1 PACKAGE fnd_web_sec AS
2 /* $Header: AFSCJAVS.pls 120.11.12010000.1 2008/07/25 14:21:06 appldev ship $ */
3 /*#
4 * Security Related Function and APIs.
5 * @rep:scope public
6 * @rep:product FND
7 * @rep:displayname User
8 * @rep:lifecycle active
9 * @rep:compatibility S
10 * @rep:category BUSINESS_ENTITY FND_USER
11 * @rep:ihelp FND/@o_funcsec#o_funcsec See the related online help
12 */
13
14 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
15 -- Please call the fnd_user_pkg.validatelogin wrapper to protect
16 -- against undocumented underlying FND changes.
17 /*
18 * Validate_login
19 * Test a username and password without updating audit tables.
20 * Only use this api to authenticate a user password when you do not
21 * expect that user to login or create a session.
22 *
23 * NOTE: This api only works for LOCAL users (i.e., for users who are
24 * not SSO enabled.)
25 * IN
26 * p_user - username
27 * p_password - password
28 * RETURNS
29 * 'Y' if user/password is valid, 'N' if not
30 * RAISES
31 * Never raises exceptions, returns 'N' with a message on the
32 * message stack if an error is encountered.
33 */
34 /*#
35 * This API tests a username and password without updating audit tables.
36 * @param p_user in varchar2 username
37 * @param p_pwd in varchar2 password
38 * @return 'Y' if the username/password is valid, 'N' if not
39 * @rep:scope public
40 * @rep:lifecycle active
41 * @rep:displayname Validate Login
42 * @rep:compatibility S
43 */
44 FUNCTION validate_login(p_user IN VARCHAR2,
45 p_pwd IN VARCHAR2)
46 return VARCHAR2;
47
48 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
49 --
50 /*
51 * Validate_login
52 * Validate a username and password, and update audit tables with
53 * results. Use this api if the user is expected to login.
54 *
55 * NOTE: This api only works for LOCAL users (i.e., for users who are
56 * not SSO enabled.)
57 * IN
58 * p_user - username
59 * p_password - password
60 * p_loginfrom - flag indicating a login UI was used for access
61 * OUT
62 * p_loginID - Login ID of audit record (if successful)
63 * p_expired - Expiration flag to check whether user's password has expired.
64 * RETURNS
65 * 'Y' if user/password is valid, 'N' if not
66 * RAISES
67 * Never raises exceptions, returns 'N' with a message on the
68 * message stack if an error is encountered.
69 */
70 FUNCTION validate_login(p_user IN VARCHAR2,
71 p_pwd IN VARCHAR2,
72 p_loginID OUT nocopy NUMBER,
73 p_expired OUT nocopy VARCHAR2,
74 p_loginfrom IN VARCHAR2 default null)
75 return VARCHAR2;
76
77 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
78 PROCEDURE unsuccessful_login(userID IN NUMBER);
79
80 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
81 FUNCTION create_user(p_user IN VARCHAR2,
82 p_pwd IN VARCHAR2,
83 p_user_id OUT nocopy NUMBER)
84 RETURN VARCHAR2;
85
86
87 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
88 -- Please call the fnd_user_pkg.changepassword wrapper to protect
89 -- against undocumented underlying FND changes.
90 --
91 -- Changes the password of an applications user after verifying
92 -- the existing pasword. Returns 'Y' on success and 'N' on failure.
93
94 -- Fix bug 5087728. Added fifth argument to specify whether autonomous
95 -- transaction is needed during set_password. Default is TRUE to maintain
96 -- backward compatibility
97 FUNCTION change_password(p_user IN VARCHAR2,
98 p_old_pwd IN VARCHAR2,
99 p_new_pwd1 IN VARCHAR2,
100 p_new_pwd2 IN VARCHAR2,
101 p_autonomous IN BOOLEAN DEFAULT TRUE)
102 RETURN VARCHAR2;
103
104 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
105 -- Please call the fnd_user_pkg.changepassword wrapper to protect
106 -- against undocumented underlying FND changes.
107 --
108 -- Changes the password of an applications user without verifying
109 -- the existing pasword. Returns 'Y' on success and 'N' on failure.
110 --
111 -- Bug 4625235: Added the third parameter p_autonomous with default = TRUE
112 -- So that any existing code calling change_password without the
113 -- third argument, it will function as before.
114 FUNCTION change_password(p_user IN VARCHAR2,
115 p_new_pwd IN VARCHAR2,
116 p_autonomous IN BOOLEAN DEFAULT TRUE)
117
118 RETURN VARCHAR2;
119
120 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
121 FUNCTION upgrade_web_password(p_user IN VARCHAR2,
122 p_enc_web_pwd IN VARCHAR2,
123 p_new_pwd IN VARCHAR2)
124 RETURN VARCHAR2;
125
126 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
127 function validate_password(username in varchar2, password in varchar2)
128 return varchar2;
129
130 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
131 procedure update_no_reuse(username in varchar2, password in varchar2);
132
133 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
134 -- Please call the fnd_user_pkg.getreencryptedpassword wrapper to protect
135 -- against undocumented underlying FND changes.
136 function get_reencrypted_password(username in varchar2,
137 new_key in varchar2,
138 p_mode in varchar2 default null)
139 return varchar2;
140
141 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
142 function set_reencrypted_password(username in varchar2, reencpwd varchar2,
143 new_key in varchar2)
144 return varchar2;
145
146 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
147 function get_op_value(username in varchar2, applsyspwd in varchar2)
148 return varchar2;
149
150
151 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
152 FUNCTION create_oracle_user(p_user IN VARCHAR2,
153 p_pwd IN VARCHAR2,
154 p_newkey IN VARCHAR2,
155 p_user_id OUT nocopy NUMBER)
156 RETURN VARCHAR2;
157
158 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
159 function get_reencrypted_oracle_pwd(username in varchar2,
160 new_key in varchar2)
161 return varchar2;
162
163 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
164 function cvt_reencrypted_oracle_pwd(pwd in varchar2, cur_key in varchar2)
165 return varchar2;
166
167 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
168 function encrypt(key in varchar2, value in varchar2,
169 userid in number default null)
170 return varchar2;
171
172 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
173 function URLEncrypt(key in varchar2, value in varchar2)
174 return varchar2;
175
176 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
177 FUNCTION change_guest_password(p_new_pwd IN VARCHAR2, p_key IN VARCHAR2 default NULL)
178 RETURN VARCHAR2;
179
180 -- bug 4047740 used by loader when creating a new user
181 INVALID_PWD CONSTANT VARCHAR2(25) := '**FND_INVALID_PASSWORD**';
182
183 --bug 4148165 used when creating an SSO User
184 EXTERNAL_PWD CONSTANT VARCHAR2(25) := '**FND_EXTERNAL_PASSWORD**';
185
186 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
187 function encrypt(key in varchar2, value in varchar2,
188 profilePasswordCaseOption in varchar2)
189 return varchar2;
190
191 -- Bug 5892249 fskinner begin
192 SHA_MODE CONSTANT VARCHAR2(4) := 'SHA';
193 MD4_MODE CONSTANT VARCHAR2(4) := 'MD4';
194 MD5_MODE CONSTANT VARCHAR2(4) := 'MD5';
195
196 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
197 function update_no_reuse_function(username in varchar2, password in varchar2)
198 return varchar2;
199
200 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
201 function get_encrypted_passwords(p_user in varchar2, userID in number, p_pwd in varchar2,
202 p_enc_fnd_pwd out nocopy varchar2, p_enc_user_pwd out nocopy varchar2)
203 return varchar2;
204
205 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
206 function get_pwd_enc_mode
207 return varchar2;
208
209 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
210 function start_user_migrate
211 return varchar2;
212
213 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
214 function finish_user_migrate
215 return varchar2;
216
217 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
218 function user_pwd_hash(pwd in varchar2)
219 return varchar2;
220
221 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
222 function encrypt_user_hash( pwdHash in varchar2, userID in number, CaseOpt in varchar2 )
223 return varchar2;
224
225 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
226 function decrypt_user_hash( encUserPwd in varchar2, userID in number, fnd_schema_pwd in varchar2 )
227 return varchar2;
228
229 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
230 procedure put_apps_schema_pwd(oldpwd in varchar2, newpwd in varchar2);
231
232 /*
233 * get_guest_username_pwd
234 * RETURNS
235 * GUEST user's credentials in username/pwd format
236 * If GUEST credentials are defined in VAULT then it fetches from VAULT.
237 * Else, IF the release is less than 12.1, then reads from Profile
238 * ELSE return NULL(in 12.1 and above, profile option value is
239 * desupported)
240 */
241 function get_guest_username_pwd return varchar2;
242
243 /*
244 * verify_guest_user_pwd
245 * RETURNS
246 * TRUE or FALSE
247 * If the GUEST credentials in profile/vault are matching with credentials in
248 * FND_USER, then return TRUE
249 * Else, return FALSE
250 */
251 function verify_guest_user_pwd return boolean;
252
253 -- procedure test_proc;
254 -- procedure test_proc(pwd in varchar2);
255
256 -- Bug 5892249 fskinner end
257
258 END FND_WEB_SEC;