Skip to content

fix(plugin-mssql): send database in login packet so DB-scoped logins connect#1558

Merged
datlechin merged 3 commits into
TableProApp:mainfrom
brunorodmoreira:fix/mssql-database-in-login-packet
Jun 2, 2026
Merged

fix(plugin-mssql): send database in login packet so DB-scoped logins connect#1558
datlechin merged 3 commits into
TableProApp:mainfrom
brunorodmoreira:fix/mssql-database-in-login-packet

Conversation

@brunorodmoreira

@brunorodmoreira brunorodmoreira commented Jun 2, 2026

Copy link
Copy Markdown

Problem

Connecting to an Azure SQL Database fails with Login failed for user '...' (SQL Server error 18456) when the login can only reach a single database, for example an Azure SQL contained user. The same credentials work in DBeaver and other clients.

The driver set every login property except the database, connected, then ran USE [database]:

guard let proc = dbopen(login, serverName) else { ... }   // authenticates against master
if !options.database.isEmpty {
    if dbuse(proc, options.database) == FAIL { ... }       // USE runs only after login
}

A login scoped to one database has no rights in master, so dbopen is rejected before USE ever runs. Microsoft's own driver (and DBeaver, via JDBC) avoid this by putting the database in the login packet, the same as an ODBC Database= / Initial Catalog.

Fix

Set the database on the login record with DBSETDBNAME before dbopen, so FreeTDS sends it in the LOGIN7 packet and the server authenticates directly against it. The post-connect dbuse is removed: it is the exact step that cannot work for a scoped login, and it is redundant once the database is in the login packet. switchDatabase() keeps using dbuse, which is correct for an already authenticated session.

This is more correct for every SQL Server, not just Azure, and matches what the official drivers do.

How it was diagnosed

Reproduced through the same FreeTDS library (pymssql) against a live Azure SQL server: login with the database in the packet succeeds, login without it fails with the identical 18456. The macOS unified log showed FreeTDS msg 18456 sev 14 from the plugin at the dbopen stage.

Tests

Extracted the login parameter assembly into MSSQLLoginParameters, a pure builder with no FreeTDS dependency, and added MSSQLLoginParametersTests: the database is included when set, omitted when blank, and the credentials and encryption flag carry through. FreeTDSConnection maps each field to its DBSET* constant.

Checklist

  • Tests added
  • CHANGELOG.md updated under [Unreleased]
  • Docs updated (docs/databases/mssql.mdx)
  • No new user-facing strings
  • swiftlint --strict clean on changed files

@github-actions

github-actions Bot commented Jun 2, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

@brunorodmoreira

brunorodmoreira commented Jun 2, 2026

Copy link
Copy Markdown
Author

I have read the CLA Document and I hereby sign the CLA.

github-actions Bot added a commit that referenced this pull request Jun 2, 2026
@github-actions
@brunorodmoreira has signed the CLA in #1558
fcc076b
datlechin
datlechin approved these changes Jun 2, 2026
View reviewed changes

@datlechin datlechin left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you

@datlechin datlechin merged commit 790b61b into TableProApp:main Jun 2, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@datlechin datlechin datlechin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@brunorodmoreira @datlechin