| Security Advisory |
This package provides utility functions that facilitate managing network access permissions.
The package contains no known vulnerabilities other than the one Oracle Corp. baked into it by granting EXECUTE to PUBLIC which is totally inexcusable.
We strongly advise revoking EXECUTE from PUBLIC as there are no EXECUTE grants to the package and nothing is dependent upon it other than other objects owned by SYS.
We advise this not because not doing so creates a vulnerability but rather as part of a program of taking security seriously and practicing to OpSec. |
| |
| Recommended Security Rules |
NEVER
- Grant EXECUTE on this package to anyone without a valid justification of which we cannot think of one.
WITH GREAT CARE
CAUTIONS
- Pay attention to anyone that inquires about accessing this package. If anyone knows it exists it is because they are paying attention to how you secure your databases.
|
| |
| DBMS_NETWORK_ACL_UTILITY Package Information |
| AUTHID |
DEFINER |
| Data Types |
TYPE domain_table IS TABLE OF VARCHAR2(1000); |
| Dependencies |
|
| Documented in Types & Packages |
Yes |
| Exceptions |
| Error Code |
Reason |
| ORA-24247 |
Access Denied |
|
| First Available |
11.1.0.6 |
| Pragmas |
PRAGMA INTERFACE |
| Security Model |
Owned by SYS with EXECUTE granted to PUBLIC |
| Source |
{$ORACLE_HOME}/rdbms/admin/dbmsnacl.sql |
| Subprograms |
|
| |
| CONTAINS_HOST |
| Undocumented |
dbms_network_acl_utility.contains_host(
host IN VARCHAR2,
domain IN VARCHAR2)
RETURN NUMBER DETERMINISTIC;
pragma interface(C, contains_host); |
set serveroutput on
DECLARE
x NUMBER;
BEGIN
x := dbms_network_acl_utility.contains_host('192.168.1.119', 'mlib.org');
dbms_output.put_line(x);
END;
/ |
| |
| DOMAINS |
| For a given host, return the domains whose ACL assigned will be used to determine if a user has the privilege to access the given host or not. When the IP address of the host is given, return the subnets instead. |
dbms_network_acl_utility.domains(host IN VARCHAR2)
RETURN domain_table PIPELINED; |
SELECT * FROM TABLE(dbms_network_acl_utility.domains('192.168.1.119'));
COLUMN_VALUE
-----------------------------------------------------------------------
192.168.1.119
192.168.1.*
192.168.*
192.*
* |
| |
| DOMAIN_LEVEL |
| Return the domain level of the given host name, domain, or subnet |
dbms_network_acl_utility.domain_level(host IN VARCHAR2)
RETURN NUMBER DETERMINISTIC; |
SELECT dbms_network_acl_utility.domain_level('192.168.1.119')
FROM dual;
DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL('192.168.1.119')
------------------------------------------------------
4
SELECT dbms_network_acl_utility.domain_level('192.168.1.*')
FROM dual;
DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL('192.168.1.*')
----------------------------------------------------
3
SELECT dbms_network_acl_utility.domain_level('192.168.*')
FROM dual;
DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL('192.168.*')
--------------------------------------------------
2
SELECT dbms_network_acl_utility.domain_level('192.*')
FROM dual;
DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL('192.168.*')
--------------------------------------------------
1 |
| |
| EQUALS_HOST |
| Undocumented |
dbms_network_acl_utility.equals_host(
host1 IN VARCHAR2,
host2 IN VARCHAR2)
RETURN NUMBER DETERMINISTIC;
pragma interface(C, equals_host); |
set serveroutput on
DECLARE
x NUMBER;
BEGIN
x := dbms_network_acl_utility.contains_host('192.168.1.119', '192.168.1.119');
dbms_output.put_line(x);
END;
/
32 |