create procedure sp_password @old sysname = NULL, -- the old (current) password @new sysname, -- the new password @loginame sysname = NULL -- user to change password on as -- SETUP RUNTIME OPTIONS / DECLARE VARIABLES -- set nocount on declare @self int select @self = CASE WHEN @loginame is null THEN 1 ELSE 2 END -- RESOLVE LOGIN NAME if @loginame is null select @loginame = suser_sname() -- CHECK PERMISSIONS (SecurityAdmin per Richard Waymire) -- IF (not is_srvrolemember('securityadmin') = 1) AND not @self = 1 begin dbcc auditevent (107, @self, 0, @loginame, NULL, NULL, NULL) raiserror(15210,-1,-1) return (1) end ELSE begin dbcc auditevent (107, @self, 1, @loginame, NULL, NULL, NULL) end -- DISALLOW USER TRANSACTION -- set implicit_transactions off IF (@@trancount > 0) begin raiserror(15002,-1,-1,'sp_password') return (1) end -- RESOLVE LOGIN NAME (disallows nt names) if not exists (select * from master.dbo.syslogins where loginname = @loginame and isntname = 0) begin raiserror(15007,-1,-1,@loginame) return (1) end -- IF non-SYSADMIN ATTEMPTING CHANGE TO SYSADMIN, REQUIRE PASSWORD (218078) -- if (@self <> 1 AND is_srvrolemember('sysadmin') = 0 AND exists (SELECT * FROM master.dbo.syslogins WHERE loginname = @loginame and isntname = 0 AND sysadmin = 1) ) SELECT @self = 1 -- CHECK OLD PASSWORD IF NEEDED -- if (@self = 1 or @old is not null) if not exists (select * from master.dbo.sysxlogins where srvid IS NULL and name = @loginame and ( (@old is null and password is null) or (pwdcompare(@old, password, (CASE WHEN xstatus&2048 = 2048 THEN 1 ELSE 0 END)) = 1) ) ) begin raiserror(15211,-1,-1) return (1) end -- CHANGE THE PASSWORD -- update master.dbo.sysxlogins set password = convert(varbinary(256), pwdencrypt(@new)), xdate2 = getdate(), xstatus = xstatus & (~2048) where name = @loginame and srvid IS NULL -- UPDATE PROTECTION TIMESTAMP FOR MASTER DB, TO INDICATE SYSLOGINS CHANGE -- exec('use master grant all to null') -- FINALIZATION: RETURN SUCCESS/FAILURE -- if @@error <> 0 return (1) raiserror(15478,-1,-1) return (0) -- sp_password