Server IP : 103.119.228.120 / Your IP : 3.144.89.152 Web Server : Apache System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64 User : nobody ( 99) PHP Version : 5.6.40 Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/local/ssl/local/ssl/local/ssl/local/share/perl5/Net/DNS/RR/ |
Upload File : |
package Net::DNS::RR::NSEC3; # # $Id: NSEC3.pm 1456 2016-02-17 13:34:00Z willem $ # use vars qw($VERSION); $VERSION = (qw$LastChangedRevision: 1456 $)[1]; use strict; use base qw(Net::DNS::RR::NSEC); =head1 NAME Net::DNS::RR::NSEC3 - DNS NSEC3 resource record =cut use integer; use Carp; use base qw(Exporter); use vars qw(@EXPORT_OK); @EXPORT_OK = qw(name2hash); require Net::DNS::DomainName; eval 'require Digest::SHA'; ## optional for simple Net::DNS RR my %digest = ( '1' => ['Digest::SHA', 1], # RFC3658 ); { my @digestbyname = ( 'SHA-1' => 1, # RFC3658 ); my @digestbyalias = ( 'SHA' => 1 ); my %digestbyval = reverse @digestbyname; my @digestbynum = map { ( $_, 0 + $_ ) } keys %digestbyval; # accept algorithm number my %digestbyname = map { s /[^A-Za-z0-9]//g; $_ } @digestbyalias, @digestbyname, @digestbynum; sub _digestbyname { my $name = shift; my $key = uc $name; # synthetic key $key =~ s /[^A-Z0-9]//g; # strip non-alphanumerics $digestbyname{$key} || croak "unknown digest type $name"; } sub _digestbyval { my $value = shift; $digestbyval{$value} || return $value; } } sub _decode_rdata { ## decode rdata from wire-format octet string my $self = shift; my ( $data, $offset ) = @_; my $limit = $offset + $self->{rdlength}; my $ssize = unpack "\@$offset x4 C", $$data; @{$self}{qw(algorithm flags iterations saltbin)} = unpack "\@$offset CCnx a$ssize", $$data; $offset += 5 + $ssize; my $hsize = unpack "\@$offset C", $$data; $self->{hnxtname} = unpack "\@$offset x a$hsize", $$data; $offset += 1 + $hsize; $self->{typebm} = substr $$data, $offset, ( $limit - $offset ); } sub _encode_rdata { ## encode rdata as wire-format octet string my $self = shift; return '' unless defined $self->{typebm}; my $salt = $self->saltbin; my $hash = $self->{hnxtname}; pack 'CCn C a* C a* a*', $self->algorithm, $self->flags, $self->iterations, length($salt), $salt, length($hash), $hash, $self->{typebm}; } sub _format_rdata { ## format rdata portion of RR string. my $self = shift; return '' unless defined $self->{typebm}; my @rdata = ( $self->algorithm, $self->flags, $self->iterations, $self->salt || '-', $self->hnxtname, $self->typelist ); } sub _parse_rdata { ## populate RR from rdata in argument list my $self = shift; $self->algorithm(shift); $self->flags(shift); $self->iterations(shift); my $salt = shift; $self->salt($salt) unless $salt eq '-'; $self->hnxtname(shift); $self->typelist(@_); } sub _defaults { ## specify RR attribute default values my $self = shift; $self->_parse_rdata( 1, 0, 0, '' ); } sub algorithm { my ( $self, $arg ) = @_; unless ( ref($self) ) { ## class method or simple function my $argn = pop; return $argn =~ /[^0-9]/ ? _digestbyname($argn) : _digestbyval($argn); } return $self->{algorithm} unless defined $arg; return _digestbyval( $self->{algorithm} ) if $arg =~ /MNEMONIC/i; return $self->{algorithm} = _digestbyname($arg); } sub flags { my $self = shift; $self->{flags} = 0 + shift if scalar @_; $self->{flags} || 0; } sub optout { my $bit = 0x01; for ( shift->{flags} ) { my $set = $bit | ( $_ ||= 0 ); return $bit & $_ unless scalar @_; $_ = (shift) ? $set : ( $set ^ $bit ); return $_ & $bit; } } sub iterations { my $self = shift; $self->{iterations} = 0 + shift if scalar @_; $self->{iterations} || 0; } sub salt { my $self = shift; $self->saltbin( pack "H*", map { die "!hex!" if m/[^0-9A-Fa-f]/; $_ } join "", @_ ) if scalar @_; unpack "H*", $self->saltbin() if defined wantarray; } sub saltbin { my $self = shift; $self->{saltbin} = shift if scalar @_; $self->{saltbin} || ""; } sub hnxtname { my $self = shift; $self->{hnxtname} = _decode_base32(shift) if scalar @_; _encode_base32( $self->{hnxtname} ) if defined wantarray; } sub covered { my $self = shift; my $name = shift; # first test if the domain name is in the NSEC3 zone. my @domainlabels = new Net::DNS::DomainName($name)->_wire; my ( $owner, @zonelabels ) = $self->{owner}->_wire; my $ownerhash = _decode_base32($owner); foreach ( reverse @zonelabels ) { return 0 unless lc($_) eq lc( pop(@domainlabels) || return 0 ); } my $namehash = _hash( $self->algorithm, $name, $self->iterations, $self->saltbin ); my $nexthash = "$self->{hnxtname}"; unless ( $ownerhash lt $nexthash ) { # last or only NSEC3 RR return 1 if $namehash lt $nexthash; return $namehash gt $ownerhash; } return 0 unless $namehash gt $ownerhash; # general case return $namehash lt $nexthash; } sub match { my $self = shift; my $name = shift; my $namehash = _hash( $self->algorithm, $name, $self->iterations, $self->saltbin ); my ($owner) = $self->{owner}->_wire; my $ownerhash = _decode_base32($owner); $namehash eq $ownerhash; } ######################################## sub _decode_base32 { local $_ = shift || ''; tr [0-9a-vA-V] [\000-\037\012-\037]; $_ = unpack 'B*', $_; s/000(.....)/$1/g; my $l = length; $_ = substr $_, 0, $l & ~7 if $l & 7; pack 'B*', $_; } sub _encode_base32 { local $_ = unpack 'B*', shift; s/(.....)/000$1/g; my $l = length; my $x = substr $_, $l & ~7; my $n = length $x; substr( $_, $l & ~7 ) = join '', '000', $x, '0' x ( 5 - $n ) if $n; $_ = pack( 'B*', $_ ); tr [\000-\037] [0-9a-v]; return $_; } sub _hash { my $hashalg = shift; my $name = shift; my $iterations = shift; my $salt = shift || ''; my $arglist = $digest{$hashalg}; my ( $object, @argument ) = @$arglist; my $hash = $object->new(@argument); my $wirename = new Net::DNS::DomainName($name)->canonical; $iterations++; while ( $iterations-- ) { $hash->add($wirename); $hash->add($salt); $wirename = $hash->digest; } return $wirename; } sub name2hash { _encode_base32(&_hash); } # uncoverable pod sub hashalgo { &algorithm; } # uncoverable pod 1; __END__ =head1 SYNOPSIS use Net::DNS; $rr = new Net::DNS::RR('name NSEC3 algorithm flags iterations salt hnxtname'); =head1 DESCRIPTION Class for DNSSEC NSEC3 resource records. The NSEC3 Resource Record (RR) provides authenticated denial of existence for DNS Resource Record Sets. The NSEC3 RR lists RR types present at the original owner name of the NSEC3 RR. It includes the next hashed owner name in the hash order of the zone. The complete set of NSEC3 RRs in a zone indicates which RRSets exist for the original owner name of the RR and form a chain of hashed owner names in the zone. =head1 METHODS The available methods are those inherited from the base class augmented by the type-specific methods defined in this package. Use of undocumented package features or direct access to internal data structures is discouraged and could result in program termination or other unpredictable behaviour. =head2 algorithm $algorithm = $rr->algorithm; $rr->algorithm( $algorithm ); The Hash Algorithm field is represented as an unsigned decimal integer. The value has a maximum of 255. algorithm() may also be invoked as a class method or simple function to perform mnemonic and numeric code translation. =head2 flags $flags = $rr->flags; $rr->flags( $flags ); The Flags field is represented as an unsigned decimal integer. The value has a maximum value of 255. =over 4 =item optout $rr->optout(1); if ( $rr->optout ) { ... } Boolean Opt Out flag. =back =head2 iterations $iterations = $rr->iterations; $rr->iterations( $iterations ); The Iterations field is represented as an unsigned decimal integer. The value is between 0 and 65535, inclusive. =head2 salt $salt = $rr->salt; $rr->salt( $salt ); The Salt field is represented as a contiguous sequence of hexadecimal digits. A "-" (unquoted) is used in string format to indicate that the salt field is absent. =head2 saltbin $saltbin = $rr->saltbin; $rr->saltbin( $saltbin ); The Salt field as a sequence of octets. =head2 hnxtname $hnxtname = $rr->hnxtname; $rr->hnxtname( $hnxtname ); The Next Hashed Owner Name field points to the next node that has authoritative data or contains a delegation point NS RRset. =head2 typelist @typelist = $rr->typelist; $typelist = $rr->typelist; $rr->typelist( @typelist ); The Type List identifies the RRset types that exist at the domain name matched by the NSEC3 RR. When called in scalar context, the list is interpolated into a string. =head2 covered, match print "covered" if $rr->covered{'example.foo'} covered() returns a nonzero value when the the domain name provided as argument is covered as defined in the NSEC3 specification: To cover: An NSEC3 RR is said to "cover" a name if the hash of the name or "next closer" name falls between the owner name and the next hashed owner name of the NSEC3. In other words, if it proves the nonexistence of the name, either directly or by proving the nonexistence of an ancestor of the name. Similarly matched() returns a nonzero value when the domainname in the argument matches as defined in the NSEC3 specification: To match: An NSEC3 RR is said to "match" a name if the owner name of the NSEC3 RR is the same as the hashed owner name of that name. =head1 COPYRIGHT Copyright (c)2007,2008 NLnet Labs. Author Olaf M. Kolkman All rights reserved. Package template (c)2009,2012 O.M.Kolkman and R.W.Franks. =head1 LICENSE Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of the author not be used in advertising or publicity pertaining to distribution of the software without specific prior written permission. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. =head1 SEE ALSO L<perl>, L<Net::DNS>, L<Net::DNS::RR>, RFC5155, RFC4648 L<Hash Algorithms|http://www.iana.org/assignments/dnssec-nsec3-parameters> =cut