[Home] [Help]
PACKAGE BODY: APPS.FND_SSO_REGISTRATION
Source
1 PACKAGE BODY FND_SSO_REGISTRATION AS
2 /* $Header: AFSCORGB.pls 120.11.12010000.8 2009/09/09 21:12:39 ctilley ship $*/
3 -- package internal globals
4 G_MODULE_SOURCE constant varchar2(80) := 'fnd.plsql.oid.fnd_sso_registration.';
5
6 /* TDA */
7
8 type permited_operation is record (
9 enabled boolean,
10 identity_add varchar2(4000),
11 identity_update varchar2(4000),
12 identity_delete varchar2(4000),
13 subscription_add varchar2(4000),
14 subscription_delete varchar2(4000),
15 subscription_update varchar2(4000) );
16
17 type realm_type is RECORD (
18 seq pls_integer ,
19 guid raw(16),
20 dn varchar2(4000) ,
21 loaded boolean,
22 appsToOiD permited_operation,
23 oidToApps permited_operation,
24 ldap_data FND_LDAP_UTIL.ldap_record_type
25 )
26 ;
27
28 type realm_table_type is table of realm_type index by binary_integer;
29
30 realm_table realm_table_type;
31
32 defaultRealm_cache varchar2(200) := null;
33
34 /*
35 ** Name : getAttribute
36 ** Type : Private
37 ** Desc : returns the first value of an OiD attribute
38 ** Parameters :
39 ** ldap: ldap sesion
40 ** dn : OiD Entry
41 ** attrName: attributeName
42 ** filterExp: additional filter.
43 ** Exceptions: DBMS_LDAP exceptions
44 ** NOte that this DBMS_LDAP exception maybe risen by other reasons
45 **
46 */
47 function getAttribute(ldap in out nocopy dbms_ldap.session,dn in varchar2, attrName in varchar2, filterExp in varchar2 default 'objectclass=*')
48 return varchar2
49 is
50 result pls_integer;
51 l_attrs dbms_ldap.string_collection;
52 l_message dbms_ldap.message := NULL;
53 l_entry dbms_ldap.message := NULL;
54 l_result varchar2(4000);
55
56 BEGIN
57 l_attrs(0):= attrName;
58 result := dbms_ldap.search_s(ld => ldap
59 , base => dn
60 , scope => dbms_ldap.SCOPE_BASE
61 , filter => filterExp
62 , attrs => l_attrs
63 , attronly => 0
64 , res => l_message);
65 l_entry := dbms_ldap.first_entry(ldap, l_message);
66 if (l_entry is null ) then
67 return null;
68 end if;
69 l_attrs := dbms_ldap.get_values(ldap, l_entry, attrName);
70 l_result := l_attrs(0);
71 return l_result;
72 -- Bug 6129943
73 exception when dbms_ldap.general_error then
74 return null;
75 when others then
76 raise;
77 END getAttribute;
78
79
80 /*
81 ** Name : parse_ops
82 ** Type : Private
83 ** Desc : Retrive povisioning profile attributes and parse it into INTERNAL TDA.
84 ** Parameters :
85 ** ldap: ldap sesion
86 ** dn : OiD Entry
87 ** attrName: attributeName - multivalued
88 ** Exceptions: DBMS_LDAP exceptions
89 ** NOte that this DBMS_LDAP exception maybe risen by other reasons
90 **
91 */
92 function parse_ops(ldap in out nocopy dbms_ldap.session, dn in varchar2, attrname in varchar2)
93 return permited_operation
94 is
95 r permited_operation;
96 l_result pls_integer;
97 l_attrs dbms_ldap.string_collection;
98 l_entry dbms_ldap.message;
99 l_message dbms_ldap.message;
100 vals dbms_ldap.string_collection;
101 i pls_integer;
102 i1 pls_integer;
103 i2 pls_integer;
104 i3 pls_integer;
105 i4 pls_integer;
106 ent varchar2(100);
107 op varchar2(100);
108 lista varchar2(4000);
109 v2 varchar2(4000);
110 invalid_operation exception;
111 PRAGMA EXCEPTION_INIT (invalid_operation, -20002);
112
113 begin
114 r.identity_add :=null;
115 r.identity_update :=null;
116 r.identity_delete :=null;
117 r.subscription_add :=null;
118 r.subscription_delete :=null;
119 r.subscription_update:=null;
120 r.enabled := true; -- else this method shouldn't had been called
121 l_attrs(0) := attrname;
122 l_result := dbms_ldap.search_s(ld => ldap,
123 base => dn,
124 scope => dbms_ldap.SCOPE_BASE,
125 filter => 'objectclass=*',
126 attrs => l_attrs,
127 attronly => 0,
128 res => l_message);
129 l_entry := dbms_ldap.first_entry(ldap,l_message);
130 vals := dbms_ldap.get_values(ldap,l_entry,attrname);
131 for i in vals.first..vals.last loop
132 v2 :=vals(i);
133 i1 := instr(vals(i),':',1);
134 i2 := instr(vals(i),':',i1+1);
135 ent := substr(vals(i),1,i1-1);
136 v2 := substr(vals(i),i2+1);
137 i3 := instr(v2,'(',1);
138 if (i3=0) then
139 op := v2;
140 lista := '*';
141 else
142 op := substr(v2,1,i3-1);
143 i4 := instr(v2,')',i3);
144 lista := ','||replace(substr(v2,i3+1,i4-i3-1),' ','')||',';
145 if (lista=',*,') then lista:='*'; end if;
146 end if;
147 if (ent='IDENTITY') THEN
148 if (op='ADD') THEN
149 r.identity_add := lista;
150 elsif(op='MODIFY') then
151 r.identity_update := lista;
152 elsif (op='DELETE') then
153 r.identity_delete := lista;
154 else
155 raise invalid_operation;
156 end if;
157 ELSIF (ent='SUBSCRIPTION') THEN
158 if (op='ADD') THEN
159 r.subscription_add := lista;
160 elsif (op='MODIFY') THEN
161 r.subscription_update := lista;
162 elsif (op='DELETE') THEN
163 r.subscription_delete := lista;
164 else
165 raise invalid_operation;
166 end if;
167 else
168 raise invalid_operation;
169 END IF;
170 end loop;
171 return r;
172 end parse_ops;
173
174
175 /*
176 ** Name : load_realm
177 ** Type : Private
178 ** Desc : Load a realm pemited operations into cache
179 ** Parameters :
180 ** r : realm. The filed r.dn is used to start
181 ** dn : OiD Entry
182 ** attrName: attributeName - multivalued
183 ** Exceptions: DBMS_LDAP exceptions,
184 ** NO_DATA_FOUND : if the dn is not at realm.
185 **
186 */
187
188 procedure load_realm( r in out nocopy realm_type)
189
190 is
191 flag pls_integer;
192 ldap dbms_ldap.session;
193 appdn varchar2(4000);
194 appguid raw(16);
195 provProfileDn varchar2(4000);
196 guid raw(16);
197 provStatus varchar2(1000);
198 l_result pls_integer;
199 l_module_source varchar2(4000);
200 l_session_flag boolean := false;
201 begin
202 l_module_source := G_MODULE_SOURCE||'load_realm';
203
204 if (fnd_log.LEVEL_PROCEDURE >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
205 then
206 fnd_log.string(fnd_log.LEVEL_PROCEDURe, l_module_source, 'BEGIN' );
207 end if;
208 ldap := fnd_ldap_util.c_get_oid_session(flag);
209 l_session_flag := true; /* fix for bug 8271359 */
210 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
211 then
212 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'DN='||r.dn );
213 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'l_session_flag = true ' );
214 end if;
215
216 r.guid := getAttribute(ldap,r.dn,'orclGuid');
217 IF NOT FND_LDAP_UTIL.loadldaprecord(ldap,r.ldap_data.data,r.ldap_data.dn,'cn=Common,cn=Products,cn=OracleContext,'||r.dn,FND_LDAP_UTIL.G_DN_KEY) THEN
218 -- cannot find the specified REalm
219 if (fnd_log.LEVEL_UNEXPECTED >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
220 then
221 fnd_log.string(fnd_log.LEVEL_UNEXPECTED, 'FND_SSO_REGISTRATION.load_realm', 'Requested Realm not found dn="'||r.dn||'"');
222 end if;
223 raise no_data_found;
224 END IF;
225
226 if (r.guid is null) then
227 raise no_data_found;
228 end if;
229 appdn := fnd_ldap_util.get_orclappname;
230 appguid :=fnd_ldap_util.get_guid_for_dn(ldap,appdn);
231 provProfileDn := 'orclODIPProfileName='||r.guid||'_'||appguid||',cn=Provisioning Profiles, cn=Changelog Subscriber, cn=Oracle Internet Directory';
232 -- does the provisioning profile exists
233 provStatus := getAttribute(ldap,provProfileDn,'orclStatus','objectclass=orclODIPProvisioningIntegrationProfileV2');
234 if (provStatus is null or provStatus<>'ENABLED')
235 then
236 r.appsToOiD.enabled := false;
237 r.oidToApps.enabled := false;
238 else
239 -- OID->Apps
240 provStatus := getAttribute(ldap,'cn=OIDToApplication,'||provProfileDn,'orclStatus');
241 if (provStatus is null or provStatus<>'ENABLED')
242 then
243 r.oidToApps.enabled := false;
244 else
245 r.oidToApps := parse_ops(ldap, 'cn=OIDToApplication,'||provProfileDn, 'orclodipprovisioningeventsubscription');
246 end if;
247 -- Apps->OiD
248 provStatus := getAttribute(ldap,'cn=ApplicationToOID,'||provProfileDn,'orclStatus');
249 if (provStatus is null or provStatus<>'ENABLED')
250 then
251 r.appsToOiD.enabled := false;
252 else
253 r.appsToOiD := parse_ops(ldap, 'cn=ApplicationToOID,'||provProfileDn, 'orclodipprovisioningeventpermittedoperations');
254 end if;
255 end if;
256 fnd_ldap_util.c_unbind(ldap,flag);
257 l_session_flag := false;
258 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
259 then
260 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'l_session_flag : = false ' );
261 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'LDAP SESSION CLOSED NORMALLY : ' );
262 end if;
263 r.loaded := true;
264 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
265 then
266 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'END');
267 end if;
268 exception
269 when others then
270 if (fnd_log.LEVEL_EXCEPTION >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
271 then
272 fnd_log.string(fnd_log.LEVEL_EXCEPTION, l_module_source, sqlerrm);
273 end if;
274 /* Fix for 8271359*/
275 if l_session_flag = true then
276
277 if (fnd_log.LEVEL_ERROR >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
278 then
279 fnd_log.string(fnd_log.LEVEL_ERROR, l_module_source, 'LDAP SESSION closing in EXCEPTION BLOCK - START ' );
280 end if;
281
282 fnd_ldap_util.c_unbind(ldap,flag);
283
284 if (fnd_log.LEVEL_ERROR >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
285 then
286 fnd_log.string(fnd_log.LEVEL_ERROR, l_module_source, 'LDAP SESSION closed in EXCEPTION BLOCK - END ');
287 end if;
288 end if;
289 raise;
290 end load_realm;
291
292
293 /*
294 ** Name : load_realm
295 ** Type : Private
296 ** Desc : Given a DN , try to load realm definitions, if it succeed then add is to the cache.
297 ** Parameters :
298 ** r : realm. The filed r.dn is used to start
299 ** dn : OiD Entry
300 ** attrName: attributeName - multivalued
301 ** Exceptions: DBMS_LDAP exceptions,
302 ** NO_DATA_FOUND : if the dn is not at realm.
303 **
304 */
305
306 function add_realm(dn in varchar2) return pls_integer
307 is
308 i pls_integer ;
309 r realm_type;
310 begin
311 i:= realm_table.count;
312 r.dn := dn;
313 r.seq := i;
314 r.guid :=null;
315 load_realm(r);
316 if (r.loaded) then
317 realm_table(i):=r;
318 end if;
319 return i;
320 end add_realm;
321
322 FUNCTION isSon
323 (son IN VARCHAR2,
324 parent IN VARCHAR2)
325 RETURN BOOLEAN
326 IS
327 l1 dbms_ldap.string_collection := dbms_ldap.explode_dn(upper(son),0);
328 l2 dbms_ldap.string_collection := dbms_ldap.explode_dn(upper(parent),0);
329 d pls_integer;
330 i pls_integer;
331 BEGIN
332 d := l1.count - l2.count;
333 i := l1.count -1;
334 WHILE (i>=d) AND (l1(i)=l2(i-d))
335 LOOP
336 i:= i-1;
337 END LOOP;
338 RETURN (i<d);
339 END isSon;
340
341 function getUserRealmIndex(dn in varchar2)
342 return pls_integer
343 is
344 searchBase dbms_ldap.string_collection;
345 BEGIN
346 for r in realm_table.first .. realm_table.last loop
347 begin
348 searchBase := getRealmSearchBaseList(r);
349 for i in searchBase.first .. searchBase.last loop
350 if (isSon(dn,searchBase(i))) then
351 return r;
352 end if;
353 end loop;
354 EXCEPTION WHEN OTHERS THEN NULL;
355 END;
356 end loop;
357 return -1;
358 END getUserRealmIndex;
359
360 function getRealmSearchBaseList( realm_idx in pls_integer ) return dbms_ldap.string_collection
361 is
362
363 emptyCollection dbms_ldap.string_collection;
364 ret dbms_ldap.string_collection;
365 BEGIN
366 if (realm_idx>=0) THEN
367 ret:= realm_table(realm_idx).ldap_data.data('orclcommonusersearchbase');
368 return ret;
369 else
370 return emptyCollection;
371 END IF;
372 END getRealmSearchBaseList;
373
374
375 function find_realm_index(dn in varchar2) return pls_integer
376 is
377 i pls_integer ;
378 begin
379 if (realm_table.count>0) then
380 for i in realm_table.first .. realm_table.last loop
381 if (realm_table(i).dn = dn) then
382 return i;
383 end if;
384 end loop;
385 end if;
386 return -1;
387 end find_realm_index;
388
389 /*
390 ** Name : find_realm
391 ** Type : Private
392 ** Desc : Given a DN , returns its index in the cache realm_table.
393 ** If is not in the cache, will call add_realm.
394 ** Parameters :
395 ** dn : OiD Entry
396 ** Exceptions: DBMS_LDAP exceptions,
397 ** NO_DATA_FOUND : if the dn is not at realm.
398 **
399 */
400
401 function find_realm(dn in varchar2) return pls_integer
402 is
403 i pls_integer ;
404 begin
405 i := find_realm_index(dn);
406 if (i=-1) THEN
407 return add_realm(dn);
408 ELSE
409 return i;
410 END IF;
411 end find_realm;
412
413 function find_realm(idx in pls_integer) return varchar2
414 is
415
416 begin
417 if (realm_table.exists(idx)) THEN
418 return realm_table(idx).dn;
419 ELSE
420 return null;
421 END IF;
422
423 end find_realm;
424
425 function get_realm_data ( realm_idx in pls_integer ) return FND_LDAP_UTIL.ldap_record_type
426 is
427 BEGIN
428 if (realm_table.exists(realm_idx) ) then
429 return realm_table(realm_idx).ldap_data;
430 ELSE
431 return null;
432 END IF;
433 end get_realm_data;
434
435 function get_realm_attribute( realm_idx in pls_integer,
436 attName in varchar2, att_idx in pls_integer default 0 ) return varchar2
437 is
438 l FND_LDAP_UTIL.ldap_record_type;
439 BEGIN
440 l := get_realm_data(realm_idx);
441 if (l.data.exists(lower(attName)) ) THEN
442 return l.data(lower(attName))(att_idx);
443
444 END IF;
445 return null;
446
447 END get_realm_attribute;
448
449 function get_realm_attribute( realmDN in varchar2,
450 attName in varchar2, att_idx in pls_integer default 0 ) return varchar2
451 is
452 idx pls_integer;
453 BEGIN
454 idx := find_realm_index(realmDN);
455 return get_realm_attribute(idx,attName,att_idx);
456 END get_realm_attribute;
457
458 --
459 ---------------------------------------------
460
461 /*
462 ** Name : requestedRealm
463 ** Type : Private
464 ** Desc : a user_name anda realm_dn (maybe both null) returns the realm to use
465 ** requestedRealm
466 */
467 function requestedRealm(p_user_name in varchar2, p_realm_dn in varchar2) return varchar2
468 is
469 begin
470 if (p_user_name is not null) then
471 return fnd_oid_plug.getRealmDN(p_user_name);
472 elsif (p_realm_dn is not null) then
473 return p_realm_dn;
474 else
475 return fnd_oid_plug.get_default_realm;
476 end if;
477 end requestedRealm;
478 --
479 ----------------------------------------------------
480
481
482 /*
483 ** Name : check_operation
484 ** Type : Private
485 ** Desc : Old usage of is_operation_allowed, when no direction or entity is given.
486 */
487
488 function check_operation( allowed_op in out nocopy permited_operation, op in pls_integer )
489 return pls_integer
490 is
491 res boolean;
492 l_module_source varchar2(4000):= G_MODULE_SOURCE||'check_operation';
493 BEGIN
494
495 res := false;
496 if allowed_op.enabled then
497 case op
498 WHEN fnd_ldap_wrapper.G_CREATE THEN res:= (allowed_op.identity_add is not null ) and (allowed_op.subscription_add is not null) ;
499 WHEN fnd_ldap_wrapper.G_UPDATE THEN res:= (allowed_op.identity_update is not null ) and (allowed_op.subscription_update is not null) ;
500 WHEN fnd_ldap_wrapper.G_MODIFY THEN res:= (allowed_op.identity_update is not null ) and (allowed_op.subscription_update is not null) ;
501 WHEN fnd_ldap_wrapper.G_DELETE THEN res:= (allowed_op.identity_delete is not null ) and (allowed_op.subscription_delete is not null) ;
502 ELSE
503
504 if (fnd_log.LEVEL_UNEXPECTED >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
505 then
506 fnd_log.string(fnd_log.LEVEL_UNEXPECTED, l_module_source, 'Invalid operation: op='||op);
507 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL) THEN
508 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid opertaion fnd_ldap_wrapper.G_CREATE ='||fnd_ldap_wrapper.G_CREATE );
509 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid opertaion fnd_ldap_wrapper.G_UPDATE ='||fnd_ldap_wrapper.G_UPDATE );
510 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid opertaion fnd_ldap_wrapper.G_MODIFY ='||fnd_ldap_wrapper.G_MODIFY );
511 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid opertaion fnd_ldap_wrapper.G_DELETE ='||fnd_ldap_wrapper.G_DELETE );
512
513 end if;
514 end if;
515
516 raise case_not_found;
517 END CASE;
518
519 END if;
520
521 if res then
522 return fnd_ldap_util.G_SUCCESS;
523 else
524 return fnd_ldap_util.G_FAILURE;
525 end if;
526
527 END check_operation;
528 --
529 -------------------------------------------------------------------------------
530 function is_in_list( atr in varchar2, at_list in varchar2)
531 return pls_integer
532 is
533 i pls_integer;
534 j pls_integer;
535 s varchar2(2000);
536 v_atr varchar2(4000);
537 v_at_list varchar2(4000);
538 is_present boolean := true;
539 l_module_source varchar2(4000);
540
541 begin
542 l_module_source := G_MODULE_SOURCE||'is_in_list';
543
544 if (at_list is null) then
545 return fnd_ldap_util.G_FAILURE;
546 end if;
547
548 if (at_list = '*') then
549 return fnd_ldap_util.G_SUCCESS;
550 end if;
551
552 -- Bug 8657894 - lowering attributes to ensure no case sensitivity
553 v_atr := lower(atr);
554 v_at_list := lower(at_list);
555
556 i:= 1;
557 j:= instr(v_atr,',');
558 if (j=0) then
559 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL) THEN
560 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source,'One attribute passed: '||v_atr);
561 end if;
562 -- Bug 8764215 - return success when an attribute is found, else keep processing
563 -- the rest of the attributes in the list. Added additional logging.
564
565 if (instr(v_at_list,v_atr) > 0) then
566 return fnd_ldap_util.G_SUCCESS;
567 else
568 return fnd_ldap_util.G_FAILURE;
569 end if;
570 else
571 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL) THEN
572 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source,'Multiple attributes passed: '||v_atr);
573 end if;
574
575 s := substr(v_atr,i,j-i);
576 loop
577 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL) THEN
578 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source,'Check for attribute '||s);
579 end if;
580
581 -- Bug 8764215 - looking for the attribute in the list. May or may not be surrounded by commas
582 -- return success once an attribute is found, else keep processing the rest of the attributes
583 -- in the list. Added additional logging.
584
585
586 if (instr(','||v_at_list||',',','||s||',')>0) then
587 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL) THEN
588 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source,'Attribute is in list '||s);
589 end if;
590
591 return fnd_ldap_util.G_SUCCESS;
592 -- return fnd_ldap_util.G_FAILURE;
593 else
594 is_present := false;
595 end if;
596 exit when j =0;
597 i:=j+1;
598 j:=instr(v_atr,',',i);
599 if (j=0) then
600 s:= substr(v_atr,i);
601 else
602 s := substr(v_atr,i,j-i);
603 end if;
604 end loop;
605 end if;
606 if (is_present) then
607 return fnd_ldap_util.G_SUCCESS;
608 else
609 return fnd_ldap_util.G_FAILURE;
610 end if;
611 END is_in_list;
612 --
613 -------------------------------------------------------------------------------
614 procedure is_operation_allowed(p_operation in pls_integer,
615 x_fnd_user out nocopy pls_integer,
616 x_oid out nocopy pls_integer,
617 p_user_name in varchar2 default null,
618 p_realm_dn in varchar2 default null
619 ) is
620 l_module_source varchar2(256);
621 l_realm_dn varchar2(4000);
622 l_index pls_integer;
623 begin
624 l_module_source := G_MODULE_SOURCE || 'is_operation_allowed: ';
625 if (fnd_log.LEVEL_PROCEDURE >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
626 then
627 fnd_log.string(fnd_log.LEVEL_PROCEDURE, l_module_source, 'Begin');
628 end if;
629
630 l_realm_dn := requestedRealm(p_user_name,p_realm_dn);
631 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
632 then
633 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'realm:'||l_realm_dn);
634 end if;
635
636 l_index := find_realm(l_realm_dn);
637
638 x_fnd_user := check_operation(realm_table(l_index).appsToOiD,p_operation);
639 x_oid := check_operation(realm_table(l_index).oidToApps,p_operation);
640
641
642 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
643 then
644 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source,'out values x_fnd_user: '||x_fnd_user||' x_oid: '||x_oid);
645 end if;
646
647 if (fnd_log.LEVEL_PROCEDURE >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
648 then
649 fnd_log.string(fnd_log.LEVEL_PROCEDURE, l_module_source, 'End');
650 end if;
651
652 exception when others then
653 if (fnd_log.LEVEL_ERROR >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
654 then
655 fnd_log.string(fnd_log.LEVEL_ERROR, l_module_source, sqlerrm);
656 end if;
657 raise;
658 end is_operation_allowed;
659
660 procedure is_operation_allowed(p_direction in pls_integer default FND_LDAP_WRAPPER.G_EBIZ_TO_OID,
661 p_entity in pls_integer,
662 p_operation in pls_integer,
663 p_attribute in out nocopy varchar2,
664 x_fnd_user out nocopy pls_integer,
665 x_oid out nocopy pls_integer ,
666 p_user_name in varchar2 default null,
667 p_realm_dn in varchar2 default null) is
668 l_module_source varchar2(256);
669 l_attr_present boolean := FALSE;
670 l_list varchar2(4000);
671 l_realm_dn varchar2(4000);
672 l_index pls_integer;
673 l_allowed permited_operation;
674 begin
675 x_fnd_user :=fnd_ldap_util.G_SUCCESS;
676 x_oid := fnd_ldap_util.G_FAILURE;
677 l_module_source := G_MODULE_SOURCE || 'is_operation_allowed: ';
678 if (fnd_log.LEVEL_PROCEDURE >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
679 then
680 fnd_log.string(fnd_log.LEVEL_PROCEDURE, l_module_source, 'Begin');
681 end if;
682
683 l_realm_dn := requestedRealm(p_user_name,p_realm_dn);
684 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
685 then
686 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'realm:'||l_realm_dn);
687 end if;
688
689 l_index := find_realm(l_realm_dn);
690 CASE p_direction
691 WHEN fnd_ldap_wrapper.G_EBIZ_TO_OID then l_allowed := realm_table(l_index).appsToOiD;
692 WHEN fnd_ldap_wrapper.G_OID_TO_EBIZ then l_allowed := realm_table(l_index).OidToApps;
693 ELSE
694 if (fnd_log.LEVEL_UNEXPECTED >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
695 then
696 fnd_log.string(fnd_log.LEVEL_UNEXPECTED, l_module_source, 'Invalid direction:'||p_direction);
697 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
698 then
699 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid direction fnd_ldap_wrapper.G_EBIZ_TO_OID ='||fnd_ldap_wrapper.G_EBIZ_TO_OID );
700 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid opertaion fnd_ldap_wrapper.G_OID_TO_EBIZ ='||fnd_ldap_wrapper.G_OID_TO_EBIZ );
701 end if;
702 end if;
703 raise case_not_found;
704 END CASE;
705 if (NOT l_allowed.enabled) then
706 x_oid := fnd_ldap_util.G_FAILURE;
707 else
708 if(p_entity = fnd_ldap_wrapper.G_IDENTITY) THEN
709 CASE p_operation
710 WHEN fnd_ldap_wrapper.G_ADD THEN l_list := l_allowed.identity_add;
711 WHEN fnd_ldap_wrapper.G_UPDATE THEN l_list := l_allowed.identity_update;
712 WHEN fnd_ldap_wrapper.G_MODIFY THEN l_list := l_allowed.identity_update;
713 WHEN fnd_ldap_wrapper.G_DELETE THEN l_list := l_allowed.identity_delete;
714 ELSE
715 if (fnd_log.LEVEL_UNEXPECTED >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
716 then
717 fnd_log.string(fnd_log.LEVEL_UNEXPECTED, l_module_source, 'Invalid operation:'||p_operation);
718 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL) then
719 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid direction fnd_ldap_wrapper.G_ADD ='||fnd_ldap_wrapper.G_ADD );
720 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid direction fnd_ldap_wrapper.G_UPDATE ='||fnd_ldap_wrapper.G_UPDATE );
721 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid direction fnd_ldap_wrapper.G_MODIFY ='||fnd_ldap_wrapper.G_MODIFY );
722 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid direction fnd_ldap_wrapper.G_DELETE ='||fnd_ldap_wrapper.G_DELETE );
723 end if;
724 end if;
725
726 raise case_not_found;
727 END CASE;
728
729 ELSIF (p_entity = fnd_ldap_wrapper.G_SUBSCRIPTION) THEN
730 CASE p_operation
731 WHEN fnd_ldap_wrapper.G_ADD THEN l_list := l_allowed.subscription_add;
732 WHEN fnd_ldap_wrapper.G_UPDATE THEN l_list := l_allowed.subscription_update;
733 WHEN fnd_ldap_wrapper.G_MODIFY THEN l_list := l_allowed.subscription_update;
734 WHEN fnd_ldap_wrapper.G_DELETE THEN l_list := l_allowed.subscription_delete;
735 ELSE
736 if (fnd_log.LEVEL_UNEXPECTED >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
737 then
738 fnd_log.string(fnd_log.LEVEL_UNEXPECTED, l_module_source, 'Invalid operation:'||p_operation);
739 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL) then
740 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid direction fnd_ldap_wrapper.G_ADD ='||fnd_ldap_wrapper.G_ADD );
741 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid direction fnd_ldap_wrapper.G_UPDATE ='||fnd_ldap_wrapper.G_UPDATE );
742 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid direction fnd_ldap_wrapper.G_MODIFY ='||fnd_ldap_wrapper.G_MODIFY );
743 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Valid direction fnd_ldap_wrapper.G_DELETE ='||fnd_ldap_wrapper.G_DELETE );
744 end if;
745 end if;
746
747 raise case_not_found;
748 END CASE;
749
750 ELSE
751 raise case_not_found;
752 END IF;
753 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL) then
754 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'Call is_in_list for: '||p_attribute);
755 end if;
756 x_oid := is_in_list(p_attribute, l_list);
757 end if;
758
759 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
760 then
761 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source,
762 'out values x_fnd_user: '||x_fnd_user||' x_oid: '||x_oid);
763 end if;
764
765
766 if (fnd_log.LEVEL_PROCEDURE >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
767 then
768 fnd_log.string(fnd_log.LEVEL_PROCEDURE, l_module_source, 'End');
769 end if;
770
771 exception when others then
772 if (fnd_log.LEVEL_ERROR >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
773 then
774 fnd_log.string(fnd_log.LEVEL_ERROR, l_module_source, sqlerrm);
775 end if;
776 raise;
777 end is_operation_allowed;
778
779
780 procedure get_user_or_site_profile ( profile_name in varchar2 ,
781 user_name_z in varchar2 default null ,
782 val_z out nocopy varchar2 ,
783 defined_z out nocopy boolean )
784 is
785 l_done boolean;
786 l_user_id FND_USER.USER_ID%TYPE;
787 BEGIN
788 val_z:= null;
789 defined_z := false;
790 if (profile_name is null ) then
791 return;
792 end if;
793
794 if (user_name_z is not null) then
795 BEGIN
796 SELECT USER_ID into l_user_id from FND_USER
797 WHERE user_name=user_name_z;
798 EXCEPTION WHEN NO_DATA_FOUND THEN
799 l_user_id := -1;
800 END;
801 else
802 l_user_id := -1;
803 end if;
804
805 fnd_profile.GET_SPECIFIC(
806 NAME_Z => upper(profile_name),
807 USER_ID_Z => l_user_id,
808 RESPONSIBILITY_ID_Z => -1,
809 APPLICATION_ID_Z => -1,
810 VAL_Z=>val_z,
811 DEFINED_Z=>defined_z,
812 ORG_ID_Z=>-1,
813 SERVER_ID_Z =>-1);
814
815 END get_user_or_site_profile;
816
817 function getGuidRealm(l_guid FND_USER.user_guid%type) return varchar2
818 IS
819 ldap dbms_ldap.session;
820 realm_idx pls_integer;
821 dn varchar2(4000);
822 flag pls_integer;
823 l_module_source varchar2(1000);
824 l_session_flag boolean := false;
825 /*
826 realm varchar2(4000);
827 */
828 BEGIN
829 l_module_source := G_MODULE_SOURCE || 'getGuidRealm: ';
830 ldap := fnd_ldap_util.c_get_oid_session(flag);
831 l_session_flag := true; /* fix for bug 8271359 */
832 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
833 then
834 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'l_session_flag = true ' );
835 end if;
836
837 dn := FND_LDAP_UTIL.get_dn_for_guid(l_guid,ldap);
838 realm_idx := getUserRealmIndex(dn);
839
840 -- Bug 8661715 Potential ldap leak
841 fnd_ldap_util.c_unbind(ldap,flag);
842 l_session_flag := false;
843 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL) then
844 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'l_session_flag : = false ' );
845 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'LDAP SESSION CLOSED NORMALLY : ' );
846 end if;
847
848 return realm_table(realm_idx).dn;
849
850 EXCEPTION WHEN OTHERS THEN
851 if (l_session_flag = true) then
852 if (fnd_log.LEVEL_ERROR >= fnd_log.G_CURRENT_RUNTIME_LEVEL) then
853 fnd_log.string(fnd_log.LEVEL_ERROR, l_module_source, 'LDAP SESSION closing in EXCEPTION BLOCK - START ' );
854 end if;
855
856 fnd_ldap_util.c_unbind(ldap,flag);
857
858 if (fnd_log.LEVEL_ERROR >= fnd_log.G_CURRENT_RUNTIME_LEVEL) then
859 fnd_log.string(fnd_log.LEVEL_ERROR, l_module_source, 'LDAP SESSION closed in EXCEPTION BLOCK - END ');
860 end if;
861 end if;
862 if (fnd_log.LEVEL_EXCEPTION >= fnd_log.G_CURRENT_RUNTIME_LEVEL) then
863 fnd_log.string(fnd_log.LEVEL_EXCEPTION, l_module_source, 'END -> EXCEPTION WHEN OTHERS');
864 end if;
865 END getGuidRealm;
866
867
868
869
870 function getDefaultRealm(ldap in out nocopy dbms_ldap.session )
871 return varchar2
872 IS
873 flag pls_integer;
874 l_module_source varchar2(1000) ;
875 l_session_flag boolean := false;
876
877 BEGIN
878 l_module_source := G_MODULE_SOURCE || 'getDefaultRealm - session: ';
879
880 IF (defaultRealm_cache is null) THEN
881
882 if (ldap is null) then
883 ldap := fnd_ldap_util.c_get_oid_session(flag);
884 l_session_flag := true; /* fix for bug 8271359 */
885
886 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL) then
887 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'l_session_flag = true ' );
888 end if;
889 end if;
890
891 defaultRealm_cache := fnd_ldap_util.getLDAPAttribute(ldap,'cn=Common,cn=Products,cn=OracleContext','OrclDefaultSubscriber');
892
893 if (l_session_flag=true) then
894 fnd_ldap_util.c_unbind(ldap,flag);
895 l_session_flag := false;
896
897 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL) then
898 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'l_session_flag : = false ' );
899 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'LDAP SESSION CLOSED NORMALLY : ' );
900 end if;
901 end if;
902
903 END IF;
904
905 return defaultRealm_cache;
906
907 EXCEPTION WHEN OTHERS THEN
908 if l_session_flag = true then
909 if (fnd_log.LEVEL_ERROR >= fnd_log.G_CURRENT_RUNTIME_LEVEL) then
910 fnd_log.string(fnd_log.LEVEL_ERROR, l_module_source, 'LDAP SESSION closing in EXCEPTION BLOCK - START ' );
911 end if;
912 fnd_ldap_util.c_unbind(ldap,flag);
913
914 if (fnd_log.LEVEL_ERROR >= fnd_log.G_CURRENT_RUNTIME_LEVEL) then
915 fnd_log.string(fnd_log.LEVEL_ERROR, l_module_source, 'LDAP SESSION closed in EXCEPTION BLOCK - END ');
916 end if;
917 end if;
918 if (fnd_log.LEVEL_EXCEPTION >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
919 then
920 fnd_log.string(fnd_log.LEVEL_EXCEPTION, l_module_source, 'EXCEPTION WHEN OTHERS');
921 end if;
922 raise;
923 END getDefaultRealm;
924
925
926
927 function getDefaultRealm
928 return varchar2
929 IS
930 flag pls_integer;
931 ldap dbms_ldap.session;
932 l_module_source varchar2(1000) ;
933 l_session_flag boolean := false;
934
935 BEGIN
936 l_module_source := G_MODULE_SOURCE || 'getDefaultRealm: ';
937
938 IF (defaultRealm_cache is null) THEN
939 ldap := fnd_ldap_util.c_get_oid_session(flag);
940 l_session_flag := true; /* fix for bug 8271359 */
941
942 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL) then
943 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'l_session_flag = true ' );
944 end if;
945
946 defaultRealm_cache := getDefaultRealm(ldap);
947 fnd_ldap_util.c_unbind(ldap,flag);
948 l_session_flag := false;
949
950 if (fnd_log.LEVEL_STATEMENT >= fnd_log.G_CURRENT_RUNTIME_LEVEL) then
951 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'l_session_flag : = false ' );
952 fnd_log.string(fnd_log.LEVEL_STATEMENT, l_module_source, 'LDAP SESSION CLOSED NORMALLY : ' );
953 end if;
954 END IF;
955
956 return defaultRealm_cache;
957 EXCEPTION WHEN OTHERS THEN
958 if l_session_flag = true then
959 if (fnd_log.LEVEL_ERROR >= fnd_log.G_CURRENT_RUNTIME_LEVEL) then
960 fnd_log.string(fnd_log.LEVEL_ERROR, l_module_source, 'LDAP SESSION closing in EXCEPTION BLOCK - START ' );
961 end if;
962 fnd_ldap_util.c_unbind(ldap,flag);
963
964 if (fnd_log.LEVEL_ERROR >= fnd_log.G_CURRENT_RUNTIME_LEVEL) then
965 fnd_log.string(fnd_log.LEVEL_ERROR, l_module_source, 'LDAP SESSION closed in EXCEPTION BLOCK - END ');
966 end if;
967 end if;
968 if (fnd_log.LEVEL_EXCEPTION >= fnd_log.G_CURRENT_RUNTIME_LEVEL)
969 then
970 fnd_log.string(fnd_log.LEVEL_EXCEPTION, l_module_source, 'EXCEPTION WHEN OTHERS');
971 end if;
972
973 raise;
974
975 END getDefaultRealm;
976
977 PROCEDURE init
978 is
979 realms dbms_ldap.string_collection;
980 r varchar2(4000);
981 i pls_integer;
982 BEGIN
983
984 -- THE plug shoud tell us what Realms to load
985 realms := FND_OID_PLUG.getrealmlist;
986 r := realms.first;
987 WHILE r is not null loop
988 i:= add_realm(realms(0));
989 r := realms.next(r);
990 end loop;
991 END init;
992
993 BEGIN
994 init();
995 end FND_SSO_REGISTRATION;