ipaccess 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/Rakefile +64 -0
- data/docs/COPYING +61 -0
- data/docs/DOWNLOAD +17 -0
- data/docs/LEGAL +11 -0
- data/docs/LGPL-LICENSE +169 -0
- data/docs/README +95 -0
- data/docs/TODO +18 -0
- data/docs/WELCOME +8 -0
- data/examples/tcp_socket.rb +9 -0
- data/lib/ipaccess.rb +35 -0
- data/lib/ipaccess/arm_sockets.rb +33 -0
- data/lib/ipaccess/ghost_doc.rb +206 -0
- data/lib/ipaccess/ghost_doc_acl.rb +31 -0
- data/lib/ipaccess/ip_access.rb +455 -0
- data/lib/ipaccess/ip_access_errors.rb +131 -0
- data/lib/ipaccess/ip_access_list.rb +1209 -0
- data/lib/ipaccess/ip_access_patches.rb +435 -0
- data/lib/ipaccess/netaddr_patch.rb +127 -0
- data/lib/ipaccess/sockets.rb +53 -0
- data/spec/core_spec.rb +5 -0
- data/spec/ip_access_list_spec.rb +302 -0
- data/spec/rcov.opts +7 -0
- data/spec/spec.opts +2 -0
- metadata +84 -0
data/Rakefile
ADDED
@@ -0,0 +1,64 @@
|
|
1
|
+
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
|
2
|
+
|
3
|
+
require "rake"
|
4
|
+
require "rake/clean"
|
5
|
+
require 'spec/version'
|
6
|
+
require 'spec/rake/spectask'
|
7
|
+
|
8
|
+
require "fileutils"
|
9
|
+
|
10
|
+
require 'rdoc'
|
11
|
+
require "rake/rdoctask"
|
12
|
+
|
13
|
+
task :default => :spec
|
14
|
+
|
15
|
+
desc "install by setup.rb"
|
16
|
+
task :install do
|
17
|
+
sh "sudo ruby setup.rb install"
|
18
|
+
end
|
19
|
+
|
20
|
+
### Docs
|
21
|
+
|
22
|
+
desc "Generate documentation for the application"
|
23
|
+
rd = Rake::RDocTask.new("appdoc") do |rdoc|
|
24
|
+
rdoc.rdoc_dir = 'doc'
|
25
|
+
rdoc.title = "IP Access Control"
|
26
|
+
rdoc.options += [ '-HN',
|
27
|
+
'-f', 'darkfish',
|
28
|
+
'--charset=utf-8',
|
29
|
+
'--main=docs/WELCOME'
|
30
|
+
]
|
31
|
+
rdoc.rdoc_files.include('docs/DOWNLOAD')
|
32
|
+
rdoc.rdoc_files.include('docs/README')
|
33
|
+
rdoc.rdoc_files.include('docs/WELCOME')
|
34
|
+
rdoc.rdoc_files.include('docs/LGPL-LICENSE')
|
35
|
+
rdoc.rdoc_files.include('docs/LEGAL')
|
36
|
+
rdoc.rdoc_files.include('docs/COPYING')
|
37
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
38
|
+
end
|
39
|
+
|
40
|
+
### Specs
|
41
|
+
|
42
|
+
spec_opts = proc{File.read("spec/spec.opts").split}
|
43
|
+
spec_core_files = FileList['spec/core_spec.rb']
|
44
|
+
spec_all_files = spec_core_files
|
45
|
+
|
46
|
+
desc "Run core specs"
|
47
|
+
Spec::Rake::SpecTask.new("spec_core") do |t|
|
48
|
+
t.spec_files = spec_core_files
|
49
|
+
t.spec_opts = spec_opts.call
|
50
|
+
t.libs << "lib"
|
51
|
+
end
|
52
|
+
|
53
|
+
desc "Run all specs"
|
54
|
+
Spec::Rake::SpecTask.new("spec") do |t|
|
55
|
+
t.spec_files = spec_all_files
|
56
|
+
t.spec_opts = spec_opts.call
|
57
|
+
t.libs << "lib"
|
58
|
+
end
|
59
|
+
|
60
|
+
desc "Check documentation coverage"
|
61
|
+
task :dcov do
|
62
|
+
sh %{find lib -name '*.rb' | xargs dcov}
|
63
|
+
end
|
64
|
+
|
data/docs/COPYING
ADDED
@@ -0,0 +1,61 @@
|
|
1
|
+
IPAccess is copyrighted free software owned by Paweł Wilk
|
2
|
+
(pw@gnu.org). The Owner of this software permits you to
|
3
|
+
redistribute and/or modify the software under either the terms of the LGPL
|
4
|
+
version 3 (see the file {LGPL-LICENSE}[link:docs/LGPL-LICENSE.html]),
|
5
|
+
or the conditions below ("Ruby License"):
|
6
|
+
|
7
|
+
1. You may make and give away verbatim copies of the source form of this
|
8
|
+
software without restriction, provided that you retain ALL of the
|
9
|
+
original copyright notices and associated disclaimers.
|
10
|
+
|
11
|
+
2. You may modify your copy of the software in any way, provided that
|
12
|
+
you do at least ONE of the following:
|
13
|
+
|
14
|
+
a) place your modifications in the Public Domain or otherwise
|
15
|
+
make them Freely Available, such as by posting said
|
16
|
+
modifications to Usenet or an equivalent medium, or by allowing
|
17
|
+
the author to include your modifications in the software.
|
18
|
+
|
19
|
+
b) use the modified software only within your corporation or
|
20
|
+
organization.
|
21
|
+
|
22
|
+
c) give non-standard binaries non-standard names, with
|
23
|
+
instructions on where to get the original software distribution.
|
24
|
+
|
25
|
+
d) make other distribution arrangements with the Owner.
|
26
|
+
|
27
|
+
3. You may distribute the software in object code or binary form,
|
28
|
+
provided that you do at least ONE of the following:
|
29
|
+
|
30
|
+
a) distribute the binaries and library files of the software,
|
31
|
+
together with instructions (in a manual page or equivalent)
|
32
|
+
on where to get the original distribution.
|
33
|
+
|
34
|
+
b) accompany the distribution with the machine-readable source of
|
35
|
+
the software.
|
36
|
+
|
37
|
+
c) give non-standard binaries non-standard names, with
|
38
|
+
instructions on where to get the original software distribution.
|
39
|
+
|
40
|
+
d) make other distribution arrangements with the Owner.
|
41
|
+
|
42
|
+
4. You may modify and include parts of the software into any other
|
43
|
+
software (possibly commercial), provided you comply with the terms in
|
44
|
+
Sections 1, 2, and 3 above. But some files in the distribution
|
45
|
+
are not written by the Owner, so they may be made available to you
|
46
|
+
under different terms.
|
47
|
+
|
48
|
+
For the list of those files and their copying conditions, see the
|
49
|
+
file LEGAL.
|
50
|
+
|
51
|
+
5. The scripts and library files supplied as input to or produced as
|
52
|
+
output from the software do not automatically fall under the
|
53
|
+
copyright of the software, but belong to whoever generated them,
|
54
|
+
and may be sold commercially, and may be aggregated with this
|
55
|
+
software.
|
56
|
+
|
57
|
+
6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
|
58
|
+
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
59
|
+
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
60
|
+
PURPOSE.
|
61
|
+
|
data/docs/DOWNLOAD
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
|
2
|
+
== Download IP Access Control
|
3
|
+
|
4
|
+
=== Latest source code
|
5
|
+
|
6
|
+
Latest sources tree can be viewed on https://github.com/siefca/IPAccess/tree
|
7
|
+
|
8
|
+
Public Git repository is available, to clone it use:
|
9
|
+
|
10
|
+
git clone git://github.com/siefca/IPAccess.git
|
11
|
+
|
12
|
+
=== Gem
|
13
|
+
|
14
|
+
Gem can be downloaded from: http://rubyforge.org/projects/ipaccess/ or using Rubygems:
|
15
|
+
|
16
|
+
gem install ipaccess
|
17
|
+
|
data/docs/LEGAL
ADDED
@@ -0,0 +1,11 @@
|
|
1
|
+
LEGAL NOTICE INFORMATION
|
2
|
+
------------------------
|
3
|
+
|
4
|
+
IPAccess is Copyright (C) 2009 by Paweł Wilk.
|
5
|
+
|
6
|
+
IPAccess is copyrighted software owned by Paweł Wilk
|
7
|
+
(pw@gnu.org). You may redistribute and/or modify this
|
8
|
+
software as long as you comply with either the terms of the LGPL
|
9
|
+
(see the file {LGPL-LICENSE}[link:docs/LGPL-LICENSE.html]),
|
10
|
+
or Ruby's license (see the file {COPYING}[link:docs/COPYING.html]).
|
11
|
+
|
data/docs/LGPL-LICENSE
ADDED
@@ -0,0 +1,169 @@
|
|
1
|
+
<tt>
|
2
|
+
|
3
|
+
GNU LESSER GENERAL PUBLIC LICENSE
|
4
|
+
Version 3, 29 June 2007
|
5
|
+
|
6
|
+
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
|
7
|
+
Everyone is permitted to copy and distribute verbatim copies
|
8
|
+
of this license document, but changing it is not allowed.
|
9
|
+
|
10
|
+
|
11
|
+
This version of the GNU Lesser General Public License incorporates
|
12
|
+
the terms and conditions of version 3 of the GNU General Public
|
13
|
+
License, supplemented by the additional permissions listed below.
|
14
|
+
|
15
|
+
0. Additional Definitions.
|
16
|
+
|
17
|
+
As used herein, "this License" refers to version 3 of the GNU Lesser
|
18
|
+
General Public License, and the "GNU GPL" refers to version 3 of the GNU
|
19
|
+
General Public License.
|
20
|
+
|
21
|
+
"The Library" refers to a covered work governed by this License,
|
22
|
+
other than an Application or a Combined Work as defined below.
|
23
|
+
|
24
|
+
An "Application" is any work that makes use of an interface provided
|
25
|
+
by the Library, but which is not otherwise based on the Library.
|
26
|
+
Defining a subclass of a class defined by the Library is deemed a mode
|
27
|
+
of using an interface provided by the Library.
|
28
|
+
|
29
|
+
A "Combined Work" is a work produced by combining or linking an
|
30
|
+
Application with the Library. The particular version of the Library
|
31
|
+
with which the Combined Work was made is also called the "Linked
|
32
|
+
Version".
|
33
|
+
|
34
|
+
The "Minimal Corresponding Source" for a Combined Work means the
|
35
|
+
Corresponding Source for the Combined Work, excluding any source code
|
36
|
+
for portions of the Combined Work that, considered in isolation, are
|
37
|
+
based on the Application, and not on the Linked Version.
|
38
|
+
|
39
|
+
The "Corresponding Application Code" for a Combined Work means the
|
40
|
+
object code and/or source code for the Application, including any data
|
41
|
+
and utility programs needed for reproducing the Combined Work from the
|
42
|
+
Application, but excluding the System Libraries of the Combined Work.
|
43
|
+
|
44
|
+
1. Exception to Section 3 of the GNU GPL.
|
45
|
+
|
46
|
+
You may convey a covered work under sections 3 and 4 of this License
|
47
|
+
without being bound by section 3 of the GNU GPL.
|
48
|
+
|
49
|
+
2. Conveying Modified Versions.
|
50
|
+
|
51
|
+
If you modify a copy of the Library, and, in your modifications, a
|
52
|
+
facility refers to a function or data to be supplied by an Application
|
53
|
+
that uses the facility (other than as an argument passed when the
|
54
|
+
facility is invoked), then you may convey a copy of the modified
|
55
|
+
version:
|
56
|
+
|
57
|
+
a) under this License, provided that you make a good faith effort to
|
58
|
+
ensure that, in the event an Application does not supply the
|
59
|
+
function or data, the facility still operates, and performs
|
60
|
+
whatever part of its purpose remains meaningful, or
|
61
|
+
|
62
|
+
b) under the GNU GPL, with none of the additional permissions of
|
63
|
+
this License applicable to that copy.
|
64
|
+
|
65
|
+
3. Object Code Incorporating Material from Library Header Files.
|
66
|
+
|
67
|
+
The object code form of an Application may incorporate material from
|
68
|
+
a header file that is part of the Library. You may convey such object
|
69
|
+
code under terms of your choice, provided that, if the incorporated
|
70
|
+
material is not limited to numerical parameters, data structure
|
71
|
+
layouts and accessors, or small macros, inline functions and templates
|
72
|
+
(ten or fewer lines in length), you do both of the following:
|
73
|
+
|
74
|
+
a) Give prominent notice with each copy of the object code that the
|
75
|
+
Library is used in it and that the Library and its use are
|
76
|
+
covered by this License.
|
77
|
+
|
78
|
+
b) Accompany the object code with a copy of the GNU GPL and this license
|
79
|
+
document.
|
80
|
+
|
81
|
+
4. Combined Works.
|
82
|
+
|
83
|
+
You may convey a Combined Work under terms of your choice that,
|
84
|
+
taken together, effectively do not restrict modification of the
|
85
|
+
portions of the Library contained in the Combined Work and reverse
|
86
|
+
engineering for debugging such modifications, if you also do each of
|
87
|
+
the following:
|
88
|
+
|
89
|
+
a) Give prominent notice with each copy of the Combined Work that
|
90
|
+
the Library is used in it and that the Library and its use are
|
91
|
+
covered by this License.
|
92
|
+
|
93
|
+
b) Accompany the Combined Work with a copy of the GNU GPL and this license
|
94
|
+
document.
|
95
|
+
|
96
|
+
c) For a Combined Work that displays copyright notices during
|
97
|
+
execution, include the copyright notice for the Library among
|
98
|
+
these notices, as well as a reference directing the user to the
|
99
|
+
copies of the GNU GPL and this license document.
|
100
|
+
|
101
|
+
d) Do one of the following:
|
102
|
+
|
103
|
+
0) Convey the Minimal Corresponding Source under the terms of this
|
104
|
+
License, and the Corresponding Application Code in a form
|
105
|
+
suitable for, and under terms that permit, the user to
|
106
|
+
recombine or relink the Application with a modified version of
|
107
|
+
the Linked Version to produce a modified Combined Work, in the
|
108
|
+
manner specified by section 6 of the GNU GPL for conveying
|
109
|
+
Corresponding Source.
|
110
|
+
|
111
|
+
1) Use a suitable shared library mechanism for linking with the
|
112
|
+
Library. A suitable mechanism is one that (a) uses at run time
|
113
|
+
a copy of the Library already present on the user's computer
|
114
|
+
system, and (b) will operate properly with a modified version
|
115
|
+
of the Library that is interface-compatible with the Linked
|
116
|
+
Version.
|
117
|
+
|
118
|
+
e) Provide Installation Information, but only if you would otherwise
|
119
|
+
be required to provide such information under section 6 of the
|
120
|
+
GNU GPL, and only to the extent that such information is
|
121
|
+
necessary to install and execute a modified version of the
|
122
|
+
Combined Work produced by recombining or relinking the
|
123
|
+
Application with a modified version of the Linked Version. (If
|
124
|
+
you use option 4d0, the Installation Information must accompany
|
125
|
+
the Minimal Corresponding Source and Corresponding Application
|
126
|
+
Code. If you use option 4d1, you must provide the Installation
|
127
|
+
Information in the manner specified by section 6 of the GNU GPL
|
128
|
+
for conveying Corresponding Source.)
|
129
|
+
|
130
|
+
5. Combined Libraries.
|
131
|
+
|
132
|
+
You may place library facilities that are a work based on the
|
133
|
+
Library side by side in a single library together with other library
|
134
|
+
facilities that are not Applications and are not covered by this
|
135
|
+
License, and convey such a combined library under terms of your
|
136
|
+
choice, if you do both of the following:
|
137
|
+
|
138
|
+
a) Accompany the combined library with a copy of the same work based
|
139
|
+
on the Library, uncombined with any other library facilities,
|
140
|
+
conveyed under the terms of this License.
|
141
|
+
|
142
|
+
b) Give prominent notice with the combined library that part of it
|
143
|
+
is a work based on the Library, and explaining where to find the
|
144
|
+
accompanying uncombined form of the same work.
|
145
|
+
|
146
|
+
6. Revised Versions of the GNU Lesser General Public License.
|
147
|
+
|
148
|
+
The Free Software Foundation may publish revised and/or new versions
|
149
|
+
of the GNU Lesser General Public License from time to time. Such new
|
150
|
+
versions will be similar in spirit to the present version, but may
|
151
|
+
differ in detail to address new problems or concerns.
|
152
|
+
|
153
|
+
Each version is given a distinguishing version number. If the
|
154
|
+
Library as you received it specifies that a certain numbered version
|
155
|
+
of the GNU Lesser General Public License "or any later version"
|
156
|
+
applies to it, you have the option of following the terms and
|
157
|
+
conditions either of that published version or of any later version
|
158
|
+
published by the Free Software Foundation. If the Library as you
|
159
|
+
received it does not specify a version number of the GNU Lesser
|
160
|
+
General Public License, you may choose any version of the GNU Lesser
|
161
|
+
General Public License ever published by the Free Software Foundation.
|
162
|
+
|
163
|
+
If the Library as you received it specifies that a proxy can decide
|
164
|
+
whether future versions of the GNU Lesser General Public License shall
|
165
|
+
apply, that proxy's public statement of acceptance of any version is
|
166
|
+
permanent authorization for you to choose that version for the
|
167
|
+
Library.
|
168
|
+
|
169
|
+
</tt>
|
data/docs/README
ADDED
@@ -0,0 +1,95 @@
|
|
1
|
+
This library provides classes for controlling IP access
|
2
|
+
in your programs. You can use it to build your own
|
3
|
+
routines checking IP addresses against access lists
|
4
|
+
or use altered sockets implementation with IP access
|
5
|
+
control enabled that also comes with this library.
|
6
|
+
|
7
|
+
There are two basic classes used to maintain access rules:
|
8
|
+
IPAccessList and IPAccess.
|
9
|
+
|
10
|
+
IP addresses used by all classes are internaly and interfacialy
|
11
|
+
represented by NetAddr::CIDR objects (NetAddr::CIDRv4 and NetAddr::CIDRv6).
|
12
|
+
|
13
|
+
=== IPAccessList Class
|
14
|
+
|
15
|
+
This class maintains simple access list.
|
16
|
+
|
17
|
+
Objects of IPAccessList class contain two lists of rules:
|
18
|
+
white list and black list. You can add IP rules
|
19
|
+
(both IPv4 and IPv6) to this lists and then manually
|
20
|
+
check access for provided IP addresses against that
|
21
|
+
lists using proper methods. Rules are IP addresses
|
22
|
+
that can have netmasks.
|
23
|
+
|
24
|
+
When doing access checking white list has precedence
|
25
|
+
over black list. If an IP address doesn't match any list,
|
26
|
+
methods evaluating access permit it. The default policy
|
27
|
+
is to accept. To change the default policy you may want
|
28
|
+
to add +:all+ rule to black list which would match all
|
29
|
+
addresses and then just whitelist permitted.
|
30
|
+
|
31
|
+
The class also provides methods for easy administration
|
32
|
+
of lists and method IPAccessList.obj_to_cidr that
|
33
|
+
"understands" most common IP representations including
|
34
|
+
DNS names, sockets, file descriptors bound to sockets and more.
|
35
|
+
|
36
|
+
=== IPAccess Class
|
37
|
+
|
38
|
+
This class maintains access set.
|
39
|
+
|
40
|
+
Objects of IPAccess class, called access sets, contain two access lists
|
41
|
+
(IPAccessList objects) as accessible attributes: +input+ and +output+.
|
42
|
+
First list is for maintaining incoming IP traffic and second for outgoing.
|
43
|
+
Again, it is your free will to check IP addresses against input/output
|
44
|
+
rules or not.
|
45
|
+
|
46
|
+
To manage rules you may access attributes directly, using dot operator
|
47
|
+
and calling certain methods of IPAccessList objects. To check access
|
48
|
+
you may use methods of this class. There are two groups of such methods,
|
49
|
+
one for incoming and one for outgoing access checking. There are also different
|
50
|
+
variants of this methods for different IP representations. That's because speed
|
51
|
+
is important here. If you have an IP address in some socket you should use method
|
52
|
+
that checks socket, if your IP is in text format you may want to use method that
|
53
|
+
checks IP addresses written as strings.
|
54
|
+
|
55
|
+
Access checking methods throw exceptions that are kind of IPAccessDenied.
|
56
|
+
These exceptions contain IP addresses, rules that matched and diagnostic message.
|
57
|
+
You can distinguish between errors related to incoming and outgoing traffic
|
58
|
+
because checking methods throw different kind of exceptions for them:
|
59
|
+
IPAccessDenied::Input and IPAccessDenied::Output accordingly.
|
60
|
+
|
61
|
+
=== IPAccess::Socket and Co.
|
62
|
+
|
63
|
+
If you don't want to write your own access controlling routines
|
64
|
+
you may want to use access controlled sockets. These are subclasses
|
65
|
+
of Ruby's socket handling classes.
|
66
|
+
|
67
|
+
Currently available classes are: IPAccess::Socket,
|
68
|
+
IPAccess::TCPSocket, IPAccess::SOCKSSocket,
|
69
|
+
IPAccess::UDPSocket, IPAccess::TCPServer and IPAccess::UDPServer.
|
70
|
+
|
71
|
+
=== Patched Ruby Sockets
|
72
|
+
|
73
|
+
If there is no other way to control access you may use this
|
74
|
+
library to patch native socket handling classes of Ruby.
|
75
|
+
To do that use special class method called IPAccess.arm
|
76
|
+
|
77
|
+
=== Download
|
78
|
+
|
79
|
+
See {DOWNLOAD}[link:docs/DOWNLOAD.html] file for more
|
80
|
+
info about obtaining IPAccess.
|
81
|
+
|
82
|
+
=== Legal Notice
|
83
|
+
|
84
|
+
IPAccess is Copyright (C) 2009 by Paweł Wilk.
|
85
|
+
|
86
|
+
IPAccess is copyrighted software owned by Paweł Wilk (pw@gnu.org).
|
87
|
+
You may redistribute and/or modify this software as long as you
|
88
|
+
comply with either the terms of the LGPL (see the file {LGPL-LICENSE}[link:docs/LGPL-LICENSE.html]),
|
89
|
+
or Ruby's license (see the file {COPYING}[link:docs/COPYING.html]).
|
90
|
+
|
91
|
+
THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS
|
92
|
+
OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION,
|
93
|
+
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
94
|
+
FOR A PARTICULAR PURPOSE.
|
95
|
+
|
data/docs/TODO
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
|
2
|
+
Specification:
|
3
|
+
|
4
|
+
- add missing rspec examples
|
5
|
+
|
6
|
+
Ruby 1.9 sockets:
|
7
|
+
|
8
|
+
- overload Ruby 1.9 socket methods
|
9
|
+
|
10
|
+
Documentation:
|
11
|
+
|
12
|
+
- add more documentation describing access checking workflow
|
13
|
+
|
14
|
+
Other:
|
15
|
+
|
16
|
+
- maybe some day: test input lists even if socket is a client socket - local socket address permit/deny
|
17
|
+
- inspect methods?
|
18
|
+
|
data/docs/WELCOME
ADDED
@@ -0,0 +1,8 @@
|
|
1
|
+
This library provides classes for controlling IP access
|
2
|
+
in your programs. You can use it to build your own
|
3
|
+
routines checking IP addresses against access lists
|
4
|
+
or use altered sockets implementation with IP access
|
5
|
+
control enabled that also comes with this library.
|
6
|
+
|
7
|
+
If you want to know more it's good idea to see the README file.
|
8
|
+
|