Skip to content

Commit

Permalink
Fix fixed roles failures in 16.x
Browse files Browse the repository at this point in the history 
Signed-off-by: ANJU BHARTI <[email protected]>
  • Loading branch information
@shardgupta
ANJU BHARTI authored and shardgupta committed Dec 12, 2024
1 parent c44c6f0 commit aeaa57b
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 28 deletions.
29 changes: 7 additions & 22 deletions contrib/babelfishpg_tsql/src/catalog.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -986,24 +986,10 @@ get_authid_user_ext_physical_name(const char *db_name, const char *login)
tuple_user_ext = heap_getnext(scan, ForwardScanDirection);
if (HeapTupleIsValid(tuple_user_ext))
{
Datum datum;
bool user_can_connect;
bool isnull;

datum = heap_getattr(tuple_user_ext, Anum_bbf_authid_user_ext_user_can_connect,
RelationGetDescr(bbf_authid_user_ext_rel), &isnull);
Assert(!isnull);
user_can_connect = DatumGetInt32(datum);

/* db_accessadmin members should always have connect permissions */
if (user_can_connect == 1 ||
(has_privs_of_role(get_role_oid(login, false), get_db_accessadmin_oid(db_name, false))))
{
datum = heap_getattr(tuple_user_ext, Anum_bbf_authid_user_ext_rolname,
RelationGetDescr(bbf_authid_user_ext_rel), &isnull);
Assert(!isnull);
user_name = pstrdup(DatumGetCString(datum));
}
Form_authid_user_ext userform;

userform = (Form_authid_user_ext) GETSTRUCT(tuple_user_ext);
user_name = pstrdup(NameStr(userform->rolname));
}

table_endscan(scan);
Expand Down Expand Up @@ -1116,20 +1102,19 @@ get_authid_user_ext_db_users(const char *db_name, const char *dbo_name, Oid db_o

/* Checks if the user is enabled on a given database. */
static bool
user_has_dbaccess(const char *user)
user_has_dbaccess(const char *user, const char *db_name)
{
HeapTuple tuple;
bool has_access = false;
tuple = SearchSysCache1(AUTHIDUSEREXTROLENAME, CStringGetDatum(user));

if (HeapTupleIsValid(tuple))
{
bool isnull = true;
int user_can_connect = 0;
Datum datum = SysCacheGetAttr(AUTHIDUSEREXTROLENAME, tuple, Anum_bbf_authid_user_ext_user_can_connect, &isnull);
Assert(!isnull);
user_can_connect = DatumGetInt32(datum);
if (user_can_connect == 1)
if (user_can_connect == 1 || has_privs_of_role(get_role_oid(user, false), get_db_accessadmin_oid(db_name, false)))
has_access = true;
ReleaseSysCache(tuple);
}
Expand All @@ -1153,7 +1138,7 @@ get_user_for_database(const char *db_name)
user = get_authid_user_ext_physical_name(db_name, login);
login_is_db_owner = 0 == strncmp(login, get_owner_of_db(db_name), NAMEDATALEN);

if (user && !user_has_dbaccess(user) && !guest_has_dbaccess((char *) db_name))
if (user && !user_has_dbaccess(user, db_name) && !guest_has_dbaccess((char *) db_name))
user = NULL;

if (!user)
Expand Down
4 changes: 2 additions & 2 deletions test/JDBC/expected/db_securityadmin-vu-verify.out
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1196,7 +1196,7 @@ SET SESSION AUTHORIZATION master_db_securityadmin;
GO
~~ERROR (Code: 0)~~

~~ERROR (Message: ERROR: permission denied to set session authorization
~~ERROR (Message: ERROR: permission denied to set session authorization "master_db_securityadmin"
Server SQLState: 42501)~~


Expand Down Expand Up @@ -1285,7 +1285,7 @@ SET SESSION AUTHORIZATION master_db_securityadmin;
GO
~~ERROR (Code: 0)~~

~~ERROR (Message: ERROR: permission denied to set session authorization
~~ERROR (Message: ERROR: permission denied to set session authorization "master_db_securityadmin"
Server SQLState: 42501)~~


Expand Down
4 changes: 2 additions & 2 deletions test/JDBC/expected/dbcreator_role-vu-verify.out
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1220,7 +1220,7 @@ SET SESSION AUTHORIZATION dbcreator;
GO
~~ERROR (Code: 0)~~

~~ERROR (Message: ERROR: permission denied to set session authorization
~~ERROR (Message: ERROR: permission denied to set session authorization "dbcreator"
Server SQLState: 42501)~~


Expand Down Expand Up @@ -1365,7 +1365,7 @@ SET SESSION AUTHORIZATION dbcreator;
GO
~~ERROR (Code: 0)~~

~~ERROR (Message: ERROR: permission denied to set session authorization
~~ERROR (Message: ERROR: permission denied to set session authorization "dbcreator"
Server SQLState: 42501)~~


Expand Down
4 changes: 2 additions & 2 deletions test/JDBC/expected/securityadmin_role-vu-verify.out
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1462,7 +1462,7 @@ SET SESSION AUTHORIZATION securityadmin;
GO
~~ERROR (Code: 0)~~

~~ERROR (Message: ERROR: permission denied to set session authorization
~~ERROR (Message: ERROR: permission denied to set session authorization "securityadmin"
Server SQLState: 42501)~~


Expand Down Expand Up @@ -1620,7 +1620,7 @@ SET SESSION AUTHORIZATION securityadmin;
GO
~~ERROR (Code: 0)~~

~~ERROR (Message: ERROR: permission denied to set session authorization
~~ERROR (Message: ERROR: permission denied to set session authorization "securityadmin"
Server SQLState: 42501)~~


Expand Down

0 comments on commit aeaa57b

Please sign in to comment.