Added sp_helplogins - stored proc that provides information about logins and users associated with those logins.

.github/composite-actions/dump-restore-util/action.yml

@@ -104,7 +104,8 @@ runs:
 
           # Get the list of all the Babelfish logins in a file
           query="SELECT orig_loginname, default_database_name, default_language_name, type, \
-                pg_has_role(rolname, 'sysadmin', 'member') AS is_sysadmin_member \
+                pg_has_role(rolname, 'sysadmin', 'member') AS is_sysadmin_member, \
+                pg_has_role(rolname, 'securityadmin', 'member') AS is_securityadmin_member \
                 FROM sys.babelfish_authid_login_ext \
                 WHERE rolname NOT IN ('jdbc_user', 'sysadmin', 'bbf_role_admin', 'test@ABC');"
           ~/${{ inputs.pg_new_dir }}/bin/psql -v ON_ERROR_STOP=1 -h localhost -d babelfish_db -U jdbc_user -c "$query" > ~/upgrade/logins_file.txt
@@ -229,13 +230,14 @@ runs:
           done < <(tail -n +3 ~/upgrade/domains_file.txt | head -n -2)
 
           # Loop through the list of all the Babelfish logins and create them one by one.
-          while IFS='|' read -r name db lang type sa; do
+          while IFS='|' read -r name db lang type sa seca; do
             # Remove leading and trailing spaces
             orig_loginname="$(echo "${name}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
             def_db="$(echo "${db}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
             def_lang="$(echo "${lang}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
             login_type="$(echo "${type}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
             is_sysadmin_member="$(echo "${sa}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
+            is_securityadmin_member="$(echo "${seca}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
             if [[ $login_type == 'U' ]];then
               sqlcmd -S localhost -U jdbc_user -P 12345678 -Q "CREATE LOGIN [$orig_loginname] FROM WINDOWS WITH default_database = [$def_db], default_language = [$def_lang];"
             else
@@ -244,6 +246,9 @@ runs:
             if [[ $is_sysadmin_member == 't' ]];then
               sqlcmd -S localhost -U jdbc_user -P 12345678 -Q "ALTER ROLE sysadmin ADD MEMBER [$orig_loginname];"
             fi
+            if [[ $is_securityadmin_member == 't' ]];then
+              sqlcmd -S localhost -U jdbc_user -P 12345678 -Q "ALTER ROLE securityadmin ADD MEMBER [$orig_loginname];"
+            fi
           done < <(tail -n +3 ~/upgrade/logins_file.txt | head -n -2)
 
           # Link the orphaned users to logins

.github/scripts/scan-warnings.sh

@@ -49,8 +49,8 @@ if [[ "$SNAPSHOT_ACTIVE_COUNT" -ne 44 ]]; then
     ERROR_FOUND=true
 fi
 
-if [[ "$LEAK_COUNT" -ne 350 ]]; then
-    echo "Error: Expected 324 leak warnings, but found $LEAK_COUNT"
+if [[ "$LEAK_COUNT" -ne 390 ]]; then
+    echo "Error: Expected 390 leak warnings, but found $LEAK_COUNT"
     ERROR_FOUND=true
 fi
 

contrib/babelfishpg_tds/babelfishpg_tds--1.0.0.sql

@@ -8,7 +8,7 @@ RETURNS text
 AS 'MODULE_PATHNAME'
 LANGUAGE C VOLATILE STRICT;
 
-CREATE FUNCTION sys.inject_fault(
+CREATE FUNCTION sys.inject_fault( 
   faultname text,
   num_occurrences int4,
   tamper_byte int4)

contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql

@@ -3754,3 +3754,152 @@ BEGIN
 END;
 $$ LANGUAGE pltsql;
 GRANT EXECUTE ON PROCEDURE sys.sp_procedure_params_100_managed TO PUBLIC;
+
+CREATE OR REPLACE PROCEDURE sys.sp_helplogins_internal_logins() 
+LANGUAGE pltsql
+AS $$
+BEGIN
+	IF is_srvrolemember('securityadmin') = 0 
+  BEGIN
+    RAISERROR('User does not have permission to perform this action.', 16, 1);
+		RETURN 0;
+  END
+
+	SELECT DISTINCT
+		CASE 
+			WHEN Ext.orig_username = 'dbo' THEN Base3.oid
+			WHEN Ext.orig_username = 'guest' THEN 0
+			ELSE Base2.oid
+		END AS oid INTO #all_database_users
+	FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_user_ext AS Ext
+	ON Base.rolname = Ext.rolname
+	LEFT OUTER JOIN pg_catalog.pg_roles Base2
+	ON Ext.login_name = Base2.rolname
+	LEFT OUTER JOIN sys.babelfish_sysdatabases AS Db
+	ON Ext.database_name COLLATE database_default = Db.name
+	LEFT OUTER JOIN pg_catalog.pg_roles AS Base3
+	ON Db.owner = Base3.rolname
+	WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL;
+
+	SELECT
+    CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName,
+    CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid,
+    CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName,
+    CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName,
+    CASE 
+      WHEN Dp.oid IS NOT NULL THEN 'YES'
+      ELSE 'NO'
+    END as AUser,
+    'NO' AS ARemote -- Currently we do not support linking local logins to remote logins
+  FROM pg_catalog.pg_roles AS Base 
+  INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname
+  LEFT JOIN #all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it
+  WHERE LExt.type NOT IN ('R', 'Z');
+
+	RETURN 0;
+END;
+$$;
+
+CREATE OR REPLACE PROCEDURE sys.sp_helplogins_internal_user_mappings() 
+LANGUAGE pltsql
+AS $$
+DECLARE @current_username sys.nvarchar(128)
+BEGIN
+
+	IF is_srvrolemember('securityadmin') = 0 
+  BEGIN
+    RAISERROR('User does not have permission to perform this action.', 16, 1);
+		RETURN 0;
+  END
+
+	SELECT
+		UExt2.database_name as database_name,
+		UExt1.orig_username as role_name,
+		UExt2.login_name as member_login INTO #db_role_mapping
+	FROM pg_catalog.pg_auth_members AS Authmbr
+	INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid
+	INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member
+	INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname
+	INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname
+	WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin');
+
+	SET @current_username = sys.suser_name();
+
+  SELECT
+    CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName,
+		CAST(UExt.database_name AS sys.SYSNAME) AS DBName,
+		CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName,
+		'User' AS UserOrAlias 
+  FROM sys.babelfish_authid_user_ext UExt
+  LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name COLLATE database_default
+  WHERE UExt.type != 'R' AND  
+		UExt.orig_username != 'guest' AND 
+		has_dbaccess(UExt.database_name) = 1 AND
+		(
+      is_srvrolemember('sysadmin') = 1 OR 
+		  EXISTS (SELECT 1 from #db_role_mapping WHERE database_name = UExt.database_name AND member_login = @current_username) OR
+		  UExt.login_name = LOWER(@current_username) OR
+		  ISNULL(UExt.login_name, '') = ''
+    )
+  UNION
+  SELECT
+		CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName,
+    CAST(UExt2.database_name AS sys.SYSNAME) AS DBName,
+    CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName,
+    'Member of' AS UserOrAlias 
+  FROM pg_catalog.pg_auth_members AS Authmbr
+  INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid
+  INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member
+  INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R'
+  INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner'
+  LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name COLLATE database_default
+  WHERE has_dbaccess(UExt2.database_name) = 1 AND
+		(
+			is_srvrolemember('sysadmin') = 1 OR 
+			UExt2.login_name = LOWER(@current_username) OR
+			ISNULL(UExt2.login_name, '') = ''
+		)
+	RETURN 0;
+END;
+$$;
+
+CREATE OR REPLACE PROCEDURE sys.sp_helplogins(IN "@loginname" sys.sysname DEFAULT NULL)
+LANGUAGE pltsql
+AS $$
+DECLARE @input_loginname sys.sysname;
+BEGIN
+
+	IF is_srvrolemember('securityadmin') = 0 
+  BEGIN
+    RAISERROR('User does not have permission to perform this action.', 16, 1);
+		RETURN 0;
+  END
+
+	IF @loginname IS NULL
+	BEGIN
+		EXEC sp_helplogins_internal_logins;
+		EXEC sp_helplogins_internal_user_mappings;
+	END
+	ELSE
+	BEGIN
+		SET @input_loginname = sys.RTRIM(@loginname);
+		SET NOCOUNT ON;
+
+		CREATE TABLE #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8))
+		INSERT INTO #sp_helplogins_internal_logins_temp EXEC sp_helplogins_internal_logins;
+
+		CREATE TABLE #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16))
+		INSERT INTO #sp_helplogins_internal_user_mappings_temp EXEC sp_helplogins_internal_user_mappings;
+
+		SET NOCOUNT OFF;
+
+		SELECT * FROM #sp_helplogins_internal_logins_temp
+		WHERE LoginName = @input_loginname;
+
+		SELECT * FROM #sp_helplogins_internal_user_mappings_temp
+		WHERE LoginName = @input_loginname;
+	END;
+  RETURN 0;
+END;
+$$;
+GRANT EXECUTE ON PROCEDURE sys.sp_helplogins TO PUBLIC;

contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--5.2.0--5.3.0.sql

@@ -112,6 +112,155 @@ END;
 $$ 
 LANGUAGE plpgsql IMMUTABLE;
 
+CREATE OR REPLACE PROCEDURE sys.sp_helplogins_internal_logins() 
+LANGUAGE pltsql
+AS $$
+BEGIN
+	IF is_srvrolemember('securityadmin') = 0 
+  BEGIN
+    RAISERROR('User does not have permission to perform this action.', 16, 1);
+		RETURN 0;
+  END
+
+	SELECT DISTINCT
+		CASE 
+			WHEN Ext.orig_username = 'dbo' THEN Base3.oid
+			WHEN Ext.orig_username = 'guest' THEN 0
+			ELSE Base2.oid
+		END AS oid INTO #all_database_users
+	FROM pg_catalog.pg_roles AS Base INNER JOIN sys.babelfish_authid_user_ext AS Ext
+	ON Base.rolname = Ext.rolname
+	LEFT OUTER JOIN pg_catalog.pg_roles Base2
+	ON Ext.login_name = Base2.rolname
+	LEFT OUTER JOIN sys.babelfish_sysdatabases AS Db
+	ON Ext.database_name COLLATE database_default = Db.name
+	LEFT OUTER JOIN pg_catalog.pg_roles AS Base3
+	ON Db.owner = Base3.rolname
+	WHERE Ext.type != 'R' AND Ext.orig_username IS NOT NULL;
+
+	SELECT
+    CAST(LExt.orig_loginname AS sys.SYSNAME) AS LoginName,
+    CAST(CAST(Base.oid AS INT) AS sys.varbinary(85)) AS sid,
+    CAST(LExt.default_database_name AS SYS.SYSNAME) AS DefDBName,
+    CAST(LExt.default_language_name AS SYS.SYSNAME) AS DefLangName,
+    CASE 
+      WHEN Dp.oid IS NOT NULL THEN 'YES'
+      ELSE 'NO'
+    END as AUser,
+    'NO' AS ARemote -- Currently we do not support linking local logins to remote logins
+  FROM pg_catalog.pg_roles AS Base 
+  INNER JOIN sys.babelfish_authid_login_ext AS LExt ON Base.rolname = LExt.rolname
+  LEFT JOIN #all_database_users Dp ON Dp.oid = Base.oid -- In order to find out if a login has any users associated with it
+  WHERE LExt.type NOT IN ('R', 'Z');
+
+	RETURN 0;
+END;
+$$;
+
+CREATE OR REPLACE PROCEDURE sys.sp_helplogins_internal_user_mappings() 
+LANGUAGE pltsql
+AS $$
+DECLARE @current_username sys.nvarchar(128)
+BEGIN
+
+	IF is_srvrolemember('securityadmin') = 0 
+  BEGIN
+    RAISERROR('User does not have permission to perform this action.', 16, 1);
+		RETURN 0;
+  END
+
+	SELECT
+		UExt2.database_name as database_name,
+		UExt1.orig_username as role_name,
+		UExt2.login_name as member_login INTO #db_role_mapping
+	FROM pg_catalog.pg_auth_members AS Authmbr
+	INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid
+	INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member
+	INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname
+	INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname
+	WHERE UExt1.orig_username IN ('db_securityadmin', 'db_accessadmin');
+
+	SET @current_username = sys.suser_name();
+
+  SELECT
+    CAST(COALESCE(NULLIF(UExt.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName,
+		CAST(UExt.database_name AS sys.SYSNAME) AS DBName,
+		CAST(UExt.orig_username AS SYS.SYSNAME) AS UserName,
+		'User' AS UserOrAlias 
+  FROM sys.babelfish_authid_user_ext UExt
+  LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt.database_name COLLATE database_default
+  WHERE UExt.type != 'R' AND  
+		UExt.orig_username != 'guest' AND 
+		has_dbaccess(UExt.database_name) = 1 AND
+		(
+      is_srvrolemember('sysadmin') = 1 OR 
+		  EXISTS (SELECT 1 from #db_role_mapping WHERE database_name = UExt.database_name AND member_login = @current_username) OR
+		  UExt.login_name = LOWER(@current_username) OR
+		  ISNULL(UExt.login_name, '') = ''
+    )
+  UNION
+  SELECT
+		CAST(COALESCE(NULLIF(UExt2.login_name, ''), Db.owner) AS sys.SYSNAME) AS LoginName,
+    CAST(UExt2.database_name AS sys.SYSNAME) AS DBName,
+    CAST(UExt1.orig_username AS SYS.SYSNAME) AS UserName,
+    'Member of' AS UserOrAlias 
+  FROM pg_catalog.pg_auth_members AS Authmbr
+  INNER JOIN pg_catalog.pg_roles AS PGR1 ON PGR1.oid = Authmbr.roleid
+  INNER JOIN pg_catalog.pg_roles AS PGR2 ON PGR2.oid = Authmbr.member
+  INNER JOIN sys.babelfish_authid_user_ext AS UExt1 ON PGR1.rolname = UExt1.rolname AND UExt1.type = 'R'
+  INNER JOIN sys.babelfish_authid_user_ext AS UExt2 ON PGR2.rolname = UExt2.rolname AND UExt2.orig_username != 'db_owner'
+  LEFT JOIN sys.babelfish_sysdatabases Db ON Db.name = UExt1.database_name COLLATE database_default
+  WHERE has_dbaccess(UExt2.database_name) = 1 AND
+		(
+			is_srvrolemember('sysadmin') = 1 OR 
+			UExt2.login_name = LOWER(@current_username) OR
+			ISNULL(UExt2.login_name, '') = ''
+		)
+	RETURN 0;
+END;
+$$;
+
+CREATE OR REPLACE PROCEDURE sys.sp_helplogins(IN "@loginname" sys.sysname DEFAULT NULL)
+LANGUAGE pltsql
+AS $$
+DECLARE @input_loginname sys.sysname;
+BEGIN
+
+	IF is_srvrolemember('securityadmin') = 0 
+  BEGIN
+    RAISERROR('User does not have permission to perform this action.', 16, 1);
+		RETURN 0;
+  END
+
+	IF @loginname IS NULL
+	BEGIN
+		EXEC sp_helplogins_internal_logins;
+		EXEC sp_helplogins_internal_user_mappings;
+	END
+	ELSE
+	BEGIN
+		SET @input_loginname = sys.RTRIM(@loginname);
+		SET NOCOUNT ON;
+
+		CREATE TABLE #sp_helplogins_internal_logins_temp(LoginName sys.sysname, sid sys.varbinary(85), DefDBName sys.sysname, DefLangName sys.sysname, AUser sys.nvarchar(8), ARemote sys.nvarchar(8))
+		INSERT INTO #sp_helplogins_internal_logins_temp EXEC sp_helplogins_internal_logins;
+
+		CREATE TABLE #sp_helplogins_internal_user_mappings_temp(LoginName sys.sysname, DBName sys.sysname, UserName sys.sysname, UserOrAlias sys.nvarchar(16))
+		INSERT INTO #sp_helplogins_internal_user_mappings_temp EXEC sp_helplogins_internal_user_mappings;
+
+		SET NOCOUNT OFF;
+
+		SELECT * FROM #sp_helplogins_internal_logins_temp
+		WHERE LoginName = @input_loginname;
+
+		SELECT * FROM #sp_helplogins_internal_user_mappings_temp
+		WHERE LoginName = @input_loginname;
+	END;
+  RETURN 0;
+END;
+$$;
+GRANT EXECUTE ON PROCEDURE sys.sp_helplogins TO PUBLIC;
+
 CREATE OR REPLACE VIEW sys.server_permissions AS 
 WITH super_user AS (SELECT datdba AS super_user FROM pg_database WHERE datname = CURRENT_DATABASE()) 
 SELECT 

contrib/babelfishpg_tsql/src/tsqlUnsupportedFeatureHandler.cpp

@@ -1712,7 +1712,6 @@ const char *unsupported_sp_procedures[] = {
 	"sp_generate_database_ledger_digest",
 	"sp_grantdbaccess",
 	"sp_grantlogin",
-	"sp_helplogins",
 	"sp_helpntgroup",
 	"sp_helpremotelogin",
 	"sp_helprotect",