ipaccess 1.2.0 → 1.2.2

data/lib/ipaccess/ip_access_check.rb

@@ -434,10 +434,10 @@ module IPAccess
       end
       return socket
     end
-    
+
     # This method checks access for a sockaddr.
     # It works the same way as check_socket but tests sockaddr structures.
-    
+
     def check_sockaddr(sockaddr, originator=nil) # :yields: address, rule, list, sockaddr, orig
       return sockaddr if self.empty?
       begin

data/lib/ipaccess/ip_access_errors.rb

@@ -80,9 +80,9 @@ class IPAccessDenied < SecurityError
   attr_reader :socket
   
   # Access set that was used to check access.
-  
+
   attr_reader :acl
-  
+
   # Creates new object. First argument should be
   # a NetAddr::CIDR object containing address
   # of denied connection. Second argument should

data/lib/ipaccess/ip_access_list.rb

@@ -368,15 +368,15 @@ module IPAccess
     # You should avoid passing hostnames as arguments since
     # DNS is not reliable and responses may change with time,
     # which may cause security flaws.
-    
+
     def blacklist(*addresses)
       addresses.empty? ? self.to_a(:black) : add!(:black, *addresses)
     end
-    
+
     alias_method :add_black,  :blacklist
     alias_method :deny,       :blacklist
     alias_method :block,      :blacklist
-    
+
     # This works the same way as blacklist but allows
     # you to store a reason.
     

data/lib/ipaccess/patches/generic.rb

@@ -7,20 +7,6 @@
 # Modules contained in this file are meant for
 # patching Ruby classes in order to add
 # IP access control to them.
-# 
-#--
-# 
-# Copyright (C) 2009 by Paweł Wilk. All Rights Reserved.
-# 
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of either: 1) the GNU Lesser General Public License
-# as published by the Free Software Foundation; either version 3 of the
-# License, or (at your option) any later version; or 2) Ruby's License.
-# 
-# See the file COPYING for complete licensing information.
-#
-#++
-# 
 
 require 'singleton'
 require 'ipaccess/ip_access_errors'
@@ -36,13 +22,13 @@ module IPAccess
     # It is present only when patching engine is loaded.
 
     class GlobalClass < Set
-      
+
       # :stopdoc:
-      
+
       include Singleton
 
       def global?; true end
-      
+
       def ==(obj)
         return true if obj.object_id == IPAccess::Set::GlobalSet.instance.object_id
         super(obj)
@@ -52,23 +38,23 @@ module IPAccess
         return true if obj.object_id == IPAccess::Set::GlobalSet.instance.object_id
         super(obj)
       end
-      
+
       def to_s
         "#<IPAccess::Set:Global>"
       end
-               
+       
       # :startdoc:
-    
+
     end
 
     # This is global access set, used by
     # default by all socket handling
     # classes with enabled IP access control.
     # It is present only when patching engine is loaded.
-    
+
     Global = GlobalClass.instance
     Global.name = 'global'
-    
+
     # This method returns +true+ when
     # the current instance is not regular IPAccess::Set object
     # but a reference to the IPAccess::Set.Global,
@@ -77,16 +63,11 @@ module IPAccess
     # 
     # This method is present only if
     # patching engine had been loaded.
-    
+
     def global?; false end
-        
+
   end # class Set
-  
-  # :call-seq:
-  #   arm(klass, acl=nil)<br />
-  #   arm(klass, :opened_on_deny)<br />
-  #   arm(klass, acl, :opened_on_deny)
-  # 
+
   # This special method patches Ruby's standard
   # library classes and enables IP access control
   # for them. Instances of such altered classes
@@ -95,10 +76,10 @@ module IPAccess
   # to manipulate access rules. It is also
   # able to patch single instance of supported
   # classes.
-  #
+  # 
   # This method returns object that has
   # been patched.
-  #
+  # 
   # ==== Supported classes
   #  
   # Currently supported classes are:
@@ -110,13 +91,13 @@ module IPAccess
   #   – Net::POP3,
   #   – Net::IMAP,
   #   – Net::SMTP.
-  #
+  # 
   # ==== Patching classes
   # 
   # Passed argument may be a class object,
   # a string representation of a class object
   # or a symbol representing a class object.
-  #
+  # 
   # ==== Patching single instances
   # 
   # Passed argument may be an instance of
@@ -135,53 +116,55 @@ module IPAccess
   # argument.
   # 
   # === Examples
-  #
+  # 
   # ==== Example 1 – sockets
   # 
-  #     require 'ipaccess/socket'                         # load sockets subsystem and IPAccess.arm method
+  #     require 'ipaccess/socket'                               # load sockets subsystem and IPAccess.arm method
   # 
-  #     IPAccess.arm TCPSocket                            # arm TCPSocket class  
-  #     IPAccess::Set::Global.output.blacklist 'randomseed.pl' # add host to black list of the global set
-  #     TCPSocket.new('randomseed.pl', 80)                # try to connect
+  #     IPAccess.arm TCPSocket                                  # arm TCPSocket class  
+  #     IPAccess::Set::Global.output.blacklist 'randomseed.pl'  # add host to black list of the global set
+  #     TCPSocket.new('randomseed.pl', 80)                      # try to connect
   # 
   # ==== Example 2 – HTTP
   # 
-  #     require 'ipaccess/net/http'                       # load net/http subsystem and IPAccess.arm method
+  #     require 'ipaccess/net/http'                             # load net/http subsystem and IPAccess.arm method
   # 
-  #     IPAccess.arm Net::HTTP                            # arm TCPSocket class  
-  #     IPAccess::Set::Global.output.blacklist 'randomseed.pl' # add host to black list of the global set
-  #     Net::HTTP.get_print('randomseed.pl', '/i.html')   # try to connect
+  #     IPAccess.arm Net::HTTP                                  # arm TCPSocket class  
+  #     IPAccess::Set::Global.output.blacklist 'randomseed.pl'  # add host to black list of the global set
+  #     Net::HTTP.get_print('randomseed.pl', '/i.html')         # try to connect
   # 
   # ==== Example 3 – single network object
   # 
-  #     require 'ipaccess/net/telnet'                     # load Net::Telnet version and IPAccess.arm method
+  #     require 'ipaccess/net/telnet'                           # load Net::Telnet version and IPAccess.arm method
   # 
   #     opts = {}
   #     opts["Host"]  = 'randomseed.pl'
   #     opts["Port"]  = '80'
   #     
-  #     t = Net::Telnet.new(opts)                         # try to connect to remote host
+  #     t = Net::Telnet.new(opts)                               # try to connect to remote host
   #     
-  #     acl = IPAccess::Set.new                                # create custom access set
-  #     acl.output.blacklist 'randomseed.pl'              # blacklist host
-  #     IPAccess.arm t, acl                               # arm Telnet object and pass optional ACL
-  
+  #     acl = IPAccess::Set.new                                 # create custom access set
+  #     acl.output.blacklist 'randomseed.pl'                    # blacklist host
+  #     IPAccess.arm t, acl                                     # arm Telnet object and pass optional ACL
+  # 
+  # @overload arm(klass, acl=nil)
+  # @overload arm(klass, :opened_on_deny)
+  # @overload arm(klass, acl, :opened_on_deny)
+
   def self.arm(*args)
-    cod = args.delete(:opened_on_deny).nil? ? true : false
+    cod = args.delete(:opened_on_deny).nil?
     klass, acl = *args
     singleton_obj = nil
     if klass.is_a?(Class)                                 # regular class
-      klass_name = klass.name 
-    elsif (klass.is_a?(Symbol) || klass.is_a?(String))
+      klass_name = klass.name
+    elsif klass.is_a?(Symbol) || klass.is_a?(String)
       klass_name = klass.to_s
       if klass.name.downcase == "sockets"                 # just a bunch of sockets
         require 'ipaccess/arm_sockets'
         return
       else                                                # regular class as a string or symbol
         klass = Kernel
-        klass_name.to_s.split('::').each do |k|
-          klass = klass.const_get(k)
-        end
+        klass_name.to_s.split('::').each { |k| klass = klass.const_get(k) }
       end
     else                                                  # regular object (will patch singleton of this object)
       klass_name = klass.class.name
@@ -190,25 +173,23 @@ module IPAccess
     end
     begin
       patch_klass = IPAccess::Patches
-      klass_name.split('::').each do |k|
-        patch_klass = patch_klass.const_get(k)
-      end
+      klass_name.split('::').each { |k| patch_klass = patch_klass.const_get(k, false) }
     rescue NameError
-      raise ArgumentError, "cannot enable IP access control for class #{klass_name}"
+      raise ArgumentError, "Cannot enable IP access control for class #{klass_name}"
     end
     klass.__send__(:include, patch_klass)
-    singleton_obj.__send__(:__ipa_singleton_hook, acl, cod) unless singleton_obj.nil?
+    singleton_obj.__send__(:__ipa_singleton_hook, acl, cod) unless singleton_obj.nil?  # early initial check
     return klass
   end
-    
+
   # :stopdoc:
-  
+
   # This module patches network classes
   # to enforce IP access control for them. Each patched 
   # class has the acl member, which is an IPAccess::Set object.
 
   module Patches
-  
+
     # This class is a proxy that raises an exception when
     # any method other than defined in Object class is called.
     # It behaves like NilClass. Do not use this class, use
@@ -221,7 +202,7 @@ module IPAccess
       # imitate nil
       def nil?; true end
 
-      # This method returns +true+ if current object is IPAccess::Set.Global.
+      # This method returns +true+ if the current object is IPAccess::Set.Global.
       # Otherwise it returns +false+.
       def global?; true end
 
@@ -244,7 +225,7 @@ module IPAccess
       # imitate nil even more and disallow direct ACL modifications
       def method_missing(name, *args)
         return nil.method(name).call(*args) if nil.respond_to?(name)
-        raise ArgumentError, "cannot access global set from object's scope, use IPAccess::Set::Global"
+        raise ArgumentError, "Cannot access global set from object's scope, use IPAccess::Set::Global"
       end
 
     end # class IPAccess::Set.GlobalSet
@@ -252,19 +233,19 @@ module IPAccess
     # The ACL module contains methods
     # that are present in all network
     # objects with IP access control enabled.
-  
+
     module ACL
 
       # This method is used to safely
       # pass an eventual exception
       # and fill its useables field with a current
       # object.
-      
+
       def __ipa_wrap_socket_call(*args, &block)
         IPAccess.take_care(self, *args, &block)
       end
       protected :__ipa_wrap_socket_call
-      
+
       # This method enables usage of internal IP access list for object.
       # If argument is IPAccess::Set object then it is used.
       # 
@@ -273,10 +254,10 @@ module IPAccess
       #     socket.acl = :global            # use global access set
       #     socket.acl = :private           # create and use individual access set
       #     socket.acl = IPAccess::Set.new  # use external (shared) access set
-      
+
       def acl=(access_set)
-        new_acl = nil
-        prev_acl = @acl
+        new_acl   = false
+        prev_acl  = @acl
         if access_set.is_a?(Symbol)
           case access_set
           when :global
@@ -284,28 +265,24 @@ module IPAccess
           when :private
             new_acl = IPAccess::Set.new
           else
-            raise ArgumentError, "bad access list selector, use: :global or :private"
+            raise ArgumentError, "Bad access list selector, use: :global or :private"
           end
         elsif access_set.is_a?(IPAccess::Set)
-          if access_set == IPAccess::Set::Global
-            new_acl = IPAccess::Set::GlobalSet.instance
-          else
-            new_acl = access_set
-          end
+          new_acl = ( access_set == IPAccess::Set::Global ? IPAccess::Set::GlobalSet.instance : access_set )
         elsif access_set.nil?
           new_acl = IPAccess::Set::GlobalSet.instance
         else
-          raise ArgumentError, "bad access list"
+          raise ArgumentError, "Bad access list"
         end
-        unless (new_acl.nil? || prev_acl.object_id == new_acl.object_id)
+        unless (new_acl === false || prev_acl.object_id == new_acl.object_id)
           @acl = new_acl
           self.acl_recheck if self.respond_to?(:acl_recheck)
         end
       end
-    
+
       # This method returns +true+ if the given object can be used to initialize ACL.
       # Otherwise it returns +false+.
-      
+
       def IPAccess.valid_acl?(obj)
         if obj.is_a?(Symbol)
           return true if (obj == :global || obj == :private)
@@ -314,14 +291,14 @@ module IPAccess
         end
         return false
       end
-      
+
       # This method returns +true+ if the given object can be used to initialize ACL.
       # Otherwise it returns +false+.
-          
+
       def valid_acl?(obj)
         IPAccess.valid_acl?(obj)
       end
-      
+
       # This method should be called each time the access set related to an object
       # is changed and there is a need to validate remote peer again, since it might be
       # blacklisted.
@@ -329,11 +306,11 @@ module IPAccess
       # Each class that patches Ruby's network class should redefine this method
       # and call it in a proper place (e.g. from hook executed when singleton methods
       # are added to network object).
-      
+
       def acl_recheck
         ;
       end
-      
+
       # This method return current access set for an object.
       # 
       # Ifaccess set (@acl) is somehow set to +nil+
@@ -341,26 +318,22 @@ module IPAccess
       # (which is internal singleton used to mark that @acl should
       # point to the global set) it will return a reference
       # to the global access set IPAccess::Set.Global.
-      
+
       def real_acl
         @acl.nil? ? IPAccess::Set::Global : @acl
       end
       private :real_acl
-      
+
       attr_reader :acl
       alias_method :access=, :acl=
-      alias_method :access, :acl
-      
+      alias_method :access,  :acl
+
       # This method returns default access list indicator
       # used by protected object; usually +:input+ or
       # +:output+.
-      
+
       def default_list; :output end
-      
-      # :call-seq:
-      #   whitelist(list, *addresses)
-      #   whitelist(*addresses)
-      # 
+
       # This method whitelists IP address(-es) in
       # the input or output access list selected
       # by the *list* argument (+:input+ or +:output+).
@@ -380,15 +353,18 @@ module IPAccess
       # whitelist! instead.
       # 
       # === Revalidation
-      #
+      # 
       # After modyfing access set current connection
       # is validated again to avoid access leaks.
       # 
       # === DNS Warning
-      #
+      # 
       # You should avoid passing hostnames as arguments since
       # DNS is not reliable and responses may change with time,
       # which may cause security flaws.
+      # 
+      # @overload whitelist(*addresses)
+      # @overload whitelist(list, *addresses)
 
       def whitelist(*addresses)
         aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
@@ -396,25 +372,21 @@ module IPAccess
         self.acl_recheck
         return r
       end
-      
+
       alias_method :add_white,  :whitelist
       alias_method :allow,      :whitelist
       alias_method :permit,     :whitelist
-      
+
       # This method works like whitelist but allows
       # to set reason.
-      
+
       def whitelist_reasonable(reason, *addresses)
         aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
         r = @acl.send(aclist).whitelist_reasonable(reason, *addresses)
         self.acl_recheck
         return r
       end
-      
-      # :call-seq:
-      #   whitelist!(list, *addresses)
-      #   whitelist!(*addresses)
-      # 
+
       # This method whitelists IP address(-es) in
       # the input or output access list selected
       # by the *list* argument (+:input+ or +:output+).
@@ -432,15 +404,18 @@ module IPAccess
       # even if the global access set is used by object.
       # 
       # === Revalidation
-      #
+      # 
       # After modyfing access set current connection
       # is validated again to avoid access leaks.
       # 
       # === DNS Warning
-      #
+      # 
       # You should avoid passing hostnames as arguments since
       # DNS is not reliable and responses may change with time,
       # which may cause security flaws.
+      # 
+      # @overload whitelist!(*addresses)
+      # @overload whitelist!(list, *addresses)
 
       def whitelist!(*addresses)
         aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
@@ -448,7 +423,7 @@ module IPAccess
         self.acl_recheck
         return r
       end
-      
+
       alias_method :add_white!,  :whitelist!
       alias_method :allow!,      :whitelist!
       alias_method :permit!,     :whitelist!
@@ -462,11 +437,7 @@ module IPAccess
         self.acl_recheck
         return r
       end
-      
-      # :call-seq:
-      #   unwhitelist(list, *addresses)
-      #   unwhitelist(*addresses)
-      # 
+
       # This method removes whitelisted IP address(-es)
       # from the input or output access list selected
       # by the *list* argument (+:input+ or +:output+).
@@ -486,32 +457,31 @@ module IPAccess
       # unwhitelist! instead.
       # 
       # === Revalidation
-      #
+      # 
       # After modyfing access set current connection
       # is validated again to avoid access leaks.
       # 
       # === DNS Warning
-      #
+      # 
       # You should avoid passing hostnames as arguments since
       # DNS is not reliable and responses may change with time,
       # which may cause security flaws.
-      
+      # 
+      # @overload unwhitelist(*addresses)
+      # @overload unwhitelist(list, *addresses)
+
       def unwhitelist(*addresses)
         aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
         r = @acl.send(aclist).unwhitelist(*addresses)
         self.acl_recheck
         return r
       end
-      
+
       alias_method :unwhite,    :unwhitelist
       alias_method :del_white,  :unwhitelist
       alias_method :unallow,    :unwhitelist
       alias_method :unpermit,   :unwhitelist
-      
-      # :call-seq:
-      #   unwhitelist!(list, *addresses)
-      #   unwhitelist!(*addresses)
-      # 
+
       # This method removes whitelisted IP address(-es)
       # from the input or output access list selected
       # by the *list* argument (+:input+ or +:output+).
@@ -529,32 +499,31 @@ module IPAccess
       # even if the global access set is used by object.
       # 
       # === Revalidation
-      #
+      # 
       # After modyfing access set current connection
       # is validated again to avoid access leaks.
       # 
       # === DNS Warning
-      #
+      # 
       # You should avoid passing hostnames as arguments since
       # DNS is not reliable and responses may change with time,
       # which may cause security flaws.
-      
+      # 
+      # @overload unwhitelist!(*addresses)
+      # @overload unwhitelist!(list, *addresses)
+
       def unwhitelist!(*addresses)
         aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
         r = real_acl.send(aclist).unwhitelist(*addresses)
         self.acl_recheck
         return r
       end
-      
+
       alias_method :unwhite!,    :unwhitelist!
       alias_method :del_white!,  :unwhitelist!
       alias_method :unallow!,    :unwhitelist!
       alias_method :unpermit!,   :unwhitelist!
-      
-      # :call-seq:
-      #   blacklist(list, *addresses)
-      #   blacklist(*addresses)
-      # 
+
       # This method blacklists IP address(-es) in
       # the input or output access list selected
       # by the *list* argument (+:input+ or +:output+).
@@ -574,41 +543,40 @@ module IPAccess
       # blacklist! instead.
       # 
       # === Revalidation
-      #
+      # 
       # After modyfing access set current connection
       # is validated again to avoid access leaks.
       # 
       # === DNS Warning
-      #
+      # 
       # You should avoid passing hostnames as arguments since
       # DNS is not reliable and responses may change with time,
       # which may cause security flaws.
-          
+      # 
+      # @overload blacklist(*addresses)
+      # @overload blacklist(list, *addresses)
+
       def blacklist(*addresses)
         aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
         r = @acl.send(aclist).blacklist(*addresses)
         self.acl_recheck
         return r
       end
-      
+
       alias_method :add_black,  :blacklist
       alias_method :deny,       :blacklist
       alias_method :block,      :blacklist
-      
+
       # This method works like blacklist but allows to
       # set reason.
-      
+
       def blacklist_reasonable(reason, *addresses)
         aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
         r = @acl.send(aclist).blacklist_reasonable(reason, *addresses)
         self.acl_recheck
         return r
       end
-      
-      # :call-seq:
-      #   blacklist!(list, *addresses)
-      #   blacklist!(*addresses)
-      # 
+
       # This method blacklists IP address(-es) in
       # the input or output access list selected
       # by the *list* argument (+:input+ or +:output+).
@@ -626,41 +594,40 @@ module IPAccess
       # even if the global access set is used by object.
       # 
       # === Revalidation
-      #
+      # 
       # After modyfing access set current connection
       # is validated again to avoid access leaks.
       # 
       # === DNS Warning
-      #
+      # 
       # You should avoid passing hostnames as arguments since
       # DNS is not reliable and responses may change with time,
       # which may cause security flaws.
-      
+      # 
+      # @overload blacklist!(*addresses)
+      # @overload blacklist!(list, *addresses)
+
       def blacklist!(*addresses)
         aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
         r = real_acl.send(aclist).blacklist(*addresses)
         self.acl_recheck
         return r
       end
-      
+
       alias_method :add_black!,  :blacklist!
       alias_method :deny!,       :blacklist!
       alias_method :block!,      :blacklist!
       
       # This method works like blacklist! but allows
       # to set reason.
-      
+
       def blacklist_reasonable!(reason, *addresses)
         aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
         r = real_acl.send(aclist).blacklist(reason, *addresses)
         self.acl_recheck
         return r
       end
-      
-      # :call-seq:
-      #   unblacklist(list, *addresses)
-      #   unblacklist(*addresses)
-      # 
+
       # This method removes blacklisted IP address(-es)
       # from the input or output access list selected
       # by the *list* argument (+:input+ or +:output+).
@@ -680,32 +647,31 @@ module IPAccess
       # unwhitelist! instead.
       # 
       # === Revalidation
-      #
+      # 
       # After modyfing access set current connection
       # is validated again to avoid access leaks.
       # 
       # === DNS Warning
-      #
+      # 
       # You should avoid passing hostnames as arguments since
       # DNS is not reliable and responses may change with time,
       # which may cause security flaws.
-      
+      # 
+      # @overload unblacklist(*addresses)
+      # @overload unblacklist(list, *addresses)
+
       def unblacklist(*addresses)
         aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
         r = @acl.send(aclist).unblacklist(*addresses)
         self.acl_recheck
         return r
       end
-      
+
       alias_method :unblack,    :unblacklist
       alias_method :undeny,     :unblacklist
       alias_method :unblock,    :unblacklist
       alias_method :del_black,  :unblacklist
-      
-      # :call-seq:
-      #   unblacklist!(list, *addresses)
-      #   unblacklist!(*addresses)
-      # 
+
       # This method removes blacklisted IP address(-es)
       # from the input or output access list selected
       # by the *list* argument (+:input+ or +:output+).
@@ -723,79 +689,82 @@ module IPAccess
       # even if the global access set is used by object.
       # 
       # === Revalidation
-      #
+      # 
       # After modyfing access set current connection
       # is validated again to avoid access leaks.
       # 
       # === DNS Warning
-      #
+      # 
       # You should avoid passing hostnames as arguments since
       # DNS is not reliable and responses may change with time,
       # which may cause security flaws.
-      
+      # 
+      # @overload unblacklist!(*addresses)
+      # @overload unblacklist!(list, *addresses)
+
       def unblacklist!(*addresses)
         aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
         r = real_acl.send(aclist).unblacklist(*addresses)
         self.acl_recheck
         return r
       end
-      
+
       alias_method :unblack!,   :unblacklist!
       alias_method :undeny!,    :unblacklist!
       alias_method :unblock!,   :unblacklist!
       alias_method :del_black!, :unblacklist!
-      
+
       # Setting it to +false+ disables closing connection
       # when raising access denied exception
-      
+
       attr_accessor :opened_on_deny
-      
+
       # Setting it to +true+ disables closing connection
       # when raising access denied exception
-      
+
       def close_on_deny=(x)
         self.open_on_deny = !x
       end
-      
+
       def close_on_deny
         not self.open_on_deny
       end
-      
+
       # This method is universal wrapper for
       # closing connection. Classes should
       # override it.
-      
+
       def terminate
         self.close unless self.closed?
       end
-            
+
       # This method will try to close
-      # session/connection for network object
+      # session/connection for a network object
       # if +open_on_deny+ member is set to +false+
-      
+
       def try_terminate
         terminate unless @opened_on_deny
         return nil
       end
       private :try_terminate
-      
+
       # helper for dropping unwanted connections
       def try_terminate_subsocket(sock)
         sock.close unless (@opened_on_deny || sock.closed?)
         return nil
       end
       private :try_terminate_subsocket
-      
+
       # This method will be called when
       # instance is patched.
-      
-      def __ipa_singleton_hook(acl=nil, open_on_deny=false)
+
+      def __ipa_singleton_hook(acl = nil, open_on_deny = false)
         @opened_on_deny = open_on_deny
         acl = @options["ACL"] if (acl.nil? && instance_variable_defined?(:@options) && @options.respond_to?(:has_key?))
         self.acl = acl
       end
       private :__ipa_singleton_hook
-      
+
     end # module ACL
   
   end # module Patches
@@ -803,5 +772,3 @@ module IPAccess
   # :startdoc:
   
 end # module IPAccess
-
-