ipaccess 1.2.0 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -13
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.yardopts +2 -0
- data/ChangeLog +66 -0
- data/Manifest.txt +5 -10
- data/README.md +2 -2
- data/Rakefile +1 -1
- data/docs/HISTORY +11 -0
- data/docs/TODO +1 -1
- data/docs/yard-tpl/default/fulldoc/html/css/common.css +5 -0
- data/examples/open-uri.rb +14 -0
- data/examples/telnet.rb +1 -1
- data/ipaccess.gemspec +62 -0
- data/lib/ipaccess.rb +2 -566
- data/lib/ipaccess/arm_sockets.rb +0 -1
- data/lib/ipaccess/core.rb +523 -0
- data/lib/ipaccess/ghost_doc/ghost_doc.rb +1 -1
- data/lib/ipaccess/ghost_doc/ghost_doc_acl.rdoc +54 -0
- data/lib/ipaccess/ghost_doc/ghost_doc_net_ftp.rb +35 -19
- data/lib/ipaccess/ghost_doc/ghost_doc_net_http.rb +34 -18
- data/lib/ipaccess/ghost_doc/ghost_doc_net_smtp.rb +35 -19
- data/lib/ipaccess/ghost_doc/ghost_doc_net_telnet.rb +35 -19
- data/lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rdoc +65 -0
- data/lib/ipaccess/ghost_doc/ghost_doc_sockets.rb +353 -125
- data/lib/ipaccess/ip_access_check.rb +2 -2
- data/lib/ipaccess/ip_access_errors.rb +2 -2
- data/lib/ipaccess/ip_access_list.rb +3 -3
- data/lib/ipaccess/patches/generic.rb +150 -183
- data/lib/ipaccess/patches/net_ftp.rb +1 -2
- data/lib/ipaccess/patches/net_http.rb +10 -14
- data/lib/ipaccess/patches/net_imap.rb +1 -2
- data/lib/ipaccess/patches/net_pop.rb +2 -4
- data/lib/ipaccess/patches/net_smtp.rb +2 -4
- data/lib/ipaccess/patches/net_telnet.rb +1 -2
- data/lib/ipaccess/patches/sockets.rb +67 -69
- data/lib/ipaccess/socket.rb +0 -17
- metadata +70 -100
- metadata.gz.sig +0 -0
- data/lib/ipaccess/ghost_doc/ghost_doc_acl.rb +0 -54
- data/lib/ipaccess/ghost_doc/ghost_doc_p_blacklist.rb +0 -36
- data/lib/ipaccess/ghost_doc/ghost_doc_p_blacklist_e.rb +0 -7
- data/lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist.rb +0 -36
- data/lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist_e.rb +0 -7
- data/lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist.rb +0 -36
- data/lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist_e.rb +0 -7
- data/lib/ipaccess/ghost_doc/ghost_doc_p_whitelist.rb +0 -36
- data/lib/ipaccess/ghost_doc/ghost_doc_p_whitelist_e.rb +0 -7
- data/lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rb +0 -64
@@ -10,7 +10,7 @@
|
|
10
10
|
#
|
11
11
|
#--
|
12
12
|
#
|
13
|
-
# Copyright (C) 2009 by Paweł Wilk. All Rights Reserved.
|
13
|
+
# Copyright (C) 2009-2014 by Paweł Wilk. All Rights Reserved.
|
14
14
|
#
|
15
15
|
# This program is free software; you can redistribute it and/or modify
|
16
16
|
# it under the terms of either: 1) the GNU Lesser General Public License
|
@@ -0,0 +1,54 @@
|
|
1
|
+
This member selects IPAccess::Set object that will be used to
|
2
|
+
control IP access for a socket.
|
3
|
+
|
4
|
+
=== Setting an access set
|
5
|
+
|
6
|
+
You may assign global access set,
|
7
|
+
create local access set or use shared set.
|
8
|
+
|
9
|
+
- If an argument is +:global+ it uses global access set.
|
10
|
+
- If an argument is +:private+ it creates an empty, private access set.
|
11
|
+
- If an argument is an IPAccess::Set object then it is used as external, shared set.
|
12
|
+
|
13
|
+
==== Global access set
|
14
|
+
|
15
|
+
Global access set is an IPAccess::Set object referenced by contant IPAccess::Set.Global
|
16
|
+
It cannot be modified by calling +acl+ attribute. To add or remove rules
|
17
|
+
use mentioned constant. By default all sockets with enabled IP access control
|
18
|
+
are using this set.
|
19
|
+
|
20
|
+
==== Private access set
|
21
|
+
|
22
|
+
Private access set is an IPAccess::Set object created for socket object.
|
23
|
+
You may modify it by referencing to +acl+ member of the socket object.
|
24
|
+
|
25
|
+
Under some circumstances it is possible to share private access set
|
26
|
+
– you just have to pass the +acl+ member of a socket to initializer
|
27
|
+
of new socket object as shared access set.
|
28
|
+
|
29
|
+
==== Shared access set
|
30
|
+
|
31
|
+
Shared access set is an IPAccess::Set object that more than one socket
|
32
|
+
may use to control IP access. It differs from private access set
|
33
|
+
only by operation used to create. The private access set is created
|
34
|
+
automatically and shared access set exists before socket object is
|
35
|
+
formed.
|
36
|
+
|
37
|
+
=== Using an access set
|
38
|
+
|
39
|
+
This member keeps the information about currently
|
40
|
+
used access set. You may use it to do low-level
|
41
|
+
operations on IPAccess::Set object associated
|
42
|
+
with instance. You cannot however call any
|
43
|
+
of global access set operations – to do that
|
44
|
+
use IPAccess::Set.Global contant referencing to
|
45
|
+
global ACL.
|
46
|
+
|
47
|
+
==== Manipulating access lists
|
48
|
+
|
49
|
+
You should avoid manipulating an access set directly to add
|
50
|
+
or remove rules in lists. It works fine but under some circumstances
|
51
|
+
changes made on working (connected) network object may
|
52
|
+
not be noticed immediately. You should use direct methods
|
53
|
+
(like blacklist, whitelist, blacklist! and whitelist!)
|
54
|
+
to control access for existing network objects.
|
@@ -28,7 +28,7 @@
|
|
28
28
|
# class but provides special member called +acl+ and a few new
|
29
29
|
# instance methods for controlling IP access.
|
30
30
|
#
|
31
|
-
|
31
|
+
# {include:file:lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rdoc}
|
32
32
|
#
|
33
33
|
# This documentation doesn't cover description of all
|
34
34
|
# class and instance methods of the original
|
@@ -92,29 +92,45 @@
|
|
92
92
|
|
93
93
|
class IPAccess::Net::FTP
|
94
94
|
|
95
|
-
|
96
|
-
|
95
|
+
# {include:IPAccess::Socket#whitelist!}
|
96
|
+
# @overload whitelist!(*addresses)
|
97
|
+
# @overload whitelist!(list, *addresses)
|
98
|
+
def whitelist!(*addresses); end
|
97
99
|
|
98
|
-
|
99
|
-
|
100
|
+
# {include:IPAccess::Socket#whitelist}
|
101
|
+
# @overload whitelist(*addresses)
|
102
|
+
# @overload whitelist(list, *addresses)
|
103
|
+
def whitelist(*addresses); end
|
100
104
|
|
101
|
-
|
102
|
-
|
105
|
+
# {include:IPAccess::Socket#blacklist!}
|
106
|
+
# @overload blacklist!(*addresses)
|
107
|
+
# @overload blacklist!(list, *addresses)
|
108
|
+
def blacklist!(*addresses); end
|
103
109
|
|
104
|
-
|
105
|
-
|
110
|
+
# {include:IPAccess::Socket#blacklist}
|
111
|
+
# @overload blacklist(*addresses)
|
112
|
+
# @overload blacklist(list, *addresses)
|
113
|
+
def blacklist(*addresses); end
|
106
114
|
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
115
|
+
# {include:IPAccess::Socket#unwhitelist!}
|
116
|
+
# @overload unwhitelist!(*addresses)
|
117
|
+
# @overload unwhitelist!(list, *addresses)
|
118
|
+
def unwhitelist!(*addresses); end
|
119
|
+
|
120
|
+
# {include:IPAccess::Socket#unwhitelist}
|
121
|
+
# @overload unwhitelist(*addresses)
|
122
|
+
# @overload unwhitelist(list, *addresses)
|
123
|
+
def unwhitelist(*addresses); end
|
112
124
|
|
113
|
-
|
114
|
-
|
125
|
+
#{include:IPAccess::Socket#unblacklist!}
|
126
|
+
# @overload unblacklist!(*addresses)
|
127
|
+
# @overload unblacklist!(list, *addresses)
|
128
|
+
def unblacklist!(*addresses); end
|
115
129
|
|
116
|
-
|
117
|
-
|
130
|
+
#{include:IPAccess::Socket#unblacklist}
|
131
|
+
# @overload unblacklist(*addresses)
|
132
|
+
# @overload unblacklist(list, *addresses)
|
133
|
+
def unblacklist(*addresses); end
|
118
134
|
|
119
135
|
alias_method :unblock!, :unblacklist!
|
120
136
|
alias_method :del_black!, :unblacklist!
|
@@ -145,7 +161,7 @@ class IPAccess::Net::FTP
|
|
145
161
|
# allows to set reason.
|
146
162
|
def blacklist_reasonable(reason, *addresses); end
|
147
163
|
|
148
|
-
|
164
|
+
#{include:file:lib/ipaccess/ghost_doc/ghost_doc_acl.rdoc}
|
149
165
|
#
|
150
166
|
# === Example
|
151
167
|
#
|
@@ -28,7 +28,7 @@
|
|
28
28
|
# provides special member called +acl+ and a few new
|
29
29
|
# instance methods for controlling IP access.
|
30
30
|
#
|
31
|
-
|
31
|
+
# {include:file:lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rdoc}
|
32
32
|
#
|
33
33
|
# This documentation doesn't cover description of all
|
34
34
|
# class and instance methods of the original
|
@@ -133,29 +133,45 @@
|
|
133
133
|
|
134
134
|
class IPAccess::Net::HTTP
|
135
135
|
|
136
|
-
|
137
|
-
|
136
|
+
# {include:IPAccess::Socket#whitelist!}
|
137
|
+
# @overload whitelist!(*addresses)
|
138
|
+
# @overload whitelist!(list, *addresses)
|
139
|
+
def whitelist!(*addresses); end
|
138
140
|
|
139
|
-
|
140
|
-
|
141
|
+
# {include:IPAccess::Socket#whitelist}
|
142
|
+
# @overload whitelist(*addresses)
|
143
|
+
# @overload whitelist(list, *addresses)
|
144
|
+
def whitelist(*addresses); end
|
141
145
|
|
142
|
-
|
143
|
-
|
146
|
+
# {include:IPAccess::Socket#blacklist!}
|
147
|
+
# @overload blacklist!(*addresses)
|
148
|
+
# @overload blacklist!(list, *addresses)
|
149
|
+
def blacklist!(*addresses); end
|
144
150
|
|
145
|
-
|
146
|
-
|
151
|
+
# {include:IPAccess::Socket#blacklist}
|
152
|
+
# @overload blacklist(*addresses)
|
153
|
+
# @overload blacklist(list, *addresses)
|
154
|
+
def blacklist(*addresses); end
|
147
155
|
|
148
|
-
|
149
|
-
|
156
|
+
# {include:IPAccess::Socket#unwhitelist!}
|
157
|
+
# @overload unwhitelist!(*addresses)
|
158
|
+
# @overload unwhitelist!(list, *addresses)
|
159
|
+
def unwhitelist!(*addresses); end
|
150
160
|
|
151
|
-
|
152
|
-
|
161
|
+
# {include:IPAccess::Socket#unwhitelist}
|
162
|
+
# @overload unwhitelist(*addresses)
|
163
|
+
# @overload unwhitelist(list, *addresses)
|
164
|
+
def unwhitelist(*addresses); end
|
153
165
|
|
154
|
-
|
155
|
-
|
166
|
+
#{include:IPAccess::Socket#unblacklist!}
|
167
|
+
# @overload unblacklist!(*addresses)
|
168
|
+
# @overload unblacklist!(list, *addresses)
|
169
|
+
def unblacklist!(*addresses); end
|
156
170
|
|
157
|
-
|
158
|
-
|
171
|
+
#{include:IPAccess::Socket#unblacklist}
|
172
|
+
# @overload unblacklist(*addresses)
|
173
|
+
# @overload unblacklist(list, *addresses)
|
174
|
+
def unblacklist(*addresses); end
|
159
175
|
|
160
176
|
alias_method :unblock!, :unblacklist!
|
161
177
|
alias_method :del_black!, :unblacklist!
|
@@ -186,7 +202,7 @@ class IPAccess::Net::HTTP
|
|
186
202
|
# allows to set reason.
|
187
203
|
def blacklist_reasonable(reason, *addresses); end
|
188
204
|
|
189
|
-
|
205
|
+
#{include:file:lib/ipaccess/ghost_doc/ghost_doc_acl.rdoc}
|
190
206
|
#
|
191
207
|
# === Example
|
192
208
|
#
|
@@ -28,7 +28,7 @@
|
|
28
28
|
# class but provides special member called +acl+ and a few new
|
29
29
|
# instance methods for controlling IP access.
|
30
30
|
#
|
31
|
-
|
31
|
+
# {include:file:lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rdoc}
|
32
32
|
#
|
33
33
|
# This documentation doesn't cover description of all
|
34
34
|
# class and instance methods of the original
|
@@ -58,29 +58,45 @@
|
|
58
58
|
|
59
59
|
class IPAccess::Net::SMTP
|
60
60
|
|
61
|
-
|
62
|
-
|
61
|
+
# {include:IPAccess::Socket#whitelist!}
|
62
|
+
# @overload whitelist!(*addresses)
|
63
|
+
# @overload whitelist!(list, *addresses)
|
64
|
+
def whitelist!(*addresses); end
|
63
65
|
|
64
|
-
|
65
|
-
|
66
|
+
# {include:IPAccess::Socket#whitelist}
|
67
|
+
# @overload whitelist(*addresses)
|
68
|
+
# @overload whitelist(list, *addresses)
|
69
|
+
def whitelist(*addresses); end
|
66
70
|
|
67
|
-
|
68
|
-
|
71
|
+
# {include:IPAccess::Socket#blacklist!}
|
72
|
+
# @overload blacklist!(*addresses)
|
73
|
+
# @overload blacklist!(list, *addresses)
|
74
|
+
def blacklist!(*addresses); end
|
69
75
|
|
70
|
-
|
71
|
-
|
76
|
+
# {include:IPAccess::Socket#blacklist}
|
77
|
+
# @overload blacklist(*addresses)
|
78
|
+
# @overload blacklist(list, *addresses)
|
79
|
+
def blacklist(*addresses); end
|
72
80
|
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
81
|
+
# {include:IPAccess::Socket#unwhitelist!}
|
82
|
+
# @overload unwhitelist!(*addresses)
|
83
|
+
# @overload unwhitelist!(list, *addresses)
|
84
|
+
def unwhitelist!(*addresses); end
|
85
|
+
|
86
|
+
# {include:IPAccess::Socket#unwhitelist}
|
87
|
+
# @overload unwhitelist(*addresses)
|
88
|
+
# @overload unwhitelist(list, *addresses)
|
89
|
+
def unwhitelist(*addresses); end
|
78
90
|
|
79
|
-
|
80
|
-
|
91
|
+
#{include:IPAccess::Socket#unblacklist!}
|
92
|
+
# @overload unblacklist!(*addresses)
|
93
|
+
# @overload unblacklist!(list, *addresses)
|
94
|
+
def unblacklist!(*addresses); end
|
81
95
|
|
82
|
-
|
83
|
-
|
96
|
+
#{include:IPAccess::Socket#unblacklist}
|
97
|
+
# @overload unblacklist(*addresses)
|
98
|
+
# @overload unblacklist(list, *addresses)
|
99
|
+
def unblacklist(*addresses); end
|
84
100
|
|
85
101
|
alias_method :unblock!, :unblacklist!
|
86
102
|
alias_method :del_black!, :unblacklist!
|
@@ -111,7 +127,7 @@ class IPAccess::Net::SMTP
|
|
111
127
|
# allows to set reason.
|
112
128
|
def blacklist_reasonable(reason, *addresses); end
|
113
129
|
|
114
|
-
|
130
|
+
#{include:file:lib/ipaccess/ghost_doc/ghost_doc_acl.rdoc}
|
115
131
|
#
|
116
132
|
# === Example
|
117
133
|
#
|
@@ -28,7 +28,7 @@
|
|
28
28
|
# provides provides special member called +acl+ and a few new
|
29
29
|
# instance methods for controlling IP access.
|
30
30
|
#
|
31
|
-
|
31
|
+
# {include:file:lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rdoc}
|
32
32
|
#
|
33
33
|
# This documentation doesn't cover description of all
|
34
34
|
# class and instance methods of the original
|
@@ -117,29 +117,45 @@
|
|
117
117
|
|
118
118
|
class IPAccess::Net::Telnet
|
119
119
|
|
120
|
-
|
121
|
-
|
120
|
+
# {include:IPAccess::Socket#whitelist!}
|
121
|
+
# @overload whitelist!(*addresses)
|
122
|
+
# @overload whitelist!(list, *addresses)
|
123
|
+
def whitelist!(*addresses); end
|
122
124
|
|
123
|
-
|
124
|
-
|
125
|
+
# {include:IPAccess::Socket#whitelist}
|
126
|
+
# @overload whitelist(*addresses)
|
127
|
+
# @overload whitelist(list, *addresses)
|
128
|
+
def whitelist(*addresses); end
|
125
129
|
|
126
|
-
|
127
|
-
|
130
|
+
# {include:IPAccess::Socket#blacklist!}
|
131
|
+
# @overload blacklist!(*addresses)
|
132
|
+
# @overload blacklist!(list, *addresses)
|
133
|
+
def blacklist!(*addresses); end
|
128
134
|
|
129
|
-
|
130
|
-
|
135
|
+
# {include:IPAccess::Socket#blacklist}
|
136
|
+
# @overload blacklist(*addresses)
|
137
|
+
# @overload blacklist(list, *addresses)
|
138
|
+
def blacklist(*addresses); end
|
131
139
|
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
140
|
+
# {include:IPAccess::Socket#unwhitelist!}
|
141
|
+
# @overload unwhitelist!(*addresses)
|
142
|
+
# @overload unwhitelist!(list, *addresses)
|
143
|
+
def unwhitelist!(*addresses); end
|
144
|
+
|
145
|
+
# {include:IPAccess::Socket#unwhitelist}
|
146
|
+
# @overload unwhitelist(*addresses)
|
147
|
+
# @overload unwhitelist(list, *addresses)
|
148
|
+
def unwhitelist(*addresses); end
|
137
149
|
|
138
|
-
|
139
|
-
|
150
|
+
#{include:IPAccess::Socket#unblacklist!}
|
151
|
+
# @overload unblacklist!(*addresses)
|
152
|
+
# @overload unblacklist!(list, *addresses)
|
153
|
+
def unblacklist!(*addresses); end
|
140
154
|
|
141
|
-
|
142
|
-
|
155
|
+
#{include:IPAccess::Socket#unblacklist}
|
156
|
+
# @overload unblacklist(*addresses)
|
157
|
+
# @overload unblacklist(list, *addresses)
|
158
|
+
def unblacklist(*addresses); end
|
143
159
|
|
144
160
|
alias_method :unblock!, :unblacklist!
|
145
161
|
alias_method :del_black!, :unblacklist!
|
@@ -170,7 +186,7 @@ class IPAccess::Net::Telnet
|
|
170
186
|
# allows to set reason.
|
171
187
|
def blacklist_reasonable(reason, *addresses); end
|
172
188
|
|
173
|
-
|
189
|
+
#{include:file:lib/ipaccess/ghost_doc/ghost_doc_acl.rdoc}
|
174
190
|
#
|
175
191
|
# === Example
|
176
192
|
#
|
@@ -0,0 +1,65 @@
|
|
1
|
+
Access checks are lazy,
|
2
|
+
which means they are performed when
|
3
|
+
a real connection is going to happend.
|
4
|
+
|
5
|
+
Instances of this class will also
|
6
|
+
internally use patched versions of Ruby's network
|
7
|
+
socket objects to avoid access leaks.
|
8
|
+
|
9
|
+
You can pass access set in various ways: while
|
10
|
+
creating a new object or while a communication is
|
11
|
+
already started. You can also rely on a global
|
12
|
+
access set, which is used by default.
|
13
|
+
|
14
|
+
=== Usage
|
15
|
+
|
16
|
+
There are 3 ways to enable access control:
|
17
|
+
|
18
|
+
* by patching original class (see IPAccess.arm) – use it in code that you cannot modify
|
19
|
+
* by patching single instance (see IPAccess.arm) – use it occasionally
|
20
|
+
* by using instances of this class directly – use it in your own code
|
21
|
+
|
22
|
+
There are also 4 ways to manage access rules:
|
23
|
+
|
24
|
+
* by using direct methods like blacklist and whitelist – preferred
|
25
|
+
* by using +acl+ member – low-level
|
26
|
+
* by using <tt>IPAccess::Set.Global</tt> constant – controls a global access set
|
27
|
+
* by using methods of an external IPAccess::Set object associated with an instance
|
28
|
+
|
29
|
+
==== Using direct methods
|
30
|
+
|
31
|
+
Patched network objects and variants have methods to control access.
|
32
|
+
You should use them since they are most reliable way to perform
|
33
|
+
modifications on an working instance. These methods (documented
|
34
|
+
below) are: whitelist, blacklist, whitelist! and blacklist!.
|
35
|
+
Each of the methods ensures that needed safety checks are made
|
36
|
+
when detecting some change in access lists.
|
37
|
+
|
38
|
+
==== Using +acl+ member
|
39
|
+
|
40
|
+
The +acl+ member gives you direct access to internal IPAccess::Set
|
41
|
+
instance that an object uses to control an access. However,
|
42
|
+
by accessing this member you may only modify private and shared
|
43
|
+
access sets, and you have to manually re-check connection against lists
|
44
|
+
(e.g. by using method acl_recheck).
|
45
|
+
|
46
|
+
==== Using IPAccess::Set.Global
|
47
|
+
|
48
|
+
You may use IPAccess::Set.Global to add or remove rules
|
49
|
+
conatined in lists of a global access set. You should use
|
50
|
+
it before some network objects are created and if it's not
|
51
|
+
possible call acl_recheck for any object that is using it
|
52
|
+
when some changes in rules are made. It is also possible
|
53
|
+
to manipulate global access set from object's scope using
|
54
|
+
whitelist! and blacklist! methods. For working
|
55
|
+
objects you should use them.
|
56
|
+
|
57
|
+
==== Using external access set
|
58
|
+
|
59
|
+
External access sets are simply IPAccess::Set objects
|
60
|
+
that were associated with an instance during initialization
|
61
|
+
or by assigning it to +acl+ member. You may manipulate their
|
62
|
+
access rules safely before a networking object is in
|
63
|
+
a connected state. After it happens it is safer to use
|
64
|
+
direct controlling methods that network object provides.
|
65
|
+
|