ipaccess 1.2.0 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -13
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.yardopts +2 -0
- data/ChangeLog +66 -0
- data/Manifest.txt +5 -10
- data/README.md +2 -2
- data/Rakefile +1 -1
- data/docs/HISTORY +11 -0
- data/docs/TODO +1 -1
- data/docs/yard-tpl/default/fulldoc/html/css/common.css +5 -0
- data/examples/open-uri.rb +14 -0
- data/examples/telnet.rb +1 -1
- data/ipaccess.gemspec +62 -0
- data/lib/ipaccess.rb +2 -566
- data/lib/ipaccess/arm_sockets.rb +0 -1
- data/lib/ipaccess/core.rb +523 -0
- data/lib/ipaccess/ghost_doc/ghost_doc.rb +1 -1
- data/lib/ipaccess/ghost_doc/ghost_doc_acl.rdoc +54 -0
- data/lib/ipaccess/ghost_doc/ghost_doc_net_ftp.rb +35 -19
- data/lib/ipaccess/ghost_doc/ghost_doc_net_http.rb +34 -18
- data/lib/ipaccess/ghost_doc/ghost_doc_net_smtp.rb +35 -19
- data/lib/ipaccess/ghost_doc/ghost_doc_net_telnet.rb +35 -19
- data/lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rdoc +65 -0
- data/lib/ipaccess/ghost_doc/ghost_doc_sockets.rb +353 -125
- data/lib/ipaccess/ip_access_check.rb +2 -2
- data/lib/ipaccess/ip_access_errors.rb +2 -2
- data/lib/ipaccess/ip_access_list.rb +3 -3
- data/lib/ipaccess/patches/generic.rb +150 -183
- data/lib/ipaccess/patches/net_ftp.rb +1 -2
- data/lib/ipaccess/patches/net_http.rb +10 -14
- data/lib/ipaccess/patches/net_imap.rb +1 -2
- data/lib/ipaccess/patches/net_pop.rb +2 -4
- data/lib/ipaccess/patches/net_smtp.rb +2 -4
- data/lib/ipaccess/patches/net_telnet.rb +1 -2
- data/lib/ipaccess/patches/sockets.rb +67 -69
- data/lib/ipaccess/socket.rb +0 -17
- metadata +70 -100
- metadata.gz.sig +0 -0
- data/lib/ipaccess/ghost_doc/ghost_doc_acl.rb +0 -54
- data/lib/ipaccess/ghost_doc/ghost_doc_p_blacklist.rb +0 -36
- data/lib/ipaccess/ghost_doc/ghost_doc_p_blacklist_e.rb +0 -7
- data/lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist.rb +0 -36
- data/lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist_e.rb +0 -7
- data/lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist.rb +0 -36
- data/lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist_e.rb +0 -7
- data/lib/ipaccess/ghost_doc/ghost_doc_p_whitelist.rb +0 -36
- data/lib/ipaccess/ghost_doc/ghost_doc_p_whitelist_e.rb +0 -7
- data/lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rb +0 -64
|
@@ -91,8 +91,7 @@ module IPAccess::Patches::Net
|
|
|
91
91
|
|
|
92
92
|
# initialize on steroids.
|
|
93
93
|
define_method :__ipacall__initialize do |block, *args|
|
|
94
|
-
@opened_on_deny =
|
|
95
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
|
94
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
|
96
95
|
args.pop if args.last.nil?
|
|
97
96
|
self.acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
|
98
97
|
orig_initialize.bind(self).call(*args, &block)
|
|
@@ -39,27 +39,26 @@ module IPAccess::Patches::Net
|
|
|
39
39
|
# It uses output access lists.
|
|
40
40
|
|
|
41
41
|
module HTTP
|
|
42
|
-
|
|
42
|
+
|
|
43
43
|
include IPAccess::Patches::ACL
|
|
44
|
-
|
|
44
|
+
|
|
45
45
|
def self.included(base)
|
|
46
|
-
|
|
46
|
+
|
|
47
47
|
marker = (base.name =~ /IPAccess/) ? base.superclass : base
|
|
48
48
|
return if marker.instance_variable_defined?(:@uses_ipaccess)
|
|
49
49
|
base.instance_variable_set(:@uses_ipaccess, true)
|
|
50
|
-
|
|
50
|
+
|
|
51
51
|
base.class_eval do
|
|
52
52
|
|
|
53
53
|
# CLASS METHODS
|
|
54
54
|
unless (base.name.nil? && base.class.name == "Class")
|
|
55
55
|
(class << self; self; end).class_eval do
|
|
56
|
-
|
|
56
|
+
|
|
57
57
|
alias :__ipac__orig_new :new
|
|
58
|
-
|
|
58
|
+
|
|
59
59
|
# overload HTTP.new() since it's not usual.
|
|
60
60
|
define_method :new do |address, *args|
|
|
61
|
-
late_opened_on_deny =
|
|
62
|
-
args.delete_if { |x| late_opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
|
61
|
+
late_opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
|
63
62
|
args.pop if args.last.nil?
|
|
64
63
|
late_acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
|
65
64
|
obj = __ipac__orig_new(address, *args)
|
|
@@ -70,8 +69,7 @@ module IPAccess::Patches::Net
|
|
|
70
69
|
|
|
71
70
|
# overwrite HTTP.start()
|
|
72
71
|
define_method :__ipacall__start do |block, address, *args|
|
|
73
|
-
late_on_deny = nil
|
|
74
|
-
args.delete_if { |x| late_on_deny = x if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
|
72
|
+
late_on_deny = ( !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny } ? :opened_on_deny : nil )
|
|
75
73
|
args.pop if args.last.nil?
|
|
76
74
|
acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
|
77
75
|
port, p_addr, p_port, p_user, p_pass = *args
|
|
@@ -85,8 +83,7 @@ module IPAccess::Patches::Net
|
|
|
85
83
|
|
|
86
84
|
# overwrite HTTP.get_response()
|
|
87
85
|
define_method :__ipacall__get_response do |block, uri_or_host, *args|
|
|
88
|
-
late_on_deny = nil
|
|
89
|
-
args.delete_if { |x| late_on_deny = x if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
|
86
|
+
late_on_deny = ( !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny } ? :opened_on_deny : nil )
|
|
90
87
|
args.pop if args.last.nil?
|
|
91
88
|
late_acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
|
92
89
|
path, port = *args
|
|
@@ -118,8 +115,7 @@ module IPAccess::Patches::Net
|
|
|
118
115
|
|
|
119
116
|
# initialize on steroids.
|
|
120
117
|
define_method :__ipacall__initialize do |block, *args|
|
|
121
|
-
@opened_on_deny =
|
|
122
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
|
118
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
|
123
119
|
args.pop if args.last.nil?
|
|
124
120
|
self.acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
|
125
121
|
orig_initialize.bind(self).call(*args, &block)
|
|
@@ -56,8 +56,7 @@ module IPAccess::Patches::Net
|
|
|
56
56
|
|
|
57
57
|
# initialize on steroids.
|
|
58
58
|
define_method :__ipacall__initialize do |block, host, *args|
|
|
59
|
-
@opened_on_deny =
|
|
60
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
|
59
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
|
61
60
|
args.pop if args.last.nil?
|
|
62
61
|
self.acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
|
63
62
|
ipaddr = ::TCPSocket.getaddress(host)
|
|
@@ -56,8 +56,7 @@ module IPAccess::Patches::Net
|
|
|
56
56
|
|
|
57
57
|
# overwrite POP3.start()
|
|
58
58
|
define_method :__ipacall__start do |block, address, *args|
|
|
59
|
-
late_on_deny = nil
|
|
60
|
-
args.delete_if { |x| late_on_deny = x if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
|
59
|
+
late_on_deny = ( !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny } ? :opened_on_deny : nil )
|
|
61
60
|
args.pop if args.last.nil?
|
|
62
61
|
late_acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
|
63
62
|
port, account, password, isapop = *args
|
|
@@ -111,8 +110,7 @@ module IPAccess::Patches::Net
|
|
|
111
110
|
|
|
112
111
|
# initialize on steroids.
|
|
113
112
|
define_method :initialize do |addr, *args|
|
|
114
|
-
@opened_on_deny =
|
|
115
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
|
113
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
|
116
114
|
args.pop if args.last.nil?
|
|
117
115
|
self.acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
|
118
116
|
obj = orig_initialize.bind(self).call(addr, *args)
|
|
@@ -56,8 +56,7 @@ module IPAccess::Patches::Net
|
|
|
56
56
|
|
|
57
57
|
# overwrite SMTP.start()
|
|
58
58
|
define_method :__ipacall__start do |block, address, *args|
|
|
59
|
-
late_on_deny = nil
|
|
60
|
-
args.delete_if { |x| late_on_deny = x if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
|
59
|
+
late_on_deny = ( !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny } ? :opened_on_deny : nil )
|
|
61
60
|
args.pop if args.last.nil?
|
|
62
61
|
late_acl = IPAccess.valid_acl?(args.last) ? args.smtp : :global
|
|
63
62
|
port, helo, user, secret, authtype = *args
|
|
@@ -79,8 +78,7 @@ module IPAccess::Patches::Net
|
|
|
79
78
|
|
|
80
79
|
# initialize on steroids.
|
|
81
80
|
define_method :initialize do |addr, *args|
|
|
82
|
-
@opened_on_deny =
|
|
83
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
|
81
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
|
84
82
|
args.pop if args.last.nil?
|
|
85
83
|
self.acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
|
86
84
|
obj = orig_initialize.bind(self).call(addr, *args)
|
|
@@ -54,8 +54,7 @@ module IPAccess::Patches::Net
|
|
|
54
54
|
|
|
55
55
|
# initialize on steroids.
|
|
56
56
|
define_method :__ipacall__initialize do |block, *args|
|
|
57
|
-
@opened_on_deny =
|
|
58
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
|
57
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
|
59
58
|
args.pop if args.last.nil?
|
|
60
59
|
options = args.first
|
|
61
60
|
options["ACL"] = args.pop if (IPAccess.valid_acl?(args.last) && options.is_a?(Hash))
|
|
@@ -39,22 +39,22 @@ require 'ipaccess/patches/generic'
|
|
|
39
39
|
# class has acl member, which is an IPAccess::Set object.
|
|
40
40
|
|
|
41
41
|
module IPAccess::Patches
|
|
42
|
-
|
|
42
|
+
|
|
43
43
|
###################################################################
|
|
44
44
|
# Socket class with IP access control.
|
|
45
45
|
# It uses input and output access lists.
|
|
46
46
|
# Default access list for management operations is output.
|
|
47
|
-
|
|
47
|
+
|
|
48
48
|
module Socket
|
|
49
|
-
|
|
49
|
+
|
|
50
50
|
include IPAccess::Patches::ACL
|
|
51
51
|
|
|
52
52
|
def self.included(base)
|
|
53
|
-
|
|
53
|
+
|
|
54
54
|
marker = (base.name =~ /IPAccess/) ? base.superclass : base
|
|
55
55
|
return if marker.instance_variable_defined?(:@uses_ipaccess)
|
|
56
56
|
base.instance_variable_set(:@uses_ipaccess, true)
|
|
57
|
-
|
|
57
|
+
|
|
58
58
|
base.class_eval do
|
|
59
59
|
|
|
60
60
|
orig_initialize = self.instance_method :initialize
|
|
@@ -64,17 +64,16 @@ module IPAccess::Patches
|
|
|
64
64
|
orig_recvfrom = self.instance_method :recvfrom
|
|
65
65
|
orig_recvfrom_nonblock = self.instance_method :recvfrom_nonblock
|
|
66
66
|
orig_sysaccept = self.instance_method :sysaccept
|
|
67
|
-
|
|
67
|
+
|
|
68
68
|
define_method :__ipacall__initialize do |block, *args|
|
|
69
|
-
@opened_on_deny =
|
|
70
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
|
69
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
|
71
70
|
args.pop if args.last.nil?
|
|
72
71
|
self.acl = valid_acl?(args.last) ? args.pop : :global
|
|
73
72
|
@useables = IPAccess::ObjectsReferences
|
|
74
73
|
orig_initialize.bind(self).call(*args, &block)
|
|
75
74
|
return self
|
|
76
75
|
end
|
|
77
|
-
|
|
76
|
+
|
|
78
77
|
# block passing wrapper for Ruby 1.8
|
|
79
78
|
def initialize(*args, &block)
|
|
80
79
|
__ipacall__initialize(block, *args)
|
|
@@ -112,7 +111,7 @@ module IPAccess::Patches
|
|
|
112
111
|
end
|
|
113
112
|
return ret
|
|
114
113
|
end
|
|
115
|
-
|
|
114
|
+
|
|
116
115
|
# this hook will be called each time @acl is reassigned
|
|
117
116
|
define_method :acl_recheck do
|
|
118
117
|
return nil if self.closed?
|
|
@@ -141,23 +140,23 @@ module IPAccess::Patches
|
|
|
141
140
|
end
|
|
142
141
|
return ret
|
|
143
142
|
end
|
|
144
|
-
|
|
143
|
+
|
|
145
144
|
# This method returns default access list indicator
|
|
146
145
|
# used by protected object; in this case it's +:output+.
|
|
147
146
|
define_method :default_list do
|
|
148
147
|
:output
|
|
149
148
|
end
|
|
150
|
-
|
|
149
|
+
|
|
151
150
|
define_method :useables do
|
|
152
151
|
@useables
|
|
153
152
|
end
|
|
154
|
-
|
|
153
|
+
|
|
155
154
|
end # base.class_eval
|
|
156
|
-
|
|
155
|
+
|
|
157
156
|
end # self.included
|
|
158
|
-
|
|
157
|
+
|
|
159
158
|
end # module Socket
|
|
160
|
-
|
|
159
|
+
|
|
161
160
|
###################################################################
|
|
162
161
|
# UDPSocket class with IP access control.
|
|
163
162
|
# It uses input and output access lists.
|
|
@@ -168,38 +167,38 @@ module IPAccess::Patches
|
|
|
168
167
|
include IPAccess::Patches::ACL
|
|
169
168
|
|
|
170
169
|
def self.included(base)
|
|
171
|
-
|
|
170
|
+
|
|
172
171
|
marker = (base.name =~ /IPAccess/) ? base.superclass : base
|
|
173
172
|
return if marker.instance_variable_defined?(:@uses_ipaccess)
|
|
174
173
|
base.instance_variable_set(:@uses_ipaccess, true)
|
|
175
|
-
|
|
174
|
+
|
|
176
175
|
base.class_eval do
|
|
177
|
-
|
|
176
|
+
|
|
178
177
|
orig_initialize = self.instance_method :initialize
|
|
179
178
|
orig_connect = self.instance_method :connect
|
|
180
179
|
orig_send = self.instance_method :send
|
|
181
180
|
orig_recvfrom = self.instance_method :recvfrom
|
|
182
181
|
orig_recvfrom_nonblock = self.instance_method :recvfrom_nonblock
|
|
183
|
-
|
|
182
|
+
|
|
184
183
|
define_method :__ipacall__initialize do |block, *args|
|
|
185
184
|
self.acl = valid_acl?(args.last) ? args.pop : :global
|
|
186
185
|
@opened_on_deny = true
|
|
187
186
|
orig_initialize.bind(self).call(*args, &block)
|
|
188
187
|
return self
|
|
189
188
|
end
|
|
190
|
-
|
|
189
|
+
|
|
191
190
|
# block passing wrapper for Ruby 1.8
|
|
192
191
|
def initialize(*args, &block)
|
|
193
192
|
__ipacall__initialize(block, *args)
|
|
194
193
|
end
|
|
195
|
-
|
|
194
|
+
|
|
196
195
|
# connect on steroids.
|
|
197
196
|
define_method :connect do |*args|
|
|
198
197
|
peer_ip = self.class.getaddress(args.shift)
|
|
199
198
|
real_acl.output.check_sockaddr(peer_ip, self)
|
|
200
199
|
return orig_connect.bind(self).call(peer_ip, *args)
|
|
201
200
|
end
|
|
202
|
-
|
|
201
|
+
|
|
203
202
|
# send on steroids.
|
|
204
203
|
define_method :send do |*args|
|
|
205
204
|
hostname = args[2]
|
|
@@ -231,31 +230,31 @@ module IPAccess::Patches
|
|
|
231
230
|
end
|
|
232
231
|
return ret
|
|
233
232
|
end
|
|
234
|
-
|
|
233
|
+
|
|
235
234
|
# This method returns default access list indicator
|
|
236
235
|
# used by protected object; in this case it's +:input+.
|
|
237
236
|
define_method :default_list do
|
|
238
237
|
:intput
|
|
239
238
|
end
|
|
240
|
-
|
|
239
|
+
|
|
241
240
|
# this kind of socket is not connection-oriented.
|
|
242
241
|
define_method :connection_close do
|
|
243
242
|
return nil
|
|
244
243
|
end
|
|
245
|
-
|
|
244
|
+
|
|
246
245
|
# this hook will be called each time @acl is reassigned
|
|
247
246
|
define_method :acl_recheck do
|
|
248
247
|
return nil if self.closed?
|
|
249
248
|
real_acl.output.check_socket(self, self) { try_terminate }
|
|
250
249
|
return nil
|
|
251
250
|
end
|
|
252
|
-
|
|
251
|
+
|
|
253
252
|
end # base.class_eval
|
|
254
253
|
|
|
255
254
|
end # self.included
|
|
256
255
|
|
|
257
256
|
end # module UDPSocket
|
|
258
|
-
|
|
257
|
+
|
|
259
258
|
###################################################################
|
|
260
259
|
# SOCKSSocket class with IP access control.
|
|
261
260
|
# It uses output access lists.
|
|
@@ -265,19 +264,18 @@ module IPAccess::Patches
|
|
|
265
264
|
include IPAccess::Patches::ACL
|
|
266
265
|
|
|
267
266
|
def self.included(base)
|
|
268
|
-
|
|
267
|
+
|
|
269
268
|
marker = (base.name =~ /IPAccess/) ? base.superclass : base
|
|
270
269
|
return if marker.instance_variable_defined?(:@uses_ipaccess)
|
|
271
270
|
base.instance_variable_set(:@uses_ipaccess, true)
|
|
272
|
-
|
|
271
|
+
|
|
273
272
|
base.class_eval do
|
|
274
|
-
|
|
273
|
+
|
|
275
274
|
orig_initialize = self.instance_method :initialize
|
|
276
|
-
|
|
275
|
+
|
|
277
276
|
# initialize on steroids.
|
|
278
277
|
define_method :__pacall__initialize do |block, *args|
|
|
279
|
-
@opened_on_deny =
|
|
280
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
|
278
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
|
281
279
|
args.pop if args.last.nil?
|
|
282
280
|
self.acl = valid_acl?(args.last) ? args.pop : :global
|
|
283
281
|
args[0] = self.class.getaddress(args[0])
|
|
@@ -291,25 +289,25 @@ module IPAccess::Patches
|
|
|
291
289
|
@useables = IPAccess::ObjectsReferences
|
|
292
290
|
return self
|
|
293
291
|
end
|
|
294
|
-
|
|
292
|
+
|
|
295
293
|
# block passing wrapper for Ruby 1.8
|
|
296
294
|
def initialize(*args, &block)
|
|
297
295
|
__ipacall__initialize(block, *args)
|
|
298
296
|
end
|
|
299
|
-
|
|
297
|
+
|
|
300
298
|
# this hook will be called each time @acl is reassigned
|
|
301
299
|
define_method :acl_recheck do
|
|
302
300
|
return nil if self.closed?
|
|
303
301
|
real_acl.output.check_socket(self, self) { try_terminate }
|
|
304
302
|
return nil
|
|
305
303
|
end
|
|
306
|
-
|
|
304
|
+
|
|
307
305
|
# This method returns default access list indicator
|
|
308
306
|
# used by protected object; in this case it's +:output+.
|
|
309
307
|
define_method :default_list do
|
|
310
308
|
:output
|
|
311
309
|
end
|
|
312
|
-
|
|
310
|
+
|
|
313
311
|
end # base.class_eval
|
|
314
312
|
|
|
315
313
|
end # self.included
|
|
@@ -319,25 +317,24 @@ module IPAccess::Patches
|
|
|
319
317
|
###################################################################
|
|
320
318
|
# TCPSocket class with IP access control.
|
|
321
319
|
# It uses output access lists.
|
|
322
|
-
|
|
320
|
+
|
|
323
321
|
module TCPSocket
|
|
324
322
|
|
|
325
323
|
include IPAccess::Patches::ACL
|
|
326
324
|
|
|
327
325
|
def self.included(base)
|
|
328
|
-
|
|
326
|
+
|
|
329
327
|
marker = (base.name =~ /IPAccess/) ? base.superclass : base
|
|
330
328
|
return if marker.instance_variable_defined?(:@uses_ipaccess)
|
|
331
329
|
base.instance_variable_set(:@uses_ipaccess, true)
|
|
332
|
-
|
|
330
|
+
|
|
333
331
|
base.class_eval do
|
|
334
|
-
|
|
332
|
+
|
|
335
333
|
orig_initialize = self.instance_method :initialize
|
|
336
|
-
|
|
334
|
+
|
|
337
335
|
# initialize on steroids.
|
|
338
336
|
define_method :__ipacall__initialize do |block, *args|
|
|
339
|
-
@opened_on_deny =
|
|
340
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
|
337
|
+
@opened_on_deny = !!args.reject! { |x| x === :opened_on_deny }
|
|
341
338
|
args.pop if args.last.nil?
|
|
342
339
|
self.acl = valid_acl?(args.last) ? args.pop : :global
|
|
343
340
|
args[0] = self.class.getaddress(args[0])
|
|
@@ -351,66 +348,65 @@ module IPAccess::Patches
|
|
|
351
348
|
end
|
|
352
349
|
return self
|
|
353
350
|
end
|
|
354
|
-
|
|
351
|
+
|
|
355
352
|
# block passing wrapper for Ruby 1.8
|
|
356
353
|
def initialize(*args, &block)
|
|
357
354
|
__ipacall__initialize(block, *args)
|
|
358
355
|
end
|
|
359
|
-
|
|
356
|
+
|
|
360
357
|
# this hook will be called each time @acl is reassigned
|
|
361
358
|
define_method :acl_recheck do
|
|
362
359
|
return nil if self.closed?
|
|
363
360
|
real_acl.output.check_socket(self, self) { try_terminate }
|
|
364
361
|
return nil
|
|
365
362
|
end
|
|
366
|
-
|
|
363
|
+
|
|
367
364
|
# This method returns default access list indicator
|
|
368
365
|
# used by protected object; in this case it's +:output+.
|
|
369
366
|
define_method :default_list do
|
|
370
367
|
:output
|
|
371
368
|
end
|
|
372
|
-
|
|
369
|
+
|
|
373
370
|
end # base.class_eval
|
|
374
371
|
|
|
375
372
|
end # self.included
|
|
376
373
|
|
|
377
374
|
end # module TCPSocket
|
|
378
|
-
|
|
375
|
+
|
|
379
376
|
###################################################################
|
|
380
377
|
# TCPServer class with IP access control.
|
|
381
378
|
# It uses input access lists.
|
|
382
|
-
|
|
379
|
+
|
|
383
380
|
module TCPServer
|
|
384
381
|
|
|
385
382
|
include IPAccess::Patches::ACL
|
|
386
383
|
|
|
387
384
|
def self.included(base)
|
|
388
|
-
|
|
385
|
+
|
|
389
386
|
marker = (base.name =~ /IPAccess/) ? base.superclass : base
|
|
390
387
|
return if marker.instance_variable_defined?(:@uses_ipaccess)
|
|
391
388
|
base.instance_variable_set(:@uses_ipaccess, true)
|
|
392
|
-
|
|
389
|
+
|
|
393
390
|
base.class_eval do
|
|
394
|
-
|
|
391
|
+
|
|
395
392
|
orig_initialize = self.instance_method :initialize
|
|
396
393
|
orig_accept = self.instance_method :accept
|
|
397
394
|
orig_accept_nonblock = self.instance_method :accept_nonblock
|
|
398
395
|
orig_sysaccept = self.instance_method :sysaccept
|
|
399
|
-
|
|
396
|
+
|
|
400
397
|
# initialize on steroids.
|
|
401
398
|
define_method :__ipacall__initialize do |block, *args|
|
|
402
|
-
@opened_on_deny =
|
|
403
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
|
399
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
|
404
400
|
args.pop if args.last.nil?
|
|
405
401
|
self.acl = valid_acl?(args.last) ? args.pop : :global
|
|
406
402
|
return orig_initialize.bind(self).call(*args, &block)
|
|
407
403
|
end
|
|
408
|
-
|
|
404
|
+
|
|
409
405
|
# block passing wrapper for Ruby 1.8
|
|
410
406
|
def initialize(*args, &block)
|
|
411
407
|
__ipacall__initialize(block, *args)
|
|
412
408
|
end
|
|
413
|
-
|
|
409
|
+
|
|
414
410
|
# accept on steroids.
|
|
415
411
|
define_method :accept do |*args|
|
|
416
412
|
r = orig_accept.bind(self).call(*args)
|
|
@@ -424,33 +420,33 @@ module IPAccess::Patches
|
|
|
424
420
|
real_acl.input.check_socket(r, r) { try_terminate_subsocket(r) }
|
|
425
421
|
return r
|
|
426
422
|
end
|
|
427
|
-
|
|
423
|
+
|
|
428
424
|
# sysaccept on steroids.
|
|
429
425
|
define_method :sysaccept do |*args|
|
|
430
426
|
r = orig_sysaccept.bind(self).call(*args)
|
|
431
427
|
real_acl.input.check_fd(r, r) { try_terminate_subsocket(::Socket.for_fd(r)) }
|
|
432
428
|
return r
|
|
433
429
|
end
|
|
434
|
-
|
|
430
|
+
|
|
435
431
|
# this hook will be called each time @acl is reassigned
|
|
436
432
|
define_method :acl_recheck do
|
|
437
433
|
return nil if self.closed?
|
|
438
434
|
real_acl.output.check_socket(self, self) { try_terminate }
|
|
439
435
|
return nil
|
|
440
436
|
end
|
|
441
|
-
|
|
437
|
+
|
|
442
438
|
# This method returns default access list indicator
|
|
443
439
|
# used by protected object; in this case it's +:input+.
|
|
444
440
|
define_method :default_list do
|
|
445
441
|
:input
|
|
446
442
|
end
|
|
447
|
-
|
|
443
|
+
|
|
448
444
|
end # base.class_eval
|
|
449
445
|
|
|
450
446
|
end # self.included
|
|
451
447
|
|
|
452
448
|
end # module TCPServer
|
|
453
|
-
|
|
449
|
+
|
|
454
450
|
###################################################################
|
|
455
451
|
# Helper methods for easy checking and arming sockets.
|
|
456
452
|
|
|
@@ -472,7 +468,7 @@ module IPAccess::Patches
|
|
|
472
468
|
end
|
|
473
469
|
end
|
|
474
470
|
private :real_socket
|
|
475
|
-
|
|
471
|
+
|
|
476
472
|
# This method is used to safely
|
|
477
473
|
# re-raise an eventual exception
|
|
478
474
|
# and add current object's reference
|
|
@@ -503,13 +499,13 @@ module IPAccess::Patches
|
|
|
503
499
|
end
|
|
504
500
|
end
|
|
505
501
|
private :take_care
|
|
506
|
-
|
|
502
|
+
|
|
507
503
|
# This method tries to arm socket object.
|
|
508
504
|
# If a wanted access set and an object's access
|
|
509
505
|
# set is no different then acl_recheck is called
|
|
510
506
|
# by force. It sets armed socket's +opened_on_deny+
|
|
511
507
|
# flag to +true+.
|
|
512
|
-
|
|
508
|
+
|
|
513
509
|
def try_arm_socket(obj, initial_acl=nil)
|
|
514
510
|
late_sock = real_socket(obj)
|
|
515
511
|
unless late_sock.nil?
|
|
@@ -523,7 +519,7 @@ module IPAccess::Patches
|
|
|
523
519
|
return obj
|
|
524
520
|
end
|
|
525
521
|
private :try_arm_socket
|
|
526
|
-
|
|
522
|
+
|
|
527
523
|
# This method tries to arm socket object and then
|
|
528
524
|
# tries to set up correct ACL for it. If the ACL
|
|
529
525
|
# had changed then it assumes that underlying routines
|
|
@@ -547,7 +543,9 @@ module IPAccess::Patches
|
|
|
547
543
|
initial_acl = real_acl if initial_acl.nil?
|
|
548
544
|
IPAccess.arm(late_sock, acl, :opened_on_deny) unless late_sock.respond_to?(:acl)
|
|
549
545
|
if late_sock.acl != initial_acl
|
|
546
|
+
p "dla #{initial_acl}"
|
|
550
547
|
late_sock.acl = initial_acl
|
|
548
|
+
p late_sock.acl
|
|
551
549
|
else
|
|
552
550
|
late_sock.acl_recheck
|
|
553
551
|
end
|
|
@@ -579,7 +577,7 @@ module IPAccess::Patches
|
|
|
579
577
|
private :try_check_in_socket_acl
|
|
580
578
|
|
|
581
579
|
end # module ACL
|
|
582
|
-
|
|
580
|
+
|
|
583
581
|
end # module IPAccess::Patches
|
|
584
582
|
|
|
585
583
|
# :startdoc:
|