1 PACKAGE dbms_tts IS
2
3 -- TEMPORARY WORKAROUND
4 v_exclude_xmlverify BOOLEAN := FALSE;
5
6 --
7 -- Input formats for passphrase in set_passphrase procedure.
8 --
9 OBFUSCATED CONSTANT PLS_INTEGER := 1; -- obfuscated binary value
10 ENCRYPTED CONSTANT PLS_INTEGER := 2; -- encrypted binary value
11
12 -- This package checks if the transportable set is self-contained. All
13 -- violations are inserted into a temporary table that can be selected from
14 -- view transport_set_violations.
15 --
16 TYPE tablespace_names IS TABLE OF varchar(30) INDEX BY binary_integer;
17
18 -- Table to hole the list of errors from containment checking.
19 v_tts_error$ tts_error_tab := tts_error_tab();
20
21 --++
22 -- Definition: This procedure checks if a tablespace is temporary or if it is
23 -- a tablespace that can not be exported using transportable
24 -- tablespace mode.
25 --
26 -- Inputs: a_tsname - tablespace name
27 -- a_ts_num - tablespace id number
28 -- upcase - allow upcasing of username or not
29 --
30 -- Outputs: None
31 --++
32 PROCEDURE checkTablespace (
33 a_tsname IN varchar2,
34 a_ts_num IN OUT number,
35 upcase IN BOOLEAN DEFAULT FALSE);
36
37 --++
38 -- Definition: This procedure performs a Diffie-Hellman key exchange.
39 -- Data Pump worker process on target system executes this
40 -- procedure over a network link on the remote source system.
41 -- Once this key exchange has taken place, both sides can
42 -- transmit sensitive data securely.
43 --
44 -- Inputs: source_key - public key of the source process. In this
45 -- case "source" refers to the initiator
46 -- of the key exchange, which is the worker
47 -- on the local system.
48 -- Outputs: target_key - public key of the target process. In this
49 -- case "target" refers to the process with
50 -- which the "source" end wishes to exchange
51 -- keys, which is the worker on the remote
52 -- system.
53 -- digest - digest/verifier of the shared key.
54 --
55 -- Possible Exceptions:
56 -- Internal errors
57 --++
58 PROCEDURE dh_key_exchange (
59 source_key IN varchar2,
60 target_key OUT varchar2,
61 digest OUT varchar2);
62
63 --++
64 -- Definition: This procedure sets the passphrase in a package state
65 -- variable. Subsequent calls to get/put protected routines
66 -- can pass the obfuscated passphrase to their respective
67 -- C callouts as needed.
68 --
69 -- Inputs: passphrase - passphrase that is placed in a package
70 -- state variable and passed to the get/put
71 -- protected routines in subsequent calls.
72 -- passphraseFmt - passphrase is either in obfuscated or
73 -- encrypted format. Valid values are:
74 -- - SYS.DBMS_TTS.OBFUSCATED
75 -- - SYS.DBMS_TTS.ENCRYPTED
76 -- If the format is encrypted, this procedure
77 -- decrypts the passphrase and then obfuscates
78 -- it before placing into the package state
79 -- variable. The key used for decrypting
80 -- should have been setup via a previous
81 -- call to dh_key_exchange.
82 --
83 -- Possible Exceptions:
84 -- Internal errors
85 --++
86 PROCEDURE set_passphrase (
87 passphrase IN raw,
88 passphraseFmt IN pls_integer DEFAULT SYS.DBMS_TTS.OBFUSCATED);
89
90 --++
91 -- Definition: This procedure verifies that the tablespace list provided is
92 -- a closed set. Any violations will be stored in the
93 -- sys.tts_error$ table.
94 --
95 -- Inputs: ts_list - comma separated tablespace name list
96 -- incl_constraints - include constraints or not
97 -- full_check - perform a full check or not
98 --
99 -- Outputs: None
100 --++
101 PROCEDURE transport_set_check (
102 ts_list IN clob,
103 incl_constraints IN boolean DEFAULT FALSE,
104 full_check IN boolean DEFAULT FALSE);
105
106 --++
107 -- Definition: This function verifies that the tablespace list provided is
108 -- a closed set. If called from within a datapump job then all
109 -- violations will be in the sys.tts_error$ table and false will
110 -- be returned. Otherwise, false will be returned on the first
111 -- violation detected and no information is stored in the
112 -- sys.tts_error$ table.
113 --
114 -- Inputs: ts_list - comma separated tablespace name list
115 -- incl_constraints - include constraints or not
116 -- full_check - perform a full check or not
117 -- job_type = DATABASE_EXPORT IF FULL TTS
118 -- encryption_password = true if encryption password supplied
119 -- on command line.
120 --
121 -- Outputs: None
122 --
123 -- Return: True if self contained, false if not.
124 --++
125 FUNCTION isSelfContained (
126 ts_list IN clob,
127 incl_constraints IN boolean,
128 full_check IN boolean,
129 job_type IN varchar2 DEFAULT NULL,
130 encryption_password IN BOOLEAN DEFAULT FALSE)
131 RETURN BOOLEAN;
132
133 --
134 -- Description: This procedure checks if the transportable set is compatible
135 -- with the specified char sets. Result is displayed in output.
136 -- Must set serveroutput on.
137 --
138 -- Inputs: ts_list - comma separated tablespace name list
139 -- target_db_char_set_name
140 -- target_db_nchar_set_name
141 --
142 -- Outputs: None
143 --++
144 PROCEDURE transport_char_set_check_msg (
145 ts_list IN CLOB,
146 target_db_char_set_name IN VARCHAR2,
147 target_db_nchar_set_name IN VARCHAR2);
148
149 --
150 -- Description: This procedure adds an error to sys.tts_error$ if the error
151 -- was not already previously added.
152 --
153 -- Inputs: exp_err_num - expected error number
154 -- err_num - error number raised
155 -- err_msg - error text to insert
156 --
157 -- Outputs: None
158 --
159 -- Return: TRUE = expected error -- FALSE = error not expected
160 --++
161 FUNCTION insert_error (
162 exp_err_num IN number,
163 err_num IN number,
164 err_msg IN varchar2)
165 RETURN BOOLEAN;
166
167 --++
168 -- Definition: This function returns TRUE if char set is compatible. msg is
169 -- set to OK or error message.
170 --
171 -- Inputs: ts_list - comma separated tablespace name list
172 -- target_db_char_set_name
173 -- target_db_nchar_set_name
174 --
175 -- Outputs: None
176 --
177 -- Returns: True if compatible, false otherwise
178 --++
179 FUNCTION transport_char_set_check (
180 ts_list IN CLOB,
181 target_db_char_set_name IN VARCHAR2,
182 target_db_nchar_set_name IN VARCHAR2,
183 err_msg OUT VARCHAR2)
184 RETURN BOOLEAN;
185
186 --++
187 -- Procedure: get_protected_ce_tab_key
188 --
189 -- Description: This trusted callout provides an interface to get the
190 -- column encryption table keys in the protected form.
191 -- The table key is extracted from the enc$, unwrapped with the
192 -- Master Key, re-wrapped with the passphrase setup in a previous
193 -- call to dbms_tts.set_passphrase.
194 --
195 -- Inputs: schemaName - schema name
196 -- tableName - table name
197 --
198 -- Outputs: protTableKey - protected table key
199 --
200 -- Note: If not executed within dbms_datapump, it is a no-op.
201 --
202 -- If the procedure is executed successfully, the protected
203 -- table key is returned to the caller.
204 --
205 -- Errors are signaled otherwise.
206 --++
207 -- internal version is the trusted callout, not to be called directly
208 -- by the user
209
210 PROCEDURE get_protected_ce_tab_key (
211 schemaName IN VARCHAR2, -- schema name
212 tableName IN VARCHAR2, -- table name
213 protTableKey OUT RAW); -- protected Table Key
214
215 --++
216 -- Procedure: add_protected_ce_tab_key
217 --
218 -- Description: This trusted callout provides an interface to add the
219 -- column encryption table key to the TDE dictionary table.
220 -- The table key is unwrapped with the passphrase setup in
221 -- a previous call to dbms_tts.set_passphrase, re-wrapped
222 -- with the Master Key and added to enc$.
223 --
224 -- Inputs: schemaName - schema name
225 -- tableName - table name
226 -- protTableKey - protected table key
227 --
228 -- Outputs: None.
229 --
230 -- Note: If not executed within dbms_datapump, it is a no-op.
231 --
232 -- If the procedure is executed successfully, the protected
233 -- table key is added to TDE dictionary table.
234 --
235 -- Errors are signaled otherwise.
236 --++
237 -- internal version is the trusted callout, not to be called directly
238 -- by the user
239
240 PROCEDURE add_protected_ce_tab_key (
241 schemaName IN VARCHAR2, -- schema name
242 tableName IN VARCHAR2, -- table name
243 protTableKey IN RAW); -- protected Table Key
244
245 --++
246 -- Procedure: get_protected_tse_key
247 --
248 -- Description: This trusted callout provides an interface to get the
249 -- tablespace encryption keys in the protected form. The
250 -- TSE key is rewrapped using the passphrase setup in a
251 -- previous call to dbms_tts.set_passphrase.
252 --
253 -- Inputs: tablespaceNumber - tablespace number
254 --
255 -- Outputs: protTablespaceKey - protected tablespace key
256 --
257 -- Note: If not executed within dbms_datapump, it is a no-op.
258 --
259 -- If the procedure is executed successfully, the protected
260 -- tablespace key is returned to the caller.
261 --
262 -- Errors are signaled otherwise.
263 --++
264 -- internal version is the trusted callout, not to be called directly
265 -- by the user
266
267 PROCEDURE get_protected_tse_key (
268 tablespaceNumber IN NUMBER, -- tablespace number
269 protTablespaceKey OUT RAW); -- protected Tablespace Key
270
271 --++
272 -- Description: This procedure provides an interface to rewrap tablespace
273 -- key from a passphrase protected key to target DB wallet
274 -- and write it to the file header
275 -- Must operate on a datafile file before plugin
276 -- Must be executed within the context of dbms_datapump.
277 -- This procedure uses a passphrase setup in a previous
278 -- call to dbms_tts.set_passphrase.
279 --
280 -- Inputs: filename - fully-qualified absolute path datafile name
281 -- protTablespaceKey - protected tablespace key
282 --
283 -- Outputs: None
284 -- If the procedure executed successfully, the tablespace key
285 -- in the file header has been rewrapped by the target DB
286 -- wallet and is ready to be plugged in.
287 --
288 -- Errors are signaled otherwise.
289 --++
290
291 PROCEDURE put_protected_tse_key (
292 filename IN VARCHAR2, -- data file name
293 protTablespaceKey IN RAW); -- protected Tablespace Key
294
295 --++
296 -- Procedure: get_afn_dbid
297 --
298 -- Description: This trusted callout gets the absolute file number and the
299 -- database id for a given file
300 --
301 -- Inputs: datafile
302 --
303 -- Outputs: absolute file number
304 -- database id
305 --
306 -- Note: If not executed within dbms_datapump, it is a no-op.
307 --
308 -- Errors are signaled otherwise.
309 --++
310 PROCEDURE get_afn_dbid (
311 fn IN VARCHAR2, -- filename
312 afn OUT NUMBER, -- absolute file number
313 dbid OUT NUMBER); -- database id
314
315 --++
316 -- Description: NULL
317 --
318 -- Inputs: None
319 --
320 -- Outputs: None
321 --++
322 PROCEDURE downgrade;
323
324 --++
325 -- Definition: This function queries the pl/sql table and pipelines it to
326 -- look like a sql table.
327 --
328 -- Inputs: None
329 --
330 -- Outputs: None
331 --++
332 FUNCTION tab_func_error RETURN sys.tts_error_tab pipelined;
333
334
335 /*******************************************************************
336 ** Possible Exceptions **
337 *******************************************************************/
338
339 ts_not_found EXCEPTION;
340 PRAGMA exception_init (ts_not_found, -29304);
341 ts_not_found_num NUMBER := -29304;
342
343 invalid_ts_list EXCEPTION;
344 PRAGMA exception_init (invalid_ts_list, -29346);
345 invalid_ts_list_num NUMBER := -29346;
346
347 sys_or_tmp_ts EXCEPTION;
348 PRAGMA exception_init (sys_or_tmp_ts, -29351);
349 sys_or_tmp_ts_num NUMBER := -29351;
350
351 encpwd_error EXCEPTION;
352 PRAGMA exception_init (encpwd_error, -39330);
353 encpwd_error_num NUMBER := -39330;
354
355 /*******************************************************************
356 ** Trusted callouts **
357 *******************************************************************/
358
359 END dbms_tts;