DatabaseProcApplicationCreatedLinks
sybsystemprocssp_password  31 Aug 14Defects Dependencies

1     
2     /* Sccsid = "%Z% generic/sproc/src/%M% %I% %G%" */
3     /* 	4.8	1.1	06/14/90	sproc/src/password */
4     
5     /*
6     ** Generated by spgenmsgs.pl on Thu Feb  2 00:39:18 2006 
7     */
8     /*
9     ** raiserror Messages for password [Total 3]
10    **
11    ** 17260, "Can't run %1! from within a transaction."
12    ** 17720, "Error:  Unable to set the Password."
13    ** 17756, "The execution of the stored procedure '%1!' in database '%2!' was aborted because there was an error in writing the replication log record."
14    */
15    /*
16    ** sp_getmessage Messages for password [Total 1]
17    **
18    ** 17721, "Password correctly set."
19    */
20    /*
21    ** End spgenmsgs.pl output.
22    */
23    
24    /* 
25    ** IMPORTANT: Please read the following instructions before
26    **   making changes to this stored procedure.
27    **
28    **	To make this stored procedure compatible with High Availability (HA),
29    **	changes to certain system tables must be propagated 
30    **	to the companion server under some conditions.
31    **	The tables include (but are not limited to):
32    **		syslogins, sysservers, sysattributes, systimeranges,
33    **		sysresourcelimits, sysalternates, sysdatabases,
34    **		syslanguages, sysremotelogins, sysloginroles,
35    **		sysalternates (master DB only), systypes (master DB only),
36    **		sysusers (master DB only), sysprotects (master DB only)
37    **	please refer to the HA documentation for detail.
38    **
39    **	Here is what you need to do: 
40    **	For each insert/update/delete statement, add three sections to
41    **	-- start HA transaction prior to the statement
42    **	-- add the statement
43    **	-- add HA synchronization code to propagate the change to the companion
44    **
45    **	For example, if you are adding 
46    **		insert master.dbo.syslogins ......
47    **	the code should look like:
48    **	1. Before that SQL statement:
49    **		
50    **	2. Now, the SQL statement:
51    **		insert master.dbo.syslogins ......
52    **	3. Add a HA synchronization section right after the SQL statement:
53    **		
54    **
55    **	You may need to do similar change for each built-in function you
56    **	want to add.
57    **
58    **	Finally, add a separate part at a place where it can not
59    **	be reached by the normal execution path:
60    **	clean_all:
61    **		
62    **		return (1)
63    */
64    
65    create procedure sp_password
66        @caller_password varchar(255) = NULL, /* the current password of caller */
67        @new_password varchar(256) = NULL, /* the new password of the target acct*/
68        /* a length of 256 is required to test if
69        ** user entered a passwd > 255 chars.
70        */
71        @loginame varchar(255) = NULL, /* user to change password on */
72        @immediate int = 0 /* if not 0, change the password in
73    					** all running processes for loginame.
74    					*/
75    as
76    
77        declare @returncode int
78        declare @msg varchar(1024)
79        declare @HA_CERTIFIED tinyint /* Is the SP HA certified ? */
80        declare @retstat int
81    
82    
83        select @HA_CERTIFIED = 0
84    
85    
86    
87    
88        /* check to see if we are using HA specific SP for a HA enabled server */
89        exec @retstat = sp_ha_check_certified 'sp_password', @HA_CERTIFIED
90        if (@retstat != 0)
91            return (1)
92    
93        /*
94        ** Do not allow this system procedure to be run from within a transaction
95        ** to avoid creating a multi-database transaction where the 'master'
96        ** database is not the co-ordinating database.
97        */
98        if @@trancount > 0
99        begin
100           /*
101           ** 17260, "Can't run %1! from within a transaction."
102           */
103           raiserror 17260, "sp_password"
104           return (1)
105       end
106       else
107       begin
108           set chained off
109       end
110   
111       set transaction isolation level 1
112   
113       /*
114       **  Encrypt and store the input @new_password.
115       **  @caller_password will be checked against the password of the caller.
116       **  set_password() builtin will print out nice messages.
117       */
118       select @returncode = set_password(@caller_password, @new_password, @loginame, @immediate)
119   
120   
121   
122   
123       if (@returncode = 0)
124       begin
125           /*
126           ** 17720, "Error:  Unable to set the Password."
127           */
128           raiserror 17720
129           return (1)
130       end
131       else
132       begin
133           /*
134           ** Before we log our system procedure execution instance,
135           ** re-initialize the '@caller_password' parameter to NULL and the
136           ** '@new_password' parameter to the encrypted form of the password.
137           ** This prevents the passwords from being stored in clear text in
138           ** the transaction log as well as in the Replication Server stable
139           ** queues.
140           **
141           ** When the ASE RepAgent Thread sends the system procedure
142           ** execution instance to the Replication Server, the ASE RepAgent
143           ** will re-name the system procedure from 'sp_password()' to
144           ** 'sp_password_rep()'.  This will cause the Replication Server to
145           ** execute, at the target ASE, the system procedure
146           ** 'sp_password_rep()' which knows how to properly process the
147           ** encrypted password.
148           */
149           select @caller_password = NULL
150   
151           if (@loginame is not NULL)
152           begin
153               select @new_password = password
154               from master.dbo.syslogins
155               where name = @loginame
156           end
157           else
158           begin
159               select @new_password = password
160               from master.dbo.syslogins
161               where suid = suser_id()
162           end
163   
164           /*
165           ** If the 'master' database is marked for replication, the T-SQL
166           ** built-in 'logexec()' will log for replication the execution
167           ** instance of this system procedure.  Otherwise, the T-SQL
168           ** built-in 'logexec()' is a no-op.
169           */
170           if (logexec(1) != 1)
171           begin
172               raiserror 17756, "sp_password", "master"
173               return (1)
174           end
175   
176           /*
177           ** 17721, "Password correctly set."
178           */
179           exec sp_getmessage 17721, @msg output
180           print @msg
181           return (0)
182       end
183   
184   


exec sp_procxmode 'sp_password', 'AnyMode'
go

Grant Execute on sp_password to public
go
DEFECTS
 MGTP 3 Grant to public master..syslogins  
 MGTP 3 Grant to public sybsystemprocs..sp_password  
 MNER 3 No Error Check should check return value of exec 179
 MUCO 3 Useless Code Useless Brackets 90
 MUCO 3 Useless Code Useless Brackets 91
 MUCO 3 Useless Code Useless Brackets 104
 MUCO 3 Useless Code Useless Brackets 123
 MUCO 3 Useless Code Useless Brackets 129
 MUCO 3 Useless Code Useless Brackets 151
 MUCO 3 Useless Code Useless Brackets 170
 MUCO 3 Useless Code Useless Brackets 173
 MUCO 3 Useless Code Useless Brackets 181
 QISO 3 Set isolation level 111
 VNRD 3 Variable is not read @caller_password 149
 VNRD 3 Variable is not read @new_password 159
 MTR1 2 Metrics: Comments Ratio Comments: 72% 65
 MTR2 2 Metrics: Cyclomatic Complexity Cyclo: 2 = 5dec - 5exi + 2 65
 MTR3 2 Metrics: Query Complexity Complexity: 37 65

DEPENDENCIES
PROCS AND TABLES USED
calls proc sybsystemprocs..sp_getmessage  
   reads table master..sysmessages (1)  
   reads table master..syslanguages (1)  
   reads table sybsystemprocs..sysusermessages  
   calls proc sybsystemprocs..sp_validlang  
      reads table master..syslanguages (1)  
reads table master..syslogins (1)  
calls proc sybsystemprocs..sp_ha_check_certified  
   reads table tempdb..sysobjects (1)  

CALLERS
called by proc sybsystemprocs..sp_addlogin