ipaccess 1.2.0 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (49) hide show
  1. checksums.yaml +5 -13
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +0 -0
  4. data/.yardopts +2 -0
  5. data/ChangeLog +66 -0
  6. data/Manifest.txt +5 -10
  7. data/README.md +2 -2
  8. data/Rakefile +1 -1
  9. data/docs/HISTORY +11 -0
  10. data/docs/TODO +1 -1
  11. data/docs/yard-tpl/default/fulldoc/html/css/common.css +5 -0
  12. data/examples/open-uri.rb +14 -0
  13. data/examples/telnet.rb +1 -1
  14. data/ipaccess.gemspec +62 -0
  15. data/lib/ipaccess.rb +2 -566
  16. data/lib/ipaccess/arm_sockets.rb +0 -1
  17. data/lib/ipaccess/core.rb +523 -0
  18. data/lib/ipaccess/ghost_doc/ghost_doc.rb +1 -1
  19. data/lib/ipaccess/ghost_doc/ghost_doc_acl.rdoc +54 -0
  20. data/lib/ipaccess/ghost_doc/ghost_doc_net_ftp.rb +35 -19
  21. data/lib/ipaccess/ghost_doc/ghost_doc_net_http.rb +34 -18
  22. data/lib/ipaccess/ghost_doc/ghost_doc_net_smtp.rb +35 -19
  23. data/lib/ipaccess/ghost_doc/ghost_doc_net_telnet.rb +35 -19
  24. data/lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rdoc +65 -0
  25. data/lib/ipaccess/ghost_doc/ghost_doc_sockets.rb +353 -125
  26. data/lib/ipaccess/ip_access_check.rb +2 -2
  27. data/lib/ipaccess/ip_access_errors.rb +2 -2
  28. data/lib/ipaccess/ip_access_list.rb +3 -3
  29. data/lib/ipaccess/patches/generic.rb +150 -183
  30. data/lib/ipaccess/patches/net_ftp.rb +1 -2
  31. data/lib/ipaccess/patches/net_http.rb +10 -14
  32. data/lib/ipaccess/patches/net_imap.rb +1 -2
  33. data/lib/ipaccess/patches/net_pop.rb +2 -4
  34. data/lib/ipaccess/patches/net_smtp.rb +2 -4
  35. data/lib/ipaccess/patches/net_telnet.rb +1 -2
  36. data/lib/ipaccess/patches/sockets.rb +67 -69
  37. data/lib/ipaccess/socket.rb +0 -17
  38. metadata +70 -100
  39. metadata.gz.sig +0 -0
  40. data/lib/ipaccess/ghost_doc/ghost_doc_acl.rb +0 -54
  41. data/lib/ipaccess/ghost_doc/ghost_doc_p_blacklist.rb +0 -36
  42. data/lib/ipaccess/ghost_doc/ghost_doc_p_blacklist_e.rb +0 -7
  43. data/lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist.rb +0 -36
  44. data/lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist_e.rb +0 -7
  45. data/lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist.rb +0 -36
  46. data/lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist_e.rb +0 -7
  47. data/lib/ipaccess/ghost_doc/ghost_doc_p_whitelist.rb +0 -36
  48. data/lib/ipaccess/ghost_doc/ghost_doc_p_whitelist_e.rb +0 -7
  49. data/lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rb +0 -64
checksums.yaml CHANGED
@@ -1,15 +1,7 @@
1
1
  ---
2
- !binary "U0hBMQ==":
3
- metadata.gz: !binary |-
4
- MjBiZjM4NzIwMGZhMTY2NThhNDY4NzE0OTU1NWJlYjQwMDE3NmU4OA==
5
- data.tar.gz: !binary |-
6
- ODAzZDA5NzNjOWIxOGQ5Mzk4OGM4NWYzZDliZmFlYmExYmZmYWU4OQ==
2
+ SHA1:
3
+ metadata.gz: b6d8d6f3a6fb60cff951294e480196549e9da563
4
+ data.tar.gz: 38c2a1f94f3dc943e06f0d9ceb796e4742aefccf
7
5
  SHA512:
8
- metadata.gz: !binary |-
9
- YzQ5NzZhZmY3YTcxZGI3NDg4NjhlYjg1MTFlODJkYzU0MWJiODk1ZTcyNGRm
10
- NjdkNzMzNDgxY2YxNzExZDNhMDIzZmFjYTA4NTZiNmM0NDRmOGViODkzMzA0
11
- ZTgwNzNkNmQxODA4NGMyMTg4NGU4MDFjNzM2ZjhhM2U5MmRhNWI=
12
- data.tar.gz: !binary |-
13
- MjcwOWI3ZWFiOTY2NmI2MmZiNjYxNDU1NWEzNDYxOWFmZWZjM2E0MWVlNjg2
14
- NzFhMTExYTUyNDliYzg4ODJjNzM5Mjg4Y2Q5NWEwMzIyOTY3YmVhOGFiYzg1
15
- ZjhiNGE4MTQ3OWIyNWM4NWU0ODA5YjA3MWJjOWQwOTZkNzI4YTE=
6
+ metadata.gz: 3f21cba65126bc0b99359b626cf271687f371bb63694af255c29af018be75c39f51078c1347e416c6be9aa80069e6a8e1ab4291e688427b766430d4214867de8
7
+ data.tar.gz: a01d3fcdc90cc583e4af458da0ceb85f3a9241cb411ef7f9eddc3a4fe45123c2755627c0456e2731a5284dfcb3e5a162bc0b3b8db894ffcd988beeef4b24883e
checksums.yaml.gz.sig CHANGED
Binary file
data.tar.gz.sig CHANGED
Binary file
data/.yardopts CHANGED
@@ -3,6 +3,8 @@
3
3
  --readme README.md
4
4
  --no-private
5
5
  --hide-void-return
6
+ --embed-mixin ClassMethods
7
+ --asset docs/images:images
6
8
  -p docs/yard-tpl
7
9
  -t default
8
10
  -
data/ChangeLog CHANGED
@@ -1,3 +1,69 @@
1
+ commit 1583d574540f53806e2e77ae0e6d336307b3fc60
2
+ Author: Paweł Wilk <siefca@gnu.org>
3
+ Date: Tue Dec 24 14:43:08 2013 +0100
4
+
5
+ Release 1.2.2
6
+
7
+ commit 0455565763981f2b130bf21c741f829d19a576a0
8
+ Author: Paweł Wilk <siefca@gnu.org>
9
+ Date: Tue Dec 24 14:37:37 2013 +0100
10
+
11
+ Added open-uri example
12
+
13
+ commit 1217456efe2d3265cbd19646342afef0619722dd
14
+ Author: Paweł Wilk <siefca@gnu.org>
15
+ Date: Tue Dec 24 14:37:18 2013 +0100
16
+
17
+ Strict constant checks during arming
18
+
19
+ commit 80735314da159427ab4aa46504600af7bf1f8961
20
+ Author: Paweł Wilk <siefca@gnu.org>
21
+ Date: Tue Dec 24 14:36:34 2013 +0100
22
+
23
+ Cosmetics
24
+
25
+ commit 3124c5884e51a270f19550efd55be5dde1ec5652
26
+ Author: Paweł Wilk <siefca@gnu.org>
27
+ Date: Tue Dec 24 11:56:18 2013 +0100
28
+
29
+ Fixed bug that caused global sets to be ignored when arming some singletons
30
+
31
+ commit 00881459874a15d2c92fb372a325cf1a5aed154e
32
+ Author: Paweł Wilk <siefca@gnu.org>
33
+ Date: Tue Dec 24 11:55:32 2013 +0100
34
+
35
+ Cosmetics
36
+
37
+ commit 408f9c1d21be1a4471cb4177ea55d9e20ccc6a33
38
+ Author: Paweł Wilk <siefca@gnu.org>
39
+ Date: Tue Dec 24 11:53:13 2013 +0100
40
+
41
+ Version bump
42
+
43
+ commit 5246b7f48cb1ac0bdecd2cf76b13e823806cd577
44
+ Author: Paweł Wilk <siefca@gnu.org>
45
+ Date: Mon Dec 23 22:48:21 2013 +0100
46
+
47
+ Documentation fixes
48
+
49
+ commit 4f91169decac556abef26bf373f7b69bb2855e5f
50
+ Author: Paweł Wilk <siefca@gnu.org>
51
+ Date: Mon Dec 23 22:34:40 2013 +0100
52
+
53
+ Manifest.txt regenerated
54
+
55
+ commit c338d3600b23442f961eda0cee528f57770291c0
56
+ Author: Paweł Wilk <siefca@gnu.org>
57
+ Date: Mon Dec 23 22:33:57 2013 +0100
58
+
59
+ Moved main module from lib/ipaccess.rb to lib/ipaccess/core.rb
60
+
61
+ commit 197d9b13036990763a1b3d51c9ec76c0870cf91c
62
+ Author: Paweł Wilk <siefca@gnu.org>
63
+ Date: Mon Dec 23 22:33:31 2013 +0100
64
+
65
+ Documentation updated
66
+
1
67
  commit 1abc7037ac85d2bf56dd5f8fa22450ef158fefd7
2
68
  Author: Paweł Wilk <siefca@gnu.org>
3
69
  Date: Mon Dec 23 13:02:16 2013 +0100
data/Manifest.txt CHANGED
@@ -20,9 +20,11 @@ docs/images/ipaccess_setup_origin.png
20
20
  docs/images/ipaccess_setup_origin_tab.png
21
21
  docs/images/ipaccess_view.png
22
22
  docs/rdoc.css
23
+ docs/yard-tpl/default/fulldoc/html/css/common.css
23
24
  examples/ftp.rb
24
25
  examples/http.rb
25
26
  examples/imap.rb
27
+ examples/open-uri.rb
26
28
  examples/pop.rb
27
29
  examples/smtp.rb
28
30
  examples/tcp_server.rb
@@ -32,21 +34,14 @@ examples/text_message.rb
32
34
  ipaccess.gemspec
33
35
  lib/ipaccess.rb
34
36
  lib/ipaccess/arm_sockets.rb
37
+ lib/ipaccess/core.rb
35
38
  lib/ipaccess/ghost_doc/ghost_doc.rb
36
- lib/ipaccess/ghost_doc/ghost_doc_acl.rb
39
+ lib/ipaccess/ghost_doc/ghost_doc_acl.rdoc
37
40
  lib/ipaccess/ghost_doc/ghost_doc_net_ftp.rb
38
41
  lib/ipaccess/ghost_doc/ghost_doc_net_http.rb
39
42
  lib/ipaccess/ghost_doc/ghost_doc_net_smtp.rb
40
43
  lib/ipaccess/ghost_doc/ghost_doc_net_telnet.rb
41
- lib/ipaccess/ghost_doc/ghost_doc_p_blacklist.rb
42
- lib/ipaccess/ghost_doc/ghost_doc_p_blacklist_e.rb
43
- lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist.rb
44
- lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist_e.rb
45
- lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist.rb
46
- lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist_e.rb
47
- lib/ipaccess/ghost_doc/ghost_doc_p_whitelist.rb
48
- lib/ipaccess/ghost_doc/ghost_doc_p_whitelist_e.rb
49
- lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rb
44
+ lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rdoc
50
45
  lib/ipaccess/ghost_doc/ghost_doc_sockets.rb
51
46
  lib/ipaccess/ip_access_check.rb
52
47
  lib/ipaccess/ip_access_errors.rb
data/README.md CHANGED
@@ -3,7 +3,7 @@
3
3
  **ipaccess version `1.2`** (`Mortal Compat`)
4
4
 
5
5
  * https://rubygems.org/gems/ipaccess
6
- * https://github.com/siefca/ipaccess/tree
6
+ * https://github.com/siefca/ipaccess
7
7
  * pw@gnu.org
8
8
 
9
9
  ## Description
@@ -65,7 +65,7 @@ classes that use IPAccess::Set instances to control access of the real TCP/IP tr
65
65
 
66
66
  ## Source code
67
67
 
68
- * https://github.com/siefca/IPAccess/tree
68
+ * https://github.com/siefca/IPAccess
69
69
  * <tt>git clone git://github.com/siefca/IPAccess.git</tt>
70
70
 
71
71
  ## Gem
data/Rakefile CHANGED
@@ -30,7 +30,7 @@ Hoe.plugin :gemspec
30
30
 
31
31
  Hoe.spec 'ipaccess' do
32
32
  developer "Paweł Wilk", "pw@gnu.org"
33
- self.version = "1.2.0"
33
+ self.version = "1.2.2"
34
34
  self.rubyforge_name = 'ipaccess'
35
35
  self.summary = 'IP Access Control for Ruby'
36
36
  self.description = 'This library allows you to control IP access for sockets and other objects'
data/docs/HISTORY CHANGED
@@ -1,3 +1,14 @@
1
+ === 1.2.2 / 2013-12-24 (Mortal Compat)
2
+
3
+ * 1 major enhancement
4
+
5
+ * Ruby 2.0 compatible release with bugfixes
6
+
7
+ * 2 bugfixes
8
+
9
+ * documentation format changed to YARD
10
+ * fixed ACL initialization bugs
11
+
1
12
  === 1.0.1 / 2009-06-07 (Mother in Law)
2
13
 
3
14
  * 1 major enhancement
data/docs/TODO CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
 
4
4
 
5
- - neet to be callable like x[:input] or x[:output] which allows more generic access to lists
5
+ - need to be callable like x[:input] or x[:output] which allows more generic access to lists
6
6
  - make it an array-like!
7
7
 
8
8
  == new logic
@@ -0,0 +1,5 @@
1
+
2
+ .signature .aliases, h3.signature .aliases {
3
+ margin-top: 2ex;
4
+ }
5
+
@@ -0,0 +1,14 @@
1
+ $:.unshift File.join(File.dirname(__FILE__), "..", "lib")
2
+
3
+ require 'ipaccess/net/http'
4
+ require 'open-uri'
5
+ require 'uri'
6
+
7
+ # Add host's IP by to black list of global output access set
8
+ IPAccess::Set::Global.output.blacklist 'example.org'
9
+
10
+ # Arm sockets
11
+ IPAccess.arm Net::HTTP
12
+
13
+ # Open URI
14
+ open 'http://example.org/'
data/examples/telnet.rb CHANGED
@@ -6,7 +6,7 @@ opts = {}
6
6
  opts["Host"] = 'randomseed.pl'
7
7
  opts["Port"] = '80'
8
8
 
9
- t = Net::Telnet.new(opts) # try to connect to remote host
9
+ t = Net::Telnet.new(opts) # try to connect to a remote host
10
10
 
11
11
  begin
12
12
 
data/ipaccess.gemspec ADDED
@@ -0,0 +1,62 @@
1
+ # -*- encoding: utf-8 -*-
2
+ # stub: ipaccess 1.2.0.20131223130056 ruby lib
3
+
4
+ Gem::Specification.new do |s|
5
+ s.name = "ipaccess"
6
+ s.version = "1.2.0.20131223130056"
7
+
8
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
9
+ s.authors = ["Pawe\u{142} Wilk"]
10
+ s.cert_chain = ["/Users/siefca/.gem/gem-public_cert.pem"]
11
+ s.date = "2013-12-23"
12
+ s.description = "This library allows you to control IP access for sockets and other objects"
13
+ s.email = ["pw@gnu.org"]
14
+ s.extra_rdoc_files = ["Manifest.txt"]
15
+ s.files = [".rspec", ".yardopts", "ChangeLog", "LGPL-LICENSE", "Manifest.txt", "README.md", "Rakefile", "docs/COPYING", "docs/FAQ", "docs/HISTORY", "docs/LEGAL", "docs/LGPL", "docs/TODO", "docs/images/ipaccess.png", "docs/images/ipaccess_ac_for_args.png", "docs/images/ipaccess_ac_for_socket.png", "docs/images/ipaccess_logo.png", "docs/images/ipaccess_relations.png", "docs/images/ipaccess_setup_origin.png", "docs/images/ipaccess_setup_origin_tab.png", "docs/images/ipaccess_view.png", "docs/rdoc.css", "examples/ftp.rb", "examples/http.rb", "examples/imap.rb", "examples/pop.rb", "examples/smtp.rb", "examples/tcp_server.rb", "examples/tcp_socket.rb", "examples/telnet.rb", "examples/text_message.rb", "lib/ipaccess.rb", "lib/ipaccess/arm_sockets.rb", "lib/ipaccess/ghost_doc/ghost_doc.rb", "lib/ipaccess/ghost_doc/ghost_doc_acl.rdoc", "lib/ipaccess/ghost_doc/ghost_doc_net_ftp.rb", "lib/ipaccess/ghost_doc/ghost_doc_net_http.rb", "lib/ipaccess/ghost_doc/ghost_doc_net_smtp.rb", "lib/ipaccess/ghost_doc/ghost_doc_net_telnet.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_blacklist.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_blacklist_e.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist_e.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist_e.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_whitelist.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_whitelist_e.rb", "lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rb", "lib/ipaccess/ghost_doc/ghost_doc_sockets.rb", "lib/ipaccess/ip_access_check.rb", "lib/ipaccess/ip_access_errors.rb", "lib/ipaccess/ip_access_list.rb", "lib/ipaccess/ip_access_set.rb", "lib/ipaccess/net/ftp.rb", "lib/ipaccess/net/http.rb", "lib/ipaccess/net/https.rb", "lib/ipaccess/net/imap.rb", "lib/ipaccess/net/pop.rb", "lib/ipaccess/net/smtp.rb", "lib/ipaccess/net/telnet.rb", "lib/ipaccess/patches/generic.rb", "lib/ipaccess/patches/net_ftp.rb", "lib/ipaccess/patches/net_http.rb", "lib/ipaccess/patches/net_https.rb", "lib/ipaccess/patches/net_imap.rb", "lib/ipaccess/patches/net_pop.rb", "lib/ipaccess/patches/net_smtp.rb", "lib/ipaccess/patches/net_telnet.rb", "lib/ipaccess/patches/netaddr.rb", "lib/ipaccess/patches/sockets.rb", "lib/ipaccess/socket.rb", "lib/ipaccess/sockets.rb", "spec/ip_access_list_spec.rb", "spec/rcov.opts", "spec/spec.opts", ".gemtest"]
16
+ s.homepage = "https://rubygems.org/gems/ipaccess"
17
+ s.rdoc_options = ["--title", "Ipaccess Documentation", "--quiet"]
18
+ s.require_paths = ["lib"]
19
+ s.rubyforge_project = "ipaccess"
20
+ s.rubygems_version = "2.1.11"
21
+ s.signing_key = "/Users/siefca/.gem/gem-private_key.pem"
22
+ s.summary = "IP Access Control for Ruby"
23
+
24
+ if s.respond_to? :specification_version then
25
+ s.specification_version = 4
26
+
27
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
28
+ s.add_runtime_dependency(%q<netaddr>, [">= 1.5.0"])
29
+ s.add_development_dependency(%q<hoe-yard>, [">= 0.1.2"])
30
+ s.add_development_dependency(%q<rspec>, [">= 2.6.0"])
31
+ s.add_development_dependency(%q<yard>, [">= 0.8.2"])
32
+ s.add_development_dependency(%q<rdoc>, [">= 3.8.0"])
33
+ s.add_development_dependency(%q<redcarpet>, [">= 2.1.0"])
34
+ s.add_development_dependency(%q<bundler>, [">= 1.0.10"])
35
+ s.add_development_dependency(%q<hoe-bundler>, [">= 1.1.0"])
36
+ s.add_development_dependency(%q<hoe-gemspec>, [">= 1.0.0"])
37
+ s.add_development_dependency(%q<hoe>, ["~> 2.16"])
38
+ else
39
+ s.add_dependency(%q<netaddr>, [">= 1.5.0"])
40
+ s.add_dependency(%q<hoe-yard>, [">= 0.1.2"])
41
+ s.add_dependency(%q<rspec>, [">= 2.6.0"])
42
+ s.add_dependency(%q<yard>, [">= 0.8.2"])
43
+ s.add_dependency(%q<rdoc>, [">= 3.8.0"])
44
+ s.add_dependency(%q<redcarpet>, [">= 2.1.0"])
45
+ s.add_dependency(%q<bundler>, [">= 1.0.10"])
46
+ s.add_dependency(%q<hoe-bundler>, [">= 1.1.0"])
47
+ s.add_dependency(%q<hoe-gemspec>, [">= 1.0.0"])
48
+ s.add_dependency(%q<hoe>, ["~> 2.16"])
49
+ end
50
+ else
51
+ s.add_dependency(%q<netaddr>, [">= 1.5.0"])
52
+ s.add_dependency(%q<hoe-yard>, [">= 0.1.2"])
53
+ s.add_dependency(%q<rspec>, [">= 2.6.0"])
54
+ s.add_dependency(%q<yard>, [">= 0.8.2"])
55
+ s.add_dependency(%q<rdoc>, [">= 3.8.0"])
56
+ s.add_dependency(%q<redcarpet>, [">= 2.1.0"])
57
+ s.add_dependency(%q<bundler>, [">= 1.0.10"])
58
+ s.add_dependency(%q<hoe-bundler>, [">= 1.1.0"])
59
+ s.add_dependency(%q<hoe-gemspec>, [">= 1.0.0"])
60
+ s.add_dependency(%q<hoe>, ["~> 2.16"])
61
+ end
62
+ end
data/lib/ipaccess.rb CHANGED
@@ -9,577 +9,13 @@
9
9
  # IPAccess::Set class to maintain inpu/output traffic control.
10
10
  # You also may use IPAccess::List class directly to build
11
11
  # your own access sets based on black lists and white lists.
12
- #
13
- #--
14
- #
15
- # Copyright (C) 2009 by Paweł Wilk. All Rights Reserved.
16
- #
17
- # This program is free software; you can redistribute it and/or modify
18
- # it under the terms of either: 1) the GNU Lesser General Public License
19
- # as published by the Free Software Foundation; either version 3 of the
20
- # License, or (at your option) any later version; or 2) Ruby's License.
21
- #
22
- # See the file COPYING for complete licensing information.
23
- #
24
- #++
25
12
 
26
13
  require 'rubygems'
27
14
  require 'socket'
28
15
  require 'resolv'
29
16
  require 'netaddr'
30
17
 
31
- require 'ipaccess/patches/netaddr'
32
- require 'ipaccess/ip_access_list'
33
- require 'ipaccess/ip_access_set'
18
+ require 'ipaccess/core'
19
+
34
20
 
35
- # This module contains classes that are
36
- # used to control IP access. There are
37
- # three major components you may need:
38
- #
39
- # === IPAccess::List class
40
- #
41
- # This class lets you create IP
42
- # access list with blacklisted
43
- # and whitelisted elements. It
44
- # also has methods for checking
45
- # whether given IP matches the
46
- # list.
47
- #
48
- # === IPAccess::Set class
49
- #
50
- # This class contains two
51
- # objects that are instances
52
- # of IPAccess::List class.
53
- # It allows you to create so
54
- # called access set. The access
55
- # set contains members named
56
- # +input+ and +output+. All methods
57
- # that validate IP access do it
58
- # against one of the lists. Input
59
- # access list is for incomming
60
- # and output for outgoing IP traffic.
61
- # In case of connection-oriented
62
- # sockets and other network objects
63
- # the convention is to use output access
64
- # list to validate connections that
65
- # we initiate. The incomming traffic
66
- # in that model means the connections
67
- # initiated by a remote peer.
68
- #
69
- # === Patching engine
70
- #
71
- # IPAccess was initialy considered as a
72
- # set of classes that you may use
73
- # in your own programs to control
74
- # IP access. That means your own classes
75
- # used for communication should use
76
- # access lists or sets before making any
77
- # real connections or sending any datagrams.
78
- #
79
- # Fortunately there are many network classes,
80
- # including sockets, that Ruby ships with.
81
- # It would be waste of resources to not modify
82
- # them to support IP access control and automagically
83
- # throw exceptions when access should be denied.
84
- #
85
- # And here the special module method called +IPAccess.arm+
86
- # comes in. It lets you patch most of Ruby's
87
- # networking classes and objects. Besides
88
- # equipping them in IPAccess::Set instance
89
- # it also adds some methods for doing quick
90
- # checks and changes in access lists.
91
- #
92
- # The patching engine can arm network classes and
93
- # single network objects. It is not loaded by default
94
- # since you may not want extra code attached to a
95
- # program that uses access lists or sets with
96
- # own access checking code.
97
- #
98
- # === Variants of popular classes
99
- #
100
- # Sometimes you want to write a code that
101
- # uses standard Ruby's network objects
102
- # but you find it dirty to alter classes or objects.
103
- # In that case you may want to use static variants
104
- # of Ruby's network classes that are not patches
105
- # but derived classes.
106
- #
107
- # === Exceptions
108
- #
109
- # When you are dealing with patched (armed) versions
110
- # of classes and objects or when you are using
111
- # special variants of popular network classes, you have
112
- # to rely on exceptions as the only way for
113
- # access checking methods to tell your program
114
- # that an event (like access denied) happened.
115
- #
116
- # Note that when exception is thrown
117
- # the communication session is closed in case
118
- # of connection-oriented network objects.
119
- # You may change it by switching +opened_on_deny+
120
- # attribute to +true+.
121
- #
122
- # See IPAccess::Set#check_in to know more
123
- # about tracking original network object
124
- # that caused exception to happend. Note
125
- # that in case of armed versions of network
126
- # classes (or access-contolled variants)
127
- # an information about original network
128
- # object stored within an exception will be set to
129
- # +nil+ if access had been denied before
130
- # object was initialized. This shouldn't
131
- # happend often, since access checks are lazy
132
- # (they are performed only when connection
133
- # is going to be made).
134
- #
135
- # See IPAccessDenied for more information
136
- # about what you can do with exceptions.
137
- #
138
- # === Sockets in armed network objects
139
- #
140
- # Specialized Ruby's network classes,
141
- # such as Net::HTTP or Net::Telnet
142
- # and their variants created by this library,
143
- # make use of socket objects. For example
144
- # Net::HTTP class uses TCPSocket instance to
145
- # create TCP connection. When versions
146
- # of these <tt>Net::</tt> objects with
147
- # enabled access control are used then
148
- # the internal routines of IPAccess
149
- # will also try to patch underlying sockets and assign
150
- # to them the same access set that is used by main
151
- # object. It is done to avoid access leaks.
152
- # However, such armed internal sockets will have
153
- # +opened_on_deny+ flag switched on since
154
- # closing session (and an eventual connection)
155
- # should be settled by main object.
156
- #
157
- # === Ordination of elements
158
- #
159
- # To properly understand what are the most important
160
- # structures mentioned above it's worth
161
- # to look at the diagram:
162
- #
163
- # link:images/ipaccess_view.png
164
- #
165
- # == Usage
166
- #
167
- # === Handling access sets and access lists
168
- #
169
- # If you need just IP access lists that you will handle in your own way
170
- # you may want to use two classes:
171
- #
172
- # * IPAccess::Set to maintain access sets (containing input and output access lists),
173
- # * IPAccess::List to maintain single access list.
174
- #
175
- # === Using socket classes
176
- #
177
- # If you want standard sockets to have access control enabled
178
- # you may want to use:
179
- #
180
- # * IPAccess::Socket (or issue <tt>IPAccess.arm Socket</tt>)
181
- # * IPAccess::TCPSocket (or issue <tt>IPAccess.arm TCPSocket</tt>)
182
- # * IPAccess::UDPSocket (or issue <tt>IPAccess.arm UDPSocket</tt>)
183
- # * IPAccess::SOCKSocket (or issue <tt>IPAccess.arm SOCKSocket</tt>)
184
- # * IPAccess::TCPServer (or issue <tt>IPAccess.arm TCPServer</tt>)
185
- #
186
- # Before using any of them you must issue:
187
- #
188
- # * <tt>require 'ipaccess/socket'</tt>
189
- #
190
- # Using the IPAccess.arm causes standard socket class to be altered,
191
- # while \IPAccess:: classes are just new variants of socket
192
- # handling classes.
193
- #
194
- # ==== Using other supported network classes
195
- #
196
- # If you want some working objects to have access control enabled
197
- # you may want to use:
198
- #
199
- # * IPAccess::Net::Telnet (or issue <tt>IPAccess.arm Net::Telnet</tt>)
200
- # * IPAccess::Net::HTTP (or issue <tt>IPAccess.arm Net::HTTP</tt>)
201
- # * IPAccess::Net::FTP (or issue <tt>IPAccess.arm Net::FTP</tt>)
202
- # * IPAccess::Net::POP3 (or issue <tt>IPAccess.arm Net::POP3</tt>)
203
- # * IPAccess::Net::IMAP (or issue <tt>IPAccess.arm Net::IMAP</tt>)
204
- # * IPAccess::Net::SMTP (or issue <tt>IPAccess.arm Net::SMTP</tt>)
205
- #
206
- # ==== Using single network objects
207
- #
208
- # If you want to enable access control for single network
209
- # object from the list shown above you may issue:
210
- #
211
- # require 'ipaccess/net/http'
212
- # obj = Net::HTTP.new(host, port)
213
- # IPAccess.arm obj
214
- #
215
- # or
216
- #
217
- # require 'ipaccess/socket'
218
- # socket = IPAccess::TCPServer.new(31337)
219
- # IPAccess.arm socket
220
- #
221
- # ..and so on.
222
- #
223
- # === Structures
224
- #
225
- # IP addresses used by the classes are internaly and interfacialy
226
- # represented by NetAddr::CIDR[http://netaddr.rubyforge.org/classes/NetAddr/CIDR.html]
227
- # objects (NetAddr::CIDRv4[http://netaddr.rubyforge.org/classes/NetAddr/CIDRv4.html] and
228
- # NetAddr::CIDRv6[http://netaddr.rubyforge.org/classes/NetAddr/CIDRv6.html]). Due to
229
- # performance reasons any access list internally is represented as a tree
230
- # (slightly modified NetAddr::Tree[http://netaddr.rubyforge.org/classes/NetAddr/Tree.html])
231
- # with special tags assigning rules to virtual lists.
232
- #
233
- # === Relations
234
- #
235
- # Here is a diagram which shows relations
236
- # between the IPAccess::TCPSocket class
237
- # and other classes from this module:
238
- #
239
- # link:images/ipaccess_relations.png
240
21
 
241
- module IPAccess
242
-
243
- # This method converts names to NetAddr::CIDR objects. It returns an array of CIDR objects.
244
- #
245
- # Allowed input are strings (DNS names or IP addresses optionally with masks), numbers (IP addresses representation),
246
- # IPSocket objects, URI objects, IPAddr objects, Net::HTTP objects, IPAddrList objects, NetAddr::CIDR objects,
247
- # NetAddr::Tree objects, IPAccess::List objects, symbols, objects that contain file descriptors bound to sockets
248
- # (including OpenSSL sockets) and arrays of these.
249
- #
250
- # In case of resolving the IPv6 link-local addresses
251
- # zone index is removed. In case of DNS names there may
252
- # occur Resolv::ResolvError exception. If there is an
253
- # object that cannot be converted the ArgumentError
254
- # exception is raised.
255
- #
256
- # When an argument called +:include_origins+ is present then the method will attach
257
- # original converted objects to results as the +:Origin+ tag of CIDR objects (<tt>tag[:Origin]</tt>).
258
- # This rule applies only to single objects or objects inside of arrays or sets.
259
- # Objects that are kind of NetAddr::CIDR, IPAccess::Set, NetAddr::Tree and arrays will
260
- # never be set as originators.
261
- #
262
- # ==== Examples
263
- #
264
- # to_cidrs("127.0.0.1") # uses the IP address
265
- # to_cidrs(2130706433) # uses numeric representation of 127.0.0.1
266
- # to_cidrs(:private, "localhost") # uses special symbol and DNS hostname
267
- # to_cidrs(:private, :localhost) # uses special symbols
268
- # to_cidrs [:private, :auto] # other way to write the above
269
- # to_cidrs "10.0.0.0/8" # uses masked IP address
270
- # to_cidrs "10.0.0.0/255.0.0.0" # uses masked IP address
271
- # to_cidrs IPSocket.new("www.pl", 80) # uses the socket
272
- # to_cidrs IPAddr("10.0.0.1") # uses IPAddr object
273
- # to_cidrs NetAddr::CIDR.create("10.0.0.1") # uses NetAddr object
274
- # to_cidrs URI('http://www.pl/') # uses URI
275
- # to_cidrs 'http://www.pl/' # uses the extracted host string
276
- # to_cidrs 'somehost.xx' # uses the host string (fetches ALL addresses from DNS)
277
- # to_cidrs 'somehost.xx/16' # uses the host string and a netmask
278
- #
279
- # ==== Special symbols
280
- #
281
- # When symbol is passed to this method it tries to find out if it has special meaning.
282
- # That allows you to create access rules in an easy way. For most of them you may
283
- # also specify IP protocol version using +ipv4_+ or +ipv6_+ prefix.
284
- #
285
- # Known symbols are:
286
- #
287
- # <b>+:all+</b> (+:any+, +:anyone+, +:world+, +:internet+, +:net+, +:everything+, +:everyone+, +:everybody+, +:anybody+)
288
- #
289
- # variants: +:ipv4_+ and +:ipv6_+
290
- #
291
- # Creates masked IP address that matches all networks:
292
- # – 0.0.0.0/0
293
- # – ::/0
294
- #
295
- # <b>+:broadcast+</b> (+:brd+)
296
- #
297
- # variants: +:ipv4_+ and +:ipv6_+
298
- #
299
- # Creates masked IP address that matches generic broadcast address:
300
- # – 255.255.255.255/32
301
- # – ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
302
- #
303
- # <b>+:local+</b> (+:localhost+, +:localdomain+, +:loopback+, +:lo+)
304
- #
305
- # variants: +:ipv4_+ and +:ipv6_+
306
- #
307
- # Creates masked IP addresses that match localhost:
308
- # – 127.0.0.1/8
309
- # – ::1/128
310
- #
311
- # <b>+:auto+</b> (+:automatic+, +:linklocal+)
312
- #
313
- # variants: +:ipv4_+ and +:ipv6_+
314
- #
315
- # Creates masked IP addresses that match automatically assigned address ranges:
316
- # – 169.254.0.0/16
317
- # – fe80::/10
318
- #
319
- # <b>+:private+</b> (+:intra+, +:intranet+, +:internal+)
320
- #
321
- # variants: +:ipv4_+ and +:ipv6_+
322
- #
323
- # Creates masked IP addresses that match private ranges:
324
- # – 10.0.0.0/8
325
- # – 172.16.0.0/12
326
- # – 192.168.0.0/16
327
- # – 2001:10::/28
328
- # – 2001:db8::/32
329
- # – fc00::/7
330
- # – fdde:9e1a:dc85:7374::/64
331
- #
332
- # <b>+:multicast+</b> (+:multi+, +:multiemission+)
333
- #
334
- # variants: +:ipv4_+ and +:ipv6_+
335
- #
336
- # Creates masked IP addresses that match multicast addresses ranges:
337
- # – 224.0.0.0/4
338
- # – ff00::/8
339
- # – ff02::1:ff00:0/104
340
- #
341
- # <b>+:reserved+</b> (+:example+)
342
- #
343
- # variants: +:ipv4_+
344
- #
345
- # Creates masked IP addresses that match reserved addresses ranges:
346
- # – 192.0.2.0/24
347
- # – 128.0.0.0/16
348
- # – 191.255.0.0/16
349
- # – 192.0.0.0/24
350
- # – 198.18.0.0/15
351
- # – 223.255.255.0/24
352
- # – 240.0.0.0/4
353
- #
354
- # <b>+:strange+</b> (+:unusual+, +:nonpublic+, +:unpublic+)
355
- #
356
- # Creates masked IP addressess that match the following sets (both IPv4 and IPv6):
357
- # – :local
358
- # – :auto
359
- # – :private
360
- # – :reserved
361
- # – :multicast
362
-
363
- def self.to_cidrs(*addresses)
364
- obj = addresses.flatten
365
- include_origins = false
366
- obj.delete_if { |x| include_origins = true if (x.is_a?(Symbol) && x == :include_origins) }
367
-
368
- if obj.size == 1
369
- obj = obj.first
370
- else
371
- ary = []
372
- obj.each do |o|
373
- ary += include_origins ? to_cidrs(o, :include_origins) : to_cidrs(o)
374
- end
375
- ary.flatten!
376
- return ary
377
- end
378
-
379
- ori_obj = obj
380
-
381
- # NetAddr::CIDR - immediate generation
382
- if obj.is_a?(NetAddr::CIDR)
383
- r = obj.dup
384
- r.tag[:Originator] = ori_obj if include_origins
385
- return [r]
386
- end
387
-
388
- # IPAccess::List - immediate generation
389
- return obj.to_a if obj.is_a?(IPAccess::List)
390
-
391
- # NetAddr::Tree - immediate generation
392
- return obj.dump.map { |addr| addr[:CIDR] } if obj.is_a?(NetAddr::Tree)
393
-
394
- # number or nil - immediate generation or exception
395
- if (obj.is_a?(Numeric) || obj.nil?)
396
- r = NetAddr::CIDR.create(obj)
397
- r.tag[:Originator] = ori_obj if include_origins
398
- return [r]
399
- end
400
-
401
- # object containing socket member (e.g. Net::HTTP) - fetch socket
402
- if obj.respond_to?(:socket)
403
- obj = obj.socket
404
- elsif obj.respond_to?(:sock)
405
- obj = obj.sock
406
- elsif obj.respond_to?(:client_socket)
407
- obj = obj.client_socket
408
- elsif obj.instance_variable_defined?(:@socket)
409
- obj = obj.instance_variable_get(:@socket)
410
- elsif obj.instance_variable_defined?(:@client_socket)
411
- obj = obj.instance_variable_get(:@client_socket)
412
- elsif obj.instance_variable_defined?(:@sock)
413
- obj = obj.instance_variable_get(:@sock)
414
- end
415
- obj = obj.io if (obj.respond_to?(:io) && obj.io.respond_to?(:getpeername))
416
-
417
- # some file descriptor but not socket - fetch socket
418
- obj = ::Socket.for_fd(obj.fileno) if (!obj.respond_to?(:getpeername) && obj.respond_to?(:fileno))
419
-
420
- # Socket - immediate generation
421
- if obj.respond_to?(:getpeername)
422
- peeraddr = ::Socket.unpack_sockaddr_in(obj.getpeername).last.split('%').first
423
- r = NetAddr::CIDR.create(peeraddr)
424
- r.tag[:Originator] = ori_obj if include_origins
425
- return [r]
426
- end
427
-
428
- # symbol - immediate generation
429
- r_args = nil
430
- if obj.is_a?(Symbol)
431
- case obj
432
- when :ipv4_all, :ipv4_any, :ipv4_anyone, :ipv4_world, :ipv4_internet, :ipv4_net, :ipv4_everything, :ipv4_everyone, :ipv4_everybody, :ipv4_anybody
433
- obj = [ "0.0.0.0/0" ]
434
- when :ipv6_all, :ipv6_any, :ipv6_anyone, :ipv6_world, :ipv6_internet, :ipv6_net, :ipv6_everything, :ipv6_everyone, :ipv6_everybody, :ipv6_anybody
435
- obj = [ "0.0.0.0/0", "::/0" ]
436
- when :ipv4_broadcast, :ipv4_brd
437
- obj = [ "255.255.255.255/32" ]
438
- when :ipv6_broadcast, :ipv6_brd
439
- obj = [ "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128" ]
440
- when :ipv4_local, :ipv4_localhost, :ipv4_loopback, :ipv4_lo
441
- obj = [ "127.0.0.1/8" ]
442
- when :ipv6_local, :ipv6_localhost, :ipv6_loopback, :ipv6_lo
443
- obj = [ "::1/128" ]
444
- when :ipv4_auto, :ipv4_automatic, :ipv4_linklocal
445
- obj = [ "169.254.0.0/16" ]
446
- when :ipv6_auto, :ipv6_automatic, :ipv6_linklocal
447
- obj = [ "fe80::/10" ]
448
- when :ipv4_private, :ipv4_intra, :ipv4_intranet, :ipv4_internal
449
- obj = [ "10.0.0.0/8",
450
- "172.16.0.0/12",
451
- "192.168.0.0/16" ]
452
- when :ipv6_private, :ipv6_intra, :ipv6_intranet, :ipv6_internal, :ipv6_ula, :ipv6_unique
453
- obj = [ "2001:10::/28",
454
- "2001:db8::/32",
455
- "fc00::/7",
456
- "fdde:9e1a:dc85:7374::/64" ]
457
- when :ipv4_multicast, :ipv4_multi, :ipv4_multiemission
458
- obj = [ "224.0.0.0/4" ]
459
- when :ipv6_multicast, :ipv6_multi, :ipv6_multiemission
460
- obj = [ "ff00::/8",
461
- "ff02::1:ff00:0/104" ]
462
- when :ipv4_example, :ipv4_reserved
463
- obj = [ "192.0.2.0/24",
464
- "128.0.0.0/16",
465
- "191.255.0.0/16",
466
- "192.0.0.0/24",
467
- "198.18.0.0/15",
468
- "223.255.255.0/24",
469
- "240.0.0.0/4" ]
470
- when :all, :any, :anyone, :world, :internet, :net, :everything, :everyone, :everybody, :anybody
471
- r_args = [ :ipv4_all,
472
- :ipv6_all ]
473
- when :broadcast, :brd
474
- r_args = [ :ipv4_broadcast,
475
- :ipv6_broadcast ]
476
- when :local, :localhost, :localdomain, :loopback, :lo
477
- r_args = [ :ipv4_local,
478
- :ipv6_local ]
479
- when :auto, :automatic, :linklocal
480
- r_args = [ :ipv4_auto,
481
- :ipv6_auto ]
482
- when :private, :intra, :intranet, :internal
483
- r_args = [ :ipv4_private,
484
- :ipv6_private ]
485
- when :multicast, :multi, :multiemission
486
- r_args = [ :ipv4_multicast,
487
- :ipv6_multicast ]
488
- when :reserved, :example
489
- r_args = [ :ipv4_example ]
490
- when :strange, :unusual, :nonpublic, :unpublic
491
- r_args = [ :local,
492
- :auto,
493
- :private,
494
- :reserved,
495
- :multicast ]
496
- else
497
- raise ArgumentError, "provided symbol is unknown: #{obj.to_s}"
498
- end
499
-
500
- unless r_args.nil?
501
- r_args.push :include_origins if include_origins
502
- return to_cidrs(*r_args)
503
- end
504
-
505
- # strange types here
506
- if obj.is_a?(Array)
507
- return obj.map do |addr|
508
- r = NetAddr::CIDR.create(addr)
509
- r.tag[:Originator] = addr if include_origins
510
- r
511
- end
512
- end
513
- end
514
-
515
- # URI or something that responds to host method - fetch string
516
- obj = obj.host if obj.respond_to?(:host)
517
-
518
- # objects of external classes
519
- case obj.class.name.to_sym
520
- when :IPAddr # IPAddr - fetch IP/mask string
521
- obj = obj.native.inspect.split[1].chomp('>')[5..-1]
522
- when :IPAddrList # IPAddrList - pass array to parse
523
- return include_origins ? to_cidrs(obj.to_a, :include_origins) : to_cidrs(obj.to_a)
524
- end
525
-
526
- # string or similar - immediate generation
527
- if obj.respond_to?(:to_s)
528
- hostmask = ""
529
- obj = obj.to_s
530
- # URI
531
- if obj =~ /^[^:]+:\/\/(.*)/
532
- obj = $1.split('/').first
533
- # IP in URI
534
- if obj =~ /^\[([^\]]+)\]/
535
- obj = $1
536
- else
537
- obj = obj.split(':').first
538
- end
539
- # host(s) and a mask
540
- elsif obj =~ /^([^\/]+)(\/((\d{1,2}$)|(\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b$)))/
541
- obj = $1
542
- hostmask = $2
543
- end
544
- begin
545
- ipa = obj.split('%').first.to_s
546
- r = NetAddr::CIDR.create(ipa + hostmask)
547
- rescue NetAddr::ValidationError
548
- begin
549
- addresses = Resolv::getaddresses(obj)
550
- rescue NoMethodError # unhandled error
551
- raise Resolv::ResolvError, "not connected or network error"
552
- end
553
- addresses.map! do |addr|
554
- begin
555
- r = NetAddr::CIDR.create(addr.split('%').first + hostmask)
556
- r.tag[:Originator] = ori_obj
557
- r
558
- rescue ArgumentError
559
- nil
560
- end
561
- end
562
- addresses.flatten!
563
- addresses.compact!
564
- return addresses
565
- end
566
- r.tag[:Originator] = ori_obj
567
- return [r]
568
- end
569
-
570
- # should never happend
571
- r = obj.is_a?(NetAddr::CIDR) ? obj.dup : NetAddr::CIDR.create(obj.to_s)
572
- r.tag[:Originator] = ori_obj
573
- return [r]
574
- end
575
-
576
- # This method calls IPAccess.to_cidrs
577
- # and returns first obtained entry containing
578
- # single IP address with mask (NetAddr::CIDR).
579
-
580
- def self.to_cidr(*addresses)
581
- r = self.to_cidrs(*addresses)
582
- return r.respond_to?(:first) ? first : r
583
- end
584
-
585
- end