403Webshell
Server IP : 103.119.228.120  /  Your IP : 18.217.207.112
Web Server : Apache
System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64
User : nobody ( 99)
PHP Version : 5.6.40
Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime
MySQL : ON |  cURL : ON |  WGET : ON |  Perl : ON |  Python : ON |  Sudo : ON |  Pkexec : ON
Directory :  /usr/local/ssl/local/ssl/local/ssl/include/bind9/dns/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :


[ Back ]     

Current File : /usr/local/ssl/local/ssl/local/ssl/include/bind9/dns/ssu.h
/*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */

#ifndef DNS_SSU_H
#define DNS_SSU_H 1

/*! \file dns/ssu.h */

#include <isc/lang.h>

#include <dns/acl.h>
#include <dns/types.h>
#include <dst/dst.h>

ISC_LANG_BEGINDECLS

typedef enum {
	dns_ssumatchtype_name = 0,
	dns_ssumatchtype_subdomain = 1,
	dns_ssumatchtype_wildcard = 2,
	dns_ssumatchtype_self    = 3,
	dns_ssumatchtype_selfsub = 4,
	dns_ssumatchtype_selfwild = 5,
	dns_ssumatchtype_selfkrb5 = 6,
	dns_ssumatchtype_selfms  = 7,
	dns_ssumatchtype_subdomainms = 8,
	dns_ssumatchtype_subdomainkrb5 = 9,
	dns_ssumatchtype_tcpself = 10,
	dns_ssumatchtype_6to4self = 11,
	dns_ssumatchtype_external = 12,
	dns_ssumatchtype_local = 13,
	dns_ssumatchtype_max = 13,      /* max value */

	dns_ssumatchtype_dlz = 14       /* intentionally higher than _max */
} dns_ssumatchtype_t;

#define DNS_SSUMATCHTYPE_NAME		dns_ssumatchtype_name
#define DNS_SSUMATCHTYPE_SUBDOMAIN	dns_ssumatchtype_subdomain
#define DNS_SSUMATCHTYPE_WILDCARD	dns_ssumatchtype_wildcard
#define DNS_SSUMATCHTYPE_SELF		dns_ssumatchtype_self
#define DNS_SSUMATCHTYPE_SELFSUB	dns_ssumatchtype_selfsub
#define DNS_SSUMATCHTYPE_SELFWILD	dns_ssumatchtype_selfwild
#define DNS_SSUMATCHTYPE_SELFKRB5	dns_ssumatchtype_selfkrb5
#define DNS_SSUMATCHTYPE_SELFMS		dns_ssumatchtype_selfms
#define DNS_SSUMATCHTYPE_SUBDOMAINMS	dns_ssumatchtype_subdomainms
#define DNS_SSUMATCHTYPE_SUBDOMAINKRB5	dns_ssumatchtype_subdomainkrb5
#define DNS_SSUMATCHTYPE_TCPSELF	dns_ssumatchtype_tcpself
#define DNS_SSUMATCHTYPE_6TO4SELF	dns_ssumatchtype_6to4self
#define DNS_SSUMATCHTYPE_EXTERNAL	dns_ssumatchtype_external
#define DNS_SSUMATCHTYPE_LOCAL		dns_ssumatchtype_local
#define DNS_SSUMATCHTYPE_MAX 		dns_ssumatchtype_max  /* max value */

#define DNS_SSUMATCHTYPE_DLZ		dns_ssumatchtype_dlz  /* intentionally higher than _MAX */

isc_result_t
dns_ssutable_create(isc_mem_t *mctx, dns_ssutable_t **table);
/*%<
 *	Creates a table that will be used to store simple-secure-update rules.
 *	Note: all locking must be provided by the client.
 *
 *	Requires:
 *\li		'mctx' is a valid memory context
 *\li		'table' is not NULL, and '*table' is NULL
 *
 *	Returns:
 *\li		ISC_R_SUCCESS
 *\li		ISC_R_NOMEMORY
 */

isc_result_t
dns_ssutable_createdlz(isc_mem_t *mctx, dns_ssutable_t **tablep,
		       dns_dlzdb_t *dlzdatabase);
/*%<
 * Create an SSU table that contains a dlzdatabase pointer, and a
 * single rule with matchtype DNS_SSUMATCHTYPE_DLZ. This type of SSU
 * table is used by writeable DLZ drivers to offload authorization for
 * updates to the driver.
 */

void
dns_ssutable_attach(dns_ssutable_t *source, dns_ssutable_t **targetp);
/*%<
 *	Attach '*targetp' to 'source'.
 *
 *	Requires:
 *\li		'source' is a valid SSU table
 *\li		'targetp' points to a NULL dns_ssutable_t *.
 *
 *	Ensures:
 *\li		*targetp is attached to source.
 */

void
dns_ssutable_detach(dns_ssutable_t **tablep);
/*%<
 *	Detach '*tablep' from its simple-secure-update rule table.
 *
 *	Requires:
 *\li		'tablep' points to a valid dns_ssutable_t
 *
 *	Ensures:
 *\li		*tablep is NULL
 *\li		If '*tablep' is the last reference to the SSU table, all
 *			resources used by the table will be freed.
 */

isc_result_t
dns_ssutable_addrule(dns_ssutable_t *table, isc_boolean_t grant,
		     dns_name_t *identity, unsigned int matchtype,
		     dns_name_t *name, unsigned int ntypes,
		     dns_rdatatype_t *types);
/*%<
 *	Adds a new rule to a simple-secure-update rule table.  The rule
 *	either grants or denies update privileges of an identity (or set of
 *	identities) to modify a name (or set of names) or certain types present
 *	at that name.
 *
 *	Notes:
 *\li		If 'matchtype' is of SELF type, this rule only matches if the
 *              name to be updated matches the signing identity.
 *
 *\li		If 'ntypes' is 0, this rule applies to all types except
 *		NS, SOA, RRSIG, and NSEC.
 *
 *\li		If 'types' includes ANY, this rule applies to all types
 *		except NSEC.
 *
 *	Requires:
 *\li		'table' is a valid SSU table
 *\li		'identity' is a valid absolute name
 *\li		'matchtype' must be one of the defined constants.
 *\li		'name' is a valid absolute name
 *\li		If 'ntypes' > 0, 'types' must not be NULL
 *
 *	Returns:
 *\li		ISC_R_SUCCESS
 *\li		ISC_R_NOMEMORY
 */

isc_boolean_t
dns_ssutable_checkrules(dns_ssutable_t *table, dns_name_t *signer,
			dns_name_t *name, isc_netaddr_t *addr,
			dns_rdatatype_t type, const dst_key_t *key);
isc_boolean_t
dns_ssutable_checkrules2(dns_ssutable_t *table, dns_name_t *signer,
			dns_name_t *name, isc_netaddr_t *addr,
			isc_boolean_t tcp, const dns_aclenv_t *env,
			dns_rdatatype_t type, const dst_key_t *key);
/*%<
 *	Checks that the attempted update of (name, type) is allowed according
 *	to the rules specified in the simple-secure-update rule table.  If
 *	no rules are matched, access is denied.
 *
 *	Notes:
 *		In dns_ssutable_checkrules(), 'addr' should only be
 *		set if the request received via TCP.  This provides a
 *		weak assurance that the request was not spoofed.
 *		'addr' is to to validate DNS_SSUMATCHTYPE_TCPSELF
 *		and DNS_SSUMATCHTYPE_6TO4SELF rules.
 *
 *		In dns_ssutable_checkrules2(), 'addr' can also be passed for
 *		UDP requests and TCP is specified via the 'tcp' parameter.
 *		In addition to DNS_SSUMATCHTYPE_TCPSELF and
 *		tcp_ssumatchtype_6to4self  rules, the address
 *		also be used to check DNS_SSUMATCHTYPE_LOCAL rules.
 *		If 'addr' is set then 'env' must also be set so that
 *		requests from non-localhost addresses can be rejected.
 *
 *		For DNS_SSUMATCHTYPE_TCPSELF the addresses are mapped to
 *		the standard reverse names under IN-ADDR.ARPA and IP6.ARPA.
 *		RFC 1035, Section 3.5, "IN-ADDR.ARPA domain" and RFC 3596,
 *		Section 2.5, "IP6.ARPA Domain".
 *
 *		For DNS_SSUMATCHTYPE_6TO4SELF, IPv4 address are converted
 *		to a 6to4 prefix (48 bits) per the rules in RFC 3056.  Only
 *		the top	48 bits of the IPv6 address are mapped to the reverse
 *		name. This is independent of whether the most significant 16
 *		bits match 2002::/16, assigned for 6to4 prefixes, or not.
 *
 *	Requires:
 *\li		'table' is a valid SSU table
 *\li		'signer' is NULL or a valid absolute name
 *\li		'addr' is NULL or a valid network address.
 *\li		'aclenv' is NULL or a valid ACL environment.
 *\li		'name' is a valid absolute name
 *\li		if 'addr' is not NULL, 'env' is not NULL.
 */


/*% Accessor functions to extract rule components */
isc_boolean_t	dns_ssurule_isgrant(const dns_ssurule_t *rule);
/*% Accessor functions to extract rule components */
dns_name_t *	dns_ssurule_identity(const dns_ssurule_t *rule);
/*% Accessor functions to extract rule components */
unsigned int	dns_ssurule_matchtype(const dns_ssurule_t *rule);
/*% Accessor functions to extract rule components */
dns_name_t *	dns_ssurule_name(const dns_ssurule_t *rule);
/*% Accessor functions to extract rule components */
unsigned int	dns_ssurule_types(const dns_ssurule_t *rule,
				  dns_rdatatype_t **types);

isc_result_t	dns_ssutable_firstrule(const dns_ssutable_t *table,
				       dns_ssurule_t **rule);
/*%<
 * Initiates a rule iterator.  There is no need to maintain any state.
 *
 * Returns:
 *\li	#ISC_R_SUCCESS
 *\li	#ISC_R_NOMORE
 */

isc_result_t	dns_ssutable_nextrule(dns_ssurule_t *rule,
				      dns_ssurule_t **nextrule);
/*%<
 * Returns the next rule in the table.
 *
 * Returns:
 *\li	#ISC_R_SUCCESS
 *\li	#ISC_R_NOMORE
 */

isc_boolean_t
dns_ssu_external_match(dns_name_t *identity, dns_name_t *signer,
		       dns_name_t *name, isc_netaddr_t *tcpaddr,
		       dns_rdatatype_t type, const dst_key_t *key,
		       isc_mem_t *mctx);
/*%<
 * Check a policy rule via an external application
 */

isc_result_t
dns_ssu_mtypefromstring(const char *str, dns_ssumatchtype_t *mtype);
/*%<
 * Set 'mtype' from 'str'
 *
 * Requires:
 *\li		'str' is not NULL.
 *\li		'mtype' is not NULL,
 *
 * Returns:
 *\li	#ISC_R_SUCCESS
 *\li	#ISC_R_NOTFOUND
 */

ISC_LANG_ENDDECLS

#endif /* DNS_SSU_H */

Youez - 2016 - github.com/yon3zu
LinuXploit