (only connect is supported) +-- allowed +use securityadmin_db1 +go + +-- terminate-tsql-conn user=no_securityadmin_login1 password=123 + +-- tsql user=securityadmin_login1 password=123 database=securityadmin_db1 +REVOKE CONNECT FROM no_securityadmin_user1 +go + +-- unsupported +GRANT SHOWPLAN TO no_securityadmin_user1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: 'GRANT Database' is not currently supported in Babelfish)~~ + + +GRANT CREATE VIEW TO no_securityadmin_user1 WITH GRANT OPTION; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: 'GRANT Database' is not currently supported in Babelfish)~~ + + +-- terminate-tsql-conn user=securityadmin_login1 password=123 database=securityadmin_db1 + +-- tsql user=no_securityadmin_login1 password=123 +-- connection revoked +use securityadmin_db1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: The server principal "no_securityadmin_login1" is not able to access the database "securityadmin_db1" under the current security context)~~ + + +-- terminate-tsql-conn user=no_securityadmin_login1 password=123 + +-- tsql user=securityadmin_login1 password=123 database=securityadmin_db1 +-- revoke server permissions (currently not supported) +-- few examples +REVOKE CONTROL SERVER FROM no_securityadmin_login1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: 'REVOKE Database' is not currently supported in Babelfish)~~ + + +REVOKE ALTER ANY EVENT NOTIFICATION FROM no_securityadmin_login1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: 'REVOKE Database' is not currently supported in Babelfish)~~ + + +REVOKE ALTER ANY DATABASE FROM no_securityadmin_login1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: 'REVOKE Database' is not currently supported in Babelfish)~~ + + +-- grant database permissions (only connect is supported) +GRANT CONNECT TO no_securityadmin_user1 +go + +-- terminate-tsql-conn user=securityadmin_login1 password=123 database=securityadmin_db1 + +-- tsql user=no_securityadmin_login1 password=123 +use securityadmin_db1 +go + +-- Check unprivileged login should not have access +-- permission denied +EXEC sp_addlinkedsrvlogin 'Accounts', 'False' +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + + +EXEC sp_droplinkedsrvlogin 'Accounts', NULL +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + + +Alter server role securityadmin add member no_securityadmin_login1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Current login no_securityadmin_login1 does not have permission to alter server role)~~ + + +Alter server role securityadmin drop member no_securityadmin_login1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Current login no_securityadmin_login1 does not have permission to alter server role)~~ + + +-- only current login and fixed server roles +SELECT name, type, type_desc, default_database_name, default_language_name, credential_id, owning_principal_id, is_fixed_role +FROM sys.server_principals ORDER BY name +GO +~~START~~ +varchar#!#char#!#nvarchar#!#varchar#!#varchar#!#int#!#int#!#bit +dbcreator#!#R#!#SERVER_ROLE#!##!#English#!##!#1#!#1 +jdbc_user#!#S#!#SQL_LOGIN#!#master#!#English#!#-1#!#-1#!#0 +no_securityadmin_login1#!#S#!#SQL_LOGIN#!#master#!#English#!#-1#!#-1#!#0 +public#!#R#!#SERVER_ROLE#!##!##!##!#1#!#0 +securityadmin#!#R#!#SERVER_ROLE#!##!#English#!##!#1#!#1 +sysadmin#!#R#!#SERVER_ROLE#!##!#English#!##!#1#!#1 +~~END~~ + + +-- only current login +select name, type, usage from sys.login_token order by name; +go +~~START~~ +nvarchar#!#nvarchar#!#nvarchar +no_securityadmin_login1#!#SQL LOGIN#!#GRANT OR DENY +public#!#SERVER ROLE#!#GRANT OR DENY +~~END~~ + + +-- terminate-tsql-conn user=no_securityadmin_login1 password=123 + +-- tsql user=securityadmin_login1 password=123 +-- unsupported +REVOKE SHOWPLAN FROM no_securityadmin_user1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: 'REVOKE Database' is not currently supported in Babelfish)~~ + + +REVOKE CREATE VIEW FROM no_securityadmin_user1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: 'REVOKE Database' is not currently supported in Babelfish)~~ + + +-- System objects +-- All rows of server_prinicipals view should be visible to securityadmin login +-- limited rows should get displayed +SELECT name, type, type_desc, default_database_name, default_language_name, credential_id, owning_principal_id, is_fixed_role +FROM sys.server_principals +WHERE name in ('jdbc_user', 'sysadmin', 'public', 'securityadmin') ORDER BY name; +GO +~~START~~ +varchar#!#char#!#nvarchar#!#varchar#!#varchar#!#int#!#int#!#bit +jdbc_user#!#S#!#SQL_LOGIN#!#master#!#English#!#-1#!#-1#!#0 +public#!#R#!#SERVER_ROLE#!##!##!##!#1#!#0 +securityadmin#!#R#!#SERVER_ROLE#!##!#English#!##!#1#!#1 +sysadmin#!#R#!#SERVER_ROLE#!##!#English#!##!#1#!#1 +~~END~~ + + +SELECT name, type, type_desc, default_database_name, default_language_name, credential_id, owning_principal_id, is_fixed_role +FROM sys.server_principals name WHERE name like '%securityadmin%' ORDER BY name; +GO +~~START~~ +varchar#!#char#!#nvarchar#!#varchar#!#varchar#!#int#!#int#!#bit +no_securityadmin_login1#!#S#!#SQL_LOGIN#!#master#!#English#!#-1#!#-1#!#0 +securityadmin#!#R#!#SERVER_ROLE#!##!#English#!##!#1#!#1 +securityadmin_login1#!#S#!#SQL_LOGIN#!#master#!#English#!#-1#!#-1#!#0 +~~END~~ + + +-- current login along with current fixed role should be visible +select name, type, usage from sys.login_token order by name; +go +~~START~~ +nvarchar#!#nvarchar#!#nvarchar +public#!#SERVER ROLE#!#GRANT OR DENY +securityadmin#!#SERVER ROLE#!#GRANT OR DENY +securityadmin_login1#!#SQL LOGIN#!#GRANT OR DENY +~~END~~ + + +select name, sysadmin, securityadmin from syslogins where name like '%securityadmin%' order by name +go +~~START~~ +varchar#!#int#!#int +no_securityadmin_login1#!#0#!#0 +securityadmin_login1#!#0#!#1 +~~END~~ + + +-- should return 0 +select is_srvrolemember ('sysadmin') +go +~~START~~ +int +0 +~~END~~ + + +-- should return 1 +select is_srvrolemember ('securityadmin') +go +~~START~~ +int +1 +~~END~~ + + +select is_srvrolemember ('securityadmin', 'securityadmin_login1') +go +~~START~~ +int +1 +~~END~~ + + +-- terminate-tsql-conn user=securityadmin_login1 password=123 + +-- psql +SET client_min_messages = 'error'; +CREATE EXTENSION IF NOT EXISTS tds_fdw; +GO + +-- securityadmin should not have membership in database guest role +SELECT roleid::regrole, member::regrole FROM pg_auth_members WHERE member = 'securityadmin'::regrole; +go +~~START~~ +regrole#!#regrole +~~END~~ + + +-- tsql +-- Add localhost as linked server +EXEC sp_addlinkedserver @server = N'server_4229', @srvproduct=N'', @provider=N'SQLNCLI', @datasrc=N'localhost', @catalog=N'master' +GO + +EXEC sp_addlinkedserver 'Accounts' +GO + +-- Add jdbc_user as linked server login +EXEC sp_addlinkedsrvlogin @rmtsrvname = 'server_4229', @useself = 'FALSE', @rmtuser = 'jdbc_user', @rmtpassword = '12345678' +GO + +drop database securityadmin_db1 +go + +-- terminate-tsql-conn + +-- tsql user=securityadmin_login1 password=123 +EXEC sp_addlinkedsrvlogin 'Accounts', 'False' +GO + +EXEC sp_droplinkedsrvlogin 'Accounts', NULL +GO + +-- inside procedure +exec securityadmin_create_login_p1 +go + +exec securityadmin_alter_login_p1 +go + +exec securityadmin_add_mem_p1 +go + +exec securityadmin_drop_mem_p1 +go + +exec securityadmin_drop_login_p1 +go + +-- terminate-tsql-conn user=securityadmin_login1 password=123 + +-- tsql +-- login is member of both securityadmin as well as sysadmin +drop user securityadmin_user1 +go + +Alter server role sysadmin add member securityadmin_login1 +go + +create database securityadmin_db1 +go + +-- terminate-tsql-conn + +-- psql +-- should not have membership in database guest role +SELECT roleid::regrole, member::regrole FROM pg_auth_members WHERE member = 'securityadmin'::regrole; +go +~~START~~ +regrole#!#regrole +~~END~~ + + +-- tsql user=securityadmin_login1 password=123 +-- it should be able to connect to the database +use securityadmin_db1 +go + +-- it should be dbo +select current_user +go +~~START~~ +varchar +dbo +~~END~~ + + +-- both attribute should be true +select rolname, rolcreaterole, rolcreatedb from pg_roles where rolname = 'securityadmin_login1' +go +~~START~~ +varchar#!#bit#!#bit +securityadmin_login1#!#1#!#1 +~~END~~ + + +-- terminate-tsql-conn user=securityadmin_login1 password=123 + +-- tsql +-- only member of securityadmin +alter server role sysadmin drop member securityadmin_login1 +go + +create user securityadmin_user1 for login securityadmin_login1 +go + +-- terminate-tsql-conn + +-- tsql user=securityadmin_login1 password=123 + +-- only rolcreaterole attribute should be true +select rolname, rolcreaterole, rolcreatedb from pg_roles where rolname = 'securityadmin_login1' +go +~~START~~ +varchar#!#bit#!#bit +securityadmin_login1#!#1#!#0 +~~END~~ + + +-- should be able to create/drop login +create login test_securityadmin_l1 with password ='123' +go + +drop login test_securityadmin_l1 +go + +-- terminate-tsql-conn user=securityadmin_login1 password=123 + +-- tsql +-- only member of sysadmin +drop user securityadmin_user1 +go + +alter server role sysadmin add member securityadmin_login1 +go + +alter server role securityadmin drop member securityadmin_login1 +go + +-- terminate-tsql-conn + +-- tsql user=securityadmin_login1 password=123 + +-- both attribute should be true +select rolname, rolcreaterole, rolcreatedb from pg_roles where rolname = 'securityadmin_login1' +go +~~START~~ +varchar#!#bit#!#bit +securityadmin_login1#!#1#!#1 +~~END~~ + + +-- should be able to create/drop login +create login test_securityadmin_l1 with password ='123' +go + +drop login test_securityadmin_l1 +go + +-- should return 1 +select is_srvrolemember ('sysadmin') +go +~~START~~ +int +1 +~~END~~ + + +-- should return 1 +select is_srvrolemember ('securityadmin') +go +~~START~~ +int +1 +~~END~~ + + +-- terminate-tsql-conn user=securityadmin_login1 password=123 + +-- tsql +-- make it member of securityadmin only +alter server role sysadmin drop member securityadmin_login1 +go + +alter server role securityadmin add member securityadmin_login1 +go + +drop user no_securityadmin_user1 +go + +alter server role sysadmin add member no_securityadmin_login1 +go + +create user securityadmin_user1 for login securityadmin_login1 +go + +TRUNCATE TABLE sadm_sp_helpsrvrolemember_tbl +GO + +-- sp_helpsrvrolemember +INSERT INTO sadm_sp_helpsrvrolemember_tbl (ServerRole, MemberName, MemberSID) EXEC sp_helpsrvrolemember 'securityadmin' +GO +~~ROW COUNT: 1~~ + + +SELECT ServerRole, MemberName, (CASE WHEN MemberSID IS NULL THEN 0 ELSE 1 END) FROM sadm_sp_helpsrvrolemember_tbl where MemberName like '%securityadmin%' +GO +~~START~~ +varchar#!#varchar#!#int +securityadmin#!#securityadmin_login1#!#1 +~~END~~ + + +-- terminate-tsql-conn + +-- tsql user=securityadmin_login1 password=123 +-- Case 2 - negatives +-- alter server role sysadmin should give permission denied +Alter server role sysadmin add member no_securityadmin_login1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Current login securityadmin_login1 does not have permission to alter server role)~~ + + +-- alter server role securityadmin add member db roles should error out +Alter server role securityadmin add member guest +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: role "guest" does not exist)~~ + + +-- alter sysadmin login should give permission denied +-- login which is altered is member of sysadmin +Alter login no_securityadmin_login1 with password ='123' +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot alter the login 'no_securityadmin_login1', because it does not exist or you do not have permission.)~~ + + +-- terminate-tsql-conn user=securityadmin_login1 password=123 + +-- tsql +-- make member of securityadmin as well +alter server role securityadmin add member no_securityadmin_login1 +go + +-- terminate-tsql-conn + +-- tsql user=securityadmin_login1 password=123 +-- login which is altered is member of sysadmin and securityadmin both +-- permission denied +Alter login no_securityadmin_login1 with password ='123' +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot alter the login 'no_securityadmin_login1', because it does not exist or you do not have permission.)~~ + + +-- terminate-tsql-conn user=securityadmin_login1 password=123 + +-- tsql +alter server role securityadmin drop member no_securityadmin_login1 +go + +alter server role sysadmin drop member no_securityadmin_login1 +go + +create user no_securityadmin_user1 for login no_securityadmin_login1 +go + +create role dummy_role +go + +drop database securityadmin_db1 +go + +-- terminate-tsql-conn + +-- tsql user=securityadmin_login1 password=123 +-- should error out +Alter server role securityadmin add member dummy_role +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: role "dummy_role" does not exist)~~ + + +-- create database permission denied +create database perm_denied_db +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied to create database)~~ + + +-- terminate-tsql-conn user=securityadmin_login1 password=123 + +-- tsql +drop role dummy_role +go + +create database securityadmin_db1 +go + +use securityadmin_db1 +go + +create user securityadmin_user1 for login securityadmin_login1 +go + +create user no_securityadmin_user1 for login no_securityadmin_login1 +go + +use master +go + +GRANT select on securityadmin_tb1 to guest +go + +-- terminate-tsql-conn + +-- tsql user=securityadmin_login1 password=123 +-- alter database permission denied +alter database securityadmin_db1 modify name = rename_db_database1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to rename the database 'securityadmin_db1', the database does not exist, or the database is not in a state that allows access checks.)~~ + + +alter authorization on database::securityadmin_db1 to no_securityadmin_login1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot find the principal 'no_securityadmin_login1', because it does not exist or you do not have permission.)~~ + + +-- drop database permission denied +drop database securityadmin_db1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of database securityadmin_db1)~~ + + +-- securityadmin login's mapped user should not have any priv +select current_user, db_name() +go +~~START~~ +varchar#!#nvarchar +securityadmin_user1#!#master +~~END~~ + + +-- should not be able to select on table +select * from securityadmin_tb1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table securityadmin_tb1)~~ + + +select suser_name() +go +~~START~~ +nvarchar +securityadmin_login1 +~~END~~ + + +-- allowed +create login securityadmin_l2 with password = '123' +go + +-- create objects/user permission denied +create user securityadmin_l2 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + + +create role securityadmin_role1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + + +create schema perm_denied_scm +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for database babelfish_db)~~ + + +create view perm_denied_v1 as select 1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + + +create table perm_denied_tb1 (a int); +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + + +select 1 into perm_denied_tb2; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + + +create function perm_denied_func1() returns int as begin return 1 end; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + + +create procedure perm_denied_proc1 as begin select 1; end +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + + +create type perm_denied_typ1 from int; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + + +create index perm_denied_index1 on securityadmin_tb1(a); +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table securityadmin_tb1)~~ + + +CREATE FUNCTION perm_denied_func1() RETURNS TABLE AS RETURN ( SELECT 1 AS Value); +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + + +-- DMLS on object permission denied +Alter user no_securityadmin_user1 with DEFAULT_SCHEMA=securityadmin_scm1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Current user does not have privileges to change schema)~~ + + +Alter role securityadmin_rol add member no_securityadmin_user1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Current login securityadmin_login1 does not have permission to alter role master_securityadmin_rol)~~ + + +Alter role securityadmin_rol drop member no_securityadmin_user1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Current login securityadmin_login1 does not have permission to alter role master_securityadmin_rol)~~ + + +Alter table securityadmin_tb1 add b int +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table securityadmin_tb1)~~ + + +Insert into securityadmin_tb1 values (1) +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table securityadmin_tb1)~~ + + +UPDATE securityadmin_tb1 SET a = 2 where a = 1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table securityadmin_tb1)~~ + + +DELETE FROM securityadmin_tb1 WHERE a = 1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table securityadmin_tb1)~~ + + +TRUNCATE TABLE securityadmin_tb1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table securityadmin_tb1)~~ + + +select * from securityadmin_tb1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table securityadmin_tb1)~~ + + +select * from securityadmin_v1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view securityadmin_v1)~~ + + +select securityadmin_func1() +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function securityadmin_func1)~~ + + +exec securityadmin_proc1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for procedure securityadmin_proc1)~~ + + +Enable trigger securityadmin_tggr1 on securityadmin_tb1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table securityadmin_tb1)~~ + + +Disable trigger securityadmin_tggr1 on securityadmin_tb1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table securityadmin_tb1)~~ + + +-- grant on objects permission denied +Grant select on securityadmin_tb1 to no_securityadmin_user1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table securityadmin_tb1)~~ + + +Grant update on securityadmin_v1 to no_securityadmin_user1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table securityadmin_v1)~~ + + +Grant update on securityadmin_v1 to no_securityadmin_user1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table securityadmin_v1)~~ + + +Grant exec on securityadmin_func1 to no_securityadmin_user1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function securityadmin_func1)~~ + + +Grant exec on securityadmin_proc1 to no_securityadmin_user1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function securityadmin_proc1)~~ + + +-- Revoke on objects permission denied +Revoke select on securityadmin_tb1 from no_securityadmin_user1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table securityadmin_tb1)~~ + + +Revoke update on securityadmin_v1 from no_securityadmin_user1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table securityadmin_v1)~~ + + +Revoke update on securityadmin_v1 from no_securityadmin_user1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table securityadmin_v1)~~ + + +Revoke exec on securityadmin_func1 from no_securityadmin_user1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function securityadmin_func1)~~ + + +Revoke exec on securityadmin_proc1 from no_securityadmin_user1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function securityadmin_proc1)~~ + + +-- grant on schema +-- permission denied +grant select on securityadmin_v1 to no_securityadmin_user1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table securityadmin_v1)~~ + +grant select on dbo.securityadmin_v1 to no_securityadmin_user1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table securityadmin_v1)~~ + +grant execute on securityadmin_proc1 to no_securityadmin_user1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function securityadmin_proc1)~~ + +grant execute on dbo.securityadmin_proc1 to no_securityadmin_user1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function securityadmin_proc1)~~ + + +-- revoke on schema +-- permission denied +revoke select on securityadmin_v1 from no_securityadmin_user1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table securityadmin_v1)~~ + +revoke select on dbo.securityadmin_v1 from no_securityadmin_user1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table securityadmin_v1)~~ + +revoke execute on securityadmin_proc1 from no_securityadmin_user1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function securityadmin_proc1)~~ + +revoke execute on dbo.securityadmin_proc1 from no_securityadmin_user1; +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function securityadmin_proc1)~~ + + +-- drop object permission denied +drop user securityadmin_l2 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the user 'securityadmin_l2', because it does not exist or you do not have permission.)~~ + + +drop role securityadmin_rol +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the role 'securityadmin_rol', because it does not exist or you do not have permission.)~~ + + +drop schema securityadmin_scm1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of schema master_securityadmin_scm1)~~ + + +drop view securityadmin_show_role_mem +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of view securityadmin_show_role_mem)~~ + + +drop TRIGGER securityadmin_tggr1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of relation securityadmin_tb1)~~ + + +drop table securityadmin_tb1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table securityadmin_tb1)~~ + + +drop view securityadmin_v1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of view securityadmin_v1)~~ + + +drop function securityadmin_func1() +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of function securityadmin_func1)~~ + + +drop procedure securityadmin_proc1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of procedure securityadmin_proc1)~~ + + +-- allowed drop login +drop login securityadmin_l2 +go + +-- terminate-tsql-conn user=securityadmin_login1 password=123 + + +-- tsql database=securityadmin_db1 +-- securityadmin login should not get mapped to dbo if no user exist, it should disconnect +drop user securityadmin_user1 +go + +-- terminate-tsql-conn database=securityadmin_db1 + +-- tsql user=securityadmin_login1 password=123 +-- it should disconnect +use securityadmin_db1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: The server principal "securityadmin_login1" is not able to access the database "securityadmin_db1" under the current security context)~~ + + +-- tsql +-- Case 3 - alter server role other than securityadmin and sysadmin should give unsupported +Alter server role false_role add member no_securityadmin_login1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Only fixed server role is supported in ALTER SERVER ROLE statement)~~ + + +Alter server role serveradmin add member no_securityadmin_login1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Fixed server role 'serveradmin' is currently not supported in Babelfish)~~ + + +Alter server role setupadmin add member no_securityadmin_login1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Fixed server role 'setupadmin' is currently not supported in Babelfish)~~ + + +Alter server role processadmin add member no_securityadmin_login1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Fixed server role 'processadmin' is currently not supported in Babelfish)~~ + + +Alter server role diskadmin add member no_securityadmin_login1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Fixed server role 'diskadmin' is currently not supported in Babelfish)~~ + + +Alter server role bulkadmin add member no_securityadmin_login1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Fixed server role 'bulkadmin' is currently not supported in Babelfish)~~ + + +Alter server role false_role drop member no_securityadmin_login1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Only fixed server role is supported in ALTER SERVER ROLE statement)~~ + + +Alter server role serveradmin drop member no_securityadmin_login1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Fixed server role 'serveradmin' is currently not supported in Babelfish)~~ + + +Alter server role setupadmin drop member no_securityadmin_login1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Fixed server role 'setupadmin' is currently not supported in Babelfish)~~ + + +Alter server role processadmin drop member no_securityadmin_login1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Fixed server role 'processadmin' is currently not supported in Babelfish)~~ + + +Alter server role diskadmin drop member no_securityadmin_login1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Fixed server role 'diskadmin' is currently not supported in Babelfish)~~ + + +Alter server role bulkadmin drop member no_securityadmin_login1 +go +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Fixed server role 'bulkadmin' is currently not supported in Babelfish)~~ + + +-- terminate-tsql-conn user=securityadmin_login1 password=123 + +-- tsql +-- Case 4 - check unintended/unauthorized use of securityadmin +CREATE LOGIN securityadmin_restrict_new_login WITH password = '12345678'; +go + +ALTER SERVER ROLE sysadmin ADD MEMBER securityadmin_restrict_new_login; +GO + +select * from securityadmin_show_role_mem where MemberPrincipalName like 'jdbc_user' or MemberPrincipalName like '%securityadmin_%' +go +~~START~~ +varchar#!#varchar +sysadmin#!#jdbc_user +securityadmin#!#securityadmin_login1 +sysadmin#!#securityadmin_restrict_new_login +~~END~~ + + +-- terminate-tsql-conn + +-- tsql user=securityadmin_restrict_new_login password=12345678 +select * from securityadmin_show_role_mem where MemberPrincipalName like 'jdbc_user' or MemberPrincipalName like '%securityadmin_%' +go +~~START~~ +varchar#!#varchar +sysadmin#!#jdbc_user +securityadmin#!#securityadmin_login1 +sysadmin#!#securityadmin_restrict_new_login +~~END~~ + + +select bbf_is_member_of_role_nosuper(suser_id(), suser_id('securityadmin')) +go +~~START~~ +bit +0 +~~END~~ + + +select bbf_is_member_of_role_nosuper(suser_id(), suser_id('sysadmin')) +go +~~START~~ +bit +1 +~~END~~ + + +select is_srvrolemember ('sysadmin') +go +~~START~~ +int +1 +~~END~~ + + +select is_srvrolemember ('securityadmin') +go +~~START~~ +int +1 +~~END~~ + + +select current_user, db_name() +go +~~START~~ +varchar#!#nvarchar +dbo#!#master +~~END~~ + + +CREATE ROLE securityadmin_restrictions_role; +GO + + +-- a tsql login should not be able to drop securityadmin explicitly from tsql port +-- should be denied +ALTER ROLE securityadmin_restrictions_role ADD MEMBER securityadmin; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: role "master_securityadmin" does not exist)~~ + + +DROP LOGIN securityadmin; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the login 'securityadmin', because it does not exist or you do not have permission.)~~ + + +DROP ROLE securityadmin_restrictions_role; +GO + +-- terminate-tsql-conn user=securityadmin_restrict_new_login password=12345678 + +-- psql +create role securityadmin_restrict_new_pg_role +go + +-- psql user=securityadmin_restrict_new_login password=12345678 +-- a tsql login should not be able to alter/grant/drop securityadmin from pg port +ALTER ROLE securityadmin NOCREATEROLE; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +ALTER ROLE securityadmin WITH PASSWORD '12345678'; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +ALTER ROLE securityadmin VALID UNTIL 'infinity'; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +ALTER ROLE securityadmin WITH CONNECTION LIMIT 1; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +GRANT securityadmin TO securityadmin_restrict_new_login; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +GRANT securityadmin TO securityadmin_restrict_new_pg_role +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +GRANT sysadmin TO securityadmin +go +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +GRANT securityadmin TO securityadmin +go +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +GRANT securityadmin_restrict_new_login TO securityadmin; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +REVOKE securityadmin FROM master_dbo; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +REVOKE master_dbo FROM securityadmin; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +DROP ROLE securityadmin; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be dropped or altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +SET SESSION AUTHORIZATION securityadmin; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: permission denied to set session authorization "securityadmin" + Server SQLState: 42501)~~ + + +SET ROLE securityadmin; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: permission denied to set role "securityadmin" + Server SQLState: 42501)~~ + + +-- try granting object ownership to securityadmin +ALTER schema master_securityadmin_scm1 owner to securityadmin; +go +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: must be able to SET ROLE "securityadmin" + Server SQLState: 42501)~~ + + +ALTER table master_dbo.securityadmin_tb1 owner to securityadmin; +go +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: must be able to SET ROLE "securityadmin" + Server SQLState: 42501)~~ + + +ALTER procedure master_dbo.securityadmin_proc1 owner to securityadmin; +go +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: must be able to SET ROLE "securityadmin" + Server SQLState: 42501)~~ + + +ALTER function master_dbo.securityadmin_func1 owner to securityadmin; +go +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: must be able to SET ROLE "securityadmin" + Server SQLState: 42501)~~ + + +-- psql +-- drop role +drop role securityadmin_restrict_new_pg_role +go + +-- normal PG user +CREATE USER securityadmin_restrictions_pg_user WITH LOGIN CREATEROLE PASSWORD '12345678' inherit; +go + +-- psql user=securityadmin_restrictions_pg_user password=12345678 +-- a normal psql user should not be able to alter/grant/drop securityadmin from pg port +ALTER ROLE securityadmin NOCREATEROLE; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +-- Altering a role by an underprivileged login should be restricted +alter user securityadmin_restrict_new_login with password '123' +go +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: permission denied to alter role + Detail: To change another role's password, the current user must have the CREATEROLE attribute and the ADMIN option on the role. + Server SQLState: 42501)~~ + + +ALTER ROLE securityadmin WITH PASSWORD '12345678'; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +ALTER ROLE securityadmin VALID UNTIL 'infinity'; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +ALTER ROLE securityadmin WITH CONNECTION LIMIT 1; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +GRANT securityadmin TO securityadmin_restrict_new_login; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +GRANT securityadmin_restrict_new_login TO securityadmin; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +REVOKE securityadmin FROM master_dbo; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +REVOKE sysadmin FROM securityadmin +go +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +REVOKE securityadmin FROM securityadmin +go +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +REVOKE master_dbo FROM securityadmin; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +DROP ROLE securityadmin; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: Babelfish-created logins/users/roles cannot be dropped or altered outside of a Babelfish session + Server SQLState: 42501)~~ + + +SET SESSION AUTHORIZATION securityadmin; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: permission denied to set session authorization "securityadmin" + Server SQLState: 42501)~~ + + +SET ROLE securityadmin; +GO +~~ERROR (Code: 0)~~ + +~~ERROR (Message: ERROR: permission denied to set role "securityadmin" + Server SQLState: 42501)~~ + + +-- tsql +EXEC sp_dropserver 'server_4229', 'droplogins' +GO + +EXEC sp_dropserver 'Accounts', 'droplogins' +GO + +-- terminate-tsql-conn + +-- psql +-- Drop extension only if not user mapping exists for bbf_server +-- Needed so that same test can be reused in upgrade in conjunction +-- with tests for OPENQUERY +DO +$$ +BEGIN +IF NOT EXISTS (SELECT * FROM pg_user_mappings WHERE srvname = 'bbf_server') THEN + SET client_min_messages = 'error'; + DROP EXTENSION tds_fdw CASCADE; +END IF; +END +$$ +GO + +-- psql +-- Need to terminate active session before cleaning up the login +SELECT pg_terminate_backend(pid) FROM pg_stat_get_activity(NULL) +WHERE sys.suser_name(usesysid) = 'securityadmin_restrict_new_login' AND backend_type = 'client backend' AND usesysid IS NOT NULL; +go +~~START~~ +bool +t +~~END~~ + + +DROP USER securityadmin_restrictions_pg_user; +GO + +-- Wait to sync with another session +SELECT pg_sleep(1); +GO +~~START~~ +void + +~~END~~ + + +-- tsql + +ALTER SERVER ROLE sysadmin drop MEMBER securityadmin_restrict_new_login; +GO + +DROP LOGIN securityadmin_restrict_new_login +GO From 76e1b7b353a6cdd087ee7d06d5f7cbbfe7072b57 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Tue, 3 Jun 2025 07:18:43 +0000 Subject: [PATCH 46/54] Handling overflow and incorrect outputs in case of certain money and smallmoney arithmetic and math functions. There were certain issues found both w.r.t overflow handling and certain functions and operations giving incorrect result for money and smallmoney datatype. This commit addresses those issues. Issue #1: Overflow of smallmoney arithmetic leading to TDS hang. Issue #2: Unhandled overflow cases leading to incorrect output. Issue #3: Fixeddecimal operators being resolved for smallmoney functions and operations leading to incorrect results. Task: BABEL-5745, BABEL-5757, BABEL-5756, BABEL-5747, BABEL-5754 Signed-off-by: Ayush Shah --- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 27 +++- .../babelfishpg_tsql--5.2.0--5.3.0.sql | 27 +++- .../expected/z_sp_helplogins-vu-cleanup.out | 9 +- .../expected/z_sp_helplogins-vu-verify.out | 125 +++++++++++++++++- .../z_sp_helplogins-vu-cleanup.mix | 9 +- .../z_sp_helplogins-vu-verify.mix | 35 +++++ 6 files changed, 217 insertions(+), 15 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index 1d0d7bcf360..5fa5c957d3a 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3792,12 +3792,13 @@ BEGIN WHERE LExt.type NOT IN ('R', 'Z') SELECT - CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, CAST('User' AS sys.varchar(8)) AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name + LEFT JOIN sys.babelfish_authid_login_ext LExt ON LExt.rolname COLLATE database_default = COALESCE(NULLIF(UExt.login_name, ''), Db.owner) WHERE UExt.type != 'R' AND UExt.orig_username != 'guest' AND has_dbaccess(UExt.database_name) = 1 AND @@ -3819,7 +3820,7 @@ BEGIN ) UNION SELECT - CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, CAST(UExt1.orig_username AS sys.SYSNAME) AS UserName, CAST('Member of' AS sys.varchar(10)) AS UserOrAlias @@ -3829,12 +3830,24 @@ BEGIN INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt1.database_name + LEFT JOIN sys.babelfish_authid_login_ext LExt ON LExt.rolname COLLATE database_default = COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) WHERE has_dbaccess(UExt2.database_name) = 1 AND ( @is_sysadmin = 1 OR UExt2.login_name = @current_username OR - ISNULL(UExt2.login_name, '') = '' + ISNULL(UExt2.login_name, '') = '' OR + EXISTS ( + SELECT 1 + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt3 ON PGR1.rolname = UExt3.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt4 ON PGR2.rolname = UExt4.rolname + WHERE UExt3.orig_username IN ('db_securityadmin', 'db_accessadmin') + AND UExt4.database_name = UExt2.database_name + AND UExt4.login_name = @current_username + ) ) END ELSE @@ -3860,19 +3873,20 @@ BEGIN WHERE LExt.type NOT IN ('R', 'Z') AND LExt.orig_loginname = @input_loginname SELECT - CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, CAST('User' AS sys.varchar(8)) AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name + LEFT JOIN sys.babelfish_authid_login_ext LExt ON LExt.rolname COLLATE database_default = COALESCE(NULLIF(UExt.login_name, ''), Db.owner) WHERE UExt.type != 'R' AND UExt.orig_username != 'guest' AND has_dbaccess(UExt.database_name) = 1 AND COALESCE(NULLIF(UExt.login_name, ''), Db.owner) = @input_loginname UNION SELECT - CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, CAST('Member of' AS sys.varchar(10)) AS UserOrAlias @@ -3882,6 +3896,7 @@ BEGIN INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt1.database_name + LEFT JOIN sys.babelfish_authid_login_ext LExt ON LExt.rolname COLLATE database_default = COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) WHERE has_dbaccess(UExt2.database_name) = 1 AND COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) = @input_loginname diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index e936ebf8426..11dcebf5338 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -235,12 +235,13 @@ BEGIN WHERE LExt.type NOT IN ('R', 'Z') SELECT - CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, CAST('User' AS sys.varchar(8)) AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt - LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name + LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name + LEFT JOIN sys.babelfish_authid_login_ext LExt ON LExt.rolname COLLATE database_default = COALESCE(NULLIF(UExt.login_name, ''), Db.owner) WHERE UExt.type != 'R' AND UExt.orig_username != 'guest' AND has_dbaccess(UExt.database_name) = 1 AND @@ -262,7 +263,7 @@ BEGIN ) UNION SELECT - CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, CAST(UExt1.orig_username AS sys.SYSNAME) AS UserName, CAST('Member of' AS sys.varchar(10)) AS UserOrAlias @@ -272,12 +273,24 @@ BEGIN INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt1.database_name + LEFT JOIN sys.babelfish_authid_login_ext LExt ON LExt.rolname COLLATE database_default = COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) WHERE has_dbaccess(UExt2.database_name) = 1 AND ( @is_sysadmin = 1 OR UExt2.login_name = @current_username OR - ISNULL(UExt2.login_name, '') = '' + ISNULL(UExt2.login_name, '') = '' OR + EXISTS ( + SELECT 1 + FROM pg_catalog.pg_auth_members AS Authmbr + INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid + INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member + INNER JOIN sys.babelfish_authid_user_ext AS UExt3 ON PGR1.rolname = UExt3.rolname + INNER JOIN sys.babelfish_authid_user_ext AS UExt4 ON PGR2.rolname = UExt4.rolname + WHERE UExt3.orig_username IN ('db_securityadmin', 'db_accessadmin') + AND UExt4.database_name = UExt2.database_name + AND UExt4.login_name = @current_username + ) ) END ELSE @@ -303,19 +316,20 @@ BEGIN WHERE LExt.type NOT IN ('R', 'Z') AND LExt.orig_loginname = @input_loginname SELECT - CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, CAST('User' AS sys.varchar(8)) AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name + LEFT JOIN sys.babelfish_authid_login_ext LExt ON LExt.rolname COLLATE database_default = COALESCE(NULLIF(UExt.login_name, ''), Db.owner) WHERE UExt.type != 'R' AND UExt.orig_username != 'guest' AND has_dbaccess(UExt.database_name) = 1 AND COALESCE(NULLIF(UExt.login_name, ''), Db.owner) = @input_loginname UNION SELECT - CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName, + CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, CAST('Member of' AS sys.varchar(10)) AS UserOrAlias @@ -325,6 +339,7 @@ BEGIN INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R' INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner' LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt1.database_name + LEFT JOIN sys.babelfish_authid_login_ext LExt ON LExt.rolname COLLATE database_default = COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) WHERE has_dbaccess(UExt2.database_name) = 1 AND COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) = @input_loginname diff --git a/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out b/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out index 676d6519026..55e4dd4dcb2 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out @@ -17,6 +17,13 @@ GO drop login testloginwithsecurityadmin2 GO +drop user if exists u_testloginwithsecadminanddbsec +drop login testloginwithsecadminanddbsec +GO + +drop login testloginwithsysadmin +GO + drop login testloginindb1 GO @@ -57,7 +64,7 @@ exec (@dropuserstmt) exec (@droploginstmt) GO -drop user sp_helplogins_vu_windows_user; +drop user if exists sp_helplogins_vu_windows_user; drop login [helplogins\win] GO diff --git a/test/JDBC/expected/z_sp_helplogins-vu-verify.out b/test/JDBC/expected/z_sp_helplogins-vu-verify.out index 4cbc9805352..97fbb426dbd 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-verify.out @@ -5,6 +5,18 @@ create login testloginwithsecurityadmin with password = '12345678' create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin GO +-- creating a login with sysadmin permissions without a user +create login testloginwithsysadmin with password = '12345678' +alter server role sysadmin add member testloginwithsysadmin +GO + +-- creating a login with securityadmin and db_securityadmin on master with a user +create login testloginwithsecadminanddbsec with password = '12345678' +alter server role securityadmin add member testloginwithsecadminanddbsec +create user u_testloginwithsecadminanddbsec for login testloginwithsecadminanddbsec +alter role db_securityadmin add member u_testloginwithsecadminanddbsec +GO + -- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 use sp_helplogins_db1 GO @@ -75,6 +87,8 @@ use master GO -- tsql user=jdbc_user password=12345678 +-- since this is sysadmin, it has all the permissions over all the databases +-- this login will see every login and user across all databases -- ignore_columns 2 EXEC sp_helplogins GO @@ -88,13 +102,16 @@ sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO testloginindb1#!#master#!#English#!#YES#!#NO testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES#!#NO testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecadminanddbsec#!#master#!#English#!#YES#!#NO testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +testloginwithsysadmin#!#master#!#English#!#NO#!#NO ~~END~~ ~~START~~ varchar#!#varchar#!#varchar#!#varchar aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb#!#User +helplogins\win#!#master#!#sp_helplogins_vu_windows_user#!#User jdbc_user#!#master#!#db_owner#!#Member of jdbc_user#!#master#!#dbo#!#User jdbc_user#!#msdb#!#db_owner#!#Member of @@ -111,16 +128,18 @@ sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User testloginwithotherdefdb#!#sp_helplogins_db1#!#db_datareader#!#Member of testloginwithotherdefdb#!#sp_helplogins_db1#!#u_testloginwithotherdefdb#!#User +testloginwithsecadminanddbsec#!#master#!#db_securityadmin#!#Member of +testloginwithsecadminanddbsec#!#master#!#u_testloginwithsecadminanddbsec#!#User testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#Member of testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User -win@HELPLOGINS#!#master#!#sp_helplogins_vu_windows_user#!#User ~~END~~ -- tsql user=sp_helplogins_testlogin password=12345678 +-- since this login is not a member of securityadmin, it will not be able to call the proc -- ignore_columns 2 EXEC sp_helplogins GO @@ -130,6 +149,8 @@ GO -- tsql user=testloginwithsecurityadmin password=12345678 +-- since this login is a member of securityadmin, it will be able to call the proc +-- it will see all logins, but only users which are either attached to it or superuser -- ignore_columns 2 EXEC sp_helplogins GO @@ -143,8 +164,10 @@ sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO testloginindb1#!#master#!#English#!#YES#!#NO testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES#!#NO testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecadminanddbsec#!#master#!#English#!#YES#!#NO testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +testloginwithsysadmin#!#master#!#English#!#NO#!#NO ~~END~~ ~~START~~ @@ -163,6 +186,51 @@ testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadm -- tsql user=testloginwithsecurityadmin2 password=12345678 +-- since this login is a member of securityadmin, it will be able to call the proc +-- it will see all logins and since it also has db_securityadmin in sp_helplogins_db1 +-- it will also see all the users in that database +-- ignore_columns 2 +EXEC sp_helplogins +GO +~~START~~ +varchar#!#varchar#!#varchar#!#varchar#!#varchar +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES#!#NO +helplogins\win#!#master#!#English#!#YES#!#NO +jdbc_user#!#master#!#English#!#YES#!#NO +sp_help@logins$with%sp*chars#!#master#!#English#!#YES#!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO +testloginindb1#!#master#!#English#!#YES#!#NO +testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES#!#NO +testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecadminanddbsec#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +testloginwithsysadmin#!#master#!#English#!#NO#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of +jdbc_user#!#sp_helplogins_db1#!#dbo#!#User +jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#dbo#!#User +testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User +testloginwithotherdefdb#!#sp_helplogins_db1#!#db_datareader#!#Member of +testloginwithotherdefdb#!#sp_helplogins_db1#!#u_testloginwithotherdefdb#!#User +testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User +~~END~~ + + +-- tsql user=testloginwithsysadmin password=12345678 +-- since this is sysadmin, it has all the permissions over all the databases +-- this login will see every login and user across all databases -- ignore_columns 2 EXEC sp_helplogins GO @@ -176,12 +244,16 @@ sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO testloginindb1#!#master#!#English#!#YES#!#NO testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES#!#NO testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecadminanddbsec#!#master#!#English#!#YES#!#NO testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +testloginwithsysadmin#!#master#!#English#!#NO#!#NO ~~END~~ ~~START~~ varchar#!#varchar#!#varchar#!#varchar +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb#!#User +helplogins\win#!#master#!#sp_helplogins_vu_windows_user#!#User jdbc_user#!#master#!#db_owner#!#Member of jdbc_user#!#master#!#dbo#!#User jdbc_user#!#msdb#!#db_owner#!#Member of @@ -190,8 +262,17 @@ jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of jdbc_user#!#sp_helplogins_db1#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of jdbc_user#!#tempdb#!#dbo#!#User +sp_help@logins$with%sp*chars#!#master#!#userof@sp$chars*logins#!#User +sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#db_owner#!#Member of +sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#dbo#!#User +sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of +sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User +testloginwithotherdefdb#!#sp_helplogins_db1#!#db_datareader#!#Member of testloginwithotherdefdb#!#sp_helplogins_db1#!#u_testloginwithotherdefdb#!#User +testloginwithsecadminanddbsec#!#master#!#db_securityadmin#!#Member of +testloginwithsecadminanddbsec#!#master#!#u_testloginwithsecadminanddbsec#!#User +testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#Member of @@ -199,6 +280,48 @@ testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityad ~~END~~ +-- tsql user=testloginwithsecadminanddbsec password=12345678 +-- since this login is a member of securityadmin, it will be able to call the proc +-- it will see all logins and since it also has db_securityadmin in master +-- it will also see all the users in that database +-- ignore_columns 2 +EXEC sp_helplogins +GO +~~START~~ +varchar#!#varchar#!#varchar#!#varchar#!#varchar +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES#!#NO +helplogins\win#!#master#!#English#!#YES#!#NO +jdbc_user#!#master#!#English#!#YES#!#NO +sp_help@logins$with%sp*chars#!#master#!#English#!#YES#!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO +testloginindb1#!#master#!#English#!#YES#!#NO +testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES#!#NO +testloginwithoutusers#!#master#!#English#!#NO#!#NO +testloginwithsecadminanddbsec#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +testloginwithsysadmin#!#master#!#English#!#NO#!#NO +~~END~~ + +~~START~~ +varchar#!#varchar#!#varchar#!#varchar +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb#!#User +helplogins\win#!#master#!#sp_helplogins_vu_windows_user#!#User +jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#dbo#!#User +sp_help@logins$with%sp*chars#!#master#!#userof@sp$chars*logins#!#User +sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of +sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User +testloginwithsecadminanddbsec#!#master#!#db_securityadmin#!#Member of +testloginwithsecadminanddbsec#!#master#!#u_testloginwithsecadminanddbsec#!#User +testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User +~~END~~ + + -- tsql user=jdbc_user password=12345678 -- ignore_columns 2 EXEC sp_helplogins 'jdbc_user' diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix index ec5dd37f035..95c5d8ca767 100644 --- a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix @@ -17,6 +17,13 @@ GO drop login testloginwithsecurityadmin2 GO +drop user if exists u_testloginwithsecadminanddbsec +drop login testloginwithsecadminanddbsec +GO + +drop login testloginwithsysadmin +GO + drop login testloginindb1 GO @@ -57,7 +64,7 @@ exec (@dropuserstmt) exec (@droploginstmt) GO -drop user sp_helplogins_vu_windows_user; +drop user if exists sp_helplogins_vu_windows_user; drop login [helplogins\win] GO diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix index c83d7d77dcc..c89897a1504 100644 --- a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix @@ -5,6 +5,18 @@ create login testloginwithsecurityadmin with password = '12345678' create user userof_testloginwithsecurityadmin for login testloginwithsecurityadmin GO +-- creating a login with sysadmin permissions without a user +create login testloginwithsysadmin with password = '12345678' +alter server role sysadmin add member testloginwithsysadmin +GO + +-- creating a login with securityadmin and db_securityadmin on master with a user +create login testloginwithsecadminanddbsec with password = '12345678' +alter server role securityadmin add member testloginwithsecadminanddbsec +create user u_testloginwithsecadminanddbsec for login testloginwithsecadminanddbsec +alter role db_securityadmin add member u_testloginwithsecadminanddbsec +GO + -- create another user for login testloginwithsecurityadmin in sp_helplogins_db1 use sp_helplogins_db1 GO @@ -75,21 +87,44 @@ use master GO -- tsql user=jdbc_user password=12345678 +-- since this is sysadmin, it has all the permissions over all the databases +-- this login will see every login and user across all databases -- ignore_columns 2 EXEC sp_helplogins GO -- tsql user=sp_helplogins_testlogin password=12345678 +-- since this login is not a member of securityadmin, it will not be able to call the proc -- ignore_columns 2 EXEC sp_helplogins GO -- tsql user=testloginwithsecurityadmin password=12345678 +-- since this login is a member of securityadmin, it will be able to call the proc +-- it will see all logins, but only users which are either attached to it or superuser -- ignore_columns 2 EXEC sp_helplogins GO -- tsql user=testloginwithsecurityadmin2 password=12345678 +-- since this login is a member of securityadmin, it will be able to call the proc +-- it will see all logins and since it also has db_securityadmin in sp_helplogins_db1 +-- it will also see all the users in that database +-- ignore_columns 2 +EXEC sp_helplogins +GO + +-- tsql user=testloginwithsysadmin password=12345678 +-- since this is sysadmin, it has all the permissions over all the databases +-- this login will see every login and user across all databases +-- ignore_columns 2 +EXEC sp_helplogins +GO + +-- tsql user=testloginwithsecadminanddbsec password=12345678 +-- since this login is a member of securityadmin, it will be able to call the proc +-- it will see all logins and since it also has db_securityadmin in master +-- it will also see all the users in that database -- ignore_columns 2 EXEC sp_helplogins GO From 34def74641800a6deb08d39cfb433c3acbc427ae Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Tue, 3 Jun 2025 09:46:08 +0000 Subject: [PATCH 47/54] Handling overflow and incorrect outputs in case of certain money and smallmoney arithmetic and math functions. There were certain issues found both w.r.t overflow handling and certain functions and operations giving incorrect result for money and smallmoney datatype. This commit addresses those issues. Issue #1: Overflow of smallmoney arithmetic leading to TDS hang. Issue #2: Unhandled overflow cases leading to incorrect output. Issue #3: Fixeddecimal operators being resolved for smallmoney functions and operations leading to incorrect results. Task: BABEL-5745, BABEL-5757, BABEL-5756, BABEL-5747, BABEL-5754 Signed-off-by: Ayush Shah --- contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql | 4 ++-- .../sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index 5fa5c957d3a..b81366a961e 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3883,7 +3883,7 @@ BEGIN WHERE UExt.type != 'R' AND UExt.orig_username != 'guest' AND has_dbaccess(UExt.database_name) = 1 AND - COALESCE(NULLIF(UExt.login_name, ''), Db.owner) = @input_loginname + LExt.orig_loginname = @input_loginname UNION SELECT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, @@ -3899,7 +3899,7 @@ BEGIN LEFT JOIN sys.babelfish_authid_login_ext LExt ON LExt.rolname COLLATE database_default = COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) WHERE has_dbaccess(UExt2.database_name) = 1 AND - COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) = @input_loginname + LExt.orig_loginname = @input_loginname END; RETURN 0; diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index 11dcebf5338..3152e96f3c1 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -326,7 +326,7 @@ BEGIN WHERE UExt.type != 'R' AND UExt.orig_username != 'guest' AND has_dbaccess(UExt.database_name) = 1 AND - COALESCE(NULLIF(UExt.login_name, ''), Db.owner) = @input_loginname + LExt.orig_loginname = @input_loginname UNION SELECT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, @@ -342,7 +342,7 @@ BEGIN LEFT JOIN sys.babelfish_authid_login_ext LExt ON LExt.rolname COLLATE database_default = COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) WHERE has_dbaccess(UExt2.database_name) = 1 AND - COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) = @input_loginname + LExt.orig_loginname = @input_loginname END; RETURN 0; From f5dae32553a2fd96b55d2b4c64806dde1f4617f8 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Tue, 3 Jun 2025 10:43:46 +0000 Subject: [PATCH 48/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index 3152e96f3c1..eb9ff0b7b9c 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -209,7 +209,7 @@ BEGIN IF is_srvrolemember('securityadmin') = 0 BEGIN RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 0; + RETURN 0; END SET @current_username = LOWER(sys.suser_name()); From ec9288a87f4c3fa29869cb060806f65276d88c93 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Mon, 9 Jun 2025 10:28:10 +0000 Subject: [PATCH 49/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 24 +- .../babelfishpg_tsql--5.2.0--5.3.0.sql | 26 +- .../expected/z_sp_helplogins-vu-verify.out | 236 +++++++++--------- 3 files changed, 149 insertions(+), 137 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index b81366a961e..ac1d1594a4e 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3780,22 +3780,24 @@ BEGIN CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.varchar(5)) - WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.varchar(5)) - ELSE CAST('NO' AS sys.varchar(5)) + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.char(5)) + WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.char(5)) + ELSE CAST('NO' AS sys.char(5)) END AS AUser, - CAST('NO' AS sys.varchar(8)) AS ARemote -- Currently we do not support linking local logins to remote logins + CAST('NO' AS sys.char(7)) AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name WHERE LExt.type NOT IN ('R', 'Z') - + + -- first selector in the union is to get all the mapped users + -- second selector in the union is to get all the mapped database/user-defined roles SELECT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - CAST('User' AS sys.varchar(8)) AS UserOrAlias + CAST('User' AS sys.char(8)) AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name LEFT JOIN sys.babelfish_authid_login_ext LExt ON LExt.rolname COLLATE database_default = COALESCE(NULLIF(UExt.login_name, ''), Db.owner) @@ -3806,15 +3808,16 @@ BEGIN @is_sysadmin = 1 OR UExt.login_name = @current_username OR ISNULL(UExt.login_name, '') = '' OR + -- a co-related query to find out if the current_user is a member of db_securityadmin or db_accessadmin role in database - UExt.database_name EXISTS ( - SELECT 1 + SELECT 1 FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') - AND UExt2.database_name = UExt.database_name + AND UExt2.database_name = UExt.database_name -- filter to check if the processing db is equal to the outer query db, since we want to find if the user is a member of the roles in the outer db AND UExt2.login_name = @current_username ) ) @@ -3837,6 +3840,7 @@ BEGIN @is_sysadmin = 1 OR UExt2.login_name = @current_username OR ISNULL(UExt2.login_name, '') = '' OR + -- a co-related query to find out if the current_user is a member of db_securityadmin or db_accessadmin role in database - UExt.database_name EXISTS ( SELECT 1 FROM pg_catalog.pg_auth_members AS Authmbr @@ -3845,7 +3849,7 @@ BEGIN INNER JOIN sys.babelfish_authid_user_ext AS UExt3 ON PGR1.rolname = UExt3.rolname INNER JOIN sys.babelfish_authid_user_ext AS UExt4 ON PGR2.rolname = UExt4.rolname WHERE UExt3.orig_username IN ('db_securityadmin', 'db_accessadmin') - AND UExt4.database_name = UExt2.database_name + AND UExt4.database_name = UExt2.database_name -- filter to check if the processing db is equal to the outer query db, since we want to find if the user is a member of the roles in the outer db AND UExt4.login_name = @current_username ) ) @@ -3872,6 +3876,8 @@ BEGIN LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name WHERE LExt.type NOT IN ('R', 'Z') AND LExt.orig_loginname = @input_loginname + -- first selector in the union is to get all the mapped users + -- second selector in the union is to get all the mapped database/user-defined roles SELECT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index 6ac9e018304..252a45bf3de 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -209,7 +209,7 @@ BEGIN IF is_srvrolemember('securityadmin') = 0 BEGIN RAISERROR('User does not have permission to perform this action.', 16, 1); - RETURN 0; + RETURN 0; END SET @current_username = LOWER(sys.suser_name()); @@ -223,22 +223,24 @@ BEGIN CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.varchar(5)) - WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.varchar(5)) - ELSE CAST('NO' AS sys.varchar(5)) + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.char(5)) + WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.char(5)) + ELSE CAST('NO' AS sys.char(5)) END AS AUser, - CAST('NO' AS sys.varchar(8)) AS ARemote -- Currently we do not support linking local logins to remote logins + CAST('NO' AS sys.char(7)) AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name WHERE LExt.type NOT IN ('R', 'Z') - + + -- first selector in the union is to get all the mapped users + -- second selector in the union is to get all the mapped database/user-defined roles SELECT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - CAST('User' AS sys.varchar(8)) AS UserOrAlias + CAST('User' AS sys.char(8)) AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name LEFT JOIN sys.babelfish_authid_login_ext LExt ON LExt.rolname COLLATE database_default = COALESCE(NULLIF(UExt.login_name, ''), Db.owner) @@ -249,15 +251,16 @@ BEGIN @is_sysadmin = 1 OR UExt.login_name = @current_username OR ISNULL(UExt.login_name, '') = '' OR + -- a co-related query to find out if the current_user is a member of db_securityadmin or db_accessadmin role in database - UExt.database_name EXISTS ( - SELECT 1 + SELECT 1 FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') - AND UExt2.database_name = UExt.database_name + AND UExt2.database_name = UExt.database_name -- filter to check if the processing db is equal to the outer query db, since we want to find if the user is a member of the roles in the outer db AND UExt2.login_name = @current_username ) ) @@ -280,6 +283,7 @@ BEGIN @is_sysadmin = 1 OR UExt2.login_name = @current_username OR ISNULL(UExt2.login_name, '') = '' OR + -- a co-related query to find out if the current_user is a member of db_securityadmin or db_accessadmin role in database - UExt.database_name EXISTS ( SELECT 1 FROM pg_catalog.pg_auth_members AS Authmbr @@ -288,7 +292,7 @@ BEGIN INNER JOIN sys.babelfish_authid_user_ext AS UExt3 ON PGR1.rolname = UExt3.rolname INNER JOIN sys.babelfish_authid_user_ext AS UExt4 ON PGR2.rolname = UExt4.rolname WHERE UExt3.orig_username IN ('db_securityadmin', 'db_accessadmin') - AND UExt4.database_name = UExt2.database_name + AND UExt4.database_name = UExt2.database_name -- filter to check if the processing db is equal to the outer query db, since we want to find if the user is a member of the roles in the outer db AND UExt4.login_name = @current_username ) ) @@ -315,6 +319,8 @@ BEGIN LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name WHERE LExt.type NOT IN ('R', 'Z') AND LExt.orig_loginname = @input_loginname + -- first selector in the union is to get all the mapped users + -- second selector in the union is to get all the mapped database/user-defined roles SELECT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, diff --git a/test/JDBC/expected/z_sp_helplogins-vu-verify.out b/test/JDBC/expected/z_sp_helplogins-vu-verify.out index 97fbb426dbd..d937a5fc42e 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-verify.out @@ -93,48 +93,48 @@ GO EXEC sp_helplogins GO ~~START~~ -varchar#!#varchar#!#varchar#!#varchar#!#varchar -aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES#!#NO -helplogins\win#!#master#!#English#!#YES#!#NO -jdbc_user#!#master#!#English#!#YES#!#NO -sp_help@logins$with%sp*chars#!#master#!#English#!#YES#!#NO -sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -testloginindb1#!#master#!#English#!#YES#!#NO -testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES#!#NO -testloginwithoutusers#!#master#!#English#!#NO#!#NO -testloginwithsecadminanddbsec#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -testloginwithsysadmin#!#master#!#English#!#NO#!#NO +varchar#!#varchar#!#varchar#!#char#!#char +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES #!#NO +helplogins\win#!#master#!#English#!#YES #!#NO +jdbc_user#!#master#!#English#!#YES #!#NO +sp_help@logins$with%sp*chars#!#master#!#English#!#YES #!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES #!#NO +testloginindb1#!#master#!#English#!#YES #!#NO +testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES #!#NO +testloginwithoutusers#!#master#!#English#!#NO #!#NO +testloginwithsecadminanddbsec#!#master#!#English#!#YES #!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES #!#NO +testloginwithsecurityadmin2#!#master#!#English#!#YES #!#NO +testloginwithsysadmin#!#master#!#English#!#NO #!#NO ~~END~~ ~~START~~ varchar#!#varchar#!#varchar#!#varchar -aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb#!#User -helplogins\win#!#master#!#sp_helplogins_vu_windows_user#!#User +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb#!#User +helplogins\win#!#master#!#sp_helplogins_vu_windows_user#!#User jdbc_user#!#master#!#db_owner#!#Member of -jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#master#!#dbo#!#User jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#msdb#!#dbo#!#User jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of -jdbc_user#!#sp_helplogins_db1#!#dbo#!#User +jdbc_user#!#sp_helplogins_db1#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of -jdbc_user#!#tempdb#!#dbo#!#User -sp_help@logins$with%sp*chars#!#master#!#userof@sp$chars*logins#!#User +jdbc_user#!#tempdb#!#dbo#!#User +sp_help@logins$with%sp*chars#!#master#!#userof@sp$chars*logins#!#User sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#db_owner#!#Member of -sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#dbo#!#User +sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#dbo#!#User sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of -sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User -testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User +sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User +testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User testloginwithotherdefdb#!#sp_helplogins_db1#!#db_datareader#!#Member of -testloginwithotherdefdb#!#sp_helplogins_db1#!#u_testloginwithotherdefdb#!#User +testloginwithotherdefdb#!#sp_helplogins_db1#!#u_testloginwithotherdefdb#!#User testloginwithsecadminanddbsec#!#master#!#db_securityadmin#!#Member of -testloginwithsecadminanddbsec#!#master#!#u_testloginwithsecadminanddbsec#!#User -testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User -testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User +testloginwithsecadminanddbsec#!#master#!#u_testloginwithsecadminanddbsec#!#User +testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User +testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#Member of -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User ~~END~~ @@ -155,33 +155,33 @@ GO EXEC sp_helplogins GO ~~START~~ -varchar#!#varchar#!#varchar#!#varchar#!#varchar -aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES#!#NO -helplogins\win#!#master#!#English#!#YES#!#NO -jdbc_user#!#master#!#English#!#YES#!#NO -sp_help@logins$with%sp*chars#!#master#!#English#!#YES#!#NO -sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -testloginindb1#!#master#!#English#!#YES#!#NO -testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES#!#NO -testloginwithoutusers#!#master#!#English#!#NO#!#NO -testloginwithsecadminanddbsec#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -testloginwithsysadmin#!#master#!#English#!#NO#!#NO +varchar#!#varchar#!#varchar#!#char#!#char +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES #!#NO +helplogins\win#!#master#!#English#!#YES #!#NO +jdbc_user#!#master#!#English#!#YES #!#NO +sp_help@logins$with%sp*chars#!#master#!#English#!#YES #!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES #!#NO +testloginindb1#!#master#!#English#!#YES #!#NO +testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES #!#NO +testloginwithoutusers#!#master#!#English#!#NO #!#NO +testloginwithsecadminanddbsec#!#master#!#English#!#YES #!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES #!#NO +testloginwithsecurityadmin2#!#master#!#English#!#YES #!#NO +testloginwithsysadmin#!#master#!#English#!#NO #!#NO ~~END~~ ~~START~~ varchar#!#varchar#!#varchar#!#varchar jdbc_user#!#master#!#db_owner#!#Member of -jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#master#!#dbo#!#User jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#msdb#!#dbo#!#User jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of -jdbc_user#!#sp_helplogins_db1#!#dbo#!#User +jdbc_user#!#sp_helplogins_db1#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of -jdbc_user#!#tempdb#!#dbo#!#User -testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User -testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User +jdbc_user#!#tempdb#!#dbo#!#User +testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User +testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User ~~END~~ @@ -193,38 +193,38 @@ testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadm EXEC sp_helplogins GO ~~START~~ -varchar#!#varchar#!#varchar#!#varchar#!#varchar -aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES#!#NO -helplogins\win#!#master#!#English#!#YES#!#NO -jdbc_user#!#master#!#English#!#YES#!#NO -sp_help@logins$with%sp*chars#!#master#!#English#!#YES#!#NO -sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -testloginindb1#!#master#!#English#!#YES#!#NO -testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES#!#NO -testloginwithoutusers#!#master#!#English#!#NO#!#NO -testloginwithsecadminanddbsec#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -testloginwithsysadmin#!#master#!#English#!#NO#!#NO +varchar#!#varchar#!#varchar#!#char#!#char +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES #!#NO +helplogins\win#!#master#!#English#!#YES #!#NO +jdbc_user#!#master#!#English#!#YES #!#NO +sp_help@logins$with%sp*chars#!#master#!#English#!#YES #!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES #!#NO +testloginindb1#!#master#!#English#!#YES #!#NO +testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES #!#NO +testloginwithoutusers#!#master#!#English#!#NO #!#NO +testloginwithsecadminanddbsec#!#master#!#English#!#YES #!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES #!#NO +testloginwithsecurityadmin2#!#master#!#English#!#YES #!#NO +testloginwithsysadmin#!#master#!#English#!#NO #!#NO ~~END~~ ~~START~~ varchar#!#varchar#!#varchar#!#varchar jdbc_user#!#master#!#db_owner#!#Member of -jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#master#!#dbo#!#User jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#msdb#!#dbo#!#User jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of -jdbc_user#!#sp_helplogins_db1#!#dbo#!#User +jdbc_user#!#sp_helplogins_db1#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of -jdbc_user#!#tempdb#!#dbo#!#User -testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User +jdbc_user#!#tempdb#!#dbo#!#User +testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User testloginwithotherdefdb#!#sp_helplogins_db1#!#db_datareader#!#Member of -testloginwithotherdefdb#!#sp_helplogins_db1#!#u_testloginwithotherdefdb#!#User -testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User +testloginwithotherdefdb#!#sp_helplogins_db1#!#u_testloginwithotherdefdb#!#User +testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#Member of -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User ~~END~~ @@ -235,48 +235,48 @@ testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityad EXEC sp_helplogins GO ~~START~~ -varchar#!#varchar#!#varchar#!#varchar#!#varchar -aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES#!#NO -helplogins\win#!#master#!#English#!#YES#!#NO -jdbc_user#!#master#!#English#!#YES#!#NO -sp_help@logins$with%sp*chars#!#master#!#English#!#YES#!#NO -sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -testloginindb1#!#master#!#English#!#YES#!#NO -testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES#!#NO -testloginwithoutusers#!#master#!#English#!#NO#!#NO -testloginwithsecadminanddbsec#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -testloginwithsysadmin#!#master#!#English#!#NO#!#NO +varchar#!#varchar#!#varchar#!#char#!#char +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES #!#NO +helplogins\win#!#master#!#English#!#YES #!#NO +jdbc_user#!#master#!#English#!#YES #!#NO +sp_help@logins$with%sp*chars#!#master#!#English#!#YES #!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES #!#NO +testloginindb1#!#master#!#English#!#YES #!#NO +testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES #!#NO +testloginwithoutusers#!#master#!#English#!#NO #!#NO +testloginwithsecadminanddbsec#!#master#!#English#!#YES #!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES #!#NO +testloginwithsecurityadmin2#!#master#!#English#!#YES #!#NO +testloginwithsysadmin#!#master#!#English#!#NO #!#NO ~~END~~ ~~START~~ varchar#!#varchar#!#varchar#!#varchar -aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb#!#User -helplogins\win#!#master#!#sp_helplogins_vu_windows_user#!#User +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb#!#User +helplogins\win#!#master#!#sp_helplogins_vu_windows_user#!#User jdbc_user#!#master#!#db_owner#!#Member of -jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#master#!#dbo#!#User jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#msdb#!#dbo#!#User jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of -jdbc_user#!#sp_helplogins_db1#!#dbo#!#User +jdbc_user#!#sp_helplogins_db1#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of -jdbc_user#!#tempdb#!#dbo#!#User -sp_help@logins$with%sp*chars#!#master#!#userof@sp$chars*logins#!#User +jdbc_user#!#tempdb#!#dbo#!#User +sp_help@logins$with%sp*chars#!#master#!#userof@sp$chars*logins#!#User sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#db_owner#!#Member of -sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#dbo#!#User +sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#dbo#!#User sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of -sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User -testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User +sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User +testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User testloginwithotherdefdb#!#sp_helplogins_db1#!#db_datareader#!#Member of -testloginwithotherdefdb#!#sp_helplogins_db1#!#u_testloginwithotherdefdb#!#User +testloginwithotherdefdb#!#sp_helplogins_db1#!#u_testloginwithotherdefdb#!#User testloginwithsecadminanddbsec#!#master#!#db_securityadmin#!#Member of -testloginwithsecadminanddbsec#!#master#!#u_testloginwithsecadminanddbsec#!#User -testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User -testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User +testloginwithsecadminanddbsec#!#master#!#u_testloginwithsecadminanddbsec#!#User +testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User +testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#Member of -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User ~~END~~ @@ -288,37 +288,37 @@ testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityad EXEC sp_helplogins GO ~~START~~ -varchar#!#varchar#!#varchar#!#varchar#!#varchar -aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES#!#NO -helplogins\win#!#master#!#English#!#YES#!#NO -jdbc_user#!#master#!#English#!#YES#!#NO -sp_help@logins$with%sp*chars#!#master#!#English#!#YES#!#NO -sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO -testloginindb1#!#master#!#English#!#YES#!#NO -testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES#!#NO -testloginwithoutusers#!#master#!#English#!#NO#!#NO -testloginwithsecadminanddbsec#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO -testloginwithsysadmin#!#master#!#English#!#NO#!#NO +varchar#!#varchar#!#varchar#!#char#!#char +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES #!#NO +helplogins\win#!#master#!#English#!#YES #!#NO +jdbc_user#!#master#!#English#!#YES #!#NO +sp_help@logins$with%sp*chars#!#master#!#English#!#YES #!#NO +sp_helplogins_testlogin#!#master#!#English#!#YES #!#NO +testloginindb1#!#master#!#English#!#YES #!#NO +testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES #!#NO +testloginwithoutusers#!#master#!#English#!#NO #!#NO +testloginwithsecadminanddbsec#!#master#!#English#!#YES #!#NO +testloginwithsecurityadmin#!#master#!#English#!#YES #!#NO +testloginwithsecurityadmin2#!#master#!#English#!#YES #!#NO +testloginwithsysadmin#!#master#!#English#!#NO #!#NO ~~END~~ ~~START~~ varchar#!#varchar#!#varchar#!#varchar -aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb#!#User -helplogins\win#!#master#!#sp_helplogins_vu_windows_user#!#User +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb#!#User +helplogins\win#!#master#!#sp_helplogins_vu_windows_user#!#User jdbc_user#!#master#!#db_owner#!#Member of -jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#master#!#dbo#!#User jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#msdb#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#Member of -jdbc_user#!#tempdb#!#dbo#!#User -sp_help@logins$with%sp*chars#!#master#!#userof@sp$chars*logins#!#User +jdbc_user#!#tempdb#!#dbo#!#User +sp_help@logins$with%sp*chars#!#master#!#userof@sp$chars*logins#!#User sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of -sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User +sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User testloginwithsecadminanddbsec#!#master#!#db_securityadmin#!#Member of -testloginwithsecadminanddbsec#!#master#!#u_testloginwithsecadminanddbsec#!#User -testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User +testloginwithsecadminanddbsec#!#master#!#u_testloginwithsecadminanddbsec#!#User +testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User ~~END~~ From b9e5667e6dae997985bccd4f8ab399e659f7ef8a Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Tue, 10 Jun 2025 06:10:04 +0000 Subject: [PATCH 50/54] Handling overflow and incorrect outputs in case of certain money and smallmoney arithmetic and math functions. There were certain issues found both w.r.t overflow handling and certain functions and operations giving incorrect result for money and smallmoney datatype. This commit addresses those issues. Issue #1: Overflow of smallmoney arithmetic leading to TDS hang. Issue #2: Unhandled overflow cases leading to incorrect output. Issue #3: Fixeddecimal operators being resolved for smallmoney functions and operations leading to incorrect results. Task: BABEL-5745, BABEL-5757, BABEL-5756, BABEL-5747, BABEL-5754 Signed-off-by: Ayush Shah --- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 18 +- .../babelfishpg_tsql--5.2.0--5.3.0.sql | 18 +- .../expected/z_sp_helplogins-vu-verify.out | 168 +++++++++--------- 3 files changed, 102 insertions(+), 102 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index ac1d1594a4e..e60b8ce157d 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3780,8 +3780,8 @@ BEGIN CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.char(5)) - WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.char(5)) + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.char(5)) -- if there exists a mapping between user and logins, then we can say that there are users attached to this login + WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.char(5)) -- this is the case for superuser ELSE CAST('NO' AS sys.char(5)) END AS AUser, CAST('NO' AS sys.char(7)) AS ARemote -- Currently we do not support linking local logins to remote logins @@ -3826,7 +3826,7 @@ BEGIN CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, CAST(UExt1.orig_username AS sys.SYSNAME) AS UserName, - CAST('Member of' AS sys.varchar(10)) AS UserOrAlias + CAST('MemberOf' AS sys.char(8)) AS UserOrAlias FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member @@ -3865,11 +3865,11 @@ BEGIN CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.varchar(5)) - WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.varchar(5)) - ELSE CAST('NO' AS sys.varchar(5)) + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.char(5)) -- if there exists a mapping between user and logins, then we can say that there are users attached to this login + WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.char(5)) -- this is the case for superuser + ELSE CAST('NO' AS sys.char(5)) END AS AUser, - CAST('NO' AS sys.varchar(8)) AS ARemote -- Currently we do not support linking local logins to remote logins + CAST('NO' AS sys.char(7)) AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' @@ -3882,7 +3882,7 @@ BEGIN CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - CAST('User' AS sys.varchar(8)) AS UserOrAlias + CAST('User' AS sys.char(8)) AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name LEFT JOIN sys.babelfish_authid_login_ext LExt ON LExt.rolname COLLATE database_default = COALESCE(NULLIF(UExt.login_name, ''), Db.owner) @@ -3895,7 +3895,7 @@ BEGIN CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, - CAST('Member of' AS sys.varchar(10)) AS UserOrAlias + CAST('MemberOf' AS sys.char(8)) AS UserOrAlias FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index 252a45bf3de..c39592f997b 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -223,8 +223,8 @@ BEGIN CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.char(5)) - WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.char(5)) + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.char(5)) -- if there exists a mapping between user and logins, then we can say that there are users attached to this login + WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.char(5)) -- this is the case for superuser ELSE CAST('NO' AS sys.char(5)) END AS AUser, CAST('NO' AS sys.char(7)) AS ARemote -- Currently we do not support linking local logins to remote logins @@ -269,7 +269,7 @@ BEGIN CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, CAST(UExt1.orig_username AS sys.SYSNAME) AS UserName, - CAST('Member of' AS sys.varchar(10)) AS UserOrAlias + CAST('MemberOf' AS sys.char(8)) AS UserOrAlias FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member @@ -308,11 +308,11 @@ BEGIN CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.varchar(5)) - WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.varchar(5)) - ELSE CAST('NO' AS sys.varchar(5)) + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.char(5)) -- if there exists a mapping between user and logins, then we can say that there are users attached to this login + WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.char(5)) -- this is the case for superuser + ELSE CAST('NO' AS sys.char(5)) END AS AUser, - CAST('NO' AS sys.varchar(8)) AS ARemote -- Currently we do not support linking local logins to remote logins + CAST('NO' AS sys.char(7)) AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' @@ -325,7 +325,7 @@ BEGIN CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(UExt.database_name AS sys.SYSNAME) AS DBName, CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName, - CAST('User' AS sys.varchar(8)) AS UserOrAlias + CAST('User' AS sys.char(8)) AS UserOrAlias FROM sys.babelfish_authid_user_ext UExt LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name LEFT JOIN sys.babelfish_authid_login_ext LExt ON LExt.rolname COLLATE database_default = COALESCE(NULLIF(UExt.login_name, ''), Db.owner) @@ -338,7 +338,7 @@ BEGIN CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, CAST(UExt2.database_name AS sys.SYSNAME) AS DBName, CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName, - CAST('Member of' AS sys.varchar(10)) AS UserOrAlias + CAST('MemberOf' AS sys.char(8)) AS UserOrAlias FROM pg_catalog.pg_auth_members AS Authmbr INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member diff --git a/test/JDBC/expected/z_sp_helplogins-vu-verify.out b/test/JDBC/expected/z_sp_helplogins-vu-verify.out index d937a5fc42e..b512d7f8b49 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-verify.out @@ -109,31 +109,31 @@ testloginwithsysadmin#!#master#!#English#!#NO #!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#char aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb#!#User helplogins\win#!#master#!#sp_helplogins_vu_windows_user#!#User -jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#db_owner#!#MemberOf jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#db_owner#!#MemberOf jdbc_user#!#msdb#!#dbo#!#User -jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of +jdbc_user#!#sp_helplogins_db1#!#db_owner#!#MemberOf jdbc_user#!#sp_helplogins_db1#!#dbo#!#User -jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#db_owner#!#MemberOf jdbc_user#!#tempdb#!#dbo#!#User sp_help@logins$with%sp*chars#!#master#!#userof@sp$chars*logins#!#User -sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#db_owner#!#Member of +sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#db_owner#!#MemberOf sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#dbo#!#User -sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of +sp_helplogins_testlogin#!#master#!#db_securityadmin#!#MemberOf sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User -testloginwithotherdefdb#!#sp_helplogins_db1#!#db_datareader#!#Member of +testloginwithotherdefdb#!#sp_helplogins_db1#!#db_datareader#!#MemberOf testloginwithotherdefdb#!#sp_helplogins_db1#!#u_testloginwithotherdefdb#!#User -testloginwithsecadminanddbsec#!#master#!#db_securityadmin#!#Member of +testloginwithsecadminanddbsec#!#master#!#db_securityadmin#!#MemberOf testloginwithsecadminanddbsec#!#master#!#u_testloginwithsecadminanddbsec#!#User testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#MemberOf +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#MemberOf testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User ~~END~~ @@ -171,14 +171,14 @@ testloginwithsysadmin#!#master#!#English#!#NO #!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar -jdbc_user#!#master#!#db_owner#!#Member of +varchar#!#varchar#!#varchar#!#char +jdbc_user#!#master#!#db_owner#!#MemberOf jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#db_owner#!#MemberOf jdbc_user#!#msdb#!#dbo#!#User -jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of +jdbc_user#!#sp_helplogins_db1#!#db_owner#!#MemberOf jdbc_user#!#sp_helplogins_db1#!#dbo#!#User -jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#db_owner#!#MemberOf jdbc_user#!#tempdb#!#dbo#!#User testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User @@ -209,21 +209,21 @@ testloginwithsysadmin#!#master#!#English#!#NO #!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar -jdbc_user#!#master#!#db_owner#!#Member of +varchar#!#varchar#!#varchar#!#char +jdbc_user#!#master#!#db_owner#!#MemberOf jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#db_owner#!#MemberOf jdbc_user#!#msdb#!#dbo#!#User -jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of +jdbc_user#!#sp_helplogins_db1#!#db_owner#!#MemberOf jdbc_user#!#sp_helplogins_db1#!#dbo#!#User -jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#db_owner#!#MemberOf jdbc_user#!#tempdb#!#dbo#!#User testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User -testloginwithotherdefdb#!#sp_helplogins_db1#!#db_datareader#!#Member of +testloginwithotherdefdb#!#sp_helplogins_db1#!#db_datareader#!#MemberOf testloginwithotherdefdb#!#sp_helplogins_db1#!#u_testloginwithotherdefdb#!#User testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#MemberOf +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#MemberOf testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User ~~END~~ @@ -251,31 +251,31 @@ testloginwithsysadmin#!#master#!#English#!#NO #!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#char aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb#!#User helplogins\win#!#master#!#sp_helplogins_vu_windows_user#!#User -jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#db_owner#!#MemberOf jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#db_owner#!#MemberOf jdbc_user#!#msdb#!#dbo#!#User -jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of +jdbc_user#!#sp_helplogins_db1#!#db_owner#!#MemberOf jdbc_user#!#sp_helplogins_db1#!#dbo#!#User -jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#db_owner#!#MemberOf jdbc_user#!#tempdb#!#dbo#!#User sp_help@logins$with%sp*chars#!#master#!#userof@sp$chars*logins#!#User -sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#db_owner#!#Member of +sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#db_owner#!#MemberOf sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#dbo#!#User -sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of +sp_helplogins_testlogin#!#master#!#db_securityadmin#!#MemberOf sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User -testloginwithotherdefdb#!#sp_helplogins_db1#!#db_datareader#!#Member of +testloginwithotherdefdb#!#sp_helplogins_db1#!#db_datareader#!#MemberOf testloginwithotherdefdb#!#sp_helplogins_db1#!#u_testloginwithotherdefdb#!#User -testloginwithsecadminanddbsec#!#master#!#db_securityadmin#!#Member of +testloginwithsecadminanddbsec#!#master#!#db_securityadmin#!#MemberOf testloginwithsecadminanddbsec#!#master#!#u_testloginwithsecadminanddbsec#!#User testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#Member of +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#MemberOf +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#MemberOf testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User ~~END~~ @@ -304,19 +304,19 @@ testloginwithsysadmin#!#master#!#English#!#NO #!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#char aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb#!#User helplogins\win#!#master#!#sp_helplogins_vu_windows_user#!#User -jdbc_user#!#master#!#db_owner#!#Member of +jdbc_user#!#master#!#db_owner#!#MemberOf jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of +jdbc_user#!#msdb#!#db_owner#!#MemberOf jdbc_user#!#msdb#!#dbo#!#User -jdbc_user#!#tempdb#!#db_owner#!#Member of +jdbc_user#!#tempdb#!#db_owner#!#MemberOf jdbc_user#!#tempdb#!#dbo#!#User sp_help@logins$with%sp*chars#!#master#!#userof@sp$chars*logins#!#User -sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of +sp_helplogins_testlogin#!#master#!#db_securityadmin#!#MemberOf sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User -testloginwithsecadminanddbsec#!#master#!#db_securityadmin#!#Member of +testloginwithsecadminanddbsec#!#master#!#db_securityadmin#!#MemberOf testloginwithsecadminanddbsec#!#master#!#u_testloginwithsecadminanddbsec#!#User testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User ~~END~~ @@ -327,20 +327,20 @@ testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User EXEC sp_helplogins 'jdbc_user' GO ~~START~~ -varchar#!#varchar#!#varchar#!#varchar#!#varchar -jdbc_user#!#master#!#English#!#YES#!#NO +varchar#!#varchar#!#varchar#!#char#!#char +jdbc_user#!#master#!#English#!#YES #!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar -jdbc_user#!#master#!#db_owner#!#Member of -jdbc_user#!#master#!#dbo#!#User -jdbc_user#!#msdb#!#db_owner#!#Member of -jdbc_user#!#msdb#!#dbo#!#User -jdbc_user#!#sp_helplogins_db1#!#db_owner#!#Member of -jdbc_user#!#sp_helplogins_db1#!#dbo#!#User -jdbc_user#!#tempdb#!#db_owner#!#Member of -jdbc_user#!#tempdb#!#dbo#!#User +varchar#!#varchar#!#varchar#!#char +jdbc_user#!#master#!#db_owner#!#MemberOf +jdbc_user#!#master#!#dbo#!#User +jdbc_user#!#msdb#!#db_owner#!#MemberOf +jdbc_user#!#msdb#!#dbo#!#User +jdbc_user#!#sp_helplogins_db1#!#db_owner#!#MemberOf +jdbc_user#!#sp_helplogins_db1#!#dbo#!#User +jdbc_user#!#tempdb#!#db_owner#!#MemberOf +jdbc_user#!#tempdb#!#dbo#!#User ~~END~~ @@ -348,14 +348,14 @@ jdbc_user#!#tempdb#!#dbo#!#User EXEC sp_helplogins 'sp_helplogins_testlogin' GO ~~START~~ -varchar#!#varchar#!#varchar#!#varchar#!#varchar -sp_helplogins_testlogin#!#master#!#English#!#YES#!#NO +varchar#!#varchar#!#varchar#!#char#!#char +sp_helplogins_testlogin#!#master#!#English#!#YES #!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar -sp_helplogins_testlogin#!#master#!#db_securityadmin#!#Member of -sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User +varchar#!#varchar#!#varchar#!#char +sp_helplogins_testlogin#!#master#!#db_securityadmin#!#MemberOf +sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User ~~END~~ @@ -363,14 +363,14 @@ sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User EXEC sp_helplogins 'testloginwithsecurityadmin' GO ~~START~~ -varchar#!#varchar#!#varchar#!#varchar#!#varchar -testloginwithsecurityadmin#!#master#!#English#!#YES#!#NO +varchar#!#varchar#!#varchar#!#char#!#char +testloginwithsecurityadmin#!#master#!#English#!#YES #!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar -testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User -testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User +varchar#!#varchar#!#varchar#!#char +testloginwithsecurityadmin#!#master#!#userof_testloginwithsecurityadmin#!#User +testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin_indb1#!#User ~~END~~ @@ -378,15 +378,15 @@ testloginwithsecurityadmin#!#sp_helplogins_db1#!#userof_testloginwithsecurityadm EXEC sp_helplogins 'testloginwithsecurityadmin2' GO ~~START~~ -varchar#!#varchar#!#varchar#!#varchar#!#varchar -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +varchar#!#varchar#!#varchar#!#char#!#char +testloginwithsecurityadmin2#!#master#!#English#!#YES #!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#Member of -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User +varchar#!#varchar#!#varchar#!#char +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#MemberOf +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#MemberOf +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User ~~END~~ @@ -394,15 +394,15 @@ testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityad EXEC sp_helplogins 'testloginwithsecurityadmin2 ' GO ~~START~~ -varchar#!#varchar#!#varchar#!#varchar#!#varchar -testloginwithsecurityadmin2#!#master#!#English#!#YES#!#NO +varchar#!#varchar#!#varchar#!#char#!#char +testloginwithsecurityadmin2#!#master#!#English#!#YES #!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#Member of -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#Member of -testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User +varchar#!#varchar#!#varchar#!#char +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#db_securityadmin#!#MemberOf +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#sp_helplogins_role#!#MemberOf +testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityadmin2#!#User ~~END~~ @@ -410,11 +410,11 @@ testloginwithsecurityadmin2#!#sp_helplogins_db1#!#userof_testloginwithsecurityad EXEC sp_helplogins ' testloginwithsecurityadmin2 ' GO ~~START~~ -varchar#!#varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#char#!#char ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#char ~~END~~ @@ -422,15 +422,15 @@ varchar#!#varchar#!#varchar#!#varchar EXEC sp_helplogins 'sp_help@logins$with%sp*chars' GO ~~START~~ -varchar#!#varchar#!#varchar#!#varchar#!#varchar -sp_help@logins$with%sp*chars#!#master#!#English#!#YES#!#NO +varchar#!#varchar#!#varchar#!#char#!#char +sp_help@logins$with%sp*chars#!#master#!#English#!#YES #!#NO ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar -sp_help@logins$with%sp*chars#!#master#!#userof@sp$chars*logins#!#User -sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#db_owner#!#Member of -sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#dbo#!#User +varchar#!#varchar#!#varchar#!#char +sp_help@logins$with%sp*chars#!#master#!#userof@sp$chars*logins#!#User +sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#db_owner#!#MemberOf +sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#dbo#!#User ~~END~~ @@ -438,10 +438,10 @@ sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#dbo#!#User EXEC sp_helplogins ' ' GO ~~START~~ -varchar#!#varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#char#!#char ~~END~~ ~~START~~ -varchar#!#varchar#!#varchar#!#varchar +varchar#!#varchar#!#varchar#!#char ~~END~~ From 75f09f3ce86ae4215785c3c73157147e0ca90503 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Tue, 10 Jun 2025 06:53:13 +0000 Subject: [PATCH 51/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql | 1 - 1 file changed, 1 deletion(-) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index e60b8ce157d..fff4208f5ac 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3856,7 +3856,6 @@ BEGIN END ELSE BEGIN - SET @input_loginname = sys.RTRIM(@loginname); SELECT DISTINCT From add79f9b787c7448b9b94663008b74a62287516c Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Wed, 11 Jun 2025 10:22:33 +0000 Subject: [PATCH 52/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 4 ++-- .../babelfishpg_tsql--5.2.0--5.3.0.sql | 5 ++--- .../expected/z_sp_helplogins-vu-cleanup.out | 10 ++++++++- .../expected/z_sp_helplogins-vu-prepare.out | 11 ++++++++++ .../expected/z_sp_helplogins-vu-verify.out | 22 +++++++++++++++++++ .../z_sp_helplogins-vu-cleanup.mix | 10 ++++++++- .../z_sp_helplogins-vu-prepare.mix | 11 ++++++++++ .../z_sp_helplogins-vu-verify.mix | 8 +++++++ 8 files changed, 74 insertions(+), 7 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index fff4208f5ac..6b1a1b1acfa 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3788,7 +3788,7 @@ BEGIN FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' - LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name + LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.owner COLLATE database_default = LExt.orig_loginname WHERE LExt.type NOT IN ('R', 'Z') -- first selector in the union is to get all the mapped users @@ -3872,7 +3872,7 @@ BEGIN FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' - LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name + LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.owner COLLATE database_default = LExt.orig_loginname WHERE LExt.type NOT IN ('R', 'Z') AND LExt.orig_loginname = @input_loginname -- first selector in the union is to get all the mapped users diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index c39592f997b..3bf35524a84 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -231,7 +231,7 @@ BEGIN FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' - LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name + LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.owner COLLATE database_default = LExt.orig_loginname WHERE LExt.type NOT IN ('R', 'Z') -- first selector in the union is to get all the mapped users @@ -299,7 +299,6 @@ BEGIN END ELSE BEGIN - SET @input_loginname = sys.RTRIM(@loginname); SELECT DISTINCT @@ -316,7 +315,7 @@ BEGIN FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' - LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name + LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.owner COLLATE database_default = LExt.orig_loginname WHERE LExt.type NOT IN ('R', 'Z') AND LExt.orig_loginname = @input_loginname -- first selector in the union is to get all the mapped users diff --git a/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out b/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out index 55e4dd4dcb2..122edbf19c2 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out @@ -68,9 +68,17 @@ drop user if exists sp_helplogins_vu_windows_user; drop login [helplogins\win] GO -drop database sp_helplogins_db1; +drop login sp_helplogin_loginwithdifferentdefaultdb; GO +drop login sp_helplogin_loginownerofdb; +GO + +drop database sp_helplogins_db1; +GO drop database sp_helplogins_db2; GO + +drop database sp_helplogins_db3; +GO diff --git a/test/JDBC/expected/z_sp_helplogins-vu-prepare.out b/test/JDBC/expected/z_sp_helplogins-vu-prepare.out index 5188d6f553f..0a1f810d906 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-prepare.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-prepare.out @@ -5,6 +5,9 @@ GO create database sp_helplogins_db2 GO +create database sp_helplogins_db3 +GO + -- create a login with user in master with securityadmin server role -- create login with user in master with db_securityadmin role create login sp_helplogins_testlogin with password = '12345678' @@ -53,3 +56,11 @@ GO create login [helplogins\win] from windows; create user sp_helplogins_vu_windows_user for login [helplogins\win] GO + +-- creating another login which does not have a user but is a owner of a database +create login sp_helplogin_loginownerofdb with password = '12345678'; +GO + +-- creating a login which does not have a user but has a different default database +create login sp_helplogin_loginwithdifferentdefaultdb with password = '12345678', default_database = sp_helplogins_db3; +GO diff --git a/test/JDBC/expected/z_sp_helplogins-vu-verify.out b/test/JDBC/expected/z_sp_helplogins-vu-verify.out index b512d7f8b49..aef49c2e6f4 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-verify.out @@ -86,6 +86,14 @@ GO use master GO +-- change owner of sp_helplogins_db3 to sp_helplogin_loginownerofdb +use sp_helplogins_db3 +GO +EXEC sp_changedbowner 'sp_helplogin_loginownerofdb' +GO +use master +GO + -- tsql user=jdbc_user password=12345678 -- since this is sysadmin, it has all the permissions over all the databases -- this login will see every login and user across all databases @@ -98,6 +106,8 @@ aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#Engli helplogins\win#!#master#!#English#!#YES #!#NO jdbc_user#!#master#!#English#!#YES #!#NO sp_help@logins$with%sp*chars#!#master#!#English#!#YES #!#NO +sp_helplogin_loginownerofdb#!#master#!#English#!#YES #!#NO +sp_helplogin_loginwithdifferentdefaultdb#!#sp_helplogins_db3#!#English#!#NO #!#NO sp_helplogins_testlogin#!#master#!#English#!#YES #!#NO testloginindb1#!#master#!#English#!#YES #!#NO testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES #!#NO @@ -123,6 +133,8 @@ jdbc_user#!#tempdb#!#dbo#!#User sp_help@logins$with%sp*chars#!#master#!#userof@sp$chars*logins#!#User sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#db_owner#!#MemberOf sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#dbo#!#User +sp_helplogin_loginownerofdb#!#sp_helplogins_db3#!#db_owner#!#MemberOf +sp_helplogin_loginownerofdb#!#sp_helplogins_db3#!#dbo#!#User sp_helplogins_testlogin#!#master#!#db_securityadmin#!#MemberOf sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User @@ -160,6 +172,8 @@ aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#Engli helplogins\win#!#master#!#English#!#YES #!#NO jdbc_user#!#master#!#English#!#YES #!#NO sp_help@logins$with%sp*chars#!#master#!#English#!#YES #!#NO +sp_helplogin_loginownerofdb#!#master#!#English#!#YES #!#NO +sp_helplogin_loginwithdifferentdefaultdb#!#sp_helplogins_db3#!#English#!#NO #!#NO sp_helplogins_testlogin#!#master#!#English#!#YES #!#NO testloginindb1#!#master#!#English#!#YES #!#NO testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES #!#NO @@ -198,6 +212,8 @@ aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#Engli helplogins\win#!#master#!#English#!#YES #!#NO jdbc_user#!#master#!#English#!#YES #!#NO sp_help@logins$with%sp*chars#!#master#!#English#!#YES #!#NO +sp_helplogin_loginownerofdb#!#master#!#English#!#YES #!#NO +sp_helplogin_loginwithdifferentdefaultdb#!#sp_helplogins_db3#!#English#!#NO #!#NO sp_helplogins_testlogin#!#master#!#English#!#YES #!#NO testloginindb1#!#master#!#English#!#YES #!#NO testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES #!#NO @@ -240,6 +256,8 @@ aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#Engli helplogins\win#!#master#!#English#!#YES #!#NO jdbc_user#!#master#!#English#!#YES #!#NO sp_help@logins$with%sp*chars#!#master#!#English#!#YES #!#NO +sp_helplogin_loginownerofdb#!#master#!#English#!#YES #!#NO +sp_helplogin_loginwithdifferentdefaultdb#!#sp_helplogins_db3#!#English#!#NO #!#NO sp_helplogins_testlogin#!#master#!#English#!#YES #!#NO testloginindb1#!#master#!#English#!#YES #!#NO testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES #!#NO @@ -265,6 +283,8 @@ jdbc_user#!#tempdb#!#dbo#!#User sp_help@logins$with%sp*chars#!#master#!#userof@sp$chars*logins#!#User sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#db_owner#!#MemberOf sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#dbo#!#User +sp_helplogin_loginownerofdb#!#sp_helplogins_db3#!#db_owner#!#MemberOf +sp_helplogin_loginownerofdb#!#sp_helplogins_db3#!#dbo#!#User sp_helplogins_testlogin#!#master#!#db_securityadmin#!#MemberOf sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User @@ -293,6 +313,8 @@ aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#Engli helplogins\win#!#master#!#English#!#YES #!#NO jdbc_user#!#master#!#English#!#YES #!#NO sp_help@logins$with%sp*chars#!#master#!#English#!#YES #!#NO +sp_helplogin_loginownerofdb#!#master#!#English#!#YES #!#NO +sp_helplogin_loginwithdifferentdefaultdb#!#sp_helplogins_db3#!#English#!#NO #!#NO sp_helplogins_testlogin#!#master#!#English#!#YES #!#NO testloginindb1#!#master#!#English#!#YES #!#NO testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES #!#NO diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix index 95c5d8ca767..43773ecd6b8 100644 --- a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix @@ -68,9 +68,17 @@ drop user if exists sp_helplogins_vu_windows_user; drop login [helplogins\win] GO -drop database sp_helplogins_db1; +drop login sp_helplogin_loginwithdifferentdefaultdb; GO +drop login sp_helplogin_loginownerofdb; +GO + +drop database sp_helplogins_db1; +GO drop database sp_helplogins_db2; +GO + +drop database sp_helplogins_db3; GO \ No newline at end of file diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix index 97b2306db05..686ddd4eb16 100644 --- a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix @@ -5,6 +5,9 @@ GO create database sp_helplogins_db2 GO +create database sp_helplogins_db3 +GO + -- create a login with user in master with securityadmin server role -- create login with user in master with db_securityadmin role create login sp_helplogins_testlogin with password = '12345678' @@ -52,4 +55,12 @@ GO -- create a windows login and user create login [helplogins\win] from windows; create user sp_helplogins_vu_windows_user for login [helplogins\win] +GO + +-- creating another login which does not have a user but is a owner of a database +create login sp_helplogin_loginownerofdb with password = '12345678'; +GO + +-- creating a login which does not have a user but has a different default database +create login sp_helplogin_loginwithdifferentdefaultdb with password = '12345678', default_database = sp_helplogins_db3; GO \ No newline at end of file diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix index c89897a1504..c7dc4004b89 100644 --- a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix @@ -86,6 +86,14 @@ GO use master GO +-- change owner of sp_helplogins_db3 to sp_helplogin_loginownerofdb +use sp_helplogins_db3 +GO +EXEC sp_changedbowner 'sp_helplogin_loginownerofdb' +GO +use master +GO + -- tsql user=jdbc_user password=12345678 -- since this is sysadmin, it has all the permissions over all the databases -- this login will see every login and user across all databases From 93cf527806843deb4977f8a7f34ccde0f234f929 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Thu, 12 Jun 2025 06:37:25 +0000 Subject: [PATCH 53/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 20 +-- .../babelfishpg_tsql--5.2.0--5.3.0.sql | 20 +-- .../expected/z_sp_helplogins-vu-cleanup.out | 4 + .../expected/z_sp_helplogins-vu-prepare.out | 5 + .../expected/z_sp_helplogins-vu-verify.out | 167 ++++++++++-------- .../z_sp_helplogins-vu-cleanup.mix | 4 + .../z_sp_helplogins-vu-prepare.mix | 5 + .../z_sp_helplogins-vu-verify.mix | 4 + 8 files changed, 133 insertions(+), 96 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index 6b1a1b1acfa..07f8a3c6d71 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3776,15 +3776,15 @@ BEGIN BEGIN SELECT DISTINCT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, - CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, + CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS SID, CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.char(5)) -- if there exists a mapping between user and logins, then we can say that there are users attached to this login - WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.char(5)) -- this is the case for superuser - ELSE CAST('NO' AS sys.char(5)) + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('yes' AS sys.char(5)) -- if there exists a mapping between user and logins, then we can say that there are users attached to this login + WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('yes' AS sys.char(5)) -- this is the case for superuser + ELSE CAST('no' AS sys.char(5)) END AS AUser, - CAST('NO' AS sys.char(7)) AS ARemote -- Currently we do not support linking local logins to remote logins + CAST('no' AS sys.char(7)) AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' @@ -3860,15 +3860,15 @@ BEGIN SELECT DISTINCT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, - CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, + CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS SID, CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.char(5)) -- if there exists a mapping between user and logins, then we can say that there are users attached to this login - WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.char(5)) -- this is the case for superuser - ELSE CAST('NO' AS sys.char(5)) + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('yes' AS sys.char(5)) -- if there exists a mapping between user and logins, then we can say that there are users attached to this login + WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('yes' AS sys.char(5)) -- this is the case for superuser + ELSE CAST('no' AS sys.char(5)) END AS AUser, - CAST('NO' AS sys.char(7)) AS ARemote -- Currently we do not support linking local logins to remote logins + CAST('no' AS sys.char(7)) AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index 3bf35524a84..061be2f7bc9 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -219,15 +219,15 @@ BEGIN BEGIN SELECT DISTINCT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, - CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, + CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS SID, CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.char(5)) -- if there exists a mapping between user and logins, then we can say that there are users attached to this login - WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.char(5)) -- this is the case for superuser - ELSE CAST('NO' AS sys.char(5)) + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('yes' AS sys.char(5)) -- if there exists a mapping between user and logins, then we can say that there are users attached to this login + WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('yes' AS sys.char(5)) -- this is the case for superuser + ELSE CAST('no' AS sys.char(5)) END AS AUser, - CAST('NO' AS sys.char(7)) AS ARemote -- Currently we do not support linking local logins to remote logins + CAST('no' AS sys.char(7)) AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' @@ -303,15 +303,15 @@ BEGIN SELECT DISTINCT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, - CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid, + CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS SID, CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE - WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('YES' AS sys.char(5)) -- if there exists a mapping between user and logins, then we can say that there are users attached to this login - WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('YES' AS sys.char(5)) -- this is the case for superuser - ELSE CAST('NO' AS sys.char(5)) + WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.rolname COLLATE database_default THEN CAST('yes' AS sys.char(5)) -- if there exists a mapping between user and logins, then we can say that there are users attached to this login + WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN CAST('yes' AS sys.char(5)) -- this is the case for superuser + ELSE CAST('no' AS sys.char(5)) END AS AUser, - CAST('NO' AS sys.char(7)) AS ARemote -- Currently we do not support linking local logins to remote logins + CAST('no' AS sys.char(7)) AS ARemote -- Currently we do not support linking local logins to remote logins FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R' diff --git a/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out b/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out index 122edbf19c2..8d0e82f6734 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-cleanup.out @@ -68,6 +68,10 @@ drop user if exists sp_helplogins_vu_windows_user; drop login [helplogins\win] GO +drop user if exists u_sp_helplogin_loginwithusermemberofdbowner +drop login sp_helplogin_loginwithusermemberofdbowner +GO + drop login sp_helplogin_loginwithdifferentdefaultdb; GO diff --git a/test/JDBC/expected/z_sp_helplogins-vu-prepare.out b/test/JDBC/expected/z_sp_helplogins-vu-prepare.out index 0a1f810d906..206408aa447 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-prepare.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-prepare.out @@ -64,3 +64,8 @@ GO -- creating a login which does not have a user but has a different default database create login sp_helplogin_loginwithdifferentdefaultdb with password = '12345678', default_database = sp_helplogins_db3; GO + +-- creating a login which has a user which is a member of the db_owner db role (this is not the same as the login being owner of the db) +create login sp_helplogin_loginwithusermemberofdbowner with password = '12345678' +create user u_sp_helplogin_loginwithusermemberofdbowner for login sp_helplogin_loginwithusermemberofdbowner +GO diff --git a/test/JDBC/expected/z_sp_helplogins-vu-verify.out b/test/JDBC/expected/z_sp_helplogins-vu-verify.out index aef49c2e6f4..172207a26d9 100644 --- a/test/JDBC/expected/z_sp_helplogins-vu-verify.out +++ b/test/JDBC/expected/z_sp_helplogins-vu-verify.out @@ -94,6 +94,10 @@ GO use master GO +-- alter db_owner role add member +alter role db_owner add member u_sp_helplogin_loginwithusermemberofdbowner +GO + -- tsql user=jdbc_user password=12345678 -- since this is sysadmin, it has all the permissions over all the databases -- this login will see every login and user across all databases @@ -102,20 +106,21 @@ EXEC sp_helplogins GO ~~START~~ varchar#!#varchar#!#varchar#!#char#!#char -aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES #!#NO -helplogins\win#!#master#!#English#!#YES #!#NO -jdbc_user#!#master#!#English#!#YES #!#NO -sp_help@logins$with%sp*chars#!#master#!#English#!#YES #!#NO -sp_helplogin_loginownerofdb#!#master#!#English#!#YES #!#NO -sp_helplogin_loginwithdifferentdefaultdb#!#sp_helplogins_db3#!#English#!#NO #!#NO -sp_helplogins_testlogin#!#master#!#English#!#YES #!#NO -testloginindb1#!#master#!#English#!#YES #!#NO -testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES #!#NO -testloginwithoutusers#!#master#!#English#!#NO #!#NO -testloginwithsecadminanddbsec#!#master#!#English#!#YES #!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES #!#NO -testloginwithsecurityadmin2#!#master#!#English#!#YES #!#NO -testloginwithsysadmin#!#master#!#English#!#NO #!#NO +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#yes #!#no +helplogins\win#!#master#!#English#!#yes #!#no +jdbc_user#!#master#!#English#!#yes #!#no +sp_help@logins$with%sp*chars#!#master#!#English#!#yes #!#no +sp_helplogin_loginownerofdb#!#master#!#English#!#yes #!#no +sp_helplogin_loginwithdifferentdefaultdb#!#sp_helplogins_db3#!#English#!#no #!#no +sp_helplogin_loginwithusermemberofdbowner#!#master#!#English#!#yes #!#no +sp_helplogins_testlogin#!#master#!#English#!#yes #!#no +testloginindb1#!#master#!#English#!#yes #!#no +testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#yes #!#no +testloginwithoutusers#!#master#!#English#!#no #!#no +testloginwithsecadminanddbsec#!#master#!#English#!#yes #!#no +testloginwithsecurityadmin#!#master#!#English#!#yes #!#no +testloginwithsecurityadmin2#!#master#!#English#!#yes #!#no +testloginwithsysadmin#!#master#!#English#!#no #!#no ~~END~~ ~~START~~ @@ -135,6 +140,8 @@ sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#db_owner#!#MemberOf sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#dbo#!#User sp_helplogin_loginownerofdb#!#sp_helplogins_db3#!#db_owner#!#MemberOf sp_helplogin_loginownerofdb#!#sp_helplogins_db3#!#dbo#!#User +sp_helplogin_loginwithusermemberofdbowner#!#master#!#db_owner#!#MemberOf +sp_helplogin_loginwithusermemberofdbowner#!#master#!#u_sp_helplogin_loginwithusermemberofdbowner#!#User sp_helplogins_testlogin#!#master#!#db_securityadmin#!#MemberOf sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User @@ -168,20 +175,21 @@ EXEC sp_helplogins GO ~~START~~ varchar#!#varchar#!#varchar#!#char#!#char -aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES #!#NO -helplogins\win#!#master#!#English#!#YES #!#NO -jdbc_user#!#master#!#English#!#YES #!#NO -sp_help@logins$with%sp*chars#!#master#!#English#!#YES #!#NO -sp_helplogin_loginownerofdb#!#master#!#English#!#YES #!#NO -sp_helplogin_loginwithdifferentdefaultdb#!#sp_helplogins_db3#!#English#!#NO #!#NO -sp_helplogins_testlogin#!#master#!#English#!#YES #!#NO -testloginindb1#!#master#!#English#!#YES #!#NO -testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES #!#NO -testloginwithoutusers#!#master#!#English#!#NO #!#NO -testloginwithsecadminanddbsec#!#master#!#English#!#YES #!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES #!#NO -testloginwithsecurityadmin2#!#master#!#English#!#YES #!#NO -testloginwithsysadmin#!#master#!#English#!#NO #!#NO +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#yes #!#no +helplogins\win#!#master#!#English#!#yes #!#no +jdbc_user#!#master#!#English#!#yes #!#no +sp_help@logins$with%sp*chars#!#master#!#English#!#yes #!#no +sp_helplogin_loginownerofdb#!#master#!#English#!#yes #!#no +sp_helplogin_loginwithdifferentdefaultdb#!#sp_helplogins_db3#!#English#!#no #!#no +sp_helplogin_loginwithusermemberofdbowner#!#master#!#English#!#yes #!#no +sp_helplogins_testlogin#!#master#!#English#!#yes #!#no +testloginindb1#!#master#!#English#!#yes #!#no +testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#yes #!#no +testloginwithoutusers#!#master#!#English#!#no #!#no +testloginwithsecadminanddbsec#!#master#!#English#!#yes #!#no +testloginwithsecurityadmin#!#master#!#English#!#yes #!#no +testloginwithsecurityadmin2#!#master#!#English#!#yes #!#no +testloginwithsysadmin#!#master#!#English#!#no #!#no ~~END~~ ~~START~~ @@ -208,20 +216,21 @@ EXEC sp_helplogins GO ~~START~~ varchar#!#varchar#!#varchar#!#char#!#char -aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES #!#NO -helplogins\win#!#master#!#English#!#YES #!#NO -jdbc_user#!#master#!#English#!#YES #!#NO -sp_help@logins$with%sp*chars#!#master#!#English#!#YES #!#NO -sp_helplogin_loginownerofdb#!#master#!#English#!#YES #!#NO -sp_helplogin_loginwithdifferentdefaultdb#!#sp_helplogins_db3#!#English#!#NO #!#NO -sp_helplogins_testlogin#!#master#!#English#!#YES #!#NO -testloginindb1#!#master#!#English#!#YES #!#NO -testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES #!#NO -testloginwithoutusers#!#master#!#English#!#NO #!#NO -testloginwithsecadminanddbsec#!#master#!#English#!#YES #!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES #!#NO -testloginwithsecurityadmin2#!#master#!#English#!#YES #!#NO -testloginwithsysadmin#!#master#!#English#!#NO #!#NO +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#yes #!#no +helplogins\win#!#master#!#English#!#yes #!#no +jdbc_user#!#master#!#English#!#yes #!#no +sp_help@logins$with%sp*chars#!#master#!#English#!#yes #!#no +sp_helplogin_loginownerofdb#!#master#!#English#!#yes #!#no +sp_helplogin_loginwithdifferentdefaultdb#!#sp_helplogins_db3#!#English#!#no #!#no +sp_helplogin_loginwithusermemberofdbowner#!#master#!#English#!#yes #!#no +sp_helplogins_testlogin#!#master#!#English#!#yes #!#no +testloginindb1#!#master#!#English#!#yes #!#no +testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#yes #!#no +testloginwithoutusers#!#master#!#English#!#no #!#no +testloginwithsecadminanddbsec#!#master#!#English#!#yes #!#no +testloginwithsecurityadmin#!#master#!#English#!#yes #!#no +testloginwithsecurityadmin2#!#master#!#English#!#yes #!#no +testloginwithsysadmin#!#master#!#English#!#no #!#no ~~END~~ ~~START~~ @@ -252,20 +261,21 @@ EXEC sp_helplogins GO ~~START~~ varchar#!#varchar#!#varchar#!#char#!#char -aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES #!#NO -helplogins\win#!#master#!#English#!#YES #!#NO -jdbc_user#!#master#!#English#!#YES #!#NO -sp_help@logins$with%sp*chars#!#master#!#English#!#YES #!#NO -sp_helplogin_loginownerofdb#!#master#!#English#!#YES #!#NO -sp_helplogin_loginwithdifferentdefaultdb#!#sp_helplogins_db3#!#English#!#NO #!#NO -sp_helplogins_testlogin#!#master#!#English#!#YES #!#NO -testloginindb1#!#master#!#English#!#YES #!#NO -testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES #!#NO -testloginwithoutusers#!#master#!#English#!#NO #!#NO -testloginwithsecadminanddbsec#!#master#!#English#!#YES #!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES #!#NO -testloginwithsecurityadmin2#!#master#!#English#!#YES #!#NO -testloginwithsysadmin#!#master#!#English#!#NO #!#NO +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#yes #!#no +helplogins\win#!#master#!#English#!#yes #!#no +jdbc_user#!#master#!#English#!#yes #!#no +sp_help@logins$with%sp*chars#!#master#!#English#!#yes #!#no +sp_helplogin_loginownerofdb#!#master#!#English#!#yes #!#no +sp_helplogin_loginwithdifferentdefaultdb#!#sp_helplogins_db3#!#English#!#no #!#no +sp_helplogin_loginwithusermemberofdbowner#!#master#!#English#!#yes #!#no +sp_helplogins_testlogin#!#master#!#English#!#yes #!#no +testloginindb1#!#master#!#English#!#yes #!#no +testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#yes #!#no +testloginwithoutusers#!#master#!#English#!#no #!#no +testloginwithsecadminanddbsec#!#master#!#English#!#yes #!#no +testloginwithsecurityadmin#!#master#!#English#!#yes #!#no +testloginwithsecurityadmin2#!#master#!#English#!#yes #!#no +testloginwithsysadmin#!#master#!#English#!#no #!#no ~~END~~ ~~START~~ @@ -285,6 +295,8 @@ sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#db_owner#!#MemberOf sp_help@logins$with%sp*chars#!#sp_helplogins_db2#!#dbo#!#User sp_helplogin_loginownerofdb#!#sp_helplogins_db3#!#db_owner#!#MemberOf sp_helplogin_loginownerofdb#!#sp_helplogins_db3#!#dbo#!#User +sp_helplogin_loginwithusermemberofdbowner#!#master#!#db_owner#!#MemberOf +sp_helplogin_loginwithusermemberofdbowner#!#master#!#u_sp_helplogin_loginwithusermemberofdbowner#!#User sp_helplogins_testlogin#!#master#!#db_securityadmin#!#MemberOf sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User testloginindb1#!#sp_helplogins_db1#!#userof_testloginindb1#!#User @@ -309,20 +321,21 @@ EXEC sp_helplogins GO ~~START~~ varchar#!#varchar#!#varchar#!#char#!#char -aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#YES #!#NO -helplogins\win#!#master#!#English#!#YES #!#NO -jdbc_user#!#master#!#English#!#YES #!#NO -sp_help@logins$with%sp*chars#!#master#!#English#!#YES #!#NO -sp_helplogin_loginownerofdb#!#master#!#English#!#YES #!#NO -sp_helplogin_loginwithdifferentdefaultdb#!#sp_helplogins_db3#!#English#!#NO #!#NO -sp_helplogins_testlogin#!#master#!#English#!#YES #!#NO -testloginindb1#!#master#!#English#!#YES #!#NO -testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#YES #!#NO -testloginwithoutusers#!#master#!#English#!#NO #!#NO -testloginwithsecadminanddbsec#!#master#!#English#!#YES #!#NO -testloginwithsecurityadmin#!#master#!#English#!#YES #!#NO -testloginwithsecurityadmin2#!#master#!#English#!#YES #!#NO -testloginwithsysadmin#!#master#!#English#!#NO #!#NO +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#!#master#!#English#!#yes #!#no +helplogins\win#!#master#!#English#!#yes #!#no +jdbc_user#!#master#!#English#!#yes #!#no +sp_help@logins$with%sp*chars#!#master#!#English#!#yes #!#no +sp_helplogin_loginownerofdb#!#master#!#English#!#yes #!#no +sp_helplogin_loginwithdifferentdefaultdb#!#sp_helplogins_db3#!#English#!#no #!#no +sp_helplogin_loginwithusermemberofdbowner#!#master#!#English#!#yes #!#no +sp_helplogins_testlogin#!#master#!#English#!#yes #!#no +testloginindb1#!#master#!#English#!#yes #!#no +testloginwithotherdefdb#!#sp_helplogins_db1#!#English#!#yes #!#no +testloginwithoutusers#!#master#!#English#!#no #!#no +testloginwithsecadminanddbsec#!#master#!#English#!#yes #!#no +testloginwithsecurityadmin#!#master#!#English#!#yes #!#no +testloginwithsecurityadmin2#!#master#!#English#!#yes #!#no +testloginwithsysadmin#!#master#!#English#!#no #!#no ~~END~~ ~~START~~ @@ -336,6 +349,8 @@ jdbc_user#!#msdb#!#dbo#!#User jdbc_user#!#tempdb#!#db_owner#!#MemberOf jdbc_user#!#tempdb#!#dbo#!#User sp_help@logins$with%sp*chars#!#master#!#userof@sp$chars*logins#!#User +sp_helplogin_loginwithusermemberofdbowner#!#master#!#db_owner#!#MemberOf +sp_helplogin_loginwithusermemberofdbowner#!#master#!#u_sp_helplogin_loginwithusermemberofdbowner#!#User sp_helplogins_testlogin#!#master#!#db_securityadmin#!#MemberOf sp_helplogins_testlogin#!#master#!#userof_sp_helplogins_testlogin#!#User testloginwithsecadminanddbsec#!#master#!#db_securityadmin#!#MemberOf @@ -350,7 +365,7 @@ EXEC sp_helplogins 'jdbc_user' GO ~~START~~ varchar#!#varchar#!#varchar#!#char#!#char -jdbc_user#!#master#!#English#!#YES #!#NO +jdbc_user#!#master#!#English#!#yes #!#no ~~END~~ ~~START~~ @@ -371,7 +386,7 @@ EXEC sp_helplogins 'sp_helplogins_testlogin' GO ~~START~~ varchar#!#varchar#!#varchar#!#char#!#char -sp_helplogins_testlogin#!#master#!#English#!#YES #!#NO +sp_helplogins_testlogin#!#master#!#English#!#yes #!#no ~~END~~ ~~START~~ @@ -386,7 +401,7 @@ EXEC sp_helplogins 'testloginwithsecurityadmin' GO ~~START~~ varchar#!#varchar#!#varchar#!#char#!#char -testloginwithsecurityadmin#!#master#!#English#!#YES #!#NO +testloginwithsecurityadmin#!#master#!#English#!#yes #!#no ~~END~~ ~~START~~ @@ -401,7 +416,7 @@ EXEC sp_helplogins 'testloginwithsecurityadmin2' GO ~~START~~ varchar#!#varchar#!#varchar#!#char#!#char -testloginwithsecurityadmin2#!#master#!#English#!#YES #!#NO +testloginwithsecurityadmin2#!#master#!#English#!#yes #!#no ~~END~~ ~~START~~ @@ -417,7 +432,7 @@ EXEC sp_helplogins 'testloginwithsecurityadmin2 ' GO ~~START~~ varchar#!#varchar#!#varchar#!#char#!#char -testloginwithsecurityadmin2#!#master#!#English#!#YES #!#NO +testloginwithsecurityadmin2#!#master#!#English#!#yes #!#no ~~END~~ ~~START~~ @@ -445,7 +460,7 @@ EXEC sp_helplogins 'sp_help@logins$with%sp*chars' GO ~~START~~ varchar#!#varchar#!#varchar#!#char#!#char -sp_help@logins$with%sp*chars#!#master#!#English#!#YES #!#NO +sp_help@logins$with%sp*chars#!#master#!#English#!#yes #!#no ~~END~~ ~~START~~ diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix index 43773ecd6b8..a41c3dbc2c5 100644 --- a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-cleanup.mix @@ -68,6 +68,10 @@ drop user if exists sp_helplogins_vu_windows_user; drop login [helplogins\win] GO +drop user if exists u_sp_helplogin_loginwithusermemberofdbowner +drop login sp_helplogin_loginwithusermemberofdbowner +GO + drop login sp_helplogin_loginwithdifferentdefaultdb; GO diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix index 686ddd4eb16..68bab6c6e97 100644 --- a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-prepare.mix @@ -63,4 +63,9 @@ GO -- creating a login which does not have a user but has a different default database create login sp_helplogin_loginwithdifferentdefaultdb with password = '12345678', default_database = sp_helplogins_db3; +GO + +-- creating a login which has a user which is a member of the db_owner db role (this is not the same as the login being owner of the db) +create login sp_helplogin_loginwithusermemberofdbowner with password = '12345678' +create user u_sp_helplogin_loginwithusermemberofdbowner for login sp_helplogin_loginwithusermemberofdbowner GO \ No newline at end of file diff --git a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix index c7dc4004b89..68c1a9fb385 100644 --- a/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix +++ b/test/JDBC/input/storedProcedures/z_sp_helplogins-vu-verify.mix @@ -94,6 +94,10 @@ GO use master GO +-- alter db_owner role add member +alter role db_owner add member u_sp_helplogin_loginwithusermemberofdbowner +GO + -- tsql user=jdbc_user password=12345678 -- since this is sysadmin, it has all the permissions over all the databases -- this login will see every login and user across all databases From f239e46c1df32452455e8a510b1bd2d2eb2374d2 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Thu, 12 Jun 2025 07:03:37 +0000 Subject: [PATCH 54/54] Added sp_helplogins which is a system stored procedure that provides information about logins (both SQL and Windows) and users associated with those logins. sp_helplogins [ [ @LoginNamePattern = ] N'LoginNamePattern' ] [ ; ] @LoginNamePattern is sys.sysname, with a default of NULL . If specified, @loginnamepattern must exist. It returns two result sets - First view - information about all logins present on the server. Second view - information about each login and its mapping with a user in a database or its membership with a database-role Task - BABEL-5742 Signed-off-by: Ayush Shah --- contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql | 4 ++-- .../sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index 07f8a3c6d71..4fe122c9ee7 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -3776,7 +3776,7 @@ BEGIN BEGIN SELECT DISTINCT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, - CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS SID, + CAST(CAST(Base.oid AS BIGINT) AS sys.varbinary(85)) AS SID, CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE @@ -3860,7 +3860,7 @@ BEGIN SELECT DISTINCT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, - CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS SID, + CAST(CAST(Base.oid AS BIGINT) AS sys.varbinary(85)) AS SID, CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql index 061be2f7bc9..7221ed00ff2 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql @@ -219,7 +219,7 @@ BEGIN BEGIN SELECT DISTINCT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, - CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS SID, + CAST(CAST(Base.oid AS BIGINT) AS sys.varbinary(85)) AS SID, CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE @@ -303,7 +303,7 @@ BEGIN SELECT DISTINCT CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName, - CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS SID, + CAST(CAST(Base.oid AS BIGINT) AS sys.varbinary(85)) AS SID, CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName, CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName, CASE