Ticket #2797: enumlookup.agi.2.patch

enumlookup.agi

@@ -7 +7 @@
-// Originally written for use with FreePBX.
-
-// Based on e164.org's enum.php script, available on http://www.e164.org/enum.phps
+// Extended version based on http://www.e164.org/enum2.phps
-
-/* --------WARNING---------
- * 
@@ -25 +26 @@
-// Go through the ENUM providers and look for the number.
-
-$dialstr = "";
+// Set $allow_plain_text to false to disable unencrypted DNS ENUM lookups.
+$allow_plain_text = true;
-
-foreach ($enums as $enum) {
-  // Are we using php5 and can use get_dns_record?
-
+
+
+
+
+
+
+
+
-      $arr = get_php5($lookup, $enum);
+    }
-  // else, do we have Pear Net DNS?
-  // Disabled, as I couldn't easily get it working on my machine
-  //} elseif ((@include 'Net/DNS.php') =='OK') {
-  //  $arr = get_pear($arpa);
-
+if($allow_plain_text != false)
-    @exec('dig -h > /dev/null 2>&1 ', $res, $var);
-    if ($var != 127) { 
-      $arr = get_dig($lookup, $enum);
@@ -120 +131 @@
-  }
-}
-
+function byte_values($value, $start = false, $num = false) {
+  $stop = strlen($value);
+  if($num === false)
+    $num = $stop - $start;
+
+  $ret = 0;
+  for($x = $start; $num > ($x - $start); $x++)
+    $result |= (ord($value{$x}) << 8 * (($num - ($x - $start))-1));
+
+  return $result;
+}
+
+function get_encrypted($lookup, $enum) {
+  global $AGI;
+
+  $nl = "\n";
+  $pubkey = '-----BEGIN PUBLIC KEY-----'.$nl.
+    'MIICAjANBgkqhkiG9w0BAQEFAAOCAe8AMIIB6gKCAeEAorGbkc81xGWePkinYXbLM'.$nl.
+    'f/rDwepU/etd2ycfwsToxwnt6iHf7hO9ycjOmYpYG4uMG0PmYISaBiwWd55qpUUgI'.$nl.
+    'nhwVFMGX8KOe6c3nreQ9iKQWYu47A2QVk81qX3k5UvjY+Ab63Mg63GtA/DQ7ScI+S'.$nl.
+    'MJuPCkVlXaUy82xeR7zs1eGYI20/mcNoB/nM5OcSpkSJ0dPXFSTmC9DKLd0emUZX9'.$nl.
+    'PdTfz7iKzjWYSg5DOlJwnggeErzDeTHVPoHOa+jT5JkVHzX5wSR2oyN65/s5rswCf'.$nl.
+    'gjqi8lyO+zCSZiu9ZdtvFeLHcmDAkKh610iTdH8WeHt4HSp61yppQ/wnVqrguDms1'.$nl.
+    'ER5lNt70pB+qIZStyB4DXjlXK4PkEAWTwJRV8E0Ix7hbcJ9IuwVxUUbTqyCWRFVed'.$nl.
+    'dSVoMN9yI6eHKoGzFXRojncBRK0Rtq9F1yEKnP7lz1QB3XUdZ28ipW1Flg2zsWsKL'.$nl.
+    'PbKoyn5A0Q8TJRiXDpEkBhwwWaoaxDR1xy8UDOIWt/9Rf0sgjfjmN649gXqAnaysr'.$nl.
+    'WcpPO130W4u5SOyRZnQhGk2Jw+4hEub9c1/Fcf3la1BaMlMIzIJqfUwoTMRlakBFE'.$nl.
+    'faMmgFGT57Kfng+c7gb5ecipKVrMRXbjNdAgMBAAE='.$nl.
+    '-----END PUBLIC KEY-----'.$nl;
+
+  $AGI->verbose("Encrypted DNS look up $lookup on $enum",3);
+  $arpa = $enum;
+  for ($i = 0; $i < strlen($lookup); $i++)
+    $arpa = $lookup[$i].".".$arpa;
+
+  dns_get_record('e164.org', DNS_NS, $NS, $additonal);
+  foreach($NS as $key => $host)
+    $servers[] = $host['target'];
+
+  if(($socket = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP)) === false ||
+    socket_bind($socket, '0.0.0.0', 0) == false)
+    return false;
+
+  $rnd = fopen('/dev/urandom', 'r');
+  $urnd = fgets($rnd, 16);
+  fclose($rnd);
+  $key = substr(hash('sha1', $urnd, 1), 0, 16);
+  $td = mcrypt_module_open('rijndael-128', '', 'cbc', '');
+  $key = substr($key, 0, mcrypt_enc_get_key_size($td));
+
+  $bits = explode('.', $arpa);
+  $tmp = '';
+  foreach($bits as $bit)
+    $tmp .= chr(strlen($bit)).$bit;
+  $hostname = $tmp;
+
+  foreach($servers as $server)
+  {
+    $IPs = dns_get_record($server, DNS_A, $NS2, $add2);
+    foreach($IPs as $IP)
+    {
+      $server_address = $IP['ip'];
+      $qryID = rand(0,65535);
+      $qry = chr($qryID >> 8).chr($qryID % 256).chr(1).chr(0).chr(0).
+        chr(1).chr(0).chr(0).chr(0).chr(0).chr(0).chr(1).$hostname.
+        chr(0).chr(0).chr(35).chr(0).chr(1).chr(0).chr(0).chr(41).
+        chr(16).chr(0).chr(0).chr(0).chr(0).chr(0).chr(0).chr(0);
+
+      openssl_public_encrypt($key.$qry, $encrypted, $pubkey);
+      $strlen = strlen($encrypted) + 3;
+      $encrypted = chr($strlen >> 8).chr($strlen % 256).chr(255).$encrypted;
+
+      $len = socket_sendto($socket, $encrypted, strlen($encrypted), 0, $server_address, 53);
+
+      $dnsreply = $read = '';
+      $strlen = 0;
+      do
+      {
+        $streams = array($socket);
+        if(@socket_select($streams, $write = NULL, $except = NULL, 2) <= 0)
+          break;
+
+        socket_set_option($socket, SOL_SOCKET, SO_RCVTIMEO, array('sec' => 0, 'usec' => 1));
+        while(($flag = @socket_recv($socket, $buf, 4096, 0)) > 0)
+        {
+          $read .= $buf;
+          if($strlen == 0)
+            $strlen = (ord($buf{0}) << 8) + ord($buf{1});
+
+          if($strlen > 0 && strlen($read) >= $strlen)
+          {
+            $cipher_text = substr($read, 3);
+            $iv_size = mcrypt_enc_get_iv_size($td);
+            $iv = substr($cipher_text, 0, $iv_size);
+            $cipher_text = substr($cipher_text, $iv_size);
+
+            $plain = false;
+            if(mcrypt_generic_init($td, $key, $iv) != -1)
+              $plain = mdecrypt_generic($td, $cipher_text);
+
+            mcrypt_generic_deinit($td);
+            mcrypt_module_close($td);
+
+            if(($dnsreply = @gzinflate($plain)) == false)
+              $dnsreply = $plain;
+            $replyID = byte_values($dnsreply, 0, 2);
+
+            if($replyID == $qryID)
+              break(4);
+            unset($dnsreply);
+          }
+        }
+      } while(1);
+    }
+  }
+
+  if(!isset($dnsreply{0}))
+    return false;
+
+  $querys = byte_values($dnsreply, 4, 2);
+  $ans = byte_values($dnsreply, 6, 2);
+
+  $queries = $answers = array();
+  $offset = 12;
+  for($i = 0; $i < $querys; $i++)
+  {
+    while(($nextlen = byte_values($dnsreply, $offset++, 1)) > 0)
+    {
+      if(isset($queries[$i]['hostname']))
+        $queries[$i]['hostname'] .= '.';
+      $queries[$i]['hostname'] .= substr($dnsreply, $offset, $nextlen);
+      $offset += $nextlen;
+    }
+
+    $queries[$i]['type'] = byte_values($dnsreply, $offset, 2);
+    $offset += 2;
+    $queries[$i]['class'] = byte_values($dnsreply, $offset, 2);
+    $offset += 2;
+  }
+
+  for($i = 0; $i < $ans; $i++)
+  {
+    if(byte_values($dnsreply, $offset, 2) == 49164)
+    {
+      $answers[$i]['hostname'] = $queries[0]['hostname'];
+      $offset += 2;
+    } else {
+      while(($nextlen = byte_values($dnsreply, $offset++, 1)) > 0)
+      {
+        if(isset($answers[$i]['hostname']))
+          $answers[$i]['hostname'] .= '.';
+        $answers[$i]['hostname'] .= substr($dnsreply, $offset, $nextlen);
+        $offset += $nextlen;
+      }
+    }
+
+    $answers[$i]['type'] = byte_values($dnsreply, $offset, 2);
+    $offset += 2;
+    $answers[$i]['class'] = byte_values($dnsreply, $offset, 2);
+    $offset += 2;
+    $answers[$i]['ttl'] = byte_values($dnsreply, $offset, 4);
+    $offset += 4;
+    $datalength = byte_values($dnsreply, $offset, 2);
+    $offset += 2;
+    $off2 = 0;
+    $record = substr($dnsreply, $offset, $datalength);
+    $offset += $datalength;
+    $answers[$i]['prio']  = byte_values($record, $off2, 2);
+    $off2 += 2;
+    $answers[$i]['order'] = byte_values($record, $off2, 2);
+    $off2 += 2;
+    $flagslength = byte_values($record, $off2++, 1);
+    $answers[$i]['flag'] = substr($record, $off2, $flagslength);
+    $off2 += $flagslength;
+    $srvlength = byte_values($record, $off2++, 1);
+    $tech = $answers[$i]['tech'] = substr($record, $off2, $srvlength);
+    $off2 += $srvlength;
+    $regexlen = byte_values($record, $off2++, 1);
+    $bit = explode('!', substr($record, $off2, $regexlen));
+    $URI = ereg_replace($bit[1], $bit[2], '+'.$lookup);
+    if($URI[3] == ':')
+      $URI[3] = '/';
+    if($URI[4] == ':')
+      $URI[4] = '/';
+    $answers[$i]['URI'] = $URI;
+  }
+
+  if (count($answers) > 0) {
+    return $answers;
+  } else {
+    return null;
+  }
+}
+
-
-// helper functions
-function get_var( $agi, $value)
@@ -133 +338 @@
-  }
-  else return '';
-}
-
-?>