Oracle DBMS_NETWORK_ACL_UTILITY Built-In Package
Versions 11.1 - 19.3

Security Advisory
This package provides utility functions that facilitate managing network access permissions.

The package contains no known vulnerabilities other than the one Oracle Corp. baked into it by granting EXECUTE to PUBLIC which is totally inexcusable.

We strongly advise revoking EXECUTE from PUBLIC as there are no EXECUTE grants to the package and nothing is dependent upon it other than other objects owned by SYS. We advise this not because not doing so creates a vulnerability but rather as part of a program of taking security seriously and practicing to OpSec.
 
Recommended Security Rules

 NEVER
  • Grant EXECUTE on this package to anyone without a valid justification of which we cannot think of one.
 WITH GREAT CARE
  • N/A
 CAUTIONS
  • Pay attention to anyone that inquires about accessing this package. If anyone knows it exists it is because they are paying attention to how you secure your databases.
 
DBMS_NETWORK_ACL_UTILITY Package Information
AUTHID DEFINER
Data Types TYPE domain_table IS TABLE OF VARCHAR2(1000);
Dependencies
DBMS_NETWORK_ACL_ADMIN    
Documented in Types & Packages Yes
Exceptions
Error Code Reason
ORA-24247 Access Denied
First Available 11.1.0.6
Pragmas PRAGMA INTERFACE
Security Model Owned by SYS with EXECUTE granted to PUBLIC
Source {$ORACLE_HOME}/rdbms/admin/dbmsnacl.sql
Subprograms
 
CONTAINS_HOST
Undocumented dbms_network_acl_utility.contains_host(
host   IN VARCHAR2,
domain IN VARCHAR2)
RETURN NUMBER DETERMINISTIC;
pragma interface(C, contains_host);
set serveroutput on

DECLARE
  x NUMBER;
BEGIN
  x := dbms_network_acl_utility.contains_host('192.168.1.119', 'mlib.org');
  dbms_output.put_line(x);
END;
/
 
DOMAINS
For a given host, return the domains whose ACL assigned will be used to determine if a user has the privilege to access the given host or not. When the IP address of the host is given, return the subnets instead. dbms_network_acl_utility.domains(host IN VARCHAR2)
RETURN domain_table PIPELINED;
SELECT * FROM TABLE(dbms_network_acl_utility.domains('192.168.1.119'));

COLUMN_VALUE
-----------------------------------------------------------------------
192.168.1.119
192.168.1.*
192.168.*
192.*
*
 
DOMAIN_LEVEL
Return the domain level of the given host name, domain, or subnet dbms_network_acl_utility.domain_level(host IN VARCHAR2)
RETURN NUMBER DETERMINISTIC;
SELECT dbms_network_acl_utility.domain_level('192.168.1.119')
FROM dual;

DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL('192.168.1.119')
------------------------------------------------------
                                                     4

SELECT dbms_network_acl_utility.domain_level('192.168.1.*')
FROM dual;

DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL('192.168.1.*')
----------------------------------------------------
                                                   3

SELECT dbms_network_acl_utility.domain_level('192.168.*')
FROM dual;

DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL('192.168.*')
--------------------------------------------------
                                                 2

SELECT dbms_network_acl_utility.domain_level('192.*')
FROM dual;

DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL('192.168.*')
--------------------------------------------------
                                                 1
 
EQUALS_HOST
Undocumented dbms_network_acl_utility.equals_host(
host1 IN VARCHAR2,
host2 IN VARCHAR2)
RETURN NUMBER DETERMINISTIC;
pragma interface(C, equals_host);
set serveroutput on

DECLARE
  x NUMBER;
BEGIN
  x := dbms_network_acl_utility.contains_host('192.168.1.119', '192.168.1.119');
  dbms_output.put_line(x);
END;
/
32

Related Topics
DBMS_NETWORK_ACL_ADMIN
UTL_HTTP
UTL_INADDR
UTL_MAIL
UTL_SMTP
UTL_TCP