1 PACKAGE fnd_web_sec AUTHID CURRENT_USER AS
2 /* $Header: AFSCJAVS.pls 120.12.12020000.3 2013/03/19 07:39:34 absandhw ship $ */
3 /*#
4 * Security Related Function and APIs.
5 * @rep:scope public
6 * @rep:product FND
7 * @rep:displayname User
8 * @rep:lifecycle active
9 * @rep:compatibility S
10 * @rep:category BUSINESS_ENTITY FND_USER
11 * @rep:ihelp FND/@o_funcsec#o_funcsec See the related online help
12 */
13
14 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
15 -- Please call the fnd_user_pkg.validatelogin wrapper to protect
16 -- against undocumented underlying FND changes.
17 /*
18 * Validate_login
19 * Test a username and password without updating audit tables.
20 * Only use this api to authenticate a user password when you do not
21 * expect that user to login or create a session.
22 *
23 * NOTE: This api only works for LOCAL users (i.e., for users who are
24 * not SSO enabled.)
25 * IN
26 * p_user - username
27 * p_password - password
28 * RETURNS
29 * 'Y' if user/password is valid, 'N' if not
30 * RAISES
31 * Never raises exceptions, returns 'N' with a message on the
32 * message stack if an error is encountered.
33 */
34 /*#
35 * This API tests a username and password without updating audit tables.
36 * @param p_user in varchar2 username
37 * @param p_pwd in varchar2 password
38 * @return 'Y' if the username/password is valid, 'N' if not
39 * @rep:scope public
40 * @rep:lifecycle active
41 * @rep:displayname Validate Login
42 * @rep:compatibility S
43 */
44 FUNCTION validate_login(p_user IN VARCHAR2,
45 p_pwd IN VARCHAR2)
46 return VARCHAR2;
47
48 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
49 --
50 /*
51 * Validate_login
52 * Validate a username and password, and update audit tables with
53 * results. Use this api if the user is expected to login.
54 *
55 * NOTE: This api only works for LOCAL users (i.e., for users who are
56 * not SSO enabled.)
57 * IN
58 * p_user - username
59 * p_password - password
60 * p_loginfrom - flag indicating a login UI was used for access
61 * OUT
62 * p_loginID - Login ID of audit record (if successful)
63 * p_expired - Expiration flag to check whether user's password has expired.
64 * RETURNS
65 * 'Y' if user/password is valid, 'N' if not
66 * RAISES
67 * Never raises exceptions, returns 'N' with a message on the
68 * message stack if an error is encountered.
69 */
70 FUNCTION validate_login(p_user IN VARCHAR2,
71 p_pwd IN VARCHAR2,
72 p_loginID OUT nocopy NUMBER,
73 p_expired OUT nocopy VARCHAR2,
74 p_loginfrom IN VARCHAR2 default null)
75 return VARCHAR2;
76
77 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
78 PROCEDURE unsuccessful_login(userID IN NUMBER);
79
80 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
81 FUNCTION create_user(p_user IN VARCHAR2,
82 p_pwd IN VARCHAR2,
83 p_user_id OUT nocopy NUMBER)
84 RETURN VARCHAR2;
85
86
87 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
88 -- Please call the fnd_user_pkg.changepassword wrapper to protect
89 -- against undocumented underlying FND changes.
90 --
91 -- Changes the password of an applications user after verifying
92 -- the existing pasword. Returns 'Y' on success and 'N' on failure.
93
94 -- Fix bug 5087728. Added fifth argument to specify whether autonomous
95 -- transaction is needed during set_password. Default is TRUE to maintain
96 -- backward compatibility
97 FUNCTION change_password(p_user IN VARCHAR2,
98 p_old_pwd IN VARCHAR2,
99 p_new_pwd1 IN VARCHAR2,
100 p_new_pwd2 IN VARCHAR2,
101 p_autonomous IN BOOLEAN DEFAULT TRUE)
102 RETURN VARCHAR2;
103
104 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
105 -- Please call the fnd_user_pkg.changepassword wrapper to protect
106 -- against undocumented underlying FND changes.
107 --
108 -- Changes the password of an applications user without verifying
109 -- the existing pasword. Returns 'Y' on success and 'N' on failure.
110 --
111 -- Bug 4625235: Added the third parameter p_autonomous with default = TRUE
112 -- So that any existing code calling change_password without the
113 -- third argument, it will function as before.
114 FUNCTION change_password(p_user IN VARCHAR2,
115 p_new_pwd IN VARCHAR2,
116 p_autonomous IN BOOLEAN DEFAULT TRUE)
117
118 RETURN VARCHAR2;
119
120 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
121 FUNCTION upgrade_web_password(p_user IN VARCHAR2,
122 p_enc_web_pwd IN VARCHAR2,
123 p_new_pwd IN VARCHAR2)
124 RETURN VARCHAR2;
125
126 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
127 function validate_password(username in varchar2, password in varchar2)
128 return varchar2;
129
130 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
131 procedure update_no_reuse(username in varchar2, password in varchar2);
132
133 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
134 -- Please call the fnd_user_pkg.getreencryptedpassword wrapper to protect
135 -- against undocumented underlying FND changes.
136 function get_reencrypted_password(username in varchar2,
137 new_key in varchar2,
138 p_mode in varchar2 default null)
139 return varchar2;
140
141 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
142 -- Bug 16448842: This should only be called from fnd_user_pkg.change_user_name and LOADER
143 function set_reencrypted_password(username in varchar2, reencpwd varchar2,
144 new_key in varchar2)
145 return varchar2;
146
147 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
148 function get_op_value(username in varchar2, applsyspwd in varchar2)
149 return varchar2;
150
151
152 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
153 FUNCTION create_oracle_user(p_user IN VARCHAR2,
154 p_pwd IN VARCHAR2,
155 p_newkey IN VARCHAR2,
156 p_user_id OUT nocopy NUMBER)
157 RETURN VARCHAR2;
158
159 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
160 function get_reencrypted_oracle_pwd(username in varchar2,
161 new_key in varchar2)
162 return varchar2;
163
164 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
165 function cvt_reencrypted_oracle_pwd(pwd in varchar2, cur_key in varchar2)
166 return varchar2;
167
168 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
169 function encrypt(key in varchar2, value in varchar2,
170 userid in number default null)
171 return varchar2;
172
173 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
174 function URLEncrypt(key in varchar2, value in varchar2)
175 return varchar2;
176
177 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
178 FUNCTION change_guest_password(p_new_pwd IN VARCHAR2, p_key IN VARCHAR2 default NULL)
179 RETURN VARCHAR2;
180
181 -- bug 4047740 used by loader when creating a new user
182 INVALID_PWD CONSTANT VARCHAR2(25) := '**FND_INVALID_PASSWORD**';
183
184 --bug 4148165 used when creating an SSO User
185 EXTERNAL_PWD CONSTANT VARCHAR2(25) := '**FND_EXTERNAL_PASSWORD**';
186
187 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
188 function encrypt(key in varchar2, value in varchar2,
189 profilePasswordCaseOption in varchar2)
190 return varchar2;
191
192 -- Bug 5892249 fskinner begin
193 SHA_MODE CONSTANT VARCHAR2(4) := 'SHA';
194 MD4_MODE CONSTANT VARCHAR2(4) := 'MD4';
195 MD5_MODE CONSTANT VARCHAR2(4) := 'MD5';
196
197 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
198 function update_no_reuse_function(username in varchar2, password in varchar2)
199 return varchar2;
200
201 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
202 function get_encrypted_passwords(p_user in varchar2, userID in number, p_pwd in varchar2,
203 p_enc_fnd_pwd out nocopy varchar2, p_enc_user_pwd out nocopy varchar2)
204 return varchar2;
205
206 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
207 function get_pwd_enc_mode
208 return varchar2;
209
210 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
211 function start_user_migrate
212 return varchar2;
213
214 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
215 function finish_user_migrate
216 return varchar2;
217
218 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
219 function user_pwd_hash(pwd in varchar2)
220 return varchar2;
221
222 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
223 function encrypt_user_hash( pwdHash in varchar2, userID in number, CaseOpt in varchar2 )
224 return varchar2;
225
226 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
227 function decrypt_user_hash( encUserPwd in varchar2, userID in number, fnd_schema_pwd in varchar2 )
228 return varchar2;
229
230 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
231 procedure put_apps_schema_pwd(oldpwd in varchar2, newpwd in varchar2);
232
233 /*
234 * get_guest_username_pwd
235 * RETURNS
236 * GUEST user's credentials in username/pwd format
237 * If GUEST credentials are defined in VAULT then it fetches from VAULT.
238 * Else, IF the release is less than 12.1, then reads from Profile
239 * ELSE return NULL(in 12.1 and above, profile option value is
240 * desupported)
241 */
242 function get_guest_username_pwd return varchar2;
243
244 /*
245 * verify_guest_user_pwd
246 * RETURNS
247 * TRUE or FALSE
248 * If the GUEST credentials in profile/vault are matching with credentials in
249 * FND_USER, then return TRUE
250 * Else, return FALSE
251 */
252 function verify_guest_user_pwd return boolean;
253
254 -- procedure test_proc;
255 -- procedure test_proc(pwd in varchar2);
256
257 -- Bug 5892249 fskinner end
258
259 -- bug 6767084
260 /*
261 * This function calls the dbms_utility package to retrieve the value
262 * of the sec_case_sensitive_logon parameter from the init.ora.
263 * sec_case_sensitive_logon was introduced in 11g to enable database password
264 * case sensitivity. This api returns 'Y' if case sensitive database passwords
265 * are enabled and 'N' if not, or 'U' if undefined.
266 * We check for this parameter in order to know how to handle the
267 * case of the database password during comparison and encryption.
268 */
269 -- This routine is for AOL INTERNAL USE ONLY !!!!!!!
270 function db_case_sensitive return varchar2;
271
272
273 -- This routine is for ATG INTERNAL USE ONLY !!!!!!!
274 -- created for use by RI-team prod_id 166
275 FUNCTION int_cpass_ora( p_user VARCHAR2,
276 p_new_pwd VARCHAR2) RETURN VARCHAR2;
277
278 -- This routine is for ATG INTERNAL USE ONLY !!!!!!!
279 -- created for use by RI-team prod_id 166
280 FUNCTION int_cpass_sys( p_apps_pwd VARCHAR2,
281 p_new_pwd VARCHAR2) RETURN varchar2;
282
283 END FND_WEB_SEC;