ipaccess 0.0.4 → 1.2.0

data/lib/ipaccess/patches/net_ftp.rb

@@ -0,0 +1,165 @@
+# encoding: utf-8
+#
+# Author::    Paweł Wilk (mailto:pw@gnu.org)
+# Copyright:: Copyright (c) 2009-2014 by Paweł Wilk
+# License::   This program is licensed under the terms of {GNU Lesser General Public License}[link:docs/LGPL.html] or {Ruby License}[link:docs/COPYING.html].
+# 
+# Modules contained in this file are meant for
+# patching Ruby's Net::FTP class in order to add
+# IP access control to it. It is also used
+# to create variant of Net::FTP class
+# with IP access control.
+# 
+#--
+# 
+# Copyright (C) 2009 by Paweł Wilk. All Rights Reserved.
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of either: 1) the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 3 of the
+# License, or (at your option) any later version; or 2) Ruby's License.
+# 
+# See the file COPYING for complete licensing information.
+#
+#++
+# 
+
+require 'socket'
+require 'net/ftp'
+require 'ipaccess/ip_access_errors'
+require 'ipaccess/patches/generic'
+require 'ipaccess/patches/sockets'
+
+# :stopdoc:
+
+module IPAccess::Patches::Net
+  
+  ###################################################################
+  # Net::FTP class with IP access control.
+  # It uses output and occasionally input access lists.
+  
+  module FTP
+    
+    include IPAccess::Patches::ACL
+    
+    def self.included(base)
+      
+      marker = (base.name =~ /IPAccess/) ? base.superclass : base
+      return if marker.instance_variable_defined?(:@uses_ipaccess)    
+      base.instance_variable_set(:@uses_ipaccess, true)
+      
+      base.class_eval do
+        
+        # CLASS METHODS
+        unless (base.name.nil? && base.class.name == "Class")
+          (class << self; self; end).class_eval do
+                      
+            # overwrite FTP.open()
+            define_method :__ipacall__open do |block, host, *args|
+              late_opened_on_deny = false
+        	    args.each { |x| late_opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
+              args.unshift host
+              if block.is_a?(Proc)
+                if late_opened_on_deny
+                  raise ArgumentError, "The :opened_on_deny flag cannot be used when passing a block to FTP.open"
+                end
+                ftp = new(*args)
+                begin
+                  block.call(ftp)
+                ensure
+                  ftp.close
+                end
+              else
+                new(*args)
+              end
+            end
+            
+            # block passing wrapper for Ruby 1.8
+            def open(*args, &block)
+              __ipacall__open(block, *args)
+            end
+                  
+      	  end
+      	
+    	  end # class methods
+        
+        orig_initialize       = self.instance_method :initialize
+        orig_open_socket      = self.instance_method :open_socket
+        #orig_sendcmd          = self.instance_method :sendcmd
+        orig_set_socket       = self.instance_method :set_socket
+        orig_makeport         = self.instance_method :makeport
+        
+        # initialize on steroids.
+        define_method  :__ipacall__initialize do |block, *args|
+          @opened_on_deny = false
+          args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
+          args.pop if args.last.nil?
+          self.acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
+          orig_initialize.bind(self).call(*args, &block)
+        end
+        
+        # block passing wrapper for Ruby 1.8
+        def initialize(*args, &block)
+          __ipacall__initialize(block, *args)
+        end
+        
+        # open_socket on steroids.
+        define_method :open_socket do |host, port|
+          unless @opened_on_deny
+            host = ::TCPSocket.getaddress(host)
+            real_acl.output.check_ipstring(host, self)
+          end
+          try_arm_and_check_socket( orig_open_socket.bind(self).call(host, port) )
+        end
+        private :open_socket
+        
+        # set_socket on steroids.
+        define_method :set_socket do |sock, *args|
+          ret = orig_set_socket.bind(self).call(sock, args.first)
+          try_arm_and_check_socket(@sock, self)
+          return ret
+        end
+        
+        # sendcmd on steroids.
+        #define_method :sendcmd do |*args|
+        #  acl_recheck
+        #  orig_sendcmd.bind(self).call(*args)
+        #end
+        
+        # makeport on steroids.
+        define_method :makeport do
+          late_sock = orig_makeport.bind(self).call
+          begin
+            try_arm_and_check_socket late_sock
+          rescue IOError
+          end
+          return late_sock
+        end
+        
+        # This method returns default access list indicator
+        # used by protected object; in this case it's +:output+.
+        define_method :default_list do
+          :output
+        end
+        
+        # this hook will be called each time @acl is reassigned
+        define_method :acl_recheck do
+          try_arm_and_check_socket @sock
+          nil
+        end
+        
+        # this hook terminates connection
+        define_method :terminate do
+          self.close unless self.closed?    
+        end
+      
+      end # base.class_eval
+
+    end # self.included
+    
+  end # module FTP
+  
+end # module IPAccess::Patches
+
+# :startdoc:
+

data/lib/ipaccess/patches/net_http.rb

@@ -0,0 +1,175 @@
+# encoding: utf-8
+#
+# Author::    Paweł Wilk (mailto:pw@gnu.org)
+# Copyright:: Copyright (c) 2009-2014 by Paweł Wilk
+# License::   This program is licensed under the terms of {GNU Lesser General Public License}[link:docs/LGPL.html] or {Ruby License}[link:docs/COPYING.html].
+# 
+# Modules contained in this file are meant for
+# patching Ruby's Net::HTTP class in order to add
+# IP access control to it. It is also used
+# to create variant of Net::HTTP class
+# with IP access control.
+# 
+#--
+# 
+# Copyright (C) 2009 by Paweł Wilk. All Rights Reserved.
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of either: 1) the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 3 of the
+# License, or (at your option) any later version; or 2) Ruby's License.
+# 
+# See the file COPYING for complete licensing information.
+#
+#++
+# 
+
+require 'socket'
+require 'net/http'
+require 'ipaccess/ip_access_errors'
+require 'ipaccess/patches/generic'
+require 'ipaccess/patches/sockets'
+
+# :stopdoc:
+
+module IPAccess::Patches::Net
+  
+  ###################################################################
+  # Net::HTTP class with IP access control.
+  # It uses output access lists.
+  
+  module HTTP
+    
+    include IPAccess::Patches::ACL
+    
+    def self.included(base)
+      
+      marker = (base.name =~ /IPAccess/) ? base.superclass : base
+      return if marker.instance_variable_defined?(:@uses_ipaccess)    
+      base.instance_variable_set(:@uses_ipaccess, true)
+      
+      base.class_eval do
+        
+        # CLASS METHODS
+        unless (base.name.nil? && base.class.name == "Class")
+          (class << self; self; end).class_eval do
+            
+            alias :__ipac__orig_new :new
+            
+            # overload HTTP.new() since it's not usual.
+        	  define_method :new do |address, *args|
+        	    late_opened_on_deny = false
+        	    args.delete_if { |x| late_opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
+        	    args.pop if args.last.nil?
+              late_acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
+              obj = __ipac__orig_new(address, *args)
+              obj.acl = late_acl unless obj.acl == late_acl
+              obj.opened_on_deny = late_opened_on_deny
+              return obj
+            end
+            
+            # overwrite HTTP.start()
+            define_method :__ipacall__start do |block, address, *args|
+              late_on_deny = nil
+        	    args.delete_if { |x| late_on_deny = x if (x.is_a?(Symbol) && x == :opened_on_deny) }
+              args.pop if args.last.nil?
+              acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
+              port, p_addr, p_port, p_user, p_pass = *args
+              new(address, port, p_addr, p_port, p_user, p_pass, acl, late_on_deny).start(&block)
+            end
+            
+            # block passing wrapper for Ruby 1.8
+            def start(*args, &block)
+              __ipacall__start(block, *args)
+            end
+
+            # overwrite HTTP.get_response()
+        	  define_method :__ipacall__get_response do |block, uri_or_host, *args|
+        	    late_on_deny = nil
+        	    args.delete_if { |x| late_on_deny = x if (x.is_a?(Symbol) && x == :opened_on_deny) }
+        	    args.pop if args.last.nil?
+        	    late_acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
+        	    path, port = *args
+        	    if path
+                host = uri_or_host
+                new(host, (port || Net::HTTP.default_port), late_acl, late_on_deny).start { |http|
+                  return http.request_get(path, &block)
+                }
+              else
+                uri = uri_or_host
+                new(uri.host, uri.port, late_acl, late_on_deny).start { |http|
+                  return http.request_get(uri.request_uri, &block)
+                }
+              end
+            end
+            
+            # block passing wrapper for Ruby 1.8
+            def get_response(*args, &block)
+              __ipacall__get_response(block, *args)
+            end
+            
+      	  end
+      	
+    	  end # class methods
+        
+        orig_initialize       = self.instance_method :initialize
+        orig_conn_address     = self.instance_method :conn_address
+        orig_on_connect       = self.instance_method :on_connect
+        
+        # initialize on steroids.
+        define_method  :__ipacall__initialize do |block, *args|
+          @opened_on_deny = false
+          args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
+          args.pop if args.last.nil?
+          self.acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
+          orig_initialize.bind(self).call(*args, &block)
+        end
+        
+        # block passing wrapper for Ruby 1.8
+        def initialize(*args, &block)
+          __ipacall__initialize(block, *args)
+        end
+                
+        # on_connect on steroids.
+        define_method :on_connect do
+          acl_recheck # check address form socket to be sure
+          orig_on_connect.bind(self).call
+        end
+        private :on_connect
+        
+        # conn_address on steroids.
+        define_method :conn_address do
+          addr = orig_conn_address.bind(self).call
+          ipaddr = ::TCPSocket.getaddress(addr)
+          real_acl.output.check_ipstring(ipaddr, self)
+          return ipaddr
+        end
+        private :conn_address
+        
+        # This method returns default access list indicator
+        # used by protected object; in this case it's +:output+.
+        define_method :default_list do
+          :output
+        end
+        
+        # this hook will be called each time @acl is reassigned
+        define_method :acl_recheck do
+          try_arm_and_check_socket @socket
+          nil
+        end
+        
+        # this hook terminates connection
+        define_method :terminate do
+          self.finish if self.started?
+        end
+      
+      end # base.class_eval
+
+    end # self.included
+    
+  end # module HTTP
+  
+end # module IPAccess::Patches
+
+# :startdoc:
+

data/lib/ipaccess/patches/net_https.rb

@@ -0,0 +1,29 @@
+# encoding: utf-8
+#
+# Author::    Paweł Wilk (mailto:pw@gnu.org)
+# Copyright:: Copyright (c) 2009-2014 by Paweł Wilk
+# License::   This program is licensed under the terms of {GNU Lesser General Public License}[link:docs/LGPL.html] or {Ruby License}[link:docs/COPYING.html].
+# 
+# Modules contained in this file are meant for
+# patching Ruby's Net::HTTP class in order to add
+# IP access control to it. It is also used
+# to create variant of Net::HTTP class
+# with IP access control.
+# 
+#--
+# 
+# Copyright (C) 2009 by Paweł Wilk. All Rights Reserved.
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of either: 1) the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 3 of the
+# License, or (at your option) any later version; or 2) Ruby's License.
+# 
+# See the file COPYING for complete licensing information.
+#
+#++
+# 
+
+require 'net/https'
+require 'ipaccess/patches/net/http'
+

data/lib/ipaccess/patches/net_imap.rb

@@ -0,0 +1,117 @@
+# encoding: utf-8
+#
+# Author::    Paweł Wilk (mailto:pw@gnu.org)
+# Copyright:: Copyright (c) 2009-2014 by Paweł Wilk
+# License::   This program is licensed under the terms of {GNU Lesser General Public License}[link:docs/LGPL.html] or {Ruby License}[link:docs/COPYING.html].
+# 
+# Modules contained in this file are meant for
+# patching Ruby's Net::IMAP class in order to add
+# IP access control to it. It is also used
+# to create variant of Net::IMAP class
+# with IP access control.
+# 
+#--
+# 
+# Copyright (C) 2009 by Paweł Wilk. All Rights Reserved.
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of either: 1) the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 3 of the
+# License, or (at your option) any later version; or 2) Ruby's License.
+# 
+# See the file COPYING for complete licensing information.
+#
+#++
+# 
+
+require 'socket'
+require 'net/imap'
+require 'ipaccess/ip_access_errors'
+require 'ipaccess/patches/generic'
+require 'ipaccess/patches/sockets'
+
+# :stopdoc:
+
+module IPAccess::Patches::Net
+  
+  ###################################################################
+  # Net::IMAP class with IP access control.
+  # It uses output access lists.
+  
+  module IMAP
+    
+    include IPAccess::Patches::ACL
+    
+    def self.included(base)
+      
+      marker = (base.name =~ /IPAccess/) ? base.superclass : base
+      return if marker.instance_variable_defined?(:@uses_ipaccess)    
+      base.instance_variable_set(:@uses_ipaccess, true)
+      
+      base.class_eval do
+        
+        orig_initialize       = self.instance_method :initialize
+        orig_authenticate     = self.instance_method :authenticate
+        orig_start_tls_session= self.instance_method :start_tls_session if self.method_defined?(:start_tls_session)
+        
+        # initialize on steroids.
+        define_method  :__ipacall__initialize do |block, host, *args|
+          @opened_on_deny = false
+          args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
+          args.pop if args.last.nil?
+          self.acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
+          ipaddr = ::TCPSocket.getaddress(host)
+          real_acl.output.check_ipstring(ipaddr, :none)
+          obj = orig_initialize.bind(self).call(ipaddr, *args, &block)
+          @host = host
+          self.acl_recheck
+          return obj
+        end
+        
+        # authenticate on steroids.
+        define_method :authenticate do |auth_type, *args|
+          self.acl_recheck
+          orig_authenticate.bind(self).call(auth_type, *args)
+        end
+        
+        # block passing wrapper for Ruby 1.8
+        def initialize(host, *args, &block)
+          __ipacall__initialize(block, host, *args)
+        end
+        
+        # start_tls_session on steroids.
+        if self.method_defined?(:start_tls_session)
+          define_method :start_tls_session do |params|
+            ret = orig_start_tls_session.bind(self).call(params)
+            self.acl_recheck
+            return ret
+          end
+        end
+        
+        # This method returns default access list indicator
+        # used by protected object; in this case it's +:output+.
+        define_method :default_list do
+          :output
+        end
+        
+        # this hook will be called each time @acl is reassigned
+        define_method :acl_recheck do
+         try_arm_and_check_socket @sock
+         nil
+        end
+        
+        # this hook terminates connection
+        define_method :terminate do
+          self.disconnect unless disconnected?
+        end
+      
+      end # base.class_eval
+
+    end # self.included
+    
+  end # module IMAP
+  
+end # module IPAccess::Patches
+
+# :startdoc:
+