DatabaseProcApplicationCreatedLinks
sybsystemprocssp_encryption  14 déc. 14Defects Propagation Dependencies

1     
2     /* 
3     ** file: encryption 
4     ** Administer column level encryption
5     */
6     create or replace procedure sp_encryption
7         @cmd varchar(30) = null,
8         /* Should be system_encr_passwd,
9         ** help, helpkey, helpuser, 
10        ** helpcol, mkey_startup_file,
11        ** or downgrade_kek_size
12        */
13        @opt1 varchar(768) = null, /* Should be keyname for help,
14        ** newpasswd for system_encr_passwd,
15        ** username for helpuser
16        ** columname for helpcol
17        ** new master key startup 
18        ** file path for 
19        ** mkey_startup_file	
20        ** true/false for 
21        ** downgrade_kek_size
22        */
23        @opt2 varchar(600) = null, /* 
24        ** Could be "display_cols", "key_copy",
25        ** "all_dbs", "display_keys", "display_dbs"
26        ** if help or helpkey,
27        ** "oldpasswd" if system_encr_passwd,
28        **	"key_copy", "login_passwd_check" if helpuser
29        ** "sync_with_mem" or "sync_with_qrm" 
30        ** if mkey_startup_file
31        */
32        @passwd_fmt int = 0, /* for replication or ddlgen*/
33        @passwd_vers int = 0 /* for replicating or receiving
34    					    ** ddlgen system_encr_passwd	
35    					    */
36    as
37        declare @retval int
38            , @procval int
39            , @opt1_buf varchar(575) /* To disambiguate @opt1 */
40            , @dbname varchar(30)
41            , @wrapped_dbname varchar(32)
42            , @tab_str char(3)
43            , @blank_str char(3)
44            , @keydbname varchar(30)
45            , @username varchar(30)
46            , @callername varchar(30)
47            , @rows int
48            , @auxproc varchar(1024)
49            , @sso_role int /* indicates user has sso_role */
50            , @keycustodian_role int /* indicates user has keycustodian_role */
51            , @dummy int
52            , @dbid int
53            , @is_remote_tdb int
54            , @tdb_instanceid int
55            , @tdb_instancename varchar(255)
56            , @msg varchar(1024)
57            , @owner varchar(30)
58            , @objname varchar(255)
59            , @colname varchar(255)
60            , @errmsg varchar(255)
61            , @keyid int
62            , @userid int
63            , @rpid int /* replication path id */
64            , @ra_pwd char(32) /* used for ra password format (truncated value) */
65            , @db_offline int /* indicates a database that is offline */
66            , @db_unrecovered int /* indicates a database that is not recovered */
67            , @db_notrec int /* indicates a database that is still in recover process */
68            , @db_inlddb int /* indicates a database that will not be recovered */
69            , @db_archivedb int /* indicates a database taht is an archive database */
70            , @system_password int
71            , @sys_encr_passwd_type int /* indicates the type of the system_encr_passwd */
72            , @login_password int
73            , @login_access int
74            , @user_password int
75            , @key_recovery int
76            , @default_key int
77            , @keytype_master int
78            , @keytype_dualmaster int
79            , @keytype_passwd_svckey int
80            , @keytype_text_svckey int
81            , @keytype_database int
82            , @status_master_encr int
83            , @status_dualcontrol int
84            , @status_mek_encr int
85            , @status_static_encr int
86            , @key_copy int /* indicates a key copy */
87            , @encolstatus int /* 
88            ** indicated if a column is 
89            ** encrypted 
90            */
91            , @nullarg char(1)
92            , @status int
93            , @gp_enabled int
94            , @mngsecconf int /* manage security configuration */
95            , @mngcolencrkey int /* manage column encryption key */
96            , @mngmasterkey int /* manage master key */
97            , @mngservicekey int /* manage service key */
98            , @mnganyEK int /* manage any encryption key */
99            , @mSCstat int /* manage security configuration status */
100           , @mcEKstat int /* manage column encryption key status */
101           , @mMKstat int /* manage master key status */
102           , @mSRVCKstat int /* manage service key status */
103           , @mAnyEKstat int /* manage any encryption key status */
104   
105       /* These bits are defined either in encryptkey.h or in database.h */
106       select @login_password = 16 /* EK_LOGINPASS */
107           , @login_access = 8 /* EK_LOGINACCESS */
108           , @system_password = 32 /* EK_SYSENCRPASS */
109           , @user_password = 256 /* EK_USERPWD */
110           , @key_recovery = 64 /* EK_KEYRECOVERY */
111           , @key_copy = 16 /* EK_KEYCOPY */
112           , @default_key = 4 /* EK_DEFAULT */
113           , @db_offline = 16 /* DBT2_OFFLINE */
114           , @db_unrecovered = 256 /* DBT_SUSPECT */
115           , @db_notrec = 64 /* DBT_NOTREC */
116           , @db_inlddb = 32 /* DBT_INLDDB */
117           , @db_archivedb = 4194304 /* DBT3_ARCHIVEDB */
118           , @keytype_master = 128 /* EK_MASTER */
119           , @keytype_dualmaster = 256 /* EK_DUALCONTROL */
120           , @status_master_encr = 2048 /* EK_MASTER_ENCR */
121           , @status_dualcontrol = 4096 /* EK_DUALCONTROL */
122           , @status_mek_encr = 8192 /* EK_MEK_ENCR */
123           , @status_static_encr = 16384 /* EK_STATIC_ENCR */
124           , @keytype_passwd_svckey = 1024 /* EK_EXTPASSWDKEY */
125           , @keytype_text_svckey = 2048 /* EK_SYSCOMMKEY */
126           , @keytype_database = 4096 /* EK_DBENCKEY */
127           , @mngsecconf = 0
128           , @mngcolencrkey = 0
129           , @mnganyEK = 0
130           , @gp_enabled = 0
131           , @mSCstat = 0
132           , @mcEKstat = 0
133           , @mAnyEKstat = 0
134           , @mSRVCKstat = 0
135           , @mMKstat = 0
136           , @nullarg = NULL
137           , @tab_str = '%	%'
138           , @blank_str = '% %'
139   
140       /*
141       **  If we're in a transaction, disallow this since it might make recovery
142       **  impossible.
143       */
144   
145       if @@trancount > 0
146       begin
147           /*
148           ** 17260, "Can't run %1! from within a transaction."
149           */
150           raiserror 17260, "sp_encryption"
151           return (1)
152       end
153       else
154       begin
155           set chained off
156       end
157       set transaction isolation level 1
158   
159       /*
160       **  Begin command processing.
161       */
162   
163       select @callername = user_name()
164   
165       if (@cmd is null)
166       begin
167           select @cmd = "null"
168           select @retval = 1
169       end
170       else
171       if ((@cmd not in ("help", "helpkey", "helpcol", "system_encr_passwd", "helpuser",
172                       "verify_downgrade", "mkey_startup_file", "downgrade_kek_size", "helpextpasswd"))
173               or ((@cmd in ("help", "helpkey", "helpcol", "helpuser", "mkey_startup_file", "downgrade_kek_size"))
174                   and (@passwd_fmt != 0) and (@passwd_vers != 0)))
175       begin
176   
177           /*
178           ** 19213, "Invalid argument or unsupported command: %1!."
179           */
180           if (@cmd is null)
181           begin
182               select @cmd = "null"
183           end
184           raiserror 19213, @cmd
185           select @retval = 1
186       end
187   
188       execute @mAnyEKstat = sp_aux_checkroleperm @nullarg,
189           "manage any encryption key", @nullarg, @gp_enabled output
190   
191       if (@gp_enabled = 0)
192       begin
193           /* check for sso_role */
194           select @sso_role = charindex("sso_role", show_role())
195           select @keycustodian_role = charindex("keycustodian_role", show_role())
196   
197           if (@sso_role > 0)
198           begin
199               /* Send an audit record through the proc_role() built-in */
200               select @dummy = proc_role("sso_role")
201           end
202   
203           if (@keycustodian_role > 0)
204           begin
205               /* Send an audit record through the proc_role() built-in */
206               select @dummy = proc_role("keycustodian_role")
207           end
208       end
209   
210       if (@gp_enabled = 1)
211       begin
212   
213           execute @mSCstat = sp_aux_checkroleperm @nullarg,
214               "manage security configuration", @nullarg, @gp_enabled output
215   
216           execute @mcEKstat = sp_aux_checkroleperm @nullarg,
217               "manage column encryption key", @nullarg, @gp_enabled output
218   
219           execute @mMKstat = sp_aux_checkroleperm @nullarg,
220               "manage master key", @nullarg, @gp_enabled output
221   
222           execute @mSRVCKstat = sp_aux_checkroleperm @nullarg,
223               "manage service key", @nullarg, @gp_enabled output
224   
225           if (@mAnyEKstat = 0)
226           begin
227               select @mnganyEK = 1
228           end
229           if (@mSCstat = 0)
230           begin
231               select @mngsecconf = 1
232           end
233           if (@mcEKstat = 0)
234           begin
235               select @mngcolencrkey = 1
236           end
237           if (@mMKstat = 0)
238           begin
239               select @mngmasterkey = 1
240           end
241           if (@mSRVCKstat = 0)
242           begin
243               select @mngservicekey = 1
244           end
245   
246       end
247   
248       if (@cmd = "system_encr_passwd")
249       begin --{   Setting the system encryption password. 
250           if (@opt1 is null and @opt2 is null)
251           begin
252               /*
253               ** 19415, "The '%1!' parameter is required for the '%2!' command."
254               */
255               raiserror 19415, "newpasswd", "system_encr_passwd"
256               return (1)
257           end
258   
259   
260   
261           if (@passwd_fmt = 2)
262           begin
263               /*
264               ** Check for existence of system password at replicate site
265               ** when accepting system encryption password from ddlgen. 
266               ** If there is, error out.
267               */
268               if exists (select 1 from sysattributes
269                       where class = 25 and attribute = 0 and object_type = 'EC')
270               begin
271                   /*
272                   ** 19646, "The execution of the stored procedure '%1!' 
273                   ** in database '%2!' was aborted because the system 
274                   ** encryption password already exists for this 
275                   ** database."
276                   */
277                   select @dbname = db_name()
278                   raiserror 19646, "sp_encryption", @dbname
279                   return (1)
280               end
281   
282               if (@opt2 is not null)
283               begin
284                   /* 18291, "The parameter value '%1!' is invalid." */
285                   raiserror 18291, @opt2
286                   return 1
287               end
288           end
289   
290           if (@gp_enabled = 1)
291           begin
292               select @dummy = proc_auditperm("manage column encrypton key",
293                       @mcEKstat)
294               if (@mcEKstat != 0)
295                   return (1)
296           end
297   
298           /*
299           ** This transaction writes a log record for replicating the invocation
300           ** of this stored procedure. If logexec() fails, the transaction is
301           ** aborted.
302           ** Transaction name rs_logexec is significant and it is used by
303           ** Replication Server
304           */
305           begin transaction rs_logexec
306           /* 
307           ** ENCRCOL2 RESOLVE: when the nonpersistent system_encr_password
308           ** is implemented, the value of @sys_encr_passwd_type needs to
309           ** to be determined based on the value of @cmd. For now, by default
310           ** the type of the system_encr_passwd is 0 (SYS_ENCR_PASSWD_PERSISTENT).
311           */
312           select @sys_encr_passwd_type = 0
313           select @retval = encr_admin(@cmd, @opt1, @opt2, @passwd_fmt,
314                   @passwd_vers, @sys_encr_passwd_type)
315           if (@retval != 0)
316           begin
317               rollback transaction rs_logexec
318   
319               /* Sufficient error messages delivered from server */
320               return (1)
321           end
322   
323           if (logexec() != 1)
324           begin
325               /*
326               ** 17756, "The execution of the stored procedure '%1!'
327               **         in database '%2!' was aborted because there
328               **         was an error in writing the replication log
329               **         record."
330               */
331               select @dbname = db_name()
332               raiserror 17756, "sp_encryption", @dbname
333   
334               rollback transaction rs_logexec
335               return (1)
336           end
337   
338           commit transaction rs_logexec
339   
340       end --}	Setting the system encryption password.
341   
342       if (@cmd = "mkey_startup_file")
343       begin --{ Setting the master key startup file
344   
345           if (@opt2 is not null and @opt2 != "sync_with_mem"
346                   and @opt2 != "sync_with_qrm")
347           begin
348               /* 18291, "The parameter value '%1!' is invalid." */
349               raiserror 18291, @opt2
350               return 1
351           end
352   
353   
354           if (@gp_enabled = 0 and @sso_role = 0)
355           begin
356               /*
357               ** 19951 "Permission denied. This operation requires 
358               **        System Security Officer (sso_role) role."
359               */
360               raiserror 19951
361               return (1)
362           end
363           else if (@gp_enabled = 1)
364           begin
365               /* Display an error */
366               select @dummy =
367                   proc_auditperm("manage security configuration", @mSCstat)
368               if (@mSCstat != 0)
369                   return (1)
370           end
371   
372           /* 
373           ** If no option is specified, display the current master key
374           ** startup file pathname. The pathname is brought back by
375           ** @opt1 through calling encr_admin(). This action needs not
376           ** to be replicated and needs not to be executed in a transaction.
377           */
378           if (@opt1 is NULL and @opt2 is NULL)
379           begin
380               select @retval = encr_admin(@cmd, @opt1, NULL, NULL, NULL, NULL)
381   
382               if (@retval != 0)
383               begin
384                   /* Sufficient error messages delivered from server */
385                   return (1)
386               end
387   
388   
389               /* 
390               ** Display the current path
391               **
392               ** 19956 " The current master key startup file is: '%1!'.
393               */
394               raiserror 19956, @opt1
395               return (0)
396           end
397   
398           /*
399           ** This transaction writes a log record for replicating the invocation
400           ** of this stored procedure. If logexec() fails, the transaction is
401           ** aborted.
402           ** Transaction name rs_logexec is significant and it is used by
403           ** Replication Server
404           */
405           begin transaction rs_logexec
406   
407           select @retval = encr_admin(@cmd, @opt1, @opt2, NULL, NULL, NULL)
408   
409           if (@retval != 0)
410           begin
411               rollback transaction rs_logexec
412   
413               /* Sufficient error messages delivered from server */
414               return (1)
415           end
416   
417           if (logexec() != 1)
418           begin
419               /*
420               ** 17756, "The execution of the stored procedure '%1!'
421               **         in database '%2!' was aborted because there
422               **         was an error in writing the replication log
423               **         record."
424               */
425               select @dbname = db_name()
426               raiserror 17756, "sp_encryption", @dbname
427   
428               rollback transaction rs_logexec
429               return (1)
430           end
431   
432           commit transaction rs_logexec
433   
434       end -- } Setting the master key startup file path
435   
436       if (@cmd = "downgrade_kek_size")
437       begin --{ Setting downgrade_kek_size
438   
439           if (@opt2 is not null)
440           begin
441               /* 18291, "The parameter value '%1!' is invalid." */
442               raiserror 18291, @opt2
443               return 1
444           end
445   
446           if (@opt1 is not null and lower(@opt1) != "true"
447                   and lower(@opt1) != "false")
448           begin
449               /* 18291, "The parameter value '%1!' is invalid." */
450               raiserror 18291, @opt1
451               return 1
452           end
453   
454           /* 
455           ** If no option is specified, display the current downgrade_kek_size 
456           ** setting.
457           */
458           if (@opt1 is NULL)
459           begin
460               select @retval = count(*)
461               from master..sysattributes
462               where class = 25
463                   and attribute = 3
464   
465               /* 
466               ** Display the current downgrade_kek_size setting
467               **
468               ** 19960 "The current downgrade_kek_size setting for 
469               **        the server is '%1!'".
470               */
471               if (@retval = 1)
472               begin
473                   select @errmsg = "TRUE"
474               end
475               else
476               begin
477                   select @errmsg = "FALSE"
478               end
479   
480               raiserror 19960, @errmsg
481               return (0)
482           end
483   
484           /*
485           ** This transaction writes a log record for replicating the invocation
486           ** of this stored procedure. If logexec() fails, the transaction is
487           ** aborted.
488           ** Transaction name rs_logexec is significant and it is used by
489           ** Replication Server
490           */
491           begin transaction rs_logexec
492   
493           if (@gp_enabled = 1 and @mngsecconf = 0)
494           begin
495               /* Display an error */
496               select @dummy =
497                   proc_auditperm("manage security configuration", 2)
498               rollback transaction rs_logexec
499               return (1)
500           end
501           select @retval = encr_admin(@cmd, lower(@opt1), NULL, NULL, NULL, NULL)
502   
503           if (@retval != 0)
504           begin
505               rollback transaction rs_logexec
506   
507               /* Sufficient error messages delivered from server */
508               return (1)
509           end
510   
511           if (logexec() != 1)
512           begin
513               /*
514               ** 17756, "The execution of the stored procedure '%1!'
515               **         in database '%2!' was aborted because there
516               **         was an error in writing the replication log
517               **         record."
518               */
519               select @dbname = db_name()
520               raiserror 17756, "sp_encryption", @dbname
521   
522               rollback transaction rs_logexec
523               return (1)
524           end
525   
526           commit transaction rs_logexec
527   
528       end -- } Setting downgrade_kek_size
529   
530       /*
531       ** Verify downgrade.
532       */
533       if (@cmd = "verify_downgrade")
534       begin -- { verify_downgrade.
535           declare @tmpstr char(4)
536               , @err_verify_keycopy int
537               , @err_verify_key_recovery int
538               , @err_verify_user_passwd int
539               , @err_verify_login_passwd int
540               , @err_check_key_custodian_roles int
541               , @err_check_user_key_custodian_roles int
542               , @err_check_SEP_len int
543               , @err_check_decrypt_default int
544               , @err_check_encrypted_columns int
545               , @err_check_restricted_decrypt int
546               , @err_check_column_datatype int
547               , @err_check_kek_version int
548               , @err_check_svc_key int
549               , @toversid int
550               , @cct int
551               , @c int
552               , @v char(1)
553               , @ret int
554   
555   
556           /* Error number defines */
557           select @err_verify_key_recovery = 1 /* Error for key recovery */
558               , @err_verify_keycopy = 2 /* Error for keycopy existence */
559               , @err_verify_user_passwd = 3 /* Error for user password */
560               , @err_verify_login_passwd = 4 /* Error for login password */
561               , @err_check_user_key_custodian_roles = 5 /* Error for user keycustodian roles */
562               , @err_check_key_custodian_roles = 6 /* Error for keycustodian_role roles */
563               , @err_check_decrypt_default = 7 /* Error for decrypt default */
564               , @err_check_encrypted_columns = 8 /* Error for encrypted column */
565               , @err_check_column_datatype = 9 /* Error for column datatype */
566               , @err_check_SEP_len = 10 /* Error for System Encryption Password greater than 64 bytes */
567               , @err_check_restricted_decrypt = 11 /* Error for restricted decrypt being set */
568               , @err_check_kek_version = 12 /* Error for kek version greater than 0 */
569               , @err_check_svc_key = 13 /* Error for service key existence */
570   
571           /*
572           ** Validate 'toversion' and translate it to version number
573           */
574           select @toversid = 0
575           select @cct = datalength(@opt1)
576           select @c = 1
577           while @c <= @cct
578           begin
579               select @v = substring(@opt1, @c, 1)
580               if (@v between '0' and '9')
581               begin
582                   select @toversid = (@toversid * 10) + convert(int, @v)
583               end
584               else if (@v != '.')
585               begin
586                   -- Not a valid version ... stop
587                   print "'%1!' is not a valid downgrade version.", @opt1
588                   return 1
589               end
590               select @c = @c + 1
591           end
592           if (@toversid = 0 or @toversid > 15505)
593           begin
594               print "'%1!' is not a valid downgrade version.", @opt1
595               return 1
596           end
597           while (@toversid < 10000)
598               select @toversid = @toversid * 10
599   
600           print ""
601           exec sp_getmessage 19676, @errmsg output
602           print @errmsg
603   
604           /* login with sso_role */
605           if (@sso_role > 0) or (@mngsecconf > 0)
606           begin -- { Roles
607   
608               create table #encrypted_verify_results(
609                   dbname varchar(30) null
610                   , assignee varchar(30) null
611                   , tabname varchar(255) null
612                   , colname varchar(255) null
613                   , type tinyint null
614                   , length tinyint null
615                   , username varchar(30) null
616                   , keydbname varchar(30) null
617                   , keyowner varchar(30) null
618                   , keyid int null
619                   , keyname varchar(255) null
620                   , keyprotectedby varchar(45) null
621                   , fullcolname varchar(540) null
622                   , error int null
623                   , errstr varchar(128) null)
624   
625               create table #encrypted_table_verify(
626                   dbname varchar(30) null
627                   , assignee varchar(30) null
628                   , username varchar(30) null
629                   , tabname varchar(255) null
630                   , colname varchar(255) null
631                   , type tinyint null
632                   , length tinyint null
633                   , keydbname varchar(30) null
634                   , keyowner varchar(30) null
635                   , keyid int null
636                   , keyname varchar(255) null
637                   , keystatus int null
638                   , keyprotectedby varchar(45) null
639                   , action int null
640                   , fullcolname varchar(540) null
641                   , fullkeyname varchar(315) null)
642   
643               declare database_cursor cursor for
644               select name
645               from master.dbo.sysdatabases
646               /* Skip databases that have not recovered */
647               where status & @db_unrecovered = 0
648                   /* Skip databases that are offline */
649                   and status2 & @db_offline = 0
650                   /* Skip databases that are not recovered */
651                   and status & @db_notrec = 0
652                   /* Skip databases that will not be recovered */
653                   and status & @db_inlddb = 0
654                   /* Skip databases that are archive databases */
655                   and status3 & @db_archivedb = 0
656   
657               open database_cursor
658               fetch database_cursor into @dbname
659               select @keydbname = db_name()
660   
661               while (@@sqlstatus = 0)
662               begin -- { beginning of while loop.
663   
664                   /*
665                   ** Database name in which there is tab or blank must be
666                   ** delimited with '[]' in sql cmd.
667                   */
668                   select @wrapped_dbname = @dbname
669                   if ((patindex(@tab_str, @dbname) > 0)
670                           or (patindex(@blank_str, @dbname) > 0))
671                   begin
672                       select @wrapped_dbname = '[' + @dbname + ']'
673                   end
674   
675                   select @auxproc = @wrapped_dbname + ".dbo.sp_aux_encr_verify_downgrade"
676   
677                   if (@toversid < 15700)
678                   begin -- { dual control was introduced in 15.7
679                       truncate table #encrypted_table_verify
680                       exec @retval = @auxproc 'check_kek_version', @dbname
681   
682                       -- check existence of service key introduced 
683                       -- since 15.7
684                       truncate table #encrypted_table_verify
685                       exec @retval = @auxproc 'check_svc_key', @dbname
686                   end -- }
687   
688                   if (@toversid < 15020)
689                   begin -- { key copy, recovery copy, user password were introduced in 15.0.2
690                       truncate table #encrypted_table_verify
691                       exec @retval = @auxproc 'verify_keycopy', @dbname, NULL
692                       truncate table #encrypted_table_verify
693                       exec @retval = @auxproc 'verify_key_recovery_copy', NULL
694                       truncate table #encrypted_table_verify
695                       exec @retval = @auxproc 'verify_user_passwd', NULL
696                   end -- } 
697   
698                   if (@toversid < 15010)
699                   begin -- { column encryption was introduced in 15.0.1
700                       truncate table #encrypted_table_verify
701                       exec @retval = @auxproc 'check_key_custodian_roles', @dbname
702   
703                       truncate table #encrypted_table_verify
704                       exec @retval = @auxproc 'check_decrypt_default', @dbname
705   
706                       truncate table #encrypted_table_verify
707                       exec @retval = @auxproc 'check_column_datatype', @dbname
708   
709                       truncate table #encrypted_table_verify
710                       exec @retval = @auxproc 'check_SEP_len', @dbname
711   
712                       if (@dbname = "master")
713                       begin
714                           truncate table #encrypted_table_verify
715                           exec @retval = @auxproc 'check_user_key_custodian_roles', @dbname
716   
717                           truncate table #encrypted_table_verify
718                           exec @retval = @auxproc 'check_restricted_decrypt', @dbname
719                       end
720   
721                       truncate table #encrypted_table_verify
722                       exec @retval = @auxproc 'check_encrypted_columns', @dbname
723                   end --}
724   
725                   fetch database_cursor into @dbname
726   
727               end -- } End of while loop.
728               close database_cursor
729               select @dummy = count(*) from #encrypted_verify_results
730   
731               if (@dummy > 0) -- { dummy
732               begin
733                   select @tmpstr = convert(char(4), @dummy)
734                   print " "
735                   select @errmsg = "Total Error(s) " + @tmpstr
736                   print @errmsg
737                   print " "
738                   update #encrypted_verify_results
739                   set fullcolname =
740                       case
741                           when (error = @err_check_kek_version)
742                           then dbname + "." + keyowner + "."
743                           + keyname + "; assignee: " + assignee
744                           + "; protected by: " + keyprotectedby
745   
746                           when (error = @err_check_svc_key)
747                           then dbname + "." + keyowner + "."
748                           + keyname + "; assignee: " + assignee
749                           when (error = @err_verify_keycopy)
750                           then dbname + "." + keyowner + "."
751                           + keyname + "; assignee: " + assignee
752                           when (error = @err_verify_key_recovery)
753                           then dbname + "." + keyowner + "." + keyname
754                           when (error = @err_verify_user_passwd)
755                           then dbname + "." + keyowner + "." + keyname
756                           when (error = @err_check_key_custodian_roles)
757                           then dbname
758                           when (error = @err_check_user_key_custodian_roles)
759                           then dbname
760                           when (error = @err_check_SEP_len)
761                           then dbname
762                           when (error = @err_check_decrypt_default
763                                   or error = @err_check_encrypted_columns
764                                   or error = @err_check_column_datatype)
765                           then dbname + "."
766                           + username + "." + tabname
767                           + "." + colname
768                           when (error = @err_check_restricted_decrypt)
769                           then dbname
770                       end
771                   where fullcolname is NULL
772   
773   
774                   if exists (select 1 from #encrypted_verify_results)
775                   begin
776                       print ""
777                       exec sp_getmessage 19674, @errmsg output
778                       print @errmsg
779                       print ""
780                       exec sp_autoformat
781                           @fulltabname = #encrypted_verify_results,
782                           @selectlist = "	'Encrypted Columns Item' = fullcolname, 
783   						'Required Action' = errstr",
784                           @orderby = "order by error"
785                   end
786   
787                   select @ret = 1
788               end -- } dummy
789               else
790               begin
791                   print ""
792                   exec sp_getmessage 19677, @errmsg output
793                   print @errmsg
794                   select @ret = 0
795               end
796               deallocate cursor database_cursor
797               drop table #encrypted_verify_results
798               drop table #encrypted_table_verify
799               return @ret
800           end -- } login with sso_role  
801       end -- } verify_downgrade.
802   
803       /* 
804       ** SP_ENCRYPTION HELP|HELPKEY [, KEY_NAME | WILDCARD]
805       **                   [, ALL_DBS | KEY_COPY | DISPLAY_COLS | DISPLAY_DBS]
806       ** SP_ENCRYPTION HELP|HELPKEY, SYSTEM_ENCR_PASSWORD [, DISPLAY_KEYS | ALL_DBS]
807       */
808       if ((@cmd = "help") or (@cmd = "helpkey"))
809       begin --{ Display key related information  
810           if not exists (select 1 from sysobjects where name = 'sysencryptkeys')
811           begin
812               raiserror 19387
813               return (1)
814           end
815   
816           if ((@opt2 is not null) and (@opt2 not in ('all_dbs', 'display_cols',
817                           'key_copy', 'display_keys',
818                           'display_objs', 'display_dbs')))
819           begin
820               /* 18291, "The parameter value '%1!' is invalid." */
821               raiserror 18291, @opt2
822               return 1
823           end
824   
825           /*
826           ** SP_ENCRYPTION HELP|HELPKEY, SYSTEM_ENCR_PASSWD [, DISPLAY_KEYS | ALL_DBS]
827           ** Display system_encr_passwd related information
828           */
829           /*
830           ** SP_ENCRYPTION HELP|HELPKEY, SYSTEM_ENCR_PASSWD, DISPLAY_KEYS
831           ** Displays all keys that are encrypted with 
832           ** the system encryption passwords
833           */
834           if ((@opt1 = "system_encr_passwd") and (@opt2 = "display_keys"))
835           begin --{ "system_encr_passwd display keys"
836               /* Accumulate encryption key info in a temporary table */
837               create table #encr_keys_info(assignee varchar(30) null,
838                   keyname varchar(255) null,
839                   keyowner varchar(30) null,
840                   fullkeyname varchar(285) null)
841   
842               if ((@gp_enabled = 0 and (@sso_role > 0
843                               or @keycustodian_role > 0 or user_name() = "dbo"))
844                       or (@mngcolencrkey > 0))
845               begin
846                   insert #encr_keys_info(assignee, keyname, keyowner)
847                   select user_name(e1.uid), o1.name, user_name(o1.uid)
848                   from sysobjects o1, sysencryptkeys e1, sysattributes a1
849                   where o1.id = e1.id
850                       and (e1.status & @system_password) > 0
851                       and a1.class = 25
852                       and a1.attribute = 0
853                       and a1.object_type = "EC"
854   
855                   if not exists (select 1 from #encr_keys_info)
856                   begin
857                       /* 
858                       ** 19630, "There are no encryption keys encrypted with 
859                       ** the system encryption password."
860                       */
861                       raiserror 19630
862                       return (1)
863                   end
864   
865               end
866               else
867               begin
868                   /* 
869                   ** Display the encryption key info for 
870                   ** non-privileged user 
871                   */
872                   insert #encr_keys_info(assignee, keyname, keyowner)
873                   select user_name(e1.uid), o1.name, user_name(o1.uid)
874                   from sysobjects o1, sysencryptkeys e1, sysattributes a1
875                   where o1.id = e1.id
876                       and (e1.status & @system_password) > 0
877                       and (user_name(e1.uid) = user_name() or user_name(o1.uid) = user_name())
878                       and a1.class = 25
879                       and a1.attribute = 0
880                       and a1.object_type = "EC"
881   
882                   if not exists (select 1 from #encr_keys_info)
883                   begin
884                       /* 
885                       ** 19647, "There are no encryption keys (key copies) 
886                       ** encrypted with the system encryption password
887                       ** for user '%1!' in the current database."
888                       */
889                       raiserror 19647, @callername
890                       return (1)
891                   end
892   
893               end
894   
895   
896               /* update #encr_keys_info to fill fullkeyname column */
897               update #encr_keys_info
898               set fullkeyname = keyowner + "." + keyname
899               where fullkeyname is NULL
900   
901               /* Display the encryption key info */
902               exec sp_autoformat @fulltabname = #encr_keys_info,
903                   @selectlist = "'Owner.Keyname' = fullkeyname, 'Assignee' = assignee",
904                   @orderby = "order by fullkeyname"
905   
906               drop table #encr_keys_info
907           end --} "system_encr_passwd display keys"
908   
909           /*
910           ** SP_ENCRYPTION HELP|HELPKEY, SYSTEM_ENCR_PASSWD 
911           **
912           ** Displays the properties of the system encryption password
913           ** in the current database.
914           */
915           else if (@opt1 = "system_encr_passwd")
916           begin --{
917               /*
918               ** @opt2 may only be NULL, otherwise go to the usage string.
919               */
920               if (@opt2 != NULL)
921               begin
922                   goto usage
923               end
924               /* Accumulate system encryption password info in a temporary table */
925               create table #sys_encr_passwd_info(dbname varchar(30) null,
926                   typeofpasswd varchar(30) null,
927                   modifier varchar(30) null,
928                   moddate smalldatetime null)
929               /* Only SSO, KC, or DBO can run this command */
930               if (@gp_enabled = 0 and @sso_role = 0 and @keycustodian_role = 0
931                       and (user_name() != "dbo"))
932               begin
933                   /* 
934                   ** 19780, "You must be the Database Owner (DBO), or 
935                   ** possess either the System Security Officer (SSO) or 
936                   ** Key Custodian (KC) role to execute this command/procedure.
937                   */
938                   raiserror 19780
939                   return (1)
940               end
941               else if (@gp_enabled > 0)
942               begin
943                   select @dummy =
944                       proc_auditperm("manage column encrypton key",
945                           @mcEKstat)
946                   if (@mcEKstat != 0)
947                       return (1)
948               end
949               select @dbname = db_name()
950   
951               /*
952               ** Database name in which there is tab or blank must be
953               ** delimited with '[]' in sql cmd.
954               */
955               select @wrapped_dbname = @dbname
956               if ((patindex(@tab_str, @dbname) > 0)
957                       or (patindex(@blank_str, @dbname) > 0))
958               begin
959                   select @wrapped_dbname = '[' + @dbname + ']'
960               end
961   
962               select @auxproc =
963                   @wrapped_dbname + ".dbo.sp_aux_sys_encr_passwd_lookup"
964   
965               exec @auxproc @dbname
966   
967               if not exists (select 1 from #sys_encr_passwd_info)
968               begin
969                   /*
970                   ** 19781, "The system encryption password has 
971                   ** not been set for the current database."
972                   */
973                   raiserror 19781
974                   return (1)
975               end
976   
977               /*
978               ** Display the system encryption password info
979               */
980               exec sp_autoformat @fulltabname = #sys_encr_passwd_info,
981                   @selectlist = "'Database' = dbname, 'Type of system_encr_passwd' = typeofpasswd,  'Last modified by' = modifier, 'Date' = moddate ",
982                   @orderby = "dbname "
983   
984               drop table #sys_encr_passwd_info
985   
986               return (0)
987   
988   
989           end --}
990           /*
991           ** SP_ENCRYPTION HELP|HELPKEY, MASTER | DUAL MASTER, DISPLAY_KEYS
992           ** Displays  keys in the current database, which are encrypted by the
993           ** (dual) master key.
994           */
995           else if (((@opt1 = "master") or (@opt1 = "dual master")) and (@opt2 = "display_keys"))
996           begin -- { master key or dual master key, display keys
997               declare @masterkey int
998   
999               /* Accumulate encryption key info in a temporary table */
1000              create table #encr_display_keys_info(assignee varchar(30) null,
1001                  keyname varchar(255) null,
1002                  keyowner varchar(30) null,
1003                  fullkeyname varchar(285) null)
1004  
1005              /* Only SSO, KC can run this command */
1006              if (@gp_enabled = 0 and @sso_role = 0 and @keycustodian_role = 0)
1007              begin
1008                  /* 
1009                  ** 17026, "You must possess either the System Security 
1010                  ** Officer (SSO) or Key Custodian (KC) role to execute 
1011                  ** this command/procedure.
1012                  */
1013                  raiserror 17026
1014                  return (1)
1015              end
1016              if (@gp_enabled > 0)
1017              begin
1018                  select @dummy = proc_auditperm("manage master key",
1019                          @mMKstat)
1020                  if (@mMKstat != 0)
1021                      return (1)
1022              end
1023              /* 
1024              ** If @opt1 equals master key, then we will check for the bit to
1025              ** be set to either @status_master_encr or @status_dualcontrol 
1026              ** The only time it is a dual master key is when both
1027              ** @dual_control and @status_master_encr are set.
1028              ** @masterkey is only used to determine if we are looking for
1029              ** keys encrypted with "master key" or keys encrupted with 
1030              ** "dual master key".
1031              */
1032  
1033              /* Only SSO, KC, or DBO can run this command */
1034              if (@sso_role = 0 and @keycustodian_role = 0 and (user_name() != "dbo"))
1035              begin
1036                  /* 
1037                  ** 19780, "You must be the Database Owner (DBO), or 
1038                  ** possess either the System Security Officer (SSO) or 
1039                  ** Key Custodian (KC) role to execute this command/procedure.
1040                  */
1041                  raiserror 19780
1042                  return (1)
1043              end
1044  
1045              if (@opt1 = "master")
1046              begin
1047                  select @masterkey = 1
1048              end
1049              else
1050              begin --  dual master key
1051                  select @masterkey = 0
1052              end
1053  
1054              insert #encr_display_keys_info(assignee, keyname, keyowner)
1055              select user_name(e1.uid), o1.name, user_name(o1.uid)
1056              from sysobjects o1, sysencryptkeys e1
1057              where o1.id = e1.id
1058                  and o1.type = "EK"
1059                  --  Check for Master Key.
1060                  and (((@masterkey = 1)
1061                          and e1.status & (@status_master_encr | @status_dualcontrol) > 0)
1062                      --  Check for Dual Master key
1063                      or ((@masterkey = 0) and
1064                          ((e1.status & (@status_master_encr | @status_dualcontrol)) = (@status_master_encr | @status_dualcontrol))))
1065  
1066              if not exists (select 1 from #encr_display_keys_info)
1067              begin
1068                  /*
1069                  ** 19955, "There are no encryption keys (key copies) 
1070                  ** encrypted with the '%1!' in the current database.
1071                  */
1072                  raiserror 19955, @opt1
1073                  return (1)
1074              end
1075              /* Display the encryption key info */
1076              /* update #encr_keys_info to fill fullkeyname column */
1077              update #encr_display_keys_info
1078              set fullkeyname = keyowner + "." + keyname
1079              where fullkeyname is NULL
1080              exec sp_autoformat @fulltabname = #encr_display_keys_info,
1081                  @selectlist = "'Owner.Keyname' = fullkeyname, 'Assignee' = assignee",
1082                  @orderby = "order by fullkeyname"
1083              drop table #encr_display_keys_info
1084          end --} master key or dual master key, display keys
1085  
1086          /* 
1087          ** SP_ENCRYPTION HELP|HELPKEY
1088          ** SP_ENCRYPTION HELP|HELPKEY, KEY_NAME|WILDCARD
1089          **                   [, ALL_DBS | KEY_COPY | DISPLAY_COLS | display_objs | display_dbs] 
1090          */
1091          else
1092          begin --{
1093              /*
1094              ** Validate the current database and disambiguate the fully qualified 
1095              ** column name 
1096              */
1097              select @objname = @opt1
1098              select @opt1_buf = @opt1
1099              if (@opt1_buf like "%.%.%")
1100              begin
1101                  if ((substring(@opt1_buf, 1, charindex(".", @opt1_buf) - 1) !=
1102                              db_name()) and (@opt2 != "all_dbs"))
1103                  begin
1104                      /* 17460, "Object must be in the current database." */
1105                      raiserror 17460
1106                      return (1)
1107                  end
1108  
1109                  /* Extract the database name */
1110                  select @keydbname = substring(@opt1_buf, 1, charindex(".",
1111                              @opt1_buf) - 1)
1112                  select @opt1_buf = substring(@opt1_buf,
1113                          charindex(".", @opt1_buf) + 1,
1114                          char_length(@opt1_buf))
1115                  /* Extract the owner name */
1116                  select @owner = substring(@opt1_buf, 1, charindex(".",
1117                              @opt1_buf) - 1)
1118                  /* Extract the object name */
1119                  select @objname = substring(@opt1_buf, charindex(".",
1120                              @opt1_buf) + 1, char_length(@opt1_buf))
1121  
1122              end
1123              if (@opt1_buf like "%.%")
1124              begin
1125                  /* Extract the owner name */
1126                  select @owner = substring(@opt1_buf, 1, charindex(".", @opt1_buf) - 1)
1127                  /* Extract the object name */
1128                  select @objname = substring(@opt1_buf, charindex(".", @opt1_buf) + 1,
1129                          char_length(@opt1_buf))
1130              end
1131  
1132              if (@opt1 is NULL)
1133              begin
1134                  select @opt1 = "%"
1135              end
1136  
1137              if (@keydbname is NULL)
1138              begin
1139                  select @keydbname = "%"
1140              end
1141  
1142              if (@owner is NULL)
1143              begin
1144                  select @owner = "%"
1145              end
1146  
1147              if (@objname is NULL)
1148              begin
1149                  select @objname = "%"
1150              end
1151  
1152  
1153              if (@objname = "master")
1154              begin
1155                  select @objname = "sybencrmasterkey"
1156              end
1157  
1158              if (@objname = "dual master")
1159              begin
1160                  select @objname = "sybencrdualmasterkey"
1161              end
1162  
1163              /* 
1164              ** SP_ENCRYPTION HELP|HELPKEY, KEYNAME|WILDCARD, DISPLAY_COLS
1165              **
1166              ** Non-privileged user gets info only in current db and sso gets
1167              ** info across all dbs.
1168              */
1169              if ((@opt2 = "display_cols"))
1170              begin -- { 
1171  
1172                  /* 
1173                  ** master and dual master keys are never used to encrypt
1174                  ** columns.
1175                  */
1176                  if (@objname = "master" or @objname = "dual master")
1177                  begin
1178                      /*
1179                      ** 19657, "There are no columns encrypted
1180                      ** with key like '%1!' in all available
1181                      ** databases."
1182                      */
1183                      raiserror 19657, @opt1
1184                      return (1)
1185                  end
1186                  if not exists (select 1 from (select o1.name
1187                              from sysobjects o1
1188                              where o1.type = "EK"
1189                                  and o1.name like @objname
1190                                  and user_name(o1.uid) like @owner) t)
1191  
1192                  begin
1193                      /*
1194                      ** 19603, "There are no encryption keys (key copies) like 
1195                      ** '%1!' in '%2!'."
1196                      */
1197                      select @dbname = db_name()
1198                      raiserror 19603, @opt1, @dbname
1199                      return (1)
1200                  end
1201  
1202                  /* Accumulate keys and columns in a temporary table */
1203                  create table #encrypted_column_info(
1204                      keyname varchar(255) null,
1205                      keyowner varchar(30) null,
1206                      dbname varchar(30) null,
1207                      username varchar(30) null,
1208                      objname varchar(255) null,
1209                      colname varchar(255) null)
1210  
1211                  execute @status = sp_aux_checkroleperm @nullarg,
1212                      "use any database", @nullarg, @gp_enabled output
1213  
1214                  /* login with sso_role */
1215                  if ((@gp_enabled = 0 and @sso_role > 0)
1216                          or (@gp_enabled > 0 and @status = 0))
1217                  begin -- {
1218  
1219                      declare database_cursor cursor for
1220                      select name, dbid
1221  
1222                      from master.dbo.sysdatabases
1223                      /* Skip databases that have not recovered */
1224                      where status & @db_unrecovered = 0
1225                          /* Skip databases that are offline */
1226                          and status2 & @db_offline = 0
1227                          /* Skip databases that are not recovered */
1228                          and status & @db_notrec = 0
1229                          /* Skip databases that will not be recovered */
1230                          and status & @db_inlddb = 0
1231                          /* Skip databases that are archive databases */
1232                          and status3 & @db_archivedb = 0
1233  
1234                      open database_cursor
1235                      fetch database_cursor into @dbname, @dbid
1236  
1237  
1238                      select @keydbname = db_name()
1239  
1240                      while (@@sqlstatus = 0)
1241                      begin
1242                          if ((patindex(@tab_str, @dbname) > 0)
1243                                  or (patindex(@blank_str, @dbname) > 0))
1244                          begin
1245                              select @wrapped_dbname = '[' + @dbname + ']'
1246                          end
1247                          else
1248                          begin
1249                              select @wrapped_dbname = @dbname
1250                          end
1251  
1252  
1253  
1254                          select @auxproc =
1255                              @wrapped_dbname + ".dbo.sp_aux_encr_lookup"
1256  
1257                          /*
1258                          ** Since sp_aux_encr_lookup is a system
1259                          ** stored procedure, it will execute in the
1260                          ** context of dbname if it is called as
1261                          ** dbname..sp_aux_encr_lookup, regardless of
1262                          ** which db it is called from.
1263                          **
1264                          ** This auxillary procedure is used to extract
1265                          ** the qualified column name that the specified
1266                          ** key encrypts.
1267                          */
1268  
1269                          exec @auxproc @owner, @objname, @keydbname
1270  
1271                          select @retval = @@error, @rows = @@rowcount
1272  
1273                          if (@retval != 0)
1274                          begin
1275                              close database_cursor
1276                              deallocate cursor database_cursor
1277                              return (1)
1278                          end
1279  
1280                          if (@rows != 0)
1281                          begin
1282                              update #encrypted_column_info
1283                              set dbname = @dbname
1284                              where dbname is NULL
1285  
1286                          end
1287  
1288                          fetch database_cursor into @dbname, @dbid
1289  
1290                      end
1291                      close database_cursor
1292                      deallocate cursor database_cursor
1293  
1294                      if not exists (select 1 from #encrypted_column_info)
1295                      begin
1296                          /*
1297                          ** 19657, "There are no columns encrypted
1298                          ** with key like '%1!' in all available
1299                          ** databases."
1300                          */
1301                          raiserror 19657, @opt1
1302                          return (1)
1303                      end
1304  
1305  
1306  
1307                  end -- }/* Login with sso_role or use any database*/
1308  
1309                  else /* Login without sso_role or use any database */
1310  
1311                  /*
1312                  ** ENCR2_RESOLVE: Currently there is no graceful way (without
1313                  **  warnings) to check and see if a login is a valid user in a
1314                  ** database. A new Built-in has been proposed to check this.
1315                  ** So until this is done, non-privileged users get key-column
1316                  ** association information only from current database.
1317                  */
1318                  begin -- { 
1319  
1320                      insert #encrypted_column_info(keyname, keyowner,
1321                          username, objname, colname)
1322                      select o2.name, user_name(o2.uid), user_name(o1.uid), o1.name,
1323                          c.name
1324                      from syscolumns c, sysobjects o1, sysobjects o2
1325                      where c.id = o1.id
1326                          and c.encrkeyid = o2.id
1327                          and o2.type in ('EK')
1328                          and o2.name like @objname
1329                          and user_name(o2.uid) like @owner
1330  
1331                      if not exists (select 1 from #encrypted_column_info)
1332                      begin
1333                          /*
1334                          ** 19605, "There are no columns encrypted
1335                          ** with key like '%1!' in the current database."
1336                          */
1337                          raiserror 19605, @opt1
1338                          return (1)
1339                      end
1340  
1341                  end -- } /* Login without sso_role */
1342  
1343  
1344  
1345                  /* 
1346                  ** Fill dbname with current database name
1347                  ** Note that dbname is not null for sso_role case
1348                  ** because it is already filled
1349                  */
1350                  update #encrypted_column_info
1351                  set dbname = db_name()
1352                  where dbname is NULL
1353  
1354                  /*
1355                  ** Display the encrypted column info
1356                  */
1357                  exec sp_autoformat @fulltabname = #encrypted_column_info,
1358                      @selectlist = "'Key Name' = keyname, 'Key Owner' = keyowner,  'Database Name' = dbname, 'Table Owner' = username, 'Table Name' = objname, 'Column Name' = colname",
1359                      @orderby = "order by keyname, keyowner, dbname,	username, objname, colname "
1360  
1361                  drop table #encrypted_column_info
1362  
1363                  return (0)
1364              end -- }  display cols
1365  
1366              /* 
1367              ** SP_ENCRYPTION HELP|HELPKEY, SERVICE KEYNAME, DISPLAY_OBJS
1368              **
1369              ** Display objects in current database protected by 
1370              ** service key either syb_extpasswdkey or syb_syscommkey.
1371              */
1372              if ((@opt2 = "display_objs"))
1373              begin -- { 
1374                  if ((@objname != "syb_extpasswdkey") and
1375                          (@objname not like "syb_syscommkey%"))
1376  
1377                  begin -- {
1378                      /* 
1379                      ** display_objs is only valid when key 
1380                      ** name is service key 
1381                      */
1382  
1383                      /* 18291, "The parameter value '%1!' is invalid." */
1384                      raiserror 18291, @opt2
1385                      return 1
1386                  end -- }
1387  
1388                  if not exists (select 1 from (select o1.name
1389                              from sysobjects o1
1390                              where o1.type = "EK"
1391                                  and o1.name like @objname
1392                                  and user_name(o1.uid) like @owner) t)
1393                  begin
1394                      /*
1395                      ** 19603, "There are no encryption keys (key copies) like 
1396                      ** '%1!' in '%2!'."
1397                      */
1398                      select @dbname = db_name()
1399                      raiserror 19603, @opt1, @dbname
1400                      return (1)
1401                  end
1402  
1403  
1404                  /* Only SSO, KC can run this command */
1405                  if (@gp_enabled = 0 and (@sso_role = 0
1406                              and @keycustodian_role = 0))
1407                  begin
1408                      /* 
1409                      ** 17026, "You must possess either the System 
1410                      ** Security Officer (SSO) or Key Custodian (KC)
1411                      **  role to execute this command/procedure.
1412                      */
1413                      raiserror 17026
1414                      return (1)
1415                  end
1416                  if (@gp_enabled > 0)
1417                  begin
1418                      select @dummy =
1419                          proc_auditperm("manage service key",
1420                              @mSRVCKstat)
1421                      if (@mSRVCKstat != 0)
1422                          return 1
1423                  end
1424  
1425                  select @dbname = db_name()
1426  
1427  
1428                  if ((@opt1 = "syb_extpasswdkey"))
1429                  begin -- {
1430  
1431                      /* get key owner */
1432                      select @owner = user_name(o1.uid)
1433                      from sysobjects o1
1434                      where o1.type = "EK"
1435                          and o1.name like @objname
1436                          and user_name(o1.uid) like @owner
1437                      /* 
1438                      ** Put external passwords info into a 
1439                      ** temporary table
1440                      */
1441                      create table #encrypted_extpasswd_info(
1442                          keyname varchar(255) null,
1443                          keyowner varchar(30) null,
1444                          dbname varchar(30) null,
1445                          passwdtype varchar(50) null,
1446                          extllogin varchar(255) null)
1447  
1448                      /* Check ssl password */
1449                      if exists (select 1 from sysattributes
1450                              where class = 15 and
1451                                  char_value like "5:%")
1452                      begin
1453                          insert #encrypted_extpasswd_info
1454                          values (@objname, @owner, @dbname,
1455                              "SSL_CERTIFICATE_PASSWORD", "-")
1456  
1457                      end
1458  
1459                      /* Check primary LDAP account password */
1460                      if exists (select 1 from sysattributes
1461                              where class = 17 and attribute = 3 and
1462                                  char_value like "5:%")
1463                      begin
1464                          insert #encrypted_extpasswd_info
1465                          values (@objname, @owner, @dbname,
1466                              "PRIMARY_LDAPACCESS_PASSWORD", "-")
1467                      end
1468  
1469                      /* Check secondary LDAP account password */
1470                      if exists (select 1 from sysattributes
1471                              where class = 17 and attribute = 8 and
1472                                  char_value like "5:%")
1473                      begin
1474                          insert #encrypted_extpasswd_info
1475                          values (@objname, @owner, @dbname,
1476                              "SECONDARY_LDAPACCESS_PASSWORD", "-")
1477                      end
1478  
1479                      /* Check RA password */
1480                      declare rapasswd_cursor cursor for
1481                      select object_info1 from sysattributes
1482                      where class = 11 and attribute = 2 and
1483                          char_value like "5:%"
1484                      open rapasswd_cursor
1485                      fetch rapasswd_cursor into @rpid
1486                      while (@@sqlstatus = 0)
1487                      begin -- {
1488                          insert #encrypted_extpasswd_info
1489                          select @objname, @owner, @dbname,
1490                              "REPAGNT_RS_PASSWORD",
1491                              case
1492                                  when (@rpid is null or @rpid = 0)
1493                                  then "Default"
1494                                  else
1495                                          (select att1.char_value
1496                                          from sysattributes att1, sysattributes att2, sysattributes att3
1497                                          where att1.class = 41 and att1.attribute = 22
1498                                              and att2.int_value = 0 and att1.object_info1 = att2.object_info1
1499                                              and att3.attribute = 20 and att3.object_info1 = att2.object_info1
1500                                              and att3.object_info2 = (select object_info1 from sysattributes
1501                                                  where class = 41 and attribute = 0 and object_info2 = @rpid))
1502                              end
1503                          fetch rapasswd_cursor into @rpid
1504                      end -- }
1505                      close rapasswd_cursor
1506                      deallocate cursor rapasswd_cursor
1507  
1508                      /* Check CIS external login passwords */
1509                      declare extlpasswd_cursor cursor for
1510                      select object from sysattributes
1511                      where class = 9 and attribute = 0 and
1512                          image_value like "5:%"
1513  
1514                      open extlpasswd_cursor
1515                      fetch extlpasswd_cursor into @userid
1516                      while (@@sqlstatus = 0)
1517                      begin -- { beginning of while loop.
1518                          insert #encrypted_extpasswd_info
1519                          values (@objname, @owner, @dbname,
1520                              "CIS_LOGIN_PASSWORD",
1521                              suser_name(@userid))
1522  
1523                          fetch extlpasswd_cursor into @userid
1524                      end -- } end of cursor loop
1525                      close extlpasswd_cursor
1526                      deallocate cursor extlpasswd_cursor
1527  
1528                      /* Check RTMS external login passwords */
1529                      declare rtmspasswd_cursor cursor for
1530                      select object from sysattributes
1531                      where class = 21 and
1532                          image_value like "5:%" and
1533                          attribute = 0
1534  
1535                      open rtmspasswd_cursor
1536                      fetch rtmspasswd_cursor into @userid
1537                      while (@@sqlstatus = 0)
1538                      begin -- { beginning of while loop.
1539                          insert #encrypted_extpasswd_info
1540                          values (@objname, @owner, @dbname,
1541                              "RTMS_LOGIN_PASSWORD",
1542                              suser_name(@userid))
1543  
1544                          fetch rtmspasswd_cursor into @userid
1545                      end -- } end of cursor loop
1546                      close rtmspasswd_cursor
1547                      deallocate cursor rtmspasswd_cursor
1548  
1549                      /* Check RTMS subscription passwords */
1550                      declare rtmssubpasswd_cursor cursor for
1551                      select object from sysattributes
1552                      where class = 21 and
1553                          image_value like "5:%" and
1554                          attribute = 1
1555  
1556                      open rtmssubpasswd_cursor
1557                      fetch rtmssubpasswd_cursor into @userid
1558                      while (@@sqlstatus = 0)
1559                      begin -- { beginning of while loop.
1560                          insert #encrypted_extpasswd_info
1561                          values (@objname, @owner, @dbname,
1562                              "RTMS_SUBSCRIPTION_PASSWORD",
1563                              "-")
1564                          fetch rtmssubpasswd_cursor into @userid
1565                      end -- } end of cursor loop
1566                      close rtmssubpasswd_cursor
1567                      deallocate cursor rtmssubpasswd_cursor
1568  
1569  
1570  
1571                      /*
1572                      ** Display the encrypted external password info
1573                      */
1574                      exec sp_autoformat @fulltabname = #encrypted_extpasswd_info,
1575                          @selectlist = "'Key Name' = keyname, 'Key Owner' = keyowner,  'Database Name' = dbname, 'Password Type' = passwdtype, 'Login Name' = extllogin",
1576                          @orderby = "order by keyname, keyowner, dbname,	passwdtype, extllogin"
1577  
1578                      drop table #encrypted_extpasswd_info
1579  
1580                      return (0)
1581                  end -- } syb_extpasswdkey
1582                  else if ((@opt1 like "syb_syscommkey%"))
1583                  begin -- {
1584                      /* 
1585                      ** Put encrypted hidden text info into a 
1586                      ** temporary table
1587                      */
1588                      create table #encrypted_text_info(
1589                          keyname varchar(255) null,
1590                          keyowner varchar(30) null,
1591                          dbname varchar(30) null,
1592                          objowner varchar(30) null,
1593                          objname varchar(30) null)
1594  
1595                      declare commkey_cursor cursor for
1596                      select id
1597                      from sysobjects
1598                      where type = "EK"
1599                          and name like @objname
1600                          and user_name(uid) like @owner
1601  
1602                      open commkey_cursor
1603                      fetch commkey_cursor into @keyid
1604                      while (@@sqlstatus = 0)
1605                      begin -- { beginning of while loop.
1606  
1607                          insert #encrypted_text_info(keyname, keyowner,
1608                              objowner, objname)
1609                          select o1.name, user_name(o1.uid), user_name(o2.uid),
1610                              o2.name
1611                          from syscomments m, sysobjects o1, sysobjects o2
1612                          where m.encrkeyid = @keyid
1613                              and m.id = o2.id and m.colid = 1
1614                              and o1.id = @keyid
1615  
1616                          fetch commkey_cursor into @keyid
1617                      end -- } end of while loop
1618  
1619                      close commkey_cursor
1620  
1621                      update #encrypted_text_info
1622                      set dbname = @dbname
1623                      where dbname is NULL
1624  
1625                      /*
1626                      ** Display the encrypted hidden text info
1627                      */
1628                      exec sp_autoformat @fulltabname = #encrypted_text_info,
1629                          @selectlist = "'Key Name' = keyname, 'Key Owner' = keyowner,  'Database Name' = dbname, 'Object Owner' = objowner, 'Object Name' = objname",
1630                          @orderby = "order by keyname, keyowner, dbname,	objowner, objname"
1631  
1632                      drop table #encrypted_text_info
1633  
1634                      return (0)
1635                  end -- } syb_syscommkey
1636  
1637              end -- } display objs
1638  
1639  
1640  
1641              /* 
1642              ** SP_ENCRYPTION HELP|HELPKEY, KEYNAME|WILDCARD [, ALL_DBS]]
1643              */
1644              if ((@opt2 is NULL) or (@opt2 = "all_dbs"))
1645              begin -- {  
1646                  /* Accumulate encryption key info in a temporary table */
1647                  create table #encr_column_info(keyname varchar(255),
1648                      keyowner varchar(30),
1649                      keydbname varchar(30),
1650                      keylength int,
1651                      keyalgorithm varchar(30),
1652                      keytype int,
1653                      random_pad int,
1654                      init_vector int,
1655                      protectedby varchar(45),
1656                      keyrecovery int)
1657  
1658                  /* Create a temporary table to store the keycopynum info */
1659                  create table #encr_column_count(keyname varchar(255),
1660                      keyowner varchar(30),
1661                      keydbname varchar(30),
1662                      keylength int,
1663                      keyalgorithm varchar(30),
1664                      keytype varchar(35),
1665                      random_pad int,
1666                      init_vector int,
1667                      protectedby varchar(45),
1668                      keyrecovery int,
1669                      keycopynum int,
1670                      fullkeyname varchar(315) null)
1671                  /* 
1672                  ** SP_ENCRYPTION HELP|HELPKEY, KEYNAME|WILDCARD, ALL_DBS
1673                  **
1674                  ** Display key properties across all databases
1675                  */
1676                  if (@opt2 = "all_dbs")
1677                  begin --{ Display key properties across all databases
1678                      /* if granular permissions is not enabled check
1679                      ** if user has sso role. If granular permissions
1680                      ** is enabled then check for 'use any database'
1681                      ** permission proc_role and proc_auditperm will 
1682                      ** also do auditing and print error messages
1683                      ** if required.
1684                      */
1685                      execute @status = sp_aux_checkroleperm
1686                          "sso_role", "use any database",
1687                          @nullarg, @gp_enabled output
1688  
1689                      if (@gp_enabled = 0)
1690                      begin
1691                          select @dummy = proc_role("sso_role")
1692                      end
1693                      else
1694                      begin
1695                          select @dummy =
1696                              proc_auditperm(
1697                                  "use any database",
1698                                  @status)
1699                      end
1700                      if (@status != 0) return (1)
1701  
1702                      declare db_cursor cursor for
1703                      select name, dbid
1704                      from master.dbo.sysdatabases
1705                      /* Skip databases that have not recovered */
1706                      where status & @db_unrecovered = 0
1707                          /* Skip databases that are offline */
1708                          and status2 & @db_offline = 0
1709                          /* Skip databases that are not recovered */
1710                          and status & @db_notrec = 0
1711                          /* Skip databases that will not be recovered */
1712                          and status & @db_inlddb = 0
1713                          /* Skip databases that are archive databases */
1714                          and status3 & @db_archivedb = 0
1715  
1716                          /* 
1717                          ** Loop through only matching specified
1718                          ** database names.
1719                          */
1720                          and name like @keydbname
1721  
1722  
1723                      open db_cursor
1724                      fetch db_cursor into @dbname, @dbid
1725  
1726                      while (@@sqlstatus = 0)
1727                      begin
1728                          if ((patindex(@tab_str, @dbname) > 0)
1729                                  or (patindex(@blank_str, @dbname) > 0))
1730                          begin
1731                              select @wrapped_dbname = '[' + @dbname + ']'
1732                          end
1733                          else
1734                          begin
1735                              select @wrapped_dbname = @dbname
1736                          end
1737  
1738  
1739                          /*
1740                          **
1741                          ** Since sp_aux_encrkey_info is a system
1742                          ** stored procedure, it will execute in
1743                          ** the context of dbname if it is called
1744                          ** as dbname..sp_aux_encrkey_info, 
1745                          ** regardless of which db it is called 
1746                          ** from.
1747                          **
1748                          ** This auxillary procedure is used to 
1749                          ** extract the key properties. 
1750                          */
1751                          select @auxproc =
1752                              @wrapped_dbname + ".dbo.sp_aux_encrkey_info"
1753  
1754                          exec @auxproc @owner, @objname
1755  
1756                          select @retval = @@error
1757                          if (@retval != 0)
1758                          begin
1759                              close db_cursor
1760                              deallocate cursor db_cursor
1761                              return (1)
1762                          end
1763  
1764                          fetch db_cursor into @dbname, @dbid
1765                      end
1766  
1767                      close db_cursor
1768                      deallocate cursor db_cursor
1769  
1770                      /*
1771                      ** Inserting into temporary table because sp_autoformat
1772                      ** currently does not support group by clause.
1773                      ** We display number of keycopies (not including the keybase one),
1774                      ** That's the reason of using count(*)-1 in the following sql.
1775                      */
1776                      insert #encr_column_count(keyname, keyowner, keydbname,
1777                          keylength, keyalgorithm,
1778                          keytype, random_pad, init_vector,
1779                          protectedby, keyrecovery, keycopynum)
1780                      select t1.keyname, t1.keyowner, t1.keydbname, t1.keylength
1781                          , t1.keyalgorithm
1782                          , case
1783                              when (t1.keytype & @keytype_master) > 0
1784                              then "symmetric master key"
1785                              when (t1.keytype & @keytype_dualmaster) > 0
1786                              then "symmetric dual master key"
1787                              when (t1.keytype & @keytype_passwd_svckey) > 0
1788                              then "symmetric service key"
1789                              when (t1.keytype & @keytype_text_svckey) > 0 and
1790                                  (t1.keytype & @default_key) > 0
1791                              then "symmetric default service key"
1792                              when (t1.keytype & @keytype_text_svckey) > 0
1793                              then "symmetric service key"
1794                              when (t1.keytype & @default_key) > 0
1795                              then "symmetric default key"
1796                              when (t1.keytype & @keytype_database) > 0
1797                              then "symmetric database encryption key"
1798                              else "symmetric key"
1799                          end
1800                          , t1.random_pad
1801                          , t1.init_vector, t1.protectedby, t1.keyrecovery
1802                          , t2.keycopynum
1803                      from #encr_column_info t1, (select t3.keyname as keyname,
1804                              t3.keyowner as keyowner,
1805                              t3.keydbname as keydbname,
1806                              count(*) - 1 as keycopynum
1807                          from #encr_column_info t3
1808                          group by t3.keydbname, t3.keyowner, t3.keyname
1809                          ) t2
1810                      where (t1.keytype & @key_copy) = 0
1811                          and t1.keyname = t2.keyname
1812                          and t1.keydbname = t2.keydbname
1813                          and t1.keyowner = t2.keyowner
1814  
1815                      if not exists (select 1 from #encr_column_count)
1816                      begin
1817                          /*
1818                          ** 19603, "There are no encryption keys (key copies) like 
1819                          ** '%1!' in '%2!'."
1820                          */
1821                          raiserror 19603, @opt1, "all databases"
1822                          return (1)
1823                      end
1824  
1825  
1826                      /* update #encr_column_count to fill fullkeyname column */
1827                      begin
1828                          update #encr_column_count
1829                          set fullkeyname = keydbname + "." + keyowner + "." + keyname
1830                          where fullkeyname is NULL
1831                      end
1832  
1833                      /* 
1834                      ** When granular permissions is enabled delete 
1835                      ** those keys the user isn't allowed to see.
1836                      */
1837                      if (@gp_enabled = 1)
1838                      begin
1839                          if (@mngmasterkey != 1)
1840                          begin
1841                              delete #encr_column_count
1842                              where keytype
1843                                  like "%Master%"
1844                          end
1845                          if (@mngservicekey != 1)
1846                          begin
1847                              delete #encr_column_count
1848                              where keytype
1849                                  like "%Service%"
1850                          end
1851                          if (@mngcolencrkey != 1)
1852                          begin
1853                              delete #encr_column_count
1854                              where keytype
1855                                  in ('Symmetric Default Key', 'Symmetric Key')
1856                          end
1857                      end
1858  
1859                      /* Display the encryption key info */
1860                      exec sp_autoformat @fulltabname = #encr_column_count,
1861                          @selectlist = "	'Db.Owner.Keyname' = fullkeyname,
1862  						'Key Length' = keylength,
1863  						'Key Algorithm' = keyalgorithm,
1864  						'Key Type' = keytype,
1865  						'Pad' = random_pad,
1866  						'Initialization Vector' = init_vector,
1867  						'Protected By' = protectedby,
1868  						'Key Recovery' = keyrecovery,
1869  						'# of Key Copies'= keycopynum",
1870                          @orderby = "order by fullkeyname"
1871                  end --} /* Display key properties across all dbs */
1872                  else
1873  
1874                  /* 
1875                  ** SP_ENCRYPTION HELP|HELPKEY [, KEYNAME | WILDCARD]
1876                  ** 
1877                  ** Lists the properties of base keys in current database
1878                  */
1879                  begin --{ Lists the properties of base keys in current database.
1880                      select @dbname = db_name()
1881                      /*
1882                      ** Database name in which there is tab or blank must be
1883                      ** delimited with '[]' in sql cmd.
1884                      */
1885                      select @wrapped_dbname = @dbname
1886                      if ((patindex(@tab_str, @dbname) > 0)
1887                              or (patindex(@blank_str, @dbname) > 0))
1888                      begin
1889                          select @wrapped_dbname = '[' + @dbname + ']'
1890                      end
1891  
1892                      /*
1893                      ** Since sp_aux_encrkey_info is a system
1894                      ** stored procedure, it will execute in the
1895                      ** context of dbname if it is called as
1896                      ** dbname..sp_aux_encrkey_info, regardless of
1897                      ** which db it is called from.
1898                      **
1899                      ** This auxillary procedure is used to extract
1900                      ** the key properties. 
1901                      */
1902                      select @auxproc =
1903                          @wrapped_dbname + ".dbo.sp_aux_encrkey_info"
1904  
1905                      exec @auxproc @owner, @objname
1906  
1907                      select @retval = @@error
1908                      if (@retval != 0)
1909                      begin
1910                          return (1)
1911                      end
1912  
1913                      /*
1914                      ** Inserting into temporary table because sp_autoformat
1915                      ** currently does not support group by clause.
1916                      */
1917  
1918                      /* 
1919                      ** A typical #encr_column_info t3 before the following query statement
1920                      ** is like:
1921                      ** 
1922                      ** keydbname	keyname   keyowner  keylength  ...  keyrecovery  keycopynum
1923                      ** ---------    -------   --------  ---------       -----------  ----------
1924                      ** tdb1		key1	  dbo	    128             0            0         (base key)	
1925                      ** tdb1		key1      dbo       128             1            0         (key copy)
1926                      ** tdb1         key1      dbo       128             0            0         (key copy)
1927                      ** tdb1		key2	  dbo       128		    0            0         (base key)
1928                      **
1929                      ** sp_encryption help only shows key information about the base keys.
1930                      ** We use the subquery in the following statement to get the correct value of 
1931                      ** keyrecovery and keycopynum.
1932                      **
1933                      */
1934  
1935                      insert #encr_column_count(keyname, keyowner, keydbname,
1936                          keylength, keyalgorithm,
1937                          keytype, random_pad, init_vector,
1938                          protectedby, keyrecovery, keycopynum)
1939                      select t1.keyname, t1.keyowner, t1.keydbname, t1.keylength
1940                          , t1.keyalgorithm
1941                          , case
1942                              when (t1.keytype & @keytype_master) > 0
1943                              then "symmetric master key"
1944                              when (t1.keytype & @keytype_dualmaster) > 0
1945                              then "symmetric dual master key"
1946                              when (t1.keytype & @keytype_passwd_svckey) > 0
1947                              then "symmetric service key"
1948                              when (t1.keytype & @keytype_text_svckey) > 0 and
1949                                  (t1.keytype & @default_key) > 0
1950                              then "symmetric default service key"
1951                              when (t1.keytype & @keytype_text_svckey) > 0
1952                              then "symmetric service key"
1953                              when (t1.keytype & @default_key) > 0
1954                              then "symmetric default key"
1955                              when (t1.keytype & @keytype_database) > 0
1956                              then "symmetric database encryption key"
1957                              else "symmetric key"
1958  
1959                          end
1960                          , t1.random_pad
1961                          , t1.init_vector
1962                          , t1.protectedby
1963                          , t2.keyrecovery
1964                          , t2.keycopynum
1965                      from #encr_column_info t1, (select t3.keyname as keyname,
1966                              t3.keyowner as keyowner,
1967                              t3.keydbname as keydbname,
1968                              sum(t3.keyrecovery) as keyrecovery,
1969                              count(t3.keyname) - 1 as keycopynum
1970                          from #encr_column_info t3
1971                          group by t3.keydbname, t3.keyowner, t3.keyname
1972                          ) t2
1973                      where (t1.keytype & @key_copy) = 0
1974                          and t1.keyname = t2.keyname
1975                          and t1.keyowner = t2.keyowner
1976                          and t1.keydbname = t2.keydbname
1977  
1978                      if not exists (select 1 from #encr_column_count)
1979                      begin
1980                          /*
1981                          ** 19603, "There are no encryption keys (key copies) like 
1982                          ** '%1!' in '%2!'."
1983                          */
1984                          raiserror 19603, @opt1, @dbname
1985                          return (1)
1986                      end
1987  
1988                      if ((@gp_enabled = 0 and (@sso_role > 0
1989                                      or @keycustodian_role > 0
1990                                      or user_name() = "dbo"))
1991                              or (@gp_enabled = 1 and
1992                                  (@mngmasterkey = 1 or
1993                                      @mngservicekey = 1 or
1994                                      @mngcolencrkey = 1)))
1995                      begin
1996                          if (@gp_enabled = 1)
1997                          begin
1998                              if (@mngmasterkey != 1)
1999                              begin
2000                                  delete #encr_column_count
2001                                  where keytype
2002                                      like "%Master%"
2003                              end
2004                              if (@mngservicekey != 1)
2005                              begin
2006                                  delete #encr_column_count
2007                                  where keytype
2008                                      like "%Service%"
2009                              end
2010                              if (@mngcolencrkey != 1)
2011                              begin
2012                                  delete #encr_column_count
2013                                  where keytype
2014                                      in ('Symmetric Default Key', 'Symmetric Key')
2015                              end
2016                          end
2017  
2018                          /* Display the encryption key info */
2019                          exec sp_autoformat @fulltabname = #encr_column_count,
2020                              @selectlist = "	'Key Name' = keyname,
2021  							'Key Owner' = keyowner,
2022  							'Key Length' = keylength,
2023  							'Key Algorithm' = keyalgorithm,
2024  							'Key Type' = keytype,
2025  							'Pad' = random_pad,
2026  							'Initialization Vector' = init_vector,
2027  							'Protected By' = protectedby,
2028  							'Key Recovery' = keyrecovery,
2029  							'# of Key Copies' = keycopynum",
2030                              @orderby = "order by keyname, keyowner"
2031                      end
2032                      else
2033                      begin
2034                          /* 
2035                          ** Display the encryption key info for 
2036                          ** non-privileged user 
2037                          */
2038                          exec sp_autoformat @fulltabname = #encr_column_count,
2039                              @selectlist = "	'Key Name' = keyname,
2040  							'Key Owner' = keyowner,
2041  							'Key Type' = keytype",
2042                              @orderby = "order by keyname, keyowner"
2043                      end
2044                  end --} Lists the properties of base keys in current database.
2045                  drop table #encr_column_info
2046                  drop table #encr_column_count
2047              end -- } Null or all dbs
2048  
2049              /*
2050              ** SP_ENCRYPTION HELP|HELPKEY, KEYNAME|WILDCARD, KEY_COPY
2051              **
2052              ** Lists all the user access copies of a given key in the current
2053              ** database. 
2054              */
2055              if ((@opt2 = "key_copy"))
2056              begin -- { key_copy
2057                  /* Accumulate encryption key info in a temporary table */
2058                  create table #encryption_keys_info(keyowner varchar(30) null,
2059                      keyname varchar(255) null,
2060                      assignee varchar(30) null,
2061                      protectedby varchar(43) null,
2062                      keyrecovery int null,
2063                      fullkeyname varchar(285) null)
2064  
2065                  if ((@gp_enabled = 0 and (@sso_role > 0
2066                                  or @keycustodian_role > 0
2067                                  or user_name() = "dbo"))
2068                          or (@gp_enabled = 1 and (@mngmasterkey = 1
2069                                  or @mngcolencrkey = 1)))
2070                  begin -- { so_role              
2071                      insert #encryption_keys_info(keyowner, keyname, assignee,
2072                          protectedby, keyrecovery)
2073                      select user_name(o1.uid), o1.name, user_name(e1.uid)
2074                          , case (e1.status & (@status_dualcontrol
2075                          | @status_master_encr | @login_access
2076                          | @login_password | @system_password
2077                          | @user_password | @status_mek_encr
2078                          | @status_static_encr))
2079                              when (@login_access | @system_password) then "login access"
2080                              when (@login_access | @status_master_encr) then "login access"
2081                              when @login_password then "login password"
2082                              when @system_password then "system encryption password"
2083                              when @user_password then "user password"
2084                              when @status_master_encr then "master key"
2085                              when (@status_dualcontrol | @user_password)
2086                              then "dual_control(master key + user password)"
2087                              when (@status_dualcontrol | @login_access | @status_master_encr)
2088                              then "dual_control(login access)"
2089                              when (@status_dualcontrol | @login_password)
2090                              then "dual_control(master key + login password)"
2091                              when (@status_dualcontrol | @status_master_encr)
2092                              then "dual_control(master key + dual master key)"
2093                              when (@status_mek_encr)
2094                              then "automatic startup key"
2095                              when (@status_static_encr)
2096                              then "static key"
2097                          end
2098                          , case (e1.type & @key_recovery)
2099                              when 0 then 0
2100                              else 1
2101                          end
2102                      from sysobjects o1, sysencryptkeys e1
2103                      where o1.id = e1.id
2104                          and e1.type & @key_copy > 0
2105                          and o1.name like @objname
2106                          and user_name(o1.uid) like @owner
2107                      /* 
2108                      ** When granular permissions is enabled delete 
2109                      ** those keys user isn't allowed to see.
2110                      */
2111                      if (@gp_enabled = 1)
2112                      begin
2113                          if (@mngmasterkey != 1)
2114                          begin
2115                              delete #encryption_keys_info
2116                              where keyname
2117                                  in ("sybencrmasterkey"
2118                                      , "sybencrdualmasterkey")
2119                          end
2120                          if (@mngcolencrkey != 1)
2121                          begin
2122                              delete #encryption_keys_info
2123                              where keyname
2124                                  not
2125                                  in ("sybencrmasterkey"
2126                                      , "sybencrdualmasterkey")
2127                          end
2128                      end
2129                      if not exists (select 1 from #encryption_keys_info)
2130                      begin
2131                          /*
2132                          ** 19603, "There are no encryption keys (key copies) like 
2133                          ** '%1!' in '%2!'."
2134                          */
2135                          select @dbname = db_name()
2136                          raiserror 19603, @opt1, @dbname
2137                          return (1)
2138                      end
2139  
2140                      /* update #encryption_keys_info to fill fullkeyname column */
2141                      update #encryption_keys_info
2142                      set fullkeyname = keyowner + "." + keyname
2143                      where fullkeyname is NULL
2144  
2145                      /* Display the encryption key info */
2146                      exec sp_autoformat @fulltabname = #encryption_keys_info,
2147                          @selectlist = "'Owner.Keyname' = fullkeyname,
2148  					       'Assignee' = assignee,
2149  					       'Protected By' = protectedby,
2150  					       'Key Recovery' = keyrecovery",
2151                          @orderby = "order by fullkeyname"
2152                  end -- } sso_role	
2153                  else
2154                  begin -- { no sso_role	
2155                      /* 
2156                      ** Display the encryption key info for non-privileged user. 
2157                      ** A non-privileged key owner can see key copies
2158                      ** of his key, and other non-privileged users can only see key copies
2159                      ** that were assigned to them. 
2160                      */
2161                      insert #encryption_keys_info(keyowner, keyname, assignee,
2162                          protectedby, keyrecovery)
2163                      select user_name(o1.uid)
2164                          , o1.name
2165                          , user_name(e1.uid)
2166                          , case (e1.status & (@status_dualcontrol
2167                          | @status_master_encr | @login_access
2168                          | @login_password | @system_password
2169                          | @user_password | @status_mek_encr
2170                          | @status_static_encr))
2171                              when (@login_access | @system_password) then "login access"
2172                              when (@login_access | @status_master_encr) then "login access"
2173                              when @login_password then "login password"
2174                              when @system_password then "system encryption password"
2175                              when @user_password then "user password"
2176                              when @status_master_encr then "master key"
2177                              when (@status_dualcontrol | @user_password)
2178                              then "dual_control(master key + user password)"
2179                              when (@status_dualcontrol | @login_access | @status_master_encr)
2180                              then "dual_control(login access)"
2181                              when (@status_dualcontrol | @login_password)
2182                              then "dual_control(master key + login password)"
2183                              when (@status_dualcontrol | @status_master_encr)
2184                              then "dual_control(master key + dual master key)"
2185                              when (@status_mek_encr)
2186                              then "automatic startup key"
2187                              when (@status_static_encr)
2188                              then "static key"
2189                          end
2190                          , case (e1.type & @key_recovery)
2191                              when 0 then 0
2192                              else 1
2193                          end
2194                      from sysobjects o1, sysencryptkeys e1
2195                      where o1.id = e1.id
2196                          and e1.type & @key_copy > 0
2197                          and o1.name like @objname
2198                          and (user_name(e1.uid) = user_name()
2199                              or user_name(o1.uid) = user_name())
2200  
2201                      /* to check if we get something */
2202                      if not exists (select 1 from #encryption_keys_info)
2203                      begin
2204                          /*
2205                          ** 19648, "There are no encryption key copies 
2206                          ** like '%1!' assigned to '%2!' in '%3!'."
2207                          */
2208                          select @dbname = db_name()
2209                          raiserror 19648, @opt1, @callername, @dbname
2210                          return (1)
2211                      end
2212  
2213                      /* update #encryption_keys_info to fill fullkeyname column */
2214                      update #encryption_keys_info
2215                      set fullkeyname = keyowner + "." + keyname
2216                      where fullkeyname is NULL
2217  
2218                      /* Display the encryption key info */
2219                      exec sp_autoformat @fulltabname = #encryption_keys_info,
2220                          @selectlist = "'Owner.Keyname' = fullkeyname,
2221  					       'Assignee' = assignee,
2222  					       'Protected By' = protectedby, 
2223  					       'Key Recovery' = keyrecovery",
2224                          @orderby = "order by fullkeyname"
2225                  end -- } no sso_role	
2226                  drop table #encryption_keys_info
2227              end --} key_copy
2228  
2229              /* 
2230              ** SP_ENCRYPTION HELP|HELPKEY, KEYNAME|WILDCARD [, DISPLAY_DBS]]
2231              **
2232              ** List all databases that are encrypted by given
2233              ** database encryption key.
2234              */
2235              if (@opt2 = "display_dbs")
2236              begin -- { display_dbs 
2237                  /* Only SSO, KC can run this command */
2238                  if (@gp_enabled = 0 and (@sso_role = 0
2239                              and @keycustodian_role = 0))
2240                  begin
2241                      /* 
2242                      ** 17026, "You must possess either the System 
2243                      ** Security Officer (SSO) or Key Custodian (KC)
2244                      **  role to execute this command/procedure.
2245                      */
2246                      raiserror 17026
2247                      return (1)
2248                  end
2249                  if (@gp_enabled > 0)
2250                  begin
2251                      select @dummy =
2252                          proc_auditperm(
2253                              "use any database",
2254                              @status)
2255                      if (@status != 0) return (1)
2256                  end
2257  
2258                  /* Accumulate keys and databases in a temporary table */
2259                  create table #encrypted_database_info(
2260                      keyname varchar(255) null,
2261                      keyowner varchar(30) null,
2262                      dbname varchar(30) null)
2263  
2264                  insert #encrypted_database_info(keyname, keyowner, dbname)
2265                  select o1.name, user_name(o1.uid), d1.name
2266                  from sysobjects o1, sysencryptkeys e1, master.dbo.sysdatabases d1
2267                  where d1.encrkeyid = e1.id
2268                      and e1.id = o1.id
2269                      and o1.name like @objname
2270                      and o1.type = "EK"
2271                      and (e1.type & @keytype_database) > 0
2272                  if not exists (select 1 from #encrypted_database_info)
2273                  begin
2274                      /*17161, "There are no databases encrypted with key '%1!'." */
2275                      raiserror 17161, @opt1
2276                      return (1)
2277                  end
2278  
2279                  /* Display the encrypted database info */
2280                  exec sp_autoformat @fulltabname = #encrypted_database_info,
2281                      @selectlist = " 'Key Name' = keyname,
2282  			 		 'Key Owner' = keyowner,
2283  					 'Encrypted Database' = dbname",
2284                      @orderby = "order by keyname"
2285  
2286                  drop table #encrypted_database_info
2287              end --} display_dbs
2288  
2289          end --}
2290      end --} Display key related information  
2291  
2292      /* 
2293      ** SP_ENCRYPTION HELPCOL [, COLUMNNAME]
2294      **
2295      ** Displays matched column name in current database along with the key 
2296      ** used to encrypt the column. 
2297  
2298      ** For sso, all dbs will be searched wheras for non-privileged users, it 
2299      ** applies only to the current db. If the key is present in a different 
2300      ** db, then for non-privileged users, the keyid will be displayed instead
2301      ** of keyname.
2302      */
2303      if (@cmd = "helpcol")
2304      begin -- {
2305          if (@opt2 is not null)
2306          begin
2307              /* 19213, "Invalid argument or unsupported command: %1!." */
2308              raiserror 19213, @opt2
2309              return (1)
2310          end
2311  
2312          /*
2313          ** Resolve @opt1 based on qualified name.
2314          ** The rules are as follows,
2315          ** 1) name -> looks for encrypted columns in table 'name'.
2316          ** If none found, looks for all columns of that 'name'.
2317          ** 2) name.name -> looks for existence of owner.table 
2318          ** If none found, looks for single column table.column 
2319          ** 3) name.name.name -> looks for column based on table.owner.name
2320          */
2321          select @opt1_buf = @opt1
2322          if (@opt1_buf like "%.%.%.%")
2323          begin
2324              if (substring(@opt1_buf, 1, charindex(".", @opt1_buf) - 1) !=
2325                      db_name())
2326              begin
2327                  /* 17460, "Object must be in the current database." */
2328                  raiserror 17460
2329                  return (1)
2330              end
2331              else
2332              begin
2333                  /* Strip the database name */
2334                  select @opt1_buf = substring(@opt1_buf,
2335                          charindex(".", @opt1_buf) + 1,
2336                          char_length(@opt1_buf))
2337                  /* Extract the owner name */
2338                  select @owner = substring(@opt1_buf, 1, charindex(".",
2339                              @opt1_buf) - 1)
2340                  select @opt1_buf = substring(@opt1_buf, charindex(".",
2341                              @opt1_buf) + 1, char_length(@opt1_buf))
2342                  /* Extract the table name */
2343                  select @objname = substring(@opt1_buf, 1, charindex(".",
2344                              @opt1_buf) - 1)
2345                  /* Extract the column name */
2346                  select @colname = substring(@opt1_buf, charindex(".",
2347                              @opt1_buf) + 1,
2348                          char_length(@opt1_buf))
2349              end
2350          end
2351          else if (@opt1_buf like "%.%.%")
2352          begin
2353              /* Extract the owner name */
2354              select @owner = substring(@opt1_buf, 1, charindex(".", @opt1_buf) - 1)
2355              select @opt1_buf = substring(@opt1_buf, charindex(".", @opt1_buf) + 1,
2356                      char_length(@opt1_buf))
2357              /* Extract the table name */
2358              select @objname = substring(@opt1_buf, 1, charindex(".", @opt1_buf) - 1)
2359              /* Extract the column name */
2360              select @colname = substring(@opt1_buf, charindex(".", @opt1_buf) + 1,
2361                      char_length(@opt1_buf))
2362          end
2363          else if (@opt1_buf like "%.%")
2364          begin
2365              /* Extract the table name */
2366              select @owner = substring(@opt1_buf, 1, charindex(".", @opt1_buf) - 1)
2367              /* Extract the column name */
2368              select @objname = substring(@opt1_buf, charindex(".", @opt1_buf) + 1,
2369                      char_length(@opt1_buf))
2370              select @colname = "%"
2371              if not exists (select 1 from sysobjects where name like @objname and
2372                          user_name(uid) like @owner)
2373              begin
2374                  select @colname = @objname
2375                  select @objname = @owner
2376                  select @owner = "%"
2377              end
2378          end
2379          else if (@opt1_buf is not NULL)
2380          begin
2381              /* Check if table/view specified exists */
2382              if exists (select 1 from sysobjects
2383                      where type in ("S", "U", "V")
2384                          and name like @opt1_buf)
2385              begin
2386                  select @owner = "%"
2387                  select @objname = @opt1_buf
2388                  select @colname = "%"
2389              end
2390              else
2391              begin
2392                  select @owner = "%"
2393                  select @objname = "%"
2394                  select @colname = @opt1_buf
2395              end
2396          end
2397          else
2398          begin
2399              select @owner = "%"
2400              select @opt1 = "%"
2401              select @objname = @opt1
2402              select @colname = "%"
2403          end
2404  
2405          if (@owner is NULL)
2406          begin
2407              select @owner = "%"
2408          end
2409  
2410          if (@objname is NULL)
2411          begin
2412              select @objname = "%"
2413          end
2414  
2415          if (@colname is NULL)
2416          begin
2417              select @colname = "%"
2418          end
2419  
2420          /*
2421          ** Accumulate encrypted columns and their tables in a 
2422          ** temporary table 
2423          */
2424          create table #encrypted_table_info(
2425              username varchar(30) null,
2426              tabname varchar(255) null,
2427              colname varchar(255) null,
2428              keydbname varchar(30) null,
2429              keyowner varchar(30) null,
2430              keyid int null,
2431              keyname varchar(255) null,
2432              fullcolname varchar(540) null,
2433              fullkeyname varchar(315) null)
2434  
2435          /* 
2436          ** A temporary table to store the keydbnames which
2437          ** is needed by cursor db_cursor
2438          */
2439          create table #keydbname_table(keydbname varchar(30) null)
2440  
2441  
2442          select @dbname = db_name()
2443          /* Indicates an encrypted column status */
2444          select @encolstatus = 128
2445  
2446          insert #encrypted_table_info(username, tabname, colname, keydbname,
2447              keyid)
2448          select user_name(o.uid), o.name, c.name
2449              , case c.encrkeydb
2450                  when null then @dbname
2451                  else c.encrkeydb
2452              end
2453              , c.encrkeyid
2454          from sysobjects o, syscolumns c
2455          where ((c.status2 & @encolstatus) = @encolstatus)
2456              and o.id = c.id
2457              and user_name(o.uid) like @owner
2458              and o.name like @objname
2459              and c.name like @colname
2460  
2461          insert #keydbname_table
2462          select k.keydbname
2463          from #encrypted_table_info k, master.dbo.sysdatabases s
2464          where k.keydbname = s.name
2465              /* Skip databases that have not recovered */
2466              and s.status & @db_unrecovered = 0
2467              /* Skip databases that are offline */
2468              and s.status2 & @db_offline = 0
2469              /* Skip databases that are not recovered */
2470              and s.status & @db_notrec = 0
2471              /* Skip databases that will not be recovered */
2472              and s.status & @db_inlddb = 0
2473              /* Skip databases that are archive databases */
2474              and s.status3 & @db_archivedb = 0
2475  
2476          execute @status = sp_aux_checkroleperm @nullarg, "use any database",
2477              @nullarg, @gp_enabled output
2478  
2479          if ((@gp_enabled = 0 and @sso_role > 0)
2480                  or (@gp_enabled = 1 and @status = 0))
2481          begin
2482  
2483              declare db_cursor cursor for
2484              select keydbname from #keydbname_table
2485  
2486              open db_cursor
2487              fetch db_cursor into @dbname
2488  
2489              while (@@sqlstatus = 0)
2490              begin
2491                  /*
2492                  ** Database name in which there is tab or blank must be
2493                  ** delimited with '[]' in sql cmd.
2494                  */
2495                  select @wrapped_dbname = @dbname
2496                  if ((patindex(@tab_str, @dbname) > 0)
2497                          or (patindex(@blank_str, @dbname) > 0))
2498                  begin
2499                      select @wrapped_dbname = '[' + @dbname + ']'
2500                  end
2501  
2502                  /*
2503                  ** Since sp_aux_encrkey_lookup is a system
2504                  ** stored procedure, it will execute in the
2505                  ** context of dbname if it is called as
2506                  ** dbname..sp_aux_encrkey_lookup, regardless of
2507                  ** which db it is called from.
2508                  **
2509                  ** This auxillary procedure is used for
2510                  ** extracting key name for specified
2511                  ** keyids.
2512                  */
2513                  select @auxproc =
2514                      @wrapped_dbname + ".dbo.sp_aux_encrkey_lookup"
2515  
2516                  exec @auxproc
2517  
2518                  select @retval = @@error
2519                  if (@retval != 0)
2520                  begin
2521                      close db_cursor
2522                      deallocate cursor db_cursor
2523                      return (1)
2524                  end
2525  
2526                  fetch db_cursor into @dbname
2527  
2528              end
2529              close db_cursor
2530              deallocate cursor db_cursor
2531          end
2532          else
2533          begin
2534              /*
2535              ** ENCR2_RESOLVE: Currently there is no graceful way (without
2536              **  warnings) to check and see if a login is a valid user in a
2537              ** database. A new Built-in has been proposed to check this.
2538              ** So until this is done, non-privileged users get keyids
2539              ** for those keys that are not in current database.
2540              */
2541  
2542              update #encrypted_table_info
2543              set keyowner = user_name(o.uid)
2544                  , keyname = o.name
2545              from sysobjects o
2546              where o.id = keyid
2547                  and db_name() = keydbname
2548  
2549          end
2550  
2551          if not exists (select 1 from #encrypted_table_info)
2552          begin
2553              /* 
2554              ** 19604, "There are no encrypted columns like 
2555              ** '%1!'."
2556              */
2557              raiserror 19604, @opt1
2558              return (1)
2559          end
2560  
2561          /* Update fullcolname and fullkeyname */
2562          update #encrypted_table_info
2563          set fullcolname = username + "." + tabname + "." + colname
2564          where fullcolname is NULL
2565  
2566          update #encrypted_table_info
2567          set fullkeyname =
2568              case keyname
2569                  when NULL then keydbname + "." + convert(varchar(10), keyid)
2570                  else keydbname + "." + keyowner + "." + keyname
2571              end
2572          where fullkeyname is NULL
2573  
2574          exec sp_autoformat @fulltabname = #encrypted_table_info,
2575              @selectlist = "'Owner.Table.Column' = fullcolname, 'Db.Owner.Keyname' = fullkeyname",
2576              @orderby = "order by fullcolname, fullkeyname"
2577  
2578          drop table #encrypted_table_info
2579      end -- }
2580  
2581  
2582  
2583      /* 
2584      ** SP_ENCRYPTION HELPUSER [, USERNAME | WILDCARD] [, KEY_COPY | LOGIN_PASSWD_CHECK]
2585      **
2586      ** Displays the keys owned/assigned to a user in the current database.
2587      */
2588      if (@cmd = "helpuser")
2589      begin -- { helpuser	
2590  
2591          if ((@opt2 is not null) and (@opt2 not in ('key_copy', 'login_passwd_check')))
2592          begin
2593              /* 18291, "The parameter value '%1!' is invalid." */
2594              raiserror 18291, @opt2
2595              return 1
2596          end
2597  
2598          select @opt1_buf = @opt1
2599          if (@opt1_buf is NULL)
2600          begin
2601              select @opt1 = "%"
2602          end
2603  
2604          select @username = @opt1
2605  
2606          /* 
2607          ** list all base keys in current database 
2608          */
2609          if (@opt2 is null)
2610          begin --{
2611  
2612              create table #encr_basekeys_info(keyowner varchar(30) null,
2613                  keyname varchar(255) null,
2614                  protectedby varchar(30) null,
2615                  fullkeyname varchar(285) null)
2616  
2617  
2618              /* If user has manage any encryption key audit it. */
2619              if (@gp_enabled > 0 and @mnganyEK != 0)
2620              begin
2621                  select @dummy = proc_auditperm(
2622                          "manage any encryption key", @mAnyEKstat)
2623              end
2624              /* run by SSO/key custodian/DBO */
2625              if ((@gp_enabled = 0 and (@sso_role > 0
2626                              or @keycustodian_role > 0 or user_name() = "dbo"))
2627                      or (@mnganyEK > 0))
2628              begin
2629                  insert #encr_basekeys_info(keyowner, keyname, protectedby)
2630                  select user_name(o1.uid)
2631                      , o1.name
2632                      , case (e1.status & (@status_dualcontrol
2633                      | @login_password | @system_password
2634                      | @user_password | @status_master_encr))
2635                          when @login_password then "login password"
2636                          when @system_password then "system encryption password"
2637                          when @user_password then "user password"
2638                          when @status_master_encr then "master key"
2639                          when (@status_dualcontrol | @user_password)
2640                          then "dual_control(master key + user password)"
2641                          when (@status_dualcontrol | @login_password)
2642                          then "dual_control(master key + login password)"
2643                          when (@status_dualcontrol | @status_master_encr)
2644                          then "dual_control(master key + dual master key)"
2645                      end
2646                  from sysobjects o1, sysencryptkeys e1
2647                  where o1.id = e1.id
2648                      and e1.type & @key_copy = 0
2649                      and user_name(o1.uid) like @username
2650  
2651  
2652                  if not exists (select 1 from #encr_basekeys_info)
2653                  begin
2654                      /*
2655                      ** 19616, "There are no encryption keys for user 
2656                      ** name like '%1!'."
2657                      */
2658                      raiserror 19616, @opt1
2659                      return (1)
2660                  end
2661  
2662                  /* update #encr_basekeys_info to fill fullkeyname column */
2663                  update #encr_basekeys_info
2664                  set fullkeyname = keyowner + "." + keyname
2665                  where fullkeyname is NULL
2666  
2667                  /* display the base encryption keys */
2668                  exec sp_autoformat @fulltabname = #encr_basekeys_info,
2669                      @selectlist = "	'Owner.Keyname' = fullkeyname,
2670  					'Protected By' = protectedby",
2671                      @orderby = "order by fullkeyname"
2672              end
2673              else
2674              /* run by a non-privileged user */
2675              begin
2676  
2677                  /* 
2678                  ** a non-priviledged user is only allowed to 
2679                  ** check his own keys 
2680                  */
2681                  if (user_name() not like @username)
2682                  begin
2683                      /*
2684                      ** 19632. "You are not authorized to check keys (key copies) 
2685                      ** for user name like '%1!'."
2686                      */
2687                      raiserror 19632, @opt1
2688                      return (1)
2689                  end
2690                  insert #encr_basekeys_info(keyowner, keyname, protectedby)
2691                  select user_name(o1.uid)
2692                      , o1.name
2693                      , case (e1.status & (@status_dualcontrol
2694                      | @login_password | @system_password
2695                      | @user_password | @status_mek_encr))
2696                          when @login_password then "login password"
2697                          when @system_password then "system encryption password"
2698                          when @user_password then "user password"
2699                          when @status_master_encr then "master key"
2700                          when (@status_dualcontrol | @user_password)
2701                          then "dual_control(master key + user password)"
2702                          when (@status_dualcontrol | @login_password)
2703                          then "dual_control(master key + login password)"
2704                          when (@status_dualcontrol | @status_master_encr)
2705                          then "dual_control(master key + dual master key)"
2706                      end
2707                  from sysobjects o1, sysencryptkeys e1
2708                  where o1.id = e1.id
2709                      and e1.type & @key_copy = 0
2710                      and user_name(o1.uid) like @username
2711                      and user_name(o1.uid) = user_name()
2712  
2713                  if not exists (select 1 from #encr_basekeys_info)
2714                  begin
2715                      /*
2716                      ** 19616, "There are no encryption keys (key copies) 
2717                      ** for user name like '%1!'."
2718                      */
2719                      raiserror 19616, @callername
2720                      return (1)
2721                  end
2722  
2723                  /* update #encr_basekeys_info to fill fullkeyname column */
2724                  update #encr_basekeys_info
2725                  set fullkeyname = keyowner + "." + keyname
2726                  where fullkeyname is NULL
2727  
2728                  /* display the base encryption keys */
2729                  exec sp_autoformat @fulltabname = #encr_basekeys_info,
2730                      @selectlist = "	'Owner.Keyname' = fullkeyname,
2731  					'Protected By' = protectedby",
2732                      @orderby = "order by fullkeyname"
2733              end
2734              drop table #encr_basekeys_info
2735          end --}
2736          /* 
2737          ** SP_ENCRYPTION HELPUSER, USERNAME|WILDCARD, KEY_COPY 
2738          */
2739          else if (@opt2 = "key_copy")
2740          begin -- { key_copy
2741              /* Accumulate encryption key info in a temporary table */
2742              create table #encr_keycopies_info(keyowner varchar(30) null,
2743                  keyname varchar(255) null,
2744                  assignee varchar(30) null,
2745                  protectedby varchar(30) null,
2746                  keyrecovery int null,
2747                  fullkeyname varchar(285) null)
2748  
2749              /* If user has manage any encryption key audit it. */
2750              if (@gp_enabled > 0 and @mnganyEK != 0)
2751              begin
2752                  select @dummy = proc_auditperm(
2753                          "manage any encryption key", @mAnyEKstat)
2754              end
2755              /* run by SSO/key custodian/DBO */
2756              if ((@gp_enabled = 0 and (@sso_role > 0
2757                              or @keycustodian_role > 0 or user_name() = "dbo"))
2758                      or (@mnganyEK > 0))
2759              begin -- { key_copy privileged
2760                  insert #encr_keycopies_info(keyowner, keyname, assignee,
2761                      protectedby, keyrecovery)
2762                  select user_name(o1.uid)
2763                      , o1.name
2764                      , user_name(e1.uid)
2765                      , case (e1.status & (@status_dualcontrol
2766                      | @status_master_encr | @login_access
2767                      | @login_password | @system_password
2768                      | @user_password | @status_mek_encr))
2769                          when (@login_access | @system_password) then "login access"
2770                          when (@login_access | @status_master_encr) then "login access"
2771                          when @login_password then "login password"
2772                          when @system_password then "system encryption password"
2773                          when @user_password then "user password"
2774                          when @status_master_encr then "master key"
2775                          when (@status_dualcontrol | @user_password)
2776                          then "dual_control(master key + user password)"
2777                          when (@status_dualcontrol | @login_access | @status_master_encr)
2778                          then "dual_control(login access)"
2779                          when (@status_dualcontrol | @login_password)
2780                          then "dual_control(master key + login password)"
2781                          when (@status_dualcontrol | @status_master_encr)
2782                          then "dual_control(master key + dual master key)"
2783                          when (@status_mek_encr) then "automatic startup key"
2784                      end
2785                      , case (e1.type & @key_recovery)
2786                          when 0 then 0
2787                          else 1
2788                      end
2789                  from sysobjects o1, sysencryptkeys e1
2790                  where o1.id = e1.id
2791                      and e1.type & @key_copy > 0
2792                      and user_name(e1.uid) like @username
2793  
2794                  if not exists (select 1 from #encr_keycopies_info)
2795                  begin
2796                      /*
2797                      ** 19616, "There are no encryption keys (key copies) 
2798                      ** for user name like '%1!'."
2799                      */
2800                      raiserror 19616, @opt1
2801                      return (1)
2802                  end
2803  
2804                  /* Update #encr_keycopies_info to fill fullkeyname column */
2805                  update #encr_keycopies_info
2806                  set fullkeyname = keyowner + "." + keyname
2807                  where fullkeyname is NULL
2808  
2809                  /* Display the encryption key info */
2810                  exec sp_autoformat @fulltabname = #encr_keycopies_info,
2811                      @selectlist = "'Owner.Keyname' = fullkeyname,
2812  				       'Assignee' = assignee,
2813  				       'Protected By' = protectedby,
2814  				       'Key Recovery' = keyrecovery",
2815                      @orderby = "order by assignee"
2816              end -- } key_copy privileged	
2817              /* Run by non-privileged users */
2818              else
2819              begin -- { key_copy non-priv
2820  
2821                  /* 
2822                  ** a non-priviledged user is only allowed to 
2823                  ** check his own keys 
2824                  */
2825                  if (user_name() not like @username)
2826                  begin
2827                      /*
2828                      ** 19632. "You are not authorized to check keys (key copies) 
2829                      ** for user name like '%1!'."
2830                      */
2831                      raiserror 19632, @opt1
2832                      return (1)
2833                  end
2834  
2835                  insert #encr_keycopies_info(keyowner, keyname, assignee,
2836                      protectedby, keyrecovery)
2837                  select user_name(o1.uid)
2838                      , o1.name
2839                      , user_name(e1.uid)
2840                      , case (e1.status & (@status_dualcontrol
2841                      | @status_master_encr | @login_access
2842                      | @login_password | @system_password
2843                      | @user_password | @status_mek_encr))
2844                          when (@login_access | @system_password) then "login access"
2845                          when (@login_access | @status_master_encr) then "login access"
2846                          when @login_password then "login password"
2847                          when @system_password then "system encryption password"
2848                          when @user_password then "user password"
2849                          when @status_master_encr then "master key"
2850                          when (@status_dualcontrol | @user_password)
2851                          then "dual_control(master key + user password)"
2852                          when (@status_dualcontrol | @login_access | @status_master_encr)
2853                          then "dual_control(login access)"
2854                          when (@status_dualcontrol | @login_password)
2855                          then "dual_control(master key + login password)"
2856                          when (@status_dualcontrol | @status_master_encr)
2857                          then "dual_control(master key + dual master key)"
2858                          when (@status_mek_encr) then "automatic startup key"
2859                      end
2860                      , case (e1.type & @key_recovery)
2861                          when 0 then 0
2862                          else 1
2863                      end
2864                  from sysobjects o1, sysencryptkeys e1
2865                  where o1.id = e1.id
2866                      and e1.type & @key_copy > 0
2867                      and user_name(e1.uid) like @username
2868                      and user_name(e1.uid) like user_name()
2869  
2870                  if not exists (select 1 from #encr_keycopies_info)
2871                  begin
2872                      /*
2873                      ** 19616, "There are no encryption keys (key copies) 
2874                      ** for user name like '%1!'."
2875                      */
2876                      raiserror 19616, @callername
2877                      return (1)
2878                  end
2879  
2880                  /* update #encr_keycopies_info to fill fullkeyname column */
2881                  update #encr_keycopies_info
2882                  set fullkeyname = keyowner + "." + keyname
2883                  where fullkeyname is NULL
2884  
2885                  /* Display the encryption key info */
2886                  exec sp_autoformat @fulltabname = #encr_keycopies_info,
2887                      @selectlist = "'Owner.Keyname' = fullkeyname,
2888  				       'Assignee' = assignee,
2889  				       'Protected By' = protectedby,
2890  				       'Key Recovery' = keyrecovery",
2891                      @orderby = "order by assignee"
2892  
2893              end -- } key_copy non-priv
2894              drop table #encr_keycopies_info
2895          end -- } key_copy
2896  
2897          /*
2898          ** SP_ENCRYPTION HELPUSER, USERNAME|WILDCARD, LOGIN_PASSWD_CHECK
2899          */
2900          else if (@opt2 = "login_passwd_check")
2901          begin -- { LOGIN_PASSWD_CHECK
2902              /* Accumulate login passwd and login access keycopy info in a temporary table */
2903              create table #encr_loginpwdcheck_info(keyowner varchar(30) null,
2904                  keyname varchar(255) null,
2905                  assignee varchar(30) null,
2906                  protectedby varchar(30) null,
2907                  fullkeyname varchar(285) null,
2908                  dateofupdate datetime null,
2909                  consistent int null)
2910  
2911              /* If user has manage any encryption key audit it. */
2912              if (@gp_enabled > 0 and @mnganyEK != 0)
2913              begin
2914                  select @dummy = proc_auditperm(
2915                          "manage any encryption key", @mAnyEKstat)
2916              end
2917              /* run by SSO/key custodian/DBO */
2918              if ((@gp_enabled = 0 and (@sso_role > 0
2919                              or @keycustodian_role > 0 or user_name() = "dbo"))
2920                      or (@mnganyEK > 0))
2921              begin
2922                  insert #encr_loginpwdcheck_info(keyowner, keyname, assignee,
2923                      protectedby, dateofupdate)
2924                  select user_name(o1.uid), o1.name, user_name(e1.uid)
2925                      , case e1.status & (@status_dualcontrol | @login_access | @login_password)
2926                          when (@login_access) then "login access"
2927                          when (@login_password) then "login password"
2928                          when (@status_dualcontrol | @login_access)
2929                          then "dual_control(login access)"
2930                          when (@status_dualcontrol | @login_password)
2931                          then "dual_control(master key + login password)"
2932                      end
2933                      , e1.pwdate
2934                  from sysobjects o1, sysencryptkeys e1
2935                  where o1.id = e1.id
2936                      and e1.type & @key_copy > 0
2937                      and (((e1.status & @login_access) > 0)
2938                          or ((e1.status & @login_password) > 0))
2939                      and user_name(e1.uid) like @username
2940  
2941                  if not exists (select 1 from #encr_loginpwdcheck_info)
2942                  begin
2943                      /*
2944                      ** 19616, "There are no encryption keys (key copies) 
2945                      ** for user name like '%1!'."
2946                      */
2947                      raiserror 19616, @opt1
2948                      return (1)
2949                  end
2950  
2951                  /* Update #encr_loginpwdcheck_info to fill fullkeyname column */
2952                  update #encr_loginpwdcheck_info
2953                  set fullkeyname = keyowner + "." + keyname
2954                  where fullkeyname is NULL
2955  
2956                  /* Update #encr_loginpwdcheck_info to fill consistent column */
2957                  update #encr_loginpwdcheck_info
2958                  set consistent =
2959                      case
2960                          when (datediff(ss, l.pwdate, e.pwdate) >= 0) then 1
2961                          else 0
2962                      end
2963                  from master..syslogins l, sysencryptkeys e, sysusers u, sysobjects o
2964                  where e.uid = u.uid
2965                      and u.suid = l.suid
2966                      and o.id = e.id
2967                      and assignee = user_name(e.uid)
2968                      and keyname = o.name
2969  
2970                  /* Display the encryption key info */
2971                  exec sp_autoformat @fulltabname = #encr_loginpwdcheck_info,
2972                      @selectlist = "	'Owner.Keyname' = fullkeyname,
2973  					'Assignee' = assignee,
2974  					'Protected By' = protectedby,
2975  					'Last Updated' = dateofupdate,
2976  					'Synchronized with Password' = consistent",
2977                      @orderby = "order by assignee"
2978              end
2979              /* Run by non-privileged users */
2980              else
2981              begin
2982  
2983                  /* 
2984                  ** a non-priviledged user is only allowed to 
2985                  ** check his own key copies 
2986                  */
2987                  if (user_name() not like @username)
2988                  begin
2989                      /*
2990                      ** 19632. "You are not authorized to check keys (key copies) 
2991                      ** for user name like '%1!'."
2992                      */
2993                      raiserror 19632, @opt1
2994                      return (1)
2995                  end
2996  
2997                  insert #encr_loginpwdcheck_info(keyowner, keyname, assignee,
2998                      protectedby, dateofupdate)
2999                  select user_name(o1.uid), o1.name, user_name(e1.uid)
3000                      , case e1.status & (@status_dualcontrol | @login_access | @login_password)
3001                          when (@login_access) then "login access"
3002                          when (@login_password) then "login password"
3003                          when (@status_dualcontrol | @login_access)
3004                          then "dual_control(login access)"
3005                          when (@status_dualcontrol | @login_password)
3006                          then "dual_control(master key + login password)"
3007                      end
3008                      , e1.pwdate
3009                  from sysobjects o1, sysencryptkeys e1
3010                  where o1.id = e1.id
3011                      and e1.type & @key_copy > 0
3012                      and (((e1.status & @login_access) > 0)
3013                          or ((e1.status & @login_password) > 0))
3014                      and user_name(e1.uid) like @username
3015                      and user_name(e1.uid) like user_name()
3016  
3017                  if not exists (select 1 from #encr_loginpwdcheck_info)
3018                  begin
3019                      /*	
3020                      ** 19616, "There are no encryption keys (key copies) 
3021                      ** for user name like '%1!'."
3022                      */
3023                      raiserror 19616, @callername
3024                      return (1)
3025                  end
3026  
3027                  /* Update #encr_loginpwdcheck_info to fill fullkeyname column */
3028                  update #encr_loginpwdcheck_info
3029                  set fullkeyname = keyowner + "." + keyname
3030                  where fullkeyname is NULL
3031  
3032                  /* Update #encr_loginpwdcheck_info to fill consistent column */
3033                  update #encr_loginpwdcheck_info
3034                  set consistent =
3035                      case
3036                          when (datediff(ss, l.pwdate, e.pwdate) >= 0) then 1
3037                          else 0
3038                      end
3039                  from master..syslogins l, sysencryptkeys e, sysusers u, sysobjects o
3040                  where e.uid = u.uid
3041                      and u.suid = l.suid
3042                      and o.id = e.id
3043                      and assignee = user_name(e.uid)
3044                      and keyname = o.name
3045  
3046                  /* Display the encryption key info */
3047                  exec sp_autoformat @fulltabname = #encr_loginpwdcheck_info,
3048                      @selectlist = "	'Owner.Keyname' = fullkeyname,
3049  					'Assignee' = assignee,
3050  					'Protected By' = protectedby,
3051  					'Last Updated' = dateofupdate,
3052  					'Synchronized with Password' = consistent",
3053                      @orderby = "order by assignee"
3054              end
3055              drop table #encr_loginpwdcheck_info
3056          end -- } LOGIN_PASSWD_CHECK
3057      end -- } helpuser
3058  
3059      /*
3060      ** Check external password status.
3061      */
3062      if (@cmd = "helpextpasswd")
3063      begin -- { helpextpasswd
3064  
3065          if (@gp_enabled = 0 and @sso_role = 0)
3066          begin
3067              /*
3068              ** 19951 "Permission denied. This operation requires 
3069              **        System Security Officer (sso_role) role."
3070              */
3071              raiserror 19951
3072              return (1)
3073          end
3074          else if (@gp_enabled > 0)
3075          begin
3076              select @dummy = proc_auditperm("manage service key",
3077                      @mSRVCKstat)
3078              if (@mSRVCKstat != 0)
3079                  return 1
3080          end
3081  
3082          /* 
3083          ** Put external passwords info into a 
3084          ** temporary table
3085          */
3086          create table #extpasswd_status_info(
3087              dbname varchar(50) null,
3088              passwdtype varchar(50) null,
3089              extluser varchar(255) null,
3090              status varchar(30) null)
3091  
3092          select @dbname = db_name()
3093  
3094          /* Add ssl password infomation */
3095          insert #extpasswd_status_info(passwdtype, extluser, status)
3096          select "SSL_CERTIFICATE_PASSWORD", "-",
3097              case
3098                  when (char_value like "5:%")
3099                  then "FIPS Encryption"
3100                  when (char_value like "0:0000000000000000")
3101                  then "Needs Reset"
3102                  else
3103                      "Legacy Encryption"
3104              end
3105          from sysattributes
3106          where class = 15
3107  
3108          /* Add LDAP account password information */
3109          insert #extpasswd_status_info(passwdtype, extluser, status)
3110          select
3111              case
3112                  when (attribute = 3)
3113                  then "PRIMARY_LDAPACCESS_PASSWORD"
3114                  when (attribute = 8)
3115                  then "SECONDARY_LDAPACCESS_PASSWORD"
3116              end
3117              , "-",
3118              case
3119                  when (char_value like "5:%")
3120                  then "FIPS Encryption"
3121                  when (char_value like "0:0000000000000000")
3122                  then "Needs Reset"
3123                  else
3124                      "Legacy Encryption"
3125              end
3126          from sysattributes
3127          where class = 17 and (attribute = 3 or attribute = 8)
3128  
3129          /* Add RA password information */
3130          declare rapasswd_cursor cursor for
3131          select char_value, object_info1 from sysattributes
3132          where class = 11 and attribute = 2
3133          open rapasswd_cursor
3134          fetch rapasswd_cursor into @ra_pwd, @rpid
3135          while (@@sqlstatus = 0)
3136          begin -- {
3137              insert #extpasswd_status_info(passwdtype, extluser, status)
3138              select "REPAGNT_RS_PASSWORD",
3139                  case
3140                      when (@rpid is null or @rpid = 0)
3141                      then "Default"
3142                      else
3143                              (select att1.char_value
3144                              from sysattributes att1, sysattributes att2, sysattributes att3
3145                              where att1.class = 41 and att1.attribute = 22
3146                                  and att2.int_value = 0 and att1.object_info1 = att2.object_info1
3147                                  and att3.attribute = 20 and att3.object_info1 = att2.object_info1
3148                                  and att3.object_info2 = (select object_info1 from sysattributes
3149                                      where class = 41 and attribute = 0 and object_info2 = @rpid))
3150                  end,
3151                  case
3152                      when (@ra_pwd like "5:%")
3153                      then "FIPS Encryption"
3154                      when (@ra_pwd like "0:0000000000000000")
3155                      then "Needs Reset"
3156                      else
3157                          "Legacy Encryption"
3158                  end
3159              fetch rapasswd_cursor into @ra_pwd, @rpid
3160          end -- }
3161          close rapasswd_cursor
3162          deallocate cursor rapasswd_cursor
3163  
3164          /* Add CIS external login passwords information */
3165          insert #extpasswd_status_info(passwdtype, extluser, status)
3166          select "CIS_LOGIN_PASSWORD",
3167              suser_name(object),
3168              case
3169                  when (image_value like "5:%")
3170                  then "FIPS Encryption"
3171                  when (image_value like "0:0000000000000000")
3172                  then "Needs Reset"
3173                  else
3174                      "Legacy Encryption"
3175              end
3176          from sysattributes
3177          where class = 9 and attribute = 0
3178  
3179          /* Add RTMS external login passwords information */
3180          insert #extpasswd_status_info(passwdtype, extluser, status)
3181          select "RTMS_LOGIN_PASSWORD",
3182              suser_name(object),
3183              case
3184                  when (image_value like "5:%")
3185                  then "FIPS Encryption"
3186                  when (image_value like "0:0000000000000000")
3187                  then "Needs Reset"
3188                  else
3189                      "Legacy Encryption"
3190              end
3191          from sysattributes
3192          where class = 21 and attribute = 0
3193  
3194          /* Add RTMS subscription passwords information */
3195          insert #extpasswd_status_info(passwdtype, extluser, status)
3196          select "RTMS_SUBSCRIPTION_PASSWORD",
3197              "-",
3198              case
3199                  when (image_value like "5:%")
3200                  then "FIPS Encryption"
3201                  when (image_value like "0:0000000000000000")
3202                  then "Needs Reset"
3203                  else
3204                      "Legacy Encryption"
3205              end
3206          from sysattributes
3207          where class = 21 and attribute = 1
3208  
3209          update #extpasswd_status_info
3210          set dbname = @dbname
3211          where dbname is NULL
3212  
3213          /*
3214          ** Display the encrypted external password info
3215          */
3216          exec sp_autoformat @fulltabname = #extpasswd_status_info,
3217              @selectlist = "'Database Name' = dbname, 'Password Type' = passwdtype,  'Login Name' = extluser, 'Status' = status",
3218              @orderby = "order by dbname, passwdtype, extluser, status"
3219  
3220          drop table #extpasswd_status_info
3221  
3222          return (0)
3223      end --  } helpextpasswd
3224  
3225      if (@retval != 1)
3226      begin
3227          return (0)
3228      end
3229      else
3230      begin
3231  usage:
3232          print "sp_encryption Usage: sp_encryption command [, option1 [, option2]]"
3233          print "sp_encryption commands:"
3234          print "sp_encryption 'system_encr_passwd', 'newpasswd'[, 'oldpasswd']"
3235          print "sp_encryption 'mkey_startup_file'[, {'newpath' | 'default_location' | 'null'} [, {sync_with_mem | sync_with_qrm}]]"
3236          print "sp_encryption 'help'[, {'keyname'|'master'|'dual master'}[, 'display_cols']]"
3237          print "sp_encryption 'help'[, 'servicekeyname'[, 'display_objs']]"
3238          print "sp_encryption 'helpkey'[, {'keyname'|'master'|'dual master'}[, 'display_cols'|'all_dbs'|'key_copy']]"
3239          print "sp_encryption 'helpkey', 'system_encr_passwd'"
3240          print "sp_encryption 'helpkey', {'master'|'dual master'} [, 'display_keys' | 'all_dbs']"
3241          print "sp_encryption 'helpcol'[, 'colname'][, 'display_keys']]"
3242          print "sp_encryption 'helpuser'[, 'username'][, 'key_copy', 'login_passwd_check']"
3243          print "sp_encryption 'downgrade_kek_size' [, 'true'|'false']"
3244          print "sp_encryption 'helpextpasswd'"
3245      end
3246      return (1)
3247  


exec sp_procxmode 'sp_encryption', 'AnyMode'
go

Grant Execute on sp_encryption to public
go
DEFECTS
 QCAR 6 Cartesian product between tables sybsystemprocs..sysobjects o1 and [sybsystemprocs..sysattributes a1] 848
 QCAR 6 Cartesian product between tables sybsystemprocs..sysobjects o1 and [sybsystemprocs..sysattributes a1] 874
 MCTR 4 Conditional Begin Tran or Commit Tran 305
 MCTR 4 Conditional Begin Tran or Commit Tran 338
 MCTR 4 Conditional Begin Tran or Commit Tran 405
 MCTR 4 Conditional Begin Tran or Commit Tran 432
 MCTR 4 Conditional Begin Tran or Commit Tran 491
 MCTR 4 Conditional Begin Tran or Commit Tran 526
 MEST 4 Empty String will be replaced by Single Space 600
 MEST 4 Empty String will be replaced by Single Space 776
 MEST 4 Empty String will be replaced by Single Space 779
 MEST 4 Empty String will be replaced by Single Space 791
 MINU 4 Unique Index with nullable columns master..sysattributes master..sysattributes
 MINU 4 Unique Index with nullable columns sybsystemprocs..sysattributes sybsystemprocs..sysattributes
 MINU 4 Unique Index with nullable columns sybsystemprocs..sysencryptkeys sybsystemprocs..sysencryptkeys
 MTYP 4 Assignment type mismatch @objname: varchar(255) = varchar(768) 1097
 MTYP 4 Assignment type mismatch @opt1_buf: varchar(575) = varchar(768) 1098
 MTYP 4 Assignment type mismatch objname: varchar(30) = longsysname(255) 1610
 MTYP 4 Assignment type mismatch @opt1_buf: varchar(575) = varchar(768) 2321
 MTYP 4 Assignment type mismatch @objname: varchar(255) = varchar(575) 2387
 MTYP 4 Assignment type mismatch @colname: varchar(255) = varchar(575) 2394
 MTYP 4 Assignment type mismatch @objname: varchar(255) = varchar(768) 2401
 MTYP 4 Assignment type mismatch @opt1_buf: varchar(575) = varchar(768) 2598
 MTYP 4 Assignment type mismatch @username: varchar(30) = varchar(768) 2604
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 781
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 902
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 980
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 1080
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 1357
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 1574
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 1628
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 1860
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 2019
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 2038
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 2146
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 2219
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 2280
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 2574
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 2668
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 2729
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 2810
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 2886
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 2971
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 3047
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 3216
 QCAS 4 Cartesian product with single row between tables sybsystemprocs..syscomments m and [sybsystemprocs..sysobjects o1], 1 tables with rc=1 1609
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use SARG Candidate index: sysencryptkeys.csysencryptkeys unique clustered
(id, type, uid)
Intersection: {uid}
876
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use SARG Candidate index: sysobjects.ncsysobjects unique
(name, uid)
Intersection: {uid}
877
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use JOIN Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {object_info1}
Uncovered: [class, attribute, object_type, object, object_info2, object_info3, object_cinfo]
1498
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use JOIN Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {object_info1}
Uncovered: [object_type, object, object_info2, object_info3, object_cinfo]
1498
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use JOIN Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {object_info1}
Uncovered: [class, attribute, object_type, object, object_info2, object_info3, object_cinfo]
1499
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use JOIN Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {object_info1}
Uncovered: [class, object_type, object, object_info3, object_cinfo]
1499
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use SARG Candidate index: syscomments.csyscomments unique clustered
(id, number, colid2, colid, texttype)
Intersection: {colid}
1612
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use SARG Candidate index: sysencryptkeys.csysencryptkeys unique clustered
(id, type, uid)
Intersection: {type}
2104
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use SARG Candidate index: sysencryptkeys.csysencryptkeys unique clustered
(id, type, uid)
Intersection: {uid, type}
2196
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use SARG Candidate index: sysencryptkeys.csysencryptkeys unique clustered
(id, type, uid)
Intersection: {type}
2648
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use SARG Candidate index: sysobjects.ncsysobjects unique
(name, uid)
Intersection: {uid}
2649
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use SARG Candidate index: sysencryptkeys.csysencryptkeys unique clustered
(id, type, uid)
Intersection: {type}
2709
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use SARG Candidate index: sysobjects.ncsysobjects unique
(name, uid)
Intersection: {uid}
2710
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use SARG Candidate index: sysencryptkeys.csysencryptkeys unique clustered
(id, type, uid)
Intersection: {uid, type}
2791
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use SARG Candidate index: sysencryptkeys.csysencryptkeys unique clustered
(id, type, uid)
Intersection: {uid, type}
2866
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use SARG Candidate index: sysencryptkeys.csysencryptkeys unique clustered
(id, type, uid)
Intersection: {uid, type}
2936
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use SARG Candidate index: sysencryptkeys.csysencryptkeys unique clustered
(id, type, uid)
Intersection: {uid, type}
3011
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use JOIN Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {object_info1}
Uncovered: [class, attribute, object_type, object, object_info2, object_info3, object_cinfo]
3146
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use JOIN Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {object_info1}
Uncovered: [object_type, object, object_info2, object_info3, object_cinfo]
3146
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use JOIN Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {object_info1}
Uncovered: [class, attribute, object_type, object, object_info2, object_info3, object_cinfo]
3147
 QPUI 4 Join or Sarg with Un-Rooted Partial Index Use JOIN Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {object_info1}
Uncovered: [class, object_type, object, object_info3, object_cinfo]
3147
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 269
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 462
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 463
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 851
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 852
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 878
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 879
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 1450
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 1461
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 1471
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 1482
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 1497
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 1499
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 1501
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 1511
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 1531
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 1533
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 1552
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 1554
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 1613
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 3106
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 3112
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 3114
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 3127
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 3132
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 3145
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 3147
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 3149
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 3177
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 3192
 QTYP 4 Comparison type mismatch Comparison type mismatch: smallint vs int 3207
 CUNU 3 Cursor not updated: cursor should contain 'for read only' clause database_cursor 644
 CUNU 3 Cursor not updated: cursor should contain 'for read only' clause database_cursor 1220
 CUNU 3 Cursor not updated: cursor should contain 'for read only' clause rapasswd_cursor 1481
 CUNU 3 Cursor not updated: cursor should contain 'for read only' clause extlpasswd_cursor 1510
 CUNU 3 Cursor not updated: cursor should contain 'for read only' clause rtmspasswd_cursor 1530
 CUNU 3 Cursor not updated: cursor should contain 'for read only' clause rtmssubpasswd_cursor 1551
 CUNU 3 Cursor not updated: cursor should contain 'for read only' clause commkey_cursor 1596
 CUNU 3 Cursor not updated: cursor should contain 'for read only' clause db_cursor 1703
 CUNU 3 Cursor not updated: cursor should contain 'for read only' clause db_cursor 2484
 CUNU 3 Cursor not updated: cursor should contain 'for read only' clause rapasswd_cursor 3131
 MAW1 3 Warning message on %name% sybsystemprocs..sysencryptkeys.id: Warning message on sysencryptkeys 849
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 849
 MAW1 3 Warning message on %name% sybsystemprocs..sysencryptkeys.id: Warning message on sysencryptkeys 875
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 875
 MAW1 3 Warning message on %name% sybsystemprocs..sysencryptkeys.id: Warning message on sysencryptkeys 1057
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 1057
 MAW1 3 Warning message on %name% sybsystemprocs..syscolumns.id: Warning message on syscolumns 1325
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 1325
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 1326
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 1596
 MAW1 3 Warning message on %name% sybsystemprocs..syscomments.id: Warning message on syscomments 1613
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 1613
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 1614
 MAW1 3 Warning message on %name% sybsystemprocs..sysencryptkeys.id: Warning message on sysencryptkeys 2103
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 2103
 MAW1 3 Warning message on %name% sybsystemprocs..sysencryptkeys.id: Warning message on sysencryptkeys 2195
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 2195
 MAW1 3 Warning message on %name% sybsystemprocs..sysencryptkeys.id: Warning message on sysencryptkeys 2267
 MAW1 3 Warning message on %name% sybsystemprocs..sysencryptkeys.id: Warning message on sysencryptkeys 2268
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 2268
 MAW1 3 Warning message on %name% sybsystemprocs..syscolumns.id: Warning message on syscolumns 2456
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 2456
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 2546
 MAW1 3 Warning message on %name% sybsystemprocs..sysencryptkeys.id: Warning message on sysencryptkeys 2647
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 2647
 MAW1 3 Warning message on %name% sybsystemprocs..sysencryptkeys.id: Warning message on sysencryptkeys 2708
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 2708
 MAW1 3 Warning message on %name% sybsystemprocs..sysencryptkeys.id: Warning message on sysencryptkeys 2790
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 2790
 MAW1 3 Warning message on %name% sybsystemprocs..sysencryptkeys.id: Warning message on sysencryptkeys 2865
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 2865
 MAW1 3 Warning message on %name% sybsystemprocs..sysencryptkeys.id: Warning message on sysencryptkeys 2935
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 2935
 MAW1 3 Warning message on %name% sybsystemprocs..sysencryptkeys.id: Warning message on sysencryptkeys 2966
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 2966
 MAW1 3 Warning message on %name% sybsystemprocs..sysencryptkeys.id: Warning message on sysencryptkeys 3010
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 3010
 MAW1 3 Warning message on %name% sybsystemprocs..sysencryptkeys.id: Warning message on sysencryptkeys 3042
 MAW1 3 Warning message on %name% sybsystemprocs..sysobjects.id: Warning message on sysobjects 3042
 MGTP 3 Grant to public master..sysattributes  
 MGTP 3 Grant to public master..sysdatabases  
 MGTP 3 Grant to public master..syslogins  
 MGTP 3 Grant to public sybsystemprocs..sp_encryption  
 MGTP 3 Grant to public sybsystemprocs..sysattributes  
 MGTP 3 Grant to public sybsystemprocs..syscolumns  
 MGTP 3 Grant to public sybsystemprocs..syscomments  
 MGTP 3 Grant to public sybsystemprocs..sysobjects  
 MGTP 3 Grant to public sybsystemprocs..sysusers  
 MLCH 3 Char type with length>30 char(32) 64
 MNAC 3 Not using ANSI 'is null' 920
 MNER 3 No Error Check should check return value of exec 188
 MNER 3 No Error Check should check return value of exec 213
 MNER 3 No Error Check should check return value of exec 216
 MNER 3 No Error Check should check return value of exec 219
 MNER 3 No Error Check should check return value of exec 222
 MNER 3 No Error Check should check return value of exec 601
 MNER 3 No Error Check should check @@error after truncate 679
 MNER 3 No Error Check should check @@error after truncate 684
 MNER 3 No Error Check should check @@error after truncate 690
 MNER 3 No Error Check should check @@error after truncate 692
 MNER 3 No Error Check should check @@error after truncate 694
 MNER 3 No Error Check should check @@error after truncate 700
 MNER 3 No Error Check should check @@error after truncate 703
 MNER 3 No Error Check should check @@error after truncate 706
 MNER 3 No Error Check should check @@error after truncate 709
 MNER 3 No Error Check should check @@error after truncate 714
 MNER 3 No Error Check should check @@error after truncate 717
 MNER 3 No Error Check should check @@error after truncate 721
 MNER 3 No Error Check should check @@error after update 738
 MNER 3 No Error Check should check return value of exec 777
 MNER 3 No Error Check should check return value of exec 780
 MNER 3 No Error Check should check return value of exec 792
 MNER 3 No Error Check should check @@error after insert 846
 MNER 3 No Error Check should check @@error after insert 872
 MNER 3 No Error Check should check @@error after update 897
 MNER 3 No Error Check should check return value of exec 902
 MNER 3 No Error Check should check return value of exec 980
 MNER 3 No Error Check should check @@error after insert 1054
 MNER 3 No Error Check should check @@error after update 1077
 MNER 3 No Error Check should check return value of exec 1080
 MNER 3 No Error Check should check @@error after update 1282
 MNER 3 No Error Check should check @@error after insert 1320
 MNER 3 No Error Check should check @@error after update 1350
 MNER 3 No Error Check should check return value of exec 1357
 MNER 3 No Error Check should check @@error after insert 1453
 MNER 3 No Error Check should check @@error after insert 1464
 MNER 3 No Error Check should check @@error after insert 1474
 MNER 3 No Error Check should check @@error after insert 1488
 MNER 3 No Error Check should check @@error after insert 1518
 MNER 3 No Error Check should check @@error after insert 1539
 MNER 3 No Error Check should check @@error after insert 1560
 MNER 3 No Error Check should check return value of exec 1574
 MNER 3 No Error Check should check @@error after insert 1607
 MNER 3 No Error Check should check @@error after update 1621
 MNER 3 No Error Check should check return value of exec 1628
 MNER 3 No Error Check should check @@error after insert 1776
 MNER 3 No Error Check should check @@error after update 1828
 MNER 3 No Error Check should check @@error after delete 1841
 MNER 3 No Error Check should check @@error after delete 1847
 MNER 3 No Error Check should check @@error after delete 1853
 MNER 3 No Error Check should check return value of exec 1860
 MNER 3 No Error Check should check @@error after insert 1935
 MNER 3 No Error Check should check @@error after delete 2000
 MNER 3 No Error Check should check @@error after delete 2006
 MNER 3 No Error Check should check @@error after delete 2012
 MNER 3 No Error Check should check return value of exec 2019
 MNER 3 No Error Check should check return value of exec 2038
 MNER 3 No Error Check should check @@error after insert 2071
 MNER 3 No Error Check should check @@error after delete 2115
 MNER 3 No Error Check should check @@error after delete 2122
 MNER 3 No Error Check should check @@error after update 2141
 MNER 3 No Error Check should check return value of exec 2146
 MNER 3 No Error Check should check @@error after insert 2161
 MNER 3 No Error Check should check @@error after update 2214
 MNER 3 No Error Check should check return value of exec 2219
 MNER 3 No Error Check should check @@error after insert 2264
 MNER 3 No Error Check should check return value of exec 2280
 MNER 3 No Error Check should check @@error after insert 2446
 MNER 3 No Error Check should check @@error after insert 2461
 MNER 3 No Error Check should check @@error after update 2542
 MNER 3 No Error Check should check @@error after update 2562
 MNER 3 No Error Check should check @@error after update 2566
 MNER 3 No Error Check should check return value of exec 2574
 MNER 3 No Error Check should check @@error after insert 2629
 MNER 3 No Error Check should check @@error after update 2663
 MNER 3 No Error Check should check return value of exec 2668
 MNER 3 No Error Check should check @@error after insert 2690
 MNER 3 No Error Check should check @@error after update 2724
 MNER 3 No Error Check should check return value of exec 2729
 MNER 3 No Error Check should check @@error after insert 2760
 MNER 3 No Error Check should check @@error after update 2805
 MNER 3 No Error Check should check return value of exec 2810
 MNER 3 No Error Check should check @@error after insert 2835
 MNER 3 No Error Check should check @@error after update 2881
 MNER 3 No Error Check should check return value of exec 2886
 MNER 3 No Error Check should check @@error after insert 2922
 MNER 3 No Error Check should check @@error after update 2952
 MNER 3 No Error Check should check @@error after update 2957
 MNER 3 No Error Check should check return value of exec 2971
 MNER 3 No Error Check should check @@error after insert 2997
 MNER 3 No Error Check should check @@error after update 3028
 MNER 3 No Error Check should check @@error after update 3033
 MNER 3 No Error Check should check return value of exec 3047
 MNER 3 No Error Check should check @@error after insert 3095
 MNER 3 No Error Check should check @@error after insert 3109
 MNER 3 No Error Check should check @@error after insert 3137
 MNER 3 No Error Check should check @@error after insert 3165
 MNER 3 No Error Check should check @@error after insert 3180
 MNER 3 No Error Check should check @@error after insert 3195
 MNER 3 No Error Check should check @@error after update 3209
 MNER 3 No Error Check should check return value of exec 3216
 MUCO 3 Useless Code Useless Brackets 151
 MUCO 3 Useless Code Useless Brackets 165
 MUCO 3 Useless Code Useless Brackets 171
 MUCO 3 Useless Code Useless Brackets 180
 MUCO 3 Useless Code Useless Brackets 191
 MUCO 3 Useless Code Useless Brackets 197
 MUCO 3 Useless Code Useless Brackets 203
 MUCO 3 Useless Code Useless Brackets 210
 MUCO 3 Useless Code Useless Brackets 225
 MUCO 3 Useless Code Useless Brackets 229
 MUCO 3 Useless Code Useless Brackets 233
 MUCO 3 Useless Code Useless Brackets 237
 MUCO 3 Useless Code Useless Brackets 241
 MUCO 3 Useless Code Useless Brackets 248
 MUCO 3 Useless Code Useless Brackets 250
 MUCO 3 Useless Code Useless Brackets 256
 MUCO 3 Useless Code Useless Brackets 261
 MUCO 3 Useless Code Useless Brackets 279
 MUCO 3 Useless Code Useless Brackets 282
 MUCO 3 Useless Code Useless Brackets 290
 MUCO 3 Useless Code Useless Brackets 294
 MUCO 3 Useless Code Useless Brackets 295
 MUCO 3 Useless Code Useless Brackets 315
 MUCO 3 Useless Code Useless Brackets 320
 MUCO 3 Useless Code Useless Brackets 323
 MUCO 3 Useless Code Useless Brackets 335
 MUCO 3 Useless Code Useless Brackets 342
 MUCO 3 Useless Code Useless Brackets 345
 MUCO 3 Useless Code Useless Brackets 354
 MUCO 3 Useless Code Useless Brackets 361
 MUCO 3 Useless Code Useless Brackets 363
 MUCO 3 Useless Code Useless Brackets 368
 MUCO 3 Useless Code Useless Brackets 369
 MUCO 3 Useless Code Useless Brackets 378
 MUCO 3 Useless Code Useless Brackets 382
 MUCO 3 Useless Code Useless Brackets 385
 MUCO 3 Useless Code Useless Brackets 395
 MUCO 3 Useless Code Useless Brackets 409
 MUCO 3 Useless Code Useless Brackets 414
 MUCO 3 Useless Code Useless Brackets 417
 MUCO 3 Useless Code Useless Brackets 429
 MUCO 3 Useless Code Useless Brackets 436
 MUCO 3 Useless Code Useless Brackets 439
 MUCO 3 Useless Code Useless Brackets 446
 MUCO 3 Useless Code Useless Brackets 458
 MUCO 3 Useless Code Useless Brackets 471
 MUCO 3 Useless Code Useless Brackets 481
 MUCO 3 Useless Code Useless Brackets 493
 MUCO 3 Useless Code Useless Brackets 499
 MUCO 3 Useless Code Useless Brackets 503
 MUCO 3 Useless Code Useless Brackets 508
 MUCO 3 Useless Code Useless Brackets 511
 MUCO 3 Useless Code Useless Brackets 523
 MUCO 3 Useless Code Useless Brackets 533
 MUCO 3 Useless Code Useless Brackets 580
 MUCO 3 Useless Code Useless Brackets 582
 MUCO 3 Useless Code Useless Brackets 584
 MUCO 3 Useless Code Useless Brackets 592
 MUCO 3 Useless Code Useless Brackets 597
 MUCO 3 Useless Code Useless Brackets 661
 MUCO 3 Useless Code Useless Brackets 669
 MUCO 3 Useless Code Useless Brackets 677
 MUCO 3 Useless Code Useless Brackets 688
 MUCO 3 Useless Code Useless Brackets 698
 MUCO 3 Useless Code Useless Brackets 712
 MUCO 3 Useless Code Useless Brackets 731
 MUCO 3 Useless Code Useless Brackets 741
 MUCO 3 Useless Code Useless Brackets 746
 MUCO 3 Useless Code Useless Brackets 749
 MUCO 3 Useless Code Useless Brackets 752
 MUCO 3 Useless Code Useless Brackets 754
 MUCO 3 Useless Code Useless Brackets 756
 MUCO 3 Useless Code Useless Brackets 758
 MUCO 3 Useless Code Useless Brackets 760
 MUCO 3 Useless Code Useless Brackets 762
 MUCO 3 Useless Code Useless Brackets 768
 MUCO 3 Useless Code Useless Brackets 808
 MUCO 3 Useless Code Useless Brackets 813
 MUCO 3 Useless Code Useless Brackets 816
 MUCO 3 Useless Code Useless Brackets 834
 MUCO 3 Useless Code Useless Brackets 842
 MUCO 3 Useless Code Useless Brackets 862
 MUCO 3 Useless Code Useless Brackets 890
 MUCO 3 Useless Code Useless Brackets 915
 MUCO 3 Useless Code Useless Brackets 920
 MUCO 3 Useless Code Useless Brackets 930
 MUCO 3 Useless Code Useless Brackets 939
 MUCO 3 Useless Code Useless Brackets 941
 MUCO 3 Useless Code Useless Brackets 946
 MUCO 3 Useless Code Useless Brackets 947
 MUCO 3 Useless Code Useless Brackets 956
 MUCO 3 Useless Code Useless Brackets 974
 MUCO 3 Useless Code Useless Brackets 986
 MUCO 3 Useless Code Useless Brackets 995
 MUCO 3 Useless Code Useless Brackets 1006
 MUCO 3 Useless Code Useless Brackets 1014
 MUCO 3 Useless Code Useless Brackets 1016
 MUCO 3 Useless Code Useless Brackets 1020
 MUCO 3 Useless Code Useless Brackets 1021
 MUCO 3 Useless Code Useless Brackets 1034
 MUCO 3 Useless Code Useless Brackets 1042
 MUCO 3 Useless Code Useless Brackets 1045
 MUCO 3 Useless Code Useless Brackets 1073
 MUCO 3 Useless Code Useless Brackets 1099
 MUCO 3 Useless Code Useless Brackets 1101
 MUCO 3 Useless Code Useless Brackets 1106
 MUCO 3 Useless Code Useless Brackets 1123
 MUCO 3 Useless Code Useless Brackets 1132
 MUCO 3 Useless Code Useless Brackets 1137
 MUCO 3 Useless Code Useless Brackets 1142
 MUCO 3 Useless Code Useless Brackets 1147
 MUCO 3 Useless Code Useless Brackets 1153
 MUCO 3 Useless Code Useless Brackets 1158
 MUCO 3 Useless Code Useless Brackets 1169
 MUCO 3 Useless Code Useless Brackets 1176
 MUCO 3 Useless Code Useless Brackets 1184
 MUCO 3 Useless Code Useless Brackets 1199
 MUCO 3 Useless Code Useless Brackets 1215
 MUCO 3 Useless Code Useless Brackets 1240
 MUCO 3 Useless Code Useless Brackets 1242
 MUCO 3 Useless Code Useless Brackets 1273
 MUCO 3 Useless Code Useless Brackets 1277
 MUCO 3 Useless Code Useless Brackets 1280
 MUCO 3 Useless Code Useless Brackets 1302
 MUCO 3 Useless Code Useless Brackets 1338
 MUCO 3 Useless Code Useless Brackets 1363
 MUCO 3 Useless Code Useless Brackets 1372
 MUCO 3 Useless Code Useless Brackets 1374
 MUCO 3 Useless Code Useless Brackets 1400
 MUCO 3 Useless Code Useless Brackets 1405
 MUCO 3 Useless Code Useless Brackets 1414
 MUCO 3 Useless Code Useless Brackets 1416
 MUCO 3 Useless Code Useless Brackets 1421
 MUCO 3 Useless Code Useless Brackets 1428
 MUCO 3 Useless Code Useless Brackets 1486
 MUCO 3 Useless Code Useless Brackets 1492
 MUCO 3 Useless Code Useless Brackets 1516
 MUCO 3 Useless Code Useless Brackets 1537
 MUCO 3 Useless Code Useless Brackets 1558
 MUCO 3 Useless Code Useless Brackets 1580
 MUCO 3 Useless Code Useless Brackets 1582
 MUCO 3 Useless Code Useless Brackets 1604
 MUCO 3 Useless Code Useless Brackets 1634
 MUCO 3 Useless Code Useless Brackets 1644
 MUCO 3 Useless Code Useless Brackets 1676
 MUCO 3 Useless Code Useless Brackets 1689
 MUCO 3 Useless Code Useless Brackets 1700
 MUCO 3 Useless Code Useless Brackets 1726
 MUCO 3 Useless Code Useless Brackets 1728
 MUCO 3 Useless Code Useless Brackets 1757
 MUCO 3 Useless Code Useless Brackets 1761
 MUCO 3 Useless Code Useless Brackets 1822
 MUCO 3 Useless Code Useless Brackets 1837
 MUCO 3 Useless Code Useless Brackets 1839
 MUCO 3 Useless Code Useless Brackets 1845
 MUCO 3 Useless Code Useless Brackets 1851
 MUCO 3 Useless Code Useless Brackets 1886
 MUCO 3 Useless Code Useless Brackets 1908
 MUCO 3 Useless Code Useless Brackets 1910
 MUCO 3 Useless Code Useless Brackets 1985
 MUCO 3 Useless Code Useless Brackets 1988
 MUCO 3 Useless Code Useless Brackets 1996
 MUCO 3 Useless Code Useless Brackets 1998
 MUCO 3 Useless Code Useless Brackets 2004
 MUCO 3 Useless Code Useless Brackets 2010
 MUCO 3 Useless Code Useless Brackets 2055
 MUCO 3 Useless Code Useless Brackets 2065
 MUCO 3 Useless Code Useless Brackets 2093
 MUCO 3 Useless Code Useless Brackets 2095
 MUCO 3 Useless Code Useless Brackets 2111
 MUCO 3 Useless Code Useless Brackets 2113
 MUCO 3 Useless Code Useless Brackets 2120
 MUCO 3 Useless Code Useless Brackets 2137
 MUCO 3 Useless Code Useless Brackets 2185
 MUCO 3 Useless Code Useless Brackets 2187
 MUCO 3 Useless Code Useless Brackets 2210
 MUCO 3 Useless Code Useless Brackets 2235
 MUCO 3 Useless Code Useless Brackets 2238
 MUCO 3 Useless Code Useless Brackets 2247
 MUCO 3 Useless Code Useless Brackets 2249
 MUCO 3 Useless Code Useless Brackets 2255
 MUCO 3 Useless Code Useless Brackets 2276
 MUCO 3 Useless Code Useless Brackets 2303
 MUCO 3 Useless Code Useless Brackets 2305
 MUCO 3 Useless Code Useless Brackets 2309
 MUCO 3 Useless Code Useless Brackets 2322
 MUCO 3 Useless Code Useless Brackets 2324
 MUCO 3 Useless Code Useless Brackets 2329
 MUCO 3 Useless Code Useless Brackets 2351
 MUCO 3 Useless Code Useless Brackets 2363
 MUCO 3 Useless Code Useless Brackets 2379
 MUCO 3 Useless Code Useless Brackets 2405
 MUCO 3 Useless Code Useless Brackets 2410
 MUCO 3 Useless Code Useless Brackets 2415
 MUCO 3 Useless Code Useless Brackets 2479
 MUCO 3 Useless Code Useless Brackets 2489
 MUCO 3 Useless Code Useless Brackets 2496
 MUCO 3 Useless Code Useless Brackets 2519
 MUCO 3 Useless Code Useless Brackets 2523
 MUCO 3 Useless Code Useless Brackets 2558
 MUCO 3 Useless Code Useless Brackets 2588
 MUCO 3 Useless Code Useless Brackets 2591
 MUCO 3 Useless Code Useless Brackets 2599
 MUCO 3 Useless Code Useless Brackets 2609
 MUCO 3 Useless Code Useless Brackets 2619
 MUCO 3 Useless Code Useless Brackets 2625
 MUCO 3 Useless Code Useless Brackets 2659
 MUCO 3 Useless Code Useless Brackets 2681
 MUCO 3 Useless Code Useless Brackets 2688
 MUCO 3 Useless Code Useless Brackets 2720
 MUCO 3 Useless Code Useless Brackets 2739
 MUCO 3 Useless Code Useless Brackets 2750
 MUCO 3 Useless Code Useless Brackets 2756
 MUCO 3 Useless Code Useless Brackets 2783
 MUCO 3 Useless Code Useless Brackets 2801
 MUCO 3 Useless Code Useless Brackets 2825
 MUCO 3 Useless Code Useless Brackets 2832
 MUCO 3 Useless Code Useless Brackets 2858
 MUCO 3 Useless Code Useless Brackets 2877
 MUCO 3 Useless Code Useless Brackets 2900
 MUCO 3 Useless Code Useless Brackets 2912
 MUCO 3 Useless Code Useless Brackets 2918
 MUCO 3 Useless Code Useless Brackets 2926
 MUCO 3 Useless Code Useless Brackets 2927
 MUCO 3 Useless Code Useless Brackets 2948
 MUCO 3 Useless Code Useless Brackets 2960
 MUCO 3 Useless Code Useless Brackets 2987
 MUCO 3 Useless Code Useless Brackets 2994
 MUCO 3 Useless Code Useless Brackets 3001
 MUCO 3 Useless Code Useless Brackets 3002
 MUCO 3 Useless Code Useless Brackets 3024
 MUCO 3 Useless Code Useless Brackets 3036
 MUCO 3 Useless Code Useless Brackets 3062
 MUCO 3 Useless Code Useless Brackets 3065
 MUCO 3 Useless Code Useless Brackets 3072
 MUCO 3 Useless Code Useless Brackets 3074
 MUCO 3 Useless Code Useless Brackets 3078
 MUCO 3 Useless Code Useless Brackets 3098
 MUCO 3 Useless Code Useless Brackets 3100
 MUCO 3 Useless Code Useless Brackets 3112
 MUCO 3 Useless Code Useless Brackets 3114
 MUCO 3 Useless Code Useless Brackets 3119
 MUCO 3 Useless Code Useless Brackets 3121
 MUCO 3 Useless Code Useless Brackets 3135
 MUCO 3 Useless Code Useless Brackets 3140
 MUCO 3 Useless Code Useless Brackets 3152
 MUCO 3 Useless Code Useless Brackets 3154
 MUCO 3 Useless Code Useless Brackets 3169
 MUCO 3 Useless Code Useless Brackets 3171
 MUCO 3 Useless Code Useless Brackets 3184
 MUCO 3 Useless Code Useless Brackets 3186
 MUCO 3 Useless Code Useless Brackets 3199
 MUCO 3 Useless Code Useless Brackets 3201
 MUCO 3 Useless Code Useless Brackets 3222
 MUCO 3 Useless Code Useless Brackets 3225
 MUCO 3 Useless Code Useless Brackets 3227
 MUCO 3 Useless Code Useless Brackets 3246
 MUIN 3 Column created using implicit nullability 1647
 MUIN 3 Column created using implicit nullability 1659
 QCTC 3 Conditional Table Creation 608
 QCTC 3 Conditional Table Creation 625
 QCTC 3 Conditional Table Creation 837
 QCTC 3 Conditional Table Creation 925
 QCTC 3 Conditional Table Creation 1000
 QCTC 3 Conditional Table Creation 1203
 QCTC 3 Conditional Table Creation 1441
 QCTC 3 Conditional Table Creation 1588
 QCTC 3 Conditional Table Creation 1647
 QCTC 3 Conditional Table Creation 1659
 QCTC 3 Conditional Table Creation 2058
 QCTC 3 Conditional Table Creation 2259
 QCTC 3 Conditional Table Creation 2424
 QCTC 3 Conditional Table Creation 2439
 QCTC 3 Conditional Table Creation 2612
 QCTC 3 Conditional Table Creation 2742
 QCTC 3 Conditional Table Creation 2903
 QCTC 3 Conditional Table Creation 3086
 QISO 3 Set isolation level 157
 QIWC 3 Insert with not all columns specified missing 1 columns out of 4 846
 QIWC 3 Insert with not all columns specified missing 1 columns out of 4 872
 QIWC 3 Insert with not all columns specified missing 1 columns out of 4 1054
 QIWC 3 Insert with not all columns specified missing 1 columns out of 6 1320
 QIWC 3 Insert with not all columns specified missing 1 columns out of 5 1607
 QIWC 3 Insert with not all columns specified missing 1 columns out of 12 1776
 QIWC 3 Insert with not all columns specified missing 1 columns out of 12 1935
 QIWC 3 Insert with not all columns specified missing 1 columns out of 6 2071
 QIWC 3 Insert with not all columns specified missing 1 columns out of 6 2161
 QIWC 3 Insert with not all columns specified missing 4 columns out of 9 2446
 QIWC 3 Insert with not all columns specified missing 1 columns out of 4 2629
 QIWC 3 Insert with not all columns specified missing 1 columns out of 4 2690
 QIWC 3 Insert with not all columns specified missing 1 columns out of 6 2760
 QIWC 3 Insert with not all columns specified missing 1 columns out of 6 2835
 QIWC 3 Insert with not all columns specified missing 2 columns out of 7 2922
 QIWC 3 Insert with not all columns specified missing 2 columns out of 7 2997
 QIWC 3 Insert with not all columns specified missing 1 columns out of 4 3095
 QIWC 3 Insert with not all columns specified missing 1 columns out of 4 3109
 QIWC 3 Insert with not all columns specified missing 1 columns out of 4 3137
 QIWC 3 Insert with not all columns specified missing 1 columns out of 4 3165
 QIWC 3 Insert with not all columns specified missing 1 columns out of 4 3180
 QIWC 3 Insert with not all columns specified missing 1 columns out of 4 3195
 QJWT 3 Join or Sarg Without Index on temp table 1811
 QJWT 3 Join or Sarg Without Index on temp table 1974
 QNAJ 3 Not using ANSI Inner Join 848
 QNAJ 3 Not using ANSI Inner Join 874
 QNAJ 3 Not using ANSI Inner Join 1056
 QNAJ 3 Not using ANSI Inner Join 1324
 QNAJ 3 Not using ANSI Inner Join 1496
 QNAJ 3 Not using ANSI Inner Join 1611
 QNAJ 3 Not using ANSI Inner Join 1803
 QNAJ 3 Not using ANSI Inner Join 1965
 QNAJ 3 Not using ANSI Inner Join 2102
 QNAJ 3 Not using ANSI Inner Join 2194
 QNAJ 3 Not using ANSI Inner Join 2266
 QNAJ 3 Not using ANSI Inner Join 2454
 QNAJ 3 Not using ANSI Inner Join 2463
 QNAJ 3 Not using ANSI Inner Join 2646
 QNAJ 3 Not using ANSI Inner Join 2707
 QNAJ 3 Not using ANSI Inner Join 2789
 QNAJ 3 Not using ANSI Inner Join 2864
 QNAJ 3 Not using ANSI Inner Join 2934
 QNAJ 3 Not using ANSI Inner Join 2963
 QNAJ 3 Not using ANSI Inner Join 3009
 QNAJ 3 Not using ANSI Inner Join 3039
 QNAJ 3 Not using ANSI Inner Join 3144
 QNUA 3 Should use Alias: Table sybsystemprocs..sysattributes 1500
 QNUA 3 Should use Alias: Column keyid should use alias #encrypted_table_info 2546
 QNUA 3 Should use Alias: Column keydbname should use alias #encrypted_table_info 2547
 QNUA 3 Should use Alias: Column assignee should use alias #encr_loginpwdcheck_info 2967
 QNUA 3 Should use Alias: Column keyname should use alias #encr_loginpwdcheck_info 2968
 QNUA 3 Should use Alias: Column assignee should use alias #encr_loginpwdcheck_info 3043
 QNUA 3 Should use Alias: Column keyname should use alias #encr_loginpwdcheck_info 3044
 QNUA 3 Should use Alias: Table sybsystemprocs..sysattributes 3148
 QPNC 3 No column in condition 1060
 QPNC 3 No column in condition 1063
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {class, object_type, attribute}
269
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {class, attribute}
462
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysobjects.ncsysobjects unique
(name, uid)
Intersection: {name}
810
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {class, object_type, attribute}
851
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {class, object_type, attribute}
878
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {class}
1450
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {class, attribute}
1461
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {class, attribute}
1471
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {class, attribute}
1482
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {object_info2, class, attribute}
1501
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {class, attribute}
1511
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {class, attribute}
1531
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {class, attribute}
1552
 QPRI 3 Join or Sarg with Rooted Partial Index Use JOIN Candidate index: sysencryptkeys.csysencryptkeys unique clustered
(id, type, uid)
Intersection: {id}
Uncovered: [uid]
2267
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysobjects.ncsysobjects unique
(name, uid)
Intersection: {name}
2269
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysobjects.ncsysobjects unique
(name, uid)
Intersection: {name}
2383
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {class}
3106
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {class, attribute}
3127
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {class, attribute}
3132
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {object_info2, class, attribute}
3149
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {class, attribute}
3177
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {class, attribute}
3192
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysattributes.csysattributes unique clustered
(class, attribute, object_type, object, object_info1, object_info2, object_info3, object_cinfo)
Intersection: {class, attribute}
3207
 VNRD 3 Variable is not read @err_verify_login_passwd 560
 VNRD 3 Variable is not read @dummy 3076
 VUNU 3 Variable is not used @procval 38
 VUNU 3 Variable is not used @is_remote_tdb 53
 VUNU 3 Variable is not used @tdb_instanceid 54
 VUNU 3 Variable is not used @tdb_instancename 55
 VUNU 3 Variable is not used @msg 56
 CUPD 2 Updatable Cursor Marker (updatable by default) 644
 CUPD 2 Updatable Cursor Marker (updatable by default) 1220
 CUPD 2 Updatable Cursor Marker (updatable by default) 1481
 CUPD 2 Updatable Cursor Marker (updatable by default) 1510
 CUPD 2 Updatable Cursor Marker (updatable by default) 1530
 CUPD 2 Updatable Cursor Marker (updatable by default) 1551
 CUPD 2 Updatable Cursor Marker (updatable by default) 1596
 CUPD 2 Updatable Cursor Marker (updatable by default) 1703
 CUPD 2 Updatable Cursor Marker (updatable by default) 2484
 CUPD 2 Updatable Cursor Marker (updatable by default) 3131
 MDRV 2 Derived Table Marker 1186
 MDRV 2 Derived Table Marker 1388
 MDRV 2 Derived Table Marker 1803
 MDRV 2 Derived Table Marker 1965
 MDYE 2 Dynamic Exec Marker exec @retval 680
 MDYE 2 Dynamic Exec Marker exec @retval 685
 MDYE 2 Dynamic Exec Marker exec @retval 691
 MDYE 2 Dynamic Exec Marker exec @retval 693
 MDYE 2 Dynamic Exec Marker exec @retval 695
 MDYE 2 Dynamic Exec Marker exec @retval 701
 MDYE 2 Dynamic Exec Marker exec @retval 704
 MDYE 2 Dynamic Exec Marker exec @retval 707
 MDYE 2 Dynamic Exec Marker exec @retval 710
 MDYE 2 Dynamic Exec Marker exec @retval 715
 MDYE 2 Dynamic Exec Marker exec @retval 718
 MDYE 2 Dynamic Exec Marker exec @retval 722
 MDYE 2 Dynamic Exec Marker exec @auxproc 965
 MDYE 2 Dynamic Exec Marker exec @auxproc 1269
 MDYE 2 Dynamic Exec Marker exec @auxproc 1754
 MDYE 2 Dynamic Exec Marker exec @auxproc 1905
 MDYE 2 Dynamic Exec Marker exec @auxproc 2516
 MSUB 2 Subquery Marker 268
 MSUB 2 Subquery Marker 810
 MSUB 2 Subquery Marker 1449
 MSUB 2 Subquery Marker 1460
 MSUB 2 Subquery Marker 1470
 MSUB 2 Subquery Marker 1495
 MSUB 2 Subquery Marker 1500
 MSUB 2 Subquery Marker 2371
 MSUB 2 Subquery Marker 2382
 MSUB 2 Subquery Marker 3143
 MSUB 2 Subquery Marker 3148
 MTR1 2 Metrics: Comments Ratio Comments: 26% 6
 MTR2 2 Metrics: Cyclomatic Complexity Cyclo: 232 = 307dec - 77exi + 2 6
 MTR3 2 Metrics: Query Complexity Complexity: 1442 6
 PRED_QUERY_COLLECTION 2 {e=sybsystemprocs..sysencryptkeys, o=sybsystemprocs..sysobjects} 0 847
 PRED_QUERY_COLLECTION 2 {e=sybsystemprocs..sysencryptkeys, o=sybsystemprocs..sysobjects} 0 873
 PRED_QUERY_COLLECTION 2 {e=sybsystemprocs..sysencryptkeys, o=sybsystemprocs..sysobjects} 0 1055
 PRED_QUERY_COLLECTION 2 {c=sybsystemprocs..syscolumns, o=sybsystemprocs..sysobjects, o2=sybsystemprocs..sysobjects} 0 1322
 PRED_QUERY_COLLECTION 2 {a=sybsystemprocs..sysattributes, a2=sybsystemprocs..sysattributes, a3=sybsystemprocs..sysattributes} 0 1495
 PRED_QUERY_COLLECTION 2 {c=sybsystemprocs..syscomments, o=sybsystemprocs..sysobjects} 0 1609
 PRED_QUERY_COLLECTION 2 {e=sybsystemprocs..sysencryptkeys, o=sybsystemprocs..sysobjects} 0 2073
 PRED_QUERY_COLLECTION 2 {e=sybsystemprocs..sysencryptkeys, o=sybsystemprocs..sysobjects} 0 2163
 PRED_QUERY_COLLECTION 2 {d=master..sysdatabases, e=sybsystemprocs..sysencryptkeys, o=sybsystemprocs..sysobjects} 0 2265
 PRED_QUERY_COLLECTION 2 {c=sybsystemprocs..syscolumns, o=sybsystemprocs..sysobjects} 0 2448
 PRED_QUERY_COLLECTION 2 {e=sybsystemprocs..sysencryptkeys, o=sybsystemprocs..sysobjects} 0 2630
 PRED_QUERY_COLLECTION 2 {e=sybsystemprocs..sysencryptkeys, o=sybsystemprocs..sysobjects} 0 2691
 PRED_QUERY_COLLECTION 2 {e=sybsystemprocs..sysencryptkeys, o=sybsystemprocs..sysobjects} 0 2762
 PRED_QUERY_COLLECTION 2 {e=sybsystemprocs..sysencryptkeys, o=sybsystemprocs..sysobjects} 0 2837
 PRED_QUERY_COLLECTION 2 {e=sybsystemprocs..sysencryptkeys, o=sybsystemprocs..sysobjects} 0 2924
 PRED_QUERY_COLLECTION 2 {e=sybsystemprocs..sysencryptkeys, o=sybsystemprocs..sysobjects} 0 2999
 PRED_QUERY_COLLECTION 2 {a=sybsystemprocs..sysattributes, a2=sybsystemprocs..sysattributes, a3=sybsystemprocs..sysattributes} 0 3143

DEPENDENCIES
PROCS AND TABLES USED
writes table tempdb..#encrypted_text_info (1) 
reads table master..syslogins (1)  
read_writes table tempdb..#encr_column_info (1) 
reads table sybsystemprocs..sysencryptkeys  
reads table sybsystemprocs..sysusers  
calls proc sybsystemprocs..sp_autoformat  
   writes table sybsystemprocs..sp_autoformat_rset_003 
   reads table tempdb..syscolumns (1)  
   read_writes table tempdb..#colinfo_af (1) 
   writes table sybsystemprocs..sp_autoformat_rset_001 
   reads table tempdb..systypes (1)  
   reads table master..systypes (1)  
   writes table sybsystemprocs..sp_autoformat_rset_005 
   calls proc sybsystemprocs..sp_autoformat  
   calls proc sybsystemprocs..sp_namecrack  
   writes table sybsystemprocs..sp_autoformat_rset_004 
   reads table master..syscolumns (1)  
   writes table sybsystemprocs..sp_autoformat_rset_002 
reads table sybsystemprocs..syscolumns  
read_writes table tempdb..#encr_keys_info (1) 
read_writes table tempdb..#encr_column_count (1) 
reads table sybsystemprocs..syscomments  
reads table master..sysattributes (1)  
writes table tempdb..#encrypted_table_verify (1) 
read_writes table tempdb..#encr_keycopies_info (1) 
read_writes table tempdb..#encrypted_database_info (1) 
read_writes table tempdb..#encryption_keys_info (1) 
calls proc sybsystemprocs..sp_getmessage  
   reads table master..syslanguages (1)  
   calls proc sybsystemprocs..sp_validlang  
      reads table master..syslanguages (1)  
   reads table master..sysmessages (1)  
   reads table sybsystemprocs..sysusermessages  
writes table tempdb..#extpasswd_status_info (1) 
read_writes table tempdb..#encrypted_table_info (1) 
read_writes table tempdb..#encr_loginpwdcheck_info (1) 
read_writes table tempdb..#encr_basekeys_info (1) 
read_writes table tempdb..#encrypted_column_info (1) 
read_writes table tempdb..#encr_display_keys_info (1) 
reads table sybsystemprocs..sysobjects  
calls proc sybsystemprocs..sp_aux_checkroleperm  
   reads table master..syscurconfigs (1)  
   reads table master..sysconfigures (1)  
read_writes table tempdb..#sys_encr_passwd_info (1) 
read_writes table tempdb..#encrypted_verify_results (1) 
reads table sybsystemprocs..sysattributes  
reads table master..sysdatabases (1)  
writes table tempdb..#encrypted_extpasswd_info (1) 
read_writes table tempdb..#keydbname_table (1) 

CALLERS
called by proc sybsystemprocs..sp_downgrade