Exclude granting dbo for master user

Signed-off-by: ANJU BHARTI <[email protected]>
amazon-aurora · Sep 24, 2024 · ced165f · ced165f
1 parent b4600a6
commit ced165f
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 14 deletions.
diff --git a/contrib/babelfishpg_tsql/src/dbcmds.c b/contrib/babelfishpg_tsql/src/dbcmds.c
@@ -44,16 +44,6 @@
 
 #define NOT_FOUND -1
 
-/*
- * Return true if database is any of the three
- * system databases "master", "tempdb", "msdb"
- * else return false
- */
-#define IS_BBF_SYSTEM_DB(dbname) \
-((strlen(dbname) == 6 && (strncmp(dbname, "master", 6) == 0)) || \
-	(strlen(dbname) == 6 && (strncmp(dbname, "tempdb", 6) == 0)) || \
-	(strlen(dbname) == 4 && (strncmp(dbname, "msdb", 4) == 0)))
-
 Oid sys_babelfish_db_seq_oid = InvalidOid;
 
 static Oid get_sys_babelfish_db_seq_oid(void);
@@ -66,6 +56,7 @@ static Oid	do_create_bbf_db(ParseState *pstate, const char *dbname, List *option
 static void create_bbf_db_internal(ParseState *pstate, const char *dbname, List *options, const char *owner, int16 dbid);
 static void drop_related_bbf_namespace_entries(int16 dbid);
 
+
 static Oid
 get_sys_babelfish_db_seq_oid()
 {
@@ -97,12 +88,14 @@ gen_createdb_subcmds(const char *dbname, const char *owner)
 	const char     *db_owner;
 	const char     *guest;
 	const char     *guest_schema;
+	Oid       	owner_oid;
 
 	schema = get_dbo_schema_name(dbname);
 	dbo = get_dbo_role_name(dbname);
 	db_owner = get_db_owner_name(dbname);
 	guest = get_guest_role_name(dbname);
 	guest_schema = get_guest_schema_name(dbname);
+	owner_oid = get_role_oid(owner, true);
 
 	/*
 	 * To avoid SQL injection, we generate statement parsetree with dummy
@@ -113,7 +106,7 @@ gen_createdb_subcmds(const char *dbname, const char *owner)
 	appendStringInfo(&query, "CREATE ROLE dummy CREATEROLE INHERIT; ");
 	appendStringInfo(&query, "CREATE ROLE dummy INHERIT CREATEROLE ROLE sysadmin IN ROLE dummy; ");
 	appendStringInfo(&query, "GRANT CREATE, CONNECT, TEMPORARY ON DATABASE dummy TO dummy; ");
-	if (!IS_BBF_SYSTEM_DB(dbname))
+	if (!role_is_sa(owner_oid))
 		appendStringInfo(&query, "GRANT dummy TO dummy; ");
 
 	if (guest)
@@ -136,7 +129,7 @@ gen_createdb_subcmds(const char *dbname, const char *owner)
 
 	if (guest)
 	{
-		if (!IS_BBF_SYSTEM_DB(dbname))
+		if (!role_is_sa(owner_oid))
 			expected_stmt_num = list_length(logins) > 0 ? 10 : 9;	
 		else
 			expected_stmt_num = list_length(logins) > 0 ? 9 : 8;
@@ -145,7 +138,7 @@ gen_createdb_subcmds(const char *dbname, const char *owner)
 	{
 		expected_stmt_num = 6;
 
-		if (!IS_BBF_SYSTEM_DB(dbname))
+		if (!role_is_sa(owner_oid))
 			expected_stmt_num++;
 	}
 
@@ -165,7 +158,7 @@ gen_createdb_subcmds(const char *dbname, const char *owner)
 	stmt = parsetree_nth_stmt(res, i++);
 	update_GrantStmt(stmt, get_database_name(MyDatabaseId), NULL, dbo, NULL);
 
-	if (!IS_BBF_SYSTEM_DB(dbname))
+	if (!role_is_sa(owner_oid))
 	{
 		/* Grant dbo role to owner */
 		stmt = parsetree_nth_stmt(res, i++);

diff --git a/contrib/babelfishpg_tsql/src/rolecmds.c b/contrib/babelfishpg_tsql/src/rolecmds.c
@@ -588,6 +588,14 @@ grant_revoke_dbo_to_login(const char* login, const char* db_name, bool is_grant)
 	PlannedStmt *wrapper;
 
 	const char *dbo_role_name = get_dbo_role_name(db_name);
+
+	/*
+	 * If login i.e old_owner/new_owner is master user 
+	 * then skip grant/revoke dbo to login
+	 * since it will always be the member of sysadmin.
+	 */
+	if (role_is_sa(get_role_oid(login, true)))
+		return;
 
 	initStringInfo(&query);