Performance Improvement of create login in BBF

contrib/babelfishpg_tsql/src/catalog.c

@@ -9,6 +9,7 @@
 #include "catalog/catalog.h"
 #include "catalog/heap.h"
 #include "catalog/indexing.h"
+#include "catalog/pg_auth_members.h"
 #include "catalog/pg_namespace.h"
 #include "catalog/pg_authid.h"
 #include "catalog/pg_proc.h"
@@ -6287,3 +6288,49 @@ get_tvp_typename_typeschemaname(char *proc_name, char *target_arg_name, char **t
 	if(!xactStarted)
 		CommitTransactionCommand();
 }
+
+/*
+ * Checks if the given member is 'bbf_role_admin' role and has the privilege 
+ * to grant a specified role through direct membership. This privilege is 
+ * determined by the presence of the 'admin_option' flag, which allows the 
+ * member to grant the role to others. 
+ * 
+ * @return true if the member is 'bbf_role_admin' and also has the admin option 
+ *         to grant the specified role; otherwise, returns false.
+ */
+bool
+bbf_check_member_has_direct_priv_to_grant_role(Oid member, Oid role)
+{
+	CatCList   *memlist;
+
+	/* 
+	 * TSQL specific behavior and member must be bbf_role_admin.
+	 * If not return false. 
+	 */
+	if (sql_dialect != SQL_DIALECT_TSQL || !IS_TDS_CONN()
+		|| member !=  get_bbf_role_admin_oid())
+		return false;
+
+	/* 
+	 * Find all existing tuples for given role
+	 * whose member is bbf_role_admin
+	 */
+	memlist = SearchSysCacheList2(AUTHMEMROLEMEM,
+									ObjectIdGetDatum(role),
+									ObjectIdGetDatum(member));
+	for (int i = 0; i < memlist->n_members; i++)
+	{
+		HeapTuple	tup = &memlist->members[i]->tuple;
+		Form_pg_auth_members form = (Form_pg_auth_members) GETSTRUCT(tup);
+
+		/* Return true if admin_option is true */
+		if (form->admin_option)
+		{
+			ReleaseSysCacheList(memlist);
+			return true;
+		}
+	}
+
+	ReleaseSysCacheList(memlist);
+	return false;
+}

contrib/babelfishpg_tsql/src/catalog.h

@@ -28,6 +28,7 @@ extern bool IsPLtsqlExtendedCatalog(Oid relationId);
 extern bool IsPltsqlToastRelationHook(Relation relation);
 extern bool IsPltsqlToastClassHook(Form_pg_class pg_class_tup);
 extern void pltsql_drop_relation_refcnt_hook(Relation relation);
+extern bool bbf_check_member_has_direct_priv_to_grant_role(Oid member, Oid role);
 
 /*****************************************
  *			SYS schema

contrib/babelfishpg_tsql/src/hooks.c

@@ -304,6 +304,7 @@ static pltsql_replace_non_determinstic_hook_type prev_pltsql_replace_non_determi
 static pltsql_is_partitioned_table_reloptions_allowed_hook_type prev_pltsql_is_partitioned_table_reloptions_allowed_hook = NULL;
 static ExecFuncProc_AclCheck_hook_type prev_ExecFuncProc_AclCheck_hook = NULL;
 static bbf_execute_grantstmt_as_dbsecadmin_hook_type prev_bbf_execute_grantstmt_as_dbsecadmin_hook = NULL;
+static bbf_check_member_has_direct_priv_to_grant_role_hook_type prev_bbf_check_member_has_direct_priv_to_grant_role_hook = NULL;
 
 /*****************************************
  * 			Install / Uninstall
@@ -522,6 +523,9 @@ InstallExtendedHooks(void)
 
 	prev_bbf_execute_grantstmt_as_dbsecadmin_hook = bbf_execute_grantstmt_as_dbsecadmin_hook;
 	bbf_execute_grantstmt_as_dbsecadmin_hook = handle_grantstmt_for_dbsecadmin;
+
+	prev_bbf_check_member_has_direct_priv_to_grant_role_hook = bbf_check_member_has_direct_priv_to_grant_role_hook;
+	bbf_check_member_has_direct_priv_to_grant_role_hook = bbf_check_member_has_direct_priv_to_grant_role;
 
 	pltsql_get_object_identity_event_trigger_hook = pltsql_get_object_identity_event_trigger;
 
@@ -600,6 +604,8 @@ UninstallExtendedHooks(void)
 	pltsql_is_partitioned_table_reloptions_allowed_hook = prev_pltsql_is_partitioned_table_reloptions_allowed_hook;	
 	ExecFuncProc_AclCheck_hook = prev_ExecFuncProc_AclCheck_hook;
 	bbf_execute_grantstmt_as_dbsecadmin_hook = prev_bbf_execute_grantstmt_as_dbsecadmin_hook;
+	bbf_check_member_has_direct_priv_to_grant_role_hook = prev_bbf_check_member_has_direct_priv_to_grant_role_hook;
+
 
 	bbf_InitializeParallelDSM_hook = NULL;
 	bbf_ParallelWorkerMain_hook = NULL;
@@ -6031,4 +6037,4 @@ remove_db_name_in_schema(const char *object_name, const char *object_type)
 	pfree(splited_object_name);
 
 	return (const char *)pstrdup(object_name + prefix_len);
-}
+}

test/JDBC/expected/db_securityadmin-vu-verify.out

@@ -1312,6 +1312,15 @@ t
 ~~END~~
 
 
+-- Wait to sync with another session
+SELECT pg_sleep(1);
+go
+~~START~~
+void
+
+~~END~~
+
+
 -- tsql
 DROP LOGIN db_securityadmin_restrictions_login;
 GO

test/JDBC/expected/test_windows_login-vu-prepare.out

@@ -1,5 +1,4 @@
 -- psql
--- TODO: BABEL-5349
 do 
 $$ begin 
     if not exists (select * from pg_catalog.pg_roles where rolname = 'rds_ad') 

test/JDBC/expected/test_windows_login_before-17_3-vu-cleanup.out

@@ -0,0 +1,91 @@
+-- tsql
+DROP LOGIN PassWordUser;
+GO
+
+-- test for drop login with upn format
+DROP LOGIN [aduser@AD];
+GO
+~~ERROR (Code: 33557097)~~
+
+~~ERROR (Message: Cannot drop the login 'aduser@ad', because it does not exist or you do not have permission.)~~
+
+
+DROP LOGIN [ad\adUSer];
+GO
+
+DROP LOGIN [ad\aduserDB];
+GO
+
+DROP LOGIN [ad\Aduserlanguage];
+GO
+~~ERROR (Code: 33557097)~~
+
+~~ERROR (Message: Cannot drop the login 'aduserlanguage@AD', because it does not exist or you do not have permission.)~~
+
+
+DROP LOGIN [ad\Aduserdblanguage];
+GO
+~~ERROR (Code: 33557097)~~
+
+~~ERROR (Message: Cannot drop the login 'aduserdblanguage@AD', because it does not exist or you do not have permission.)~~
+
+
+DROP LOGIN [ad\AduserdbEnglish];
+GO
+
+DROP LOGIN [ad\Aduseroption];
+GO
+~~ERROR (Code: 33557097)~~
+
+~~ERROR (Message: Cannot drop the login 'aduseroption@AD', because it does not exist or you do not have permission.)~~
+
+
+DROP LOGIN [babel\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa]
+GO
+~~ERROR (Code: 33557097)~~
+
+~~ERROR (Message: Cannot drop the login 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@BABEL', because it does not exist or you do not have permission.)~~
+
+
+DROP LOGIN [ba.bel\username];
+GO
+
+-- test for non-existent login
+DROP LOGIN [babel\non_existent_login]
+GO
+~~ERROR (Code: 33557097)~~
+
+~~ERROR (Message: Cannot drop the login 'non_existent_login@BABEL', because it does not exist or you do not have permission.)~~
+
+
+-- drop login with different casing
+DROP LOGIN UserPassword;
+GO
+
+DROP LOGIN [BabeL\DupLicate];
+GO
+
+DROP LOGIN [Babel\DuplicateDefaultDB];
+GO
+
+-- test drop logins for logins with different language names
+-- Arabic
+DROP LOGIN [babel\كلب];
+GO
+
+-- Mongolian
+DROP LOGIN [babel\өглөө];
+GO
+
+-- Greek
+DROP LOGIN [babel\ελπίδα];
+GO
+
+-- Chinese
+DROP LOGIN [babel\爱];
+GO
+
+DROP DATABASE ad_db;
+GO
+
+