Added sp_helplogins - stored proc that provides information about logins and users associated with those logins.

.github/composite-actions/dump-restore-util/action.yml

@@ -104,7 +104,8 @@ runs:
 
           # Get the list of all the Babelfish logins in a file
           query="SELECT orig_loginname, default_database_name, default_language_name, type, \
-                pg_has_role(rolname, 'sysadmin', 'member') AS is_sysadmin_member \
+                pg_has_role(rolname, 'sysadmin', 'member') AS is_sysadmin_member, \
+                pg_has_role(rolname, 'securityadmin', 'member') AS is_securityadmin_member \
                 FROM sys.babelfish_authid_login_ext \
                 WHERE rolname NOT IN ('jdbc_user', 'sysadmin', 'bbf_role_admin', 'test@ABC');"
           ~/${{ inputs.pg_new_dir }}/bin/psql -v ON_ERROR_STOP=1 -h localhost -d babelfish_db -U jdbc_user -c "$query" > ~/upgrade/logins_file.txt
@@ -229,13 +230,14 @@ runs:
           done < <(tail -n +3 ~/upgrade/domains_file.txt | head -n -2)
 
           # Loop through the list of all the Babelfish logins and create them one by one.
-          while IFS='|' read -r name db lang type sa; do
+          while IFS='|' read -r name db lang type sa seca; do
             # Remove leading and trailing spaces
             orig_loginname="$(echo "${name}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
             def_db="$(echo "${db}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
             def_lang="$(echo "${lang}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
             login_type="$(echo "${type}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
             is_sysadmin_member="$(echo "${sa}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
+            is_securityadmin_member="$(echo "${seca}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
             if [[ $login_type == 'U' ]];then
               sqlcmd -S localhost -U jdbc_user -P 12345678 -Q "CREATE LOGIN [$orig_loginname] FROM WINDOWS WITH default_database = [$def_db], default_language = [$def_lang];"
             else
@@ -244,6 +246,9 @@ runs:
             if [[ $is_sysadmin_member == 't' ]];then
               sqlcmd -S localhost -U jdbc_user -P 12345678 -Q "ALTER ROLE sysadmin ADD MEMBER [$orig_loginname];"
             fi
+            if [[ $is_securityadmin_member == 't' ]];then
+              sqlcmd -S localhost -U jdbc_user -P 12345678 -Q "ALTER ROLE securityadmin ADD MEMBER [$orig_loginname];"
+            fi
           done < <(tail -n +3 ~/upgrade/logins_file.txt | head -n -2)
 
           # Link the orphaned users to logins

.gitignore

@@ -18,8 +18,8 @@ test/JDBC/target/maven-status/*
 test/JDBC/target/surefire-reports/*
 test/JDBC/target/test-classes/*
 
-contrib/babelfishpg_common/sql/babelfishpg_common--[0-9].[0-9].[0-9]--[0-9].[0-9].[0-9].sql
-contrib/babelfishpg_common/sql/babelfishpg_common--[0-9].[0-9].[0-9].sql
+contrib/babelfishpg_common/sql/babelfishpg_common--[0-9]*.[0-9]*.[0-9]*--[0-9]*.[0-9]*.[0-9]*.sql
+contrib/babelfishpg_common/sql/babelfishpg_common--[0-9]*.[0-9]*.[0-9]*.sql
 contrib/babelfishpg_common/src/geo_parser.c
 contrib/babelfishpg_common/src/geo_scan.c
 contrib/babelfishpg_money/babelfishpg_money--[0-9].[0-9].[0-9].sql

contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql

@@ -3754,3 +3754,140 @@ BEGIN
 END;
 $$ LANGUAGE pltsql;
 GRANT EXECUTE ON PROCEDURE sys.sp_procedure_params_100_managed TO PUBLIC;
+
+CREATE OR REPLACE PROCEDURE sys.sp_helplogins(IN "@loginname" sys.sysname DEFAULT NULL)
+LANGUAGE pltsql
+AS $$
+DECLARE @input_loginname sys.sysname;
+DECLARE @current_username sys.nvarchar(128)
+DECLARE @is_sysadmin BIT
+BEGIN
+
+	IF is_srvrolemember('securityadmin') = 0 
+    BEGIN
+        RAISERROR('User does not have permission to perform this action.', 16, 1);
+		RETURN 0;
+    END
+
+    SET @current_username = LOWER(sys.suser_name());
+    SET @is_sysadmin = is_srvrolemember('sysadmin');
+
+    IF @loginname IS NULL
+    BEGIN    
+        SELECT DISTINCT
+            CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName,
+            CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid,
+            CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName,
+            CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName,
+            CASE 
+                WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname COLLATE database_default THEN 'YES'
+                WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN 'YES'
+                ELSE 'NO'
+            END AS AUser,
+            CAST('NO' AS VARCHAR(8)) AS ARemote -- Currently we do not support linking local logins to remote logins
+        FROM pg_catalog.pg_roles AS Base 
+        INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname
+        LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R'
+        LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name
+        WHERE LExt.type NOT IN ('R', 'Z')
+
+        SELECT
+            CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName,
+            CAST(UExt.database_name AS sys.SYSNAME) AS DBName,
+            CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName,
+            'User' AS UserOrAlias 
+        FROM sys.babelfish_authid_user_ext UExt
+        LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name 
+        WHERE UExt.type != 'R' AND  
+            UExt.orig_username != 'guest' AND 
+            has_dbaccess(UExt.database_name) = 1 AND
+            (
+                @is_sysadmin = 1 OR
+                UExt.login_name = @current_username OR
+                ISNULL(UExt.login_name, '') = '' OR
+                EXISTS (
+                    SELECT 1
+                    FROM pg_catalog.pg_auth_members AS Authmbr
+                    INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid
+                    INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member
+                    INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname
+                    INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname
+                    WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') 
+                    AND UExt2.database_name = UExt.database_name 
+                    AND UExt2.login_name = @current_username
+                )
+            )
+        UNION
+        SELECT
+            CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName,
+            CAST(UExt2.database_name AS sys.SYSNAME) AS DBName,
+            CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName,
+            'Member of' AS UserOrAlias 
+        FROM pg_catalog.pg_auth_members AS Authmbr
+        INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid
+        INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member
+        INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R'
+        INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner'
+        LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt1.database_name
+        WHERE 
+            has_dbaccess(UExt2.database_name) = 1 AND
+            (
+                @is_sysadmin = 1 OR
+                UExt2.login_name = @current_username OR
+                ISNULL(UExt2.login_name, '') = ''
+            )
+    END
+    ELSE
+    BEGIN
+
+        SET @input_loginname = sys.RTRIM(@loginname);
+
+        SELECT DISTINCT
+            CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName,
+            CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid,
+            CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName,
+            CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName,
+            CASE 
+                WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname COLLATE database_default THEN 'YES'
+                WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN 'YES'
+                ELSE 'NO'
+            END AS AUser,
+            CAST('NO' AS VARCHAR(8)) AS ARemote -- Currently we do not support linking local logins to remote logins
+        FROM pg_catalog.pg_roles AS Base 
+        INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname
+        LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R'
+        LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name
+        WHERE LExt.type NOT IN ('R', 'Z') AND LExt.orig_loginname = @input_loginname
+
+        SELECT
+            CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName,
+            CAST(UExt.database_name AS sys.SYSNAME) AS DBName,
+            CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName,
+            'User' AS UserOrAlias 
+        FROM sys.babelfish_authid_user_ext UExt
+        LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name
+        WHERE UExt.type != 'R' AND  
+            UExt.orig_username != 'guest' AND 
+            has_dbaccess(UExt.database_name) = 1 AND
+            COALESCE(NULLIF(UExt.login_name, ''), Db.owner) = @input_loginname
+        UNION
+        SELECT
+            CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName,
+            CAST(UExt2.database_name AS sys.SYSNAME) AS DBName,
+            CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName,
+            'Member of' AS UserOrAlias 
+        FROM pg_catalog.pg_auth_members AS Authmbr
+        INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid
+        INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member
+        INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R'
+        INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner'
+        LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt1.database_name
+        WHERE 
+            has_dbaccess(UExt2.database_name) = 1 AND
+            COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) = @input_loginname
+    END;
+
+    RETURN 0;
+END;
+$$;
+GRANT EXECUTE ON PROCEDURE sys.sp_helplogins TO PUBLIC;

contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql

@@ -119,6 +119,143 @@ END;
 $$ 
 LANGUAGE plpgsql IMMUTABLE;
 
+CREATE OR REPLACE PROCEDURE sys.sp_helplogins(IN "@loginname" sys.sysname DEFAULT NULL)
+LANGUAGE pltsql
+AS $$
+DECLARE @input_loginname sys.sysname;
+DECLARE @current_username sys.nvarchar(128)
+DECLARE @is_sysadmin BIT
+BEGIN
+
+	IF is_srvrolemember('securityadmin') = 0 
+    BEGIN
+        RAISERROR('User does not have permission to perform this action.', 16, 1);
+		RETURN 0;
+    END
+
+    SET @current_username = LOWER(sys.suser_name());
+    SET @is_sysadmin = is_srvrolemember('sysadmin');
+
+    IF @loginname IS NULL
+    BEGIN    
+        SELECT DISTINCT
+            CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName,
+            CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid,
+            CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName,
+            CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName,
+            CASE 
+                WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname COLLATE database_default THEN 'YES'
+                WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN 'YES'
+                ELSE 'NO'
+            END AS AUser,
+            CAST('NO' AS VARCHAR(8)) AS ARemote -- Currently we do not support linking local logins to remote logins
+        FROM pg_catalog.pg_roles AS Base 
+        INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname
+        LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R'
+        LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name
+        WHERE LExt.type NOT IN ('R', 'Z')
+
+        SELECT
+            CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName,
+            CAST(UExt.database_name AS sys.SYSNAME) AS DBName,
+            CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName,
+            'User' AS UserOrAlias 
+        FROM sys.babelfish_authid_user_ext UExt
+        LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name 
+        WHERE UExt.type != 'R' AND  
+            UExt.orig_username != 'guest' AND 
+            has_dbaccess(UExt.database_name) = 1 AND
+            (
+                @is_sysadmin = 1 OR
+                UExt.login_name = @current_username OR
+                ISNULL(UExt.login_name, '') = '' OR
+                EXISTS (
+                    SELECT 1
+                    FROM pg_catalog.pg_auth_members AS Authmbr
+                    INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid
+                    INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member
+                    INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname
+                    INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname
+                    WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin') 
+                    AND UExt2.database_name = UExt.database_name 
+                    AND UExt2.login_name = @current_username
+                )
+            )
+        UNION
+        SELECT
+            CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName,
+            CAST(UExt2.database_name AS sys.SYSNAME) AS DBName,
+            CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName,
+            'Member of' AS UserOrAlias 
+        FROM pg_catalog.pg_auth_members AS Authmbr
+        INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid
+        INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member
+        INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R'
+        INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner'
+        LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt1.database_name
+        WHERE 
+            has_dbaccess(UExt2.database_name) = 1 AND
+            (
+                @is_sysadmin = 1 OR
+                UExt2.login_name = @current_username OR
+                ISNULL(UExt2.login_name, '') = ''
+            )
+    END
+    ELSE
+    BEGIN
+
+        SET @input_loginname = sys.RTRIM(@loginname);
+
+        SELECT DISTINCT
+            CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName,
+            CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid,
+            CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName,
+            CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName,
+            CASE 
+                WHEN Ext.login_name IS NOT NULL AND Ext.login_name = LExt.orig_loginname COLLATE database_default THEN 'YES'
+                WHEN Db.owner COLLATE database_default = LExt.orig_loginname THEN 'YES'
+                ELSE 'NO'
+            END AS AUser,
+            CAST('NO' AS VARCHAR(8)) AS ARemote -- Currently we do not support linking local logins to remote logins
+        FROM pg_catalog.pg_roles AS Base 
+        INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname
+        LEFT JOIN sys.babelfish_authid_user_ext AS Ext ON Ext.login_name = Base.rolname AND Ext.type != 'R'
+        LEFT JOIN sys.babelfish_sysdatabases AS Db ON Db.name COLLATE database_default = LExt.default_database_name
+        WHERE LExt.type NOT IN ('R', 'Z') AND LExt.orig_loginname = @input_loginname
+
+        SELECT
+            CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName,
+            CAST(UExt.database_name AS sys.SYSNAME) AS DBName,
+            CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName,
+            'User' AS UserOrAlias 
+        FROM sys.babelfish_authid_user_ext UExt
+        LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt.database_name
+        WHERE UExt.type != 'R' AND  
+            UExt.orig_username != 'guest' AND 
+            has_dbaccess(UExt.database_name) = 1 AND
+            COALESCE(NULLIF(UExt.login_name, ''), Db.owner) = @input_loginname
+        UNION
+        SELECT
+            CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName,
+            CAST(UExt2.database_name AS sys.SYSNAME) AS DBName,
+            CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName,
+            'Member of' AS UserOrAlias 
+        FROM pg_catalog.pg_auth_members AS Authmbr
+        INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid
+        INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member
+        INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R'
+        INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner'
+        LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name COLLATE database_default = UExt1.database_name
+        WHERE 
+            has_dbaccess(UExt2.database_name) = 1 AND
+            COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) = @input_loginname
+    END;
+
+    RETURN 0;
+END;
+$$;
+GRANT EXECUTE ON PROCEDURE sys.sp_helplogins TO PUBLIC;
+
 CREATE OR REPLACE VIEW sys.server_permissions AS 
 WITH super_user AS (SELECT datdba AS super_user FROM pg_database WHERE datname = CURRENT_DATABASE()) 
 SELECT 

contrib/babelfishpg_tsql/src/tsqlUnsupportedFeatureHandler.cpp

@@ -1712,7 +1712,6 @@ const char *unsupported_sp_procedures[] = {
 	"sp_generate_database_ledger_digest",
 	"sp_grantdbaccess",
 	"sp_grantlogin",
-	"sp_helplogins",
 	"sp_helpntgroup",
 	"sp_helpremotelogin",
 	"sp_helprotect",

test/JDBC/expected/BABEL_GRANT_CONNECT-vu-verify.out

@@ -59,6 +59,10 @@ go
 ~~ERROR (Message: User 'guest' cannot be dropped, it can only be disabled. The user is already disabled in the current database.)~~
 
 
+-- re-enabling connect on guest user
+grant connect to guest;
+go
+
 -- reset the login password
 alter login grant_connect_abc with password = 'Babel123'
 go

test/JDBC/expected/restricted_objects-vu-cleanup.out

@@ -104,3 +104,6 @@ GO
 
 DROP LOGIN babel_5146_user_l1;
 GO
+
+GRANT CONNECT TO guest;
+GO

test/JDBC/expected/z_sp_helplogins-vu-cleanup.out

@@ -0,0 +1,39 @@
+-- tsql user=jdbc_user password=12345678 database=master
+drop user if exists userof_sp_helplogins_testlogin 
+GO
+
+drop login sp_helplogins_testlogin
+GO
+
+drop user if exists userof_testloginwithsecurityadmin
+GO
+
+drop user if exists userof_testloginwithsecurityadmin_indb1
+GO
+
+drop login testloginwithsecurityadmin
+GO
+
+drop database sp_helplogins_db1
+GO
+
+drop user if exists userof_testloginwithsecurityadmin2
+GO
+
+drop login testloginwithsecurityadmin2
+GO
+
+drop login testloginindb1
+GO
+
+drop user if exists userof_testloginindb1
+GO
+
+drop login testloginwithoutusers
+GO
+
+drop user if exists u_testloginwithotherdefdb
+GO
+
+drop login testloginwithotherdefdb
+GO