ipaccess 1.2.0 → 1.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -13
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.yardopts +2 -0
- data/ChangeLog +66 -0
- data/Manifest.txt +5 -10
- data/README.md +2 -2
- data/Rakefile +1 -1
- data/docs/HISTORY +11 -0
- data/docs/TODO +1 -1
- data/docs/yard-tpl/default/fulldoc/html/css/common.css +5 -0
- data/examples/open-uri.rb +14 -0
- data/examples/telnet.rb +1 -1
- data/ipaccess.gemspec +62 -0
- data/lib/ipaccess.rb +2 -566
- data/lib/ipaccess/arm_sockets.rb +0 -1
- data/lib/ipaccess/core.rb +523 -0
- data/lib/ipaccess/ghost_doc/ghost_doc.rb +1 -1
- data/lib/ipaccess/ghost_doc/ghost_doc_acl.rdoc +54 -0
- data/lib/ipaccess/ghost_doc/ghost_doc_net_ftp.rb +35 -19
- data/lib/ipaccess/ghost_doc/ghost_doc_net_http.rb +34 -18
- data/lib/ipaccess/ghost_doc/ghost_doc_net_smtp.rb +35 -19
- data/lib/ipaccess/ghost_doc/ghost_doc_net_telnet.rb +35 -19
- data/lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rdoc +65 -0
- data/lib/ipaccess/ghost_doc/ghost_doc_sockets.rb +353 -125
- data/lib/ipaccess/ip_access_check.rb +2 -2
- data/lib/ipaccess/ip_access_errors.rb +2 -2
- data/lib/ipaccess/ip_access_list.rb +3 -3
- data/lib/ipaccess/patches/generic.rb +150 -183
- data/lib/ipaccess/patches/net_ftp.rb +1 -2
- data/lib/ipaccess/patches/net_http.rb +10 -14
- data/lib/ipaccess/patches/net_imap.rb +1 -2
- data/lib/ipaccess/patches/net_pop.rb +2 -4
- data/lib/ipaccess/patches/net_smtp.rb +2 -4
- data/lib/ipaccess/patches/net_telnet.rb +1 -2
- data/lib/ipaccess/patches/sockets.rb +67 -69
- data/lib/ipaccess/socket.rb +0 -17
- metadata +70 -100
- metadata.gz.sig +0 -0
- data/lib/ipaccess/ghost_doc/ghost_doc_acl.rb +0 -54
- data/lib/ipaccess/ghost_doc/ghost_doc_p_blacklist.rb +0 -36
- data/lib/ipaccess/ghost_doc/ghost_doc_p_blacklist_e.rb +0 -7
- data/lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist.rb +0 -36
- data/lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist_e.rb +0 -7
- data/lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist.rb +0 -36
- data/lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist_e.rb +0 -7
- data/lib/ipaccess/ghost_doc/ghost_doc_p_whitelist.rb +0 -36
- data/lib/ipaccess/ghost_doc/ghost_doc_p_whitelist_e.rb +0 -7
- data/lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rb +0 -64
@@ -91,8 +91,7 @@ module IPAccess::Patches::Net
|
|
91
91
|
|
92
92
|
# initialize on steroids.
|
93
93
|
define_method :__ipacall__initialize do |block, *args|
|
94
|
-
@opened_on_deny =
|
95
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
94
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
96
95
|
args.pop if args.last.nil?
|
97
96
|
self.acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
98
97
|
orig_initialize.bind(self).call(*args, &block)
|
@@ -39,27 +39,26 @@ module IPAccess::Patches::Net
|
|
39
39
|
# It uses output access lists.
|
40
40
|
|
41
41
|
module HTTP
|
42
|
-
|
42
|
+
|
43
43
|
include IPAccess::Patches::ACL
|
44
|
-
|
44
|
+
|
45
45
|
def self.included(base)
|
46
|
-
|
46
|
+
|
47
47
|
marker = (base.name =~ /IPAccess/) ? base.superclass : base
|
48
48
|
return if marker.instance_variable_defined?(:@uses_ipaccess)
|
49
49
|
base.instance_variable_set(:@uses_ipaccess, true)
|
50
|
-
|
50
|
+
|
51
51
|
base.class_eval do
|
52
52
|
|
53
53
|
# CLASS METHODS
|
54
54
|
unless (base.name.nil? && base.class.name == "Class")
|
55
55
|
(class << self; self; end).class_eval do
|
56
|
-
|
56
|
+
|
57
57
|
alias :__ipac__orig_new :new
|
58
|
-
|
58
|
+
|
59
59
|
# overload HTTP.new() since it's not usual.
|
60
60
|
define_method :new do |address, *args|
|
61
|
-
late_opened_on_deny =
|
62
|
-
args.delete_if { |x| late_opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
61
|
+
late_opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
63
62
|
args.pop if args.last.nil?
|
64
63
|
late_acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
65
64
|
obj = __ipac__orig_new(address, *args)
|
@@ -70,8 +69,7 @@ module IPAccess::Patches::Net
|
|
70
69
|
|
71
70
|
# overwrite HTTP.start()
|
72
71
|
define_method :__ipacall__start do |block, address, *args|
|
73
|
-
late_on_deny = nil
|
74
|
-
args.delete_if { |x| late_on_deny = x if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
72
|
+
late_on_deny = ( !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny } ? :opened_on_deny : nil )
|
75
73
|
args.pop if args.last.nil?
|
76
74
|
acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
77
75
|
port, p_addr, p_port, p_user, p_pass = *args
|
@@ -85,8 +83,7 @@ module IPAccess::Patches::Net
|
|
85
83
|
|
86
84
|
# overwrite HTTP.get_response()
|
87
85
|
define_method :__ipacall__get_response do |block, uri_or_host, *args|
|
88
|
-
late_on_deny = nil
|
89
|
-
args.delete_if { |x| late_on_deny = x if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
86
|
+
late_on_deny = ( !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny } ? :opened_on_deny : nil )
|
90
87
|
args.pop if args.last.nil?
|
91
88
|
late_acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
92
89
|
path, port = *args
|
@@ -118,8 +115,7 @@ module IPAccess::Patches::Net
|
|
118
115
|
|
119
116
|
# initialize on steroids.
|
120
117
|
define_method :__ipacall__initialize do |block, *args|
|
121
|
-
@opened_on_deny =
|
122
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
118
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
123
119
|
args.pop if args.last.nil?
|
124
120
|
self.acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
125
121
|
orig_initialize.bind(self).call(*args, &block)
|
@@ -56,8 +56,7 @@ module IPAccess::Patches::Net
|
|
56
56
|
|
57
57
|
# initialize on steroids.
|
58
58
|
define_method :__ipacall__initialize do |block, host, *args|
|
59
|
-
@opened_on_deny =
|
60
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
59
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
61
60
|
args.pop if args.last.nil?
|
62
61
|
self.acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
63
62
|
ipaddr = ::TCPSocket.getaddress(host)
|
@@ -56,8 +56,7 @@ module IPAccess::Patches::Net
|
|
56
56
|
|
57
57
|
# overwrite POP3.start()
|
58
58
|
define_method :__ipacall__start do |block, address, *args|
|
59
|
-
late_on_deny = nil
|
60
|
-
args.delete_if { |x| late_on_deny = x if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
59
|
+
late_on_deny = ( !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny } ? :opened_on_deny : nil )
|
61
60
|
args.pop if args.last.nil?
|
62
61
|
late_acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
63
62
|
port, account, password, isapop = *args
|
@@ -111,8 +110,7 @@ module IPAccess::Patches::Net
|
|
111
110
|
|
112
111
|
# initialize on steroids.
|
113
112
|
define_method :initialize do |addr, *args|
|
114
|
-
@opened_on_deny =
|
115
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
113
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
116
114
|
args.pop if args.last.nil?
|
117
115
|
self.acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
118
116
|
obj = orig_initialize.bind(self).call(addr, *args)
|
@@ -56,8 +56,7 @@ module IPAccess::Patches::Net
|
|
56
56
|
|
57
57
|
# overwrite SMTP.start()
|
58
58
|
define_method :__ipacall__start do |block, address, *args|
|
59
|
-
late_on_deny = nil
|
60
|
-
args.delete_if { |x| late_on_deny = x if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
59
|
+
late_on_deny = ( !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny } ? :opened_on_deny : nil )
|
61
60
|
args.pop if args.last.nil?
|
62
61
|
late_acl = IPAccess.valid_acl?(args.last) ? args.smtp : :global
|
63
62
|
port, helo, user, secret, authtype = *args
|
@@ -79,8 +78,7 @@ module IPAccess::Patches::Net
|
|
79
78
|
|
80
79
|
# initialize on steroids.
|
81
80
|
define_method :initialize do |addr, *args|
|
82
|
-
@opened_on_deny =
|
83
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
81
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
84
82
|
args.pop if args.last.nil?
|
85
83
|
self.acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
86
84
|
obj = orig_initialize.bind(self).call(addr, *args)
|
@@ -54,8 +54,7 @@ module IPAccess::Patches::Net
|
|
54
54
|
|
55
55
|
# initialize on steroids.
|
56
56
|
define_method :__ipacall__initialize do |block, *args|
|
57
|
-
@opened_on_deny =
|
58
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
57
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
59
58
|
args.pop if args.last.nil?
|
60
59
|
options = args.first
|
61
60
|
options["ACL"] = args.pop if (IPAccess.valid_acl?(args.last) && options.is_a?(Hash))
|
@@ -39,22 +39,22 @@ require 'ipaccess/patches/generic'
|
|
39
39
|
# class has acl member, which is an IPAccess::Set object.
|
40
40
|
|
41
41
|
module IPAccess::Patches
|
42
|
-
|
42
|
+
|
43
43
|
###################################################################
|
44
44
|
# Socket class with IP access control.
|
45
45
|
# It uses input and output access lists.
|
46
46
|
# Default access list for management operations is output.
|
47
|
-
|
47
|
+
|
48
48
|
module Socket
|
49
|
-
|
49
|
+
|
50
50
|
include IPAccess::Patches::ACL
|
51
51
|
|
52
52
|
def self.included(base)
|
53
|
-
|
53
|
+
|
54
54
|
marker = (base.name =~ /IPAccess/) ? base.superclass : base
|
55
55
|
return if marker.instance_variable_defined?(:@uses_ipaccess)
|
56
56
|
base.instance_variable_set(:@uses_ipaccess, true)
|
57
|
-
|
57
|
+
|
58
58
|
base.class_eval do
|
59
59
|
|
60
60
|
orig_initialize = self.instance_method :initialize
|
@@ -64,17 +64,16 @@ module IPAccess::Patches
|
|
64
64
|
orig_recvfrom = self.instance_method :recvfrom
|
65
65
|
orig_recvfrom_nonblock = self.instance_method :recvfrom_nonblock
|
66
66
|
orig_sysaccept = self.instance_method :sysaccept
|
67
|
-
|
67
|
+
|
68
68
|
define_method :__ipacall__initialize do |block, *args|
|
69
|
-
@opened_on_deny =
|
70
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
69
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
71
70
|
args.pop if args.last.nil?
|
72
71
|
self.acl = valid_acl?(args.last) ? args.pop : :global
|
73
72
|
@useables = IPAccess::ObjectsReferences
|
74
73
|
orig_initialize.bind(self).call(*args, &block)
|
75
74
|
return self
|
76
75
|
end
|
77
|
-
|
76
|
+
|
78
77
|
# block passing wrapper for Ruby 1.8
|
79
78
|
def initialize(*args, &block)
|
80
79
|
__ipacall__initialize(block, *args)
|
@@ -112,7 +111,7 @@ module IPAccess::Patches
|
|
112
111
|
end
|
113
112
|
return ret
|
114
113
|
end
|
115
|
-
|
114
|
+
|
116
115
|
# this hook will be called each time @acl is reassigned
|
117
116
|
define_method :acl_recheck do
|
118
117
|
return nil if self.closed?
|
@@ -141,23 +140,23 @@ module IPAccess::Patches
|
|
141
140
|
end
|
142
141
|
return ret
|
143
142
|
end
|
144
|
-
|
143
|
+
|
145
144
|
# This method returns default access list indicator
|
146
145
|
# used by protected object; in this case it's +:output+.
|
147
146
|
define_method :default_list do
|
148
147
|
:output
|
149
148
|
end
|
150
|
-
|
149
|
+
|
151
150
|
define_method :useables do
|
152
151
|
@useables
|
153
152
|
end
|
154
|
-
|
153
|
+
|
155
154
|
end # base.class_eval
|
156
|
-
|
155
|
+
|
157
156
|
end # self.included
|
158
|
-
|
157
|
+
|
159
158
|
end # module Socket
|
160
|
-
|
159
|
+
|
161
160
|
###################################################################
|
162
161
|
# UDPSocket class with IP access control.
|
163
162
|
# It uses input and output access lists.
|
@@ -168,38 +167,38 @@ module IPAccess::Patches
|
|
168
167
|
include IPAccess::Patches::ACL
|
169
168
|
|
170
169
|
def self.included(base)
|
171
|
-
|
170
|
+
|
172
171
|
marker = (base.name =~ /IPAccess/) ? base.superclass : base
|
173
172
|
return if marker.instance_variable_defined?(:@uses_ipaccess)
|
174
173
|
base.instance_variable_set(:@uses_ipaccess, true)
|
175
|
-
|
174
|
+
|
176
175
|
base.class_eval do
|
177
|
-
|
176
|
+
|
178
177
|
orig_initialize = self.instance_method :initialize
|
179
178
|
orig_connect = self.instance_method :connect
|
180
179
|
orig_send = self.instance_method :send
|
181
180
|
orig_recvfrom = self.instance_method :recvfrom
|
182
181
|
orig_recvfrom_nonblock = self.instance_method :recvfrom_nonblock
|
183
|
-
|
182
|
+
|
184
183
|
define_method :__ipacall__initialize do |block, *args|
|
185
184
|
self.acl = valid_acl?(args.last) ? args.pop : :global
|
186
185
|
@opened_on_deny = true
|
187
186
|
orig_initialize.bind(self).call(*args, &block)
|
188
187
|
return self
|
189
188
|
end
|
190
|
-
|
189
|
+
|
191
190
|
# block passing wrapper for Ruby 1.8
|
192
191
|
def initialize(*args, &block)
|
193
192
|
__ipacall__initialize(block, *args)
|
194
193
|
end
|
195
|
-
|
194
|
+
|
196
195
|
# connect on steroids.
|
197
196
|
define_method :connect do |*args|
|
198
197
|
peer_ip = self.class.getaddress(args.shift)
|
199
198
|
real_acl.output.check_sockaddr(peer_ip, self)
|
200
199
|
return orig_connect.bind(self).call(peer_ip, *args)
|
201
200
|
end
|
202
|
-
|
201
|
+
|
203
202
|
# send on steroids.
|
204
203
|
define_method :send do |*args|
|
205
204
|
hostname = args[2]
|
@@ -231,31 +230,31 @@ module IPAccess::Patches
|
|
231
230
|
end
|
232
231
|
return ret
|
233
232
|
end
|
234
|
-
|
233
|
+
|
235
234
|
# This method returns default access list indicator
|
236
235
|
# used by protected object; in this case it's +:input+.
|
237
236
|
define_method :default_list do
|
238
237
|
:intput
|
239
238
|
end
|
240
|
-
|
239
|
+
|
241
240
|
# this kind of socket is not connection-oriented.
|
242
241
|
define_method :connection_close do
|
243
242
|
return nil
|
244
243
|
end
|
245
|
-
|
244
|
+
|
246
245
|
# this hook will be called each time @acl is reassigned
|
247
246
|
define_method :acl_recheck do
|
248
247
|
return nil if self.closed?
|
249
248
|
real_acl.output.check_socket(self, self) { try_terminate }
|
250
249
|
return nil
|
251
250
|
end
|
252
|
-
|
251
|
+
|
253
252
|
end # base.class_eval
|
254
253
|
|
255
254
|
end # self.included
|
256
255
|
|
257
256
|
end # module UDPSocket
|
258
|
-
|
257
|
+
|
259
258
|
###################################################################
|
260
259
|
# SOCKSSocket class with IP access control.
|
261
260
|
# It uses output access lists.
|
@@ -265,19 +264,18 @@ module IPAccess::Patches
|
|
265
264
|
include IPAccess::Patches::ACL
|
266
265
|
|
267
266
|
def self.included(base)
|
268
|
-
|
267
|
+
|
269
268
|
marker = (base.name =~ /IPAccess/) ? base.superclass : base
|
270
269
|
return if marker.instance_variable_defined?(:@uses_ipaccess)
|
271
270
|
base.instance_variable_set(:@uses_ipaccess, true)
|
272
|
-
|
271
|
+
|
273
272
|
base.class_eval do
|
274
|
-
|
273
|
+
|
275
274
|
orig_initialize = self.instance_method :initialize
|
276
|
-
|
275
|
+
|
277
276
|
# initialize on steroids.
|
278
277
|
define_method :__pacall__initialize do |block, *args|
|
279
|
-
@opened_on_deny =
|
280
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
278
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
281
279
|
args.pop if args.last.nil?
|
282
280
|
self.acl = valid_acl?(args.last) ? args.pop : :global
|
283
281
|
args[0] = self.class.getaddress(args[0])
|
@@ -291,25 +289,25 @@ module IPAccess::Patches
|
|
291
289
|
@useables = IPAccess::ObjectsReferences
|
292
290
|
return self
|
293
291
|
end
|
294
|
-
|
292
|
+
|
295
293
|
# block passing wrapper for Ruby 1.8
|
296
294
|
def initialize(*args, &block)
|
297
295
|
__ipacall__initialize(block, *args)
|
298
296
|
end
|
299
|
-
|
297
|
+
|
300
298
|
# this hook will be called each time @acl is reassigned
|
301
299
|
define_method :acl_recheck do
|
302
300
|
return nil if self.closed?
|
303
301
|
real_acl.output.check_socket(self, self) { try_terminate }
|
304
302
|
return nil
|
305
303
|
end
|
306
|
-
|
304
|
+
|
307
305
|
# This method returns default access list indicator
|
308
306
|
# used by protected object; in this case it's +:output+.
|
309
307
|
define_method :default_list do
|
310
308
|
:output
|
311
309
|
end
|
312
|
-
|
310
|
+
|
313
311
|
end # base.class_eval
|
314
312
|
|
315
313
|
end # self.included
|
@@ -319,25 +317,24 @@ module IPAccess::Patches
|
|
319
317
|
###################################################################
|
320
318
|
# TCPSocket class with IP access control.
|
321
319
|
# It uses output access lists.
|
322
|
-
|
320
|
+
|
323
321
|
module TCPSocket
|
324
322
|
|
325
323
|
include IPAccess::Patches::ACL
|
326
324
|
|
327
325
|
def self.included(base)
|
328
|
-
|
326
|
+
|
329
327
|
marker = (base.name =~ /IPAccess/) ? base.superclass : base
|
330
328
|
return if marker.instance_variable_defined?(:@uses_ipaccess)
|
331
329
|
base.instance_variable_set(:@uses_ipaccess, true)
|
332
|
-
|
330
|
+
|
333
331
|
base.class_eval do
|
334
|
-
|
332
|
+
|
335
333
|
orig_initialize = self.instance_method :initialize
|
336
|
-
|
334
|
+
|
337
335
|
# initialize on steroids.
|
338
336
|
define_method :__ipacall__initialize do |block, *args|
|
339
|
-
@opened_on_deny =
|
340
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
337
|
+
@opened_on_deny = !!args.reject! { |x| x === :opened_on_deny }
|
341
338
|
args.pop if args.last.nil?
|
342
339
|
self.acl = valid_acl?(args.last) ? args.pop : :global
|
343
340
|
args[0] = self.class.getaddress(args[0])
|
@@ -351,66 +348,65 @@ module IPAccess::Patches
|
|
351
348
|
end
|
352
349
|
return self
|
353
350
|
end
|
354
|
-
|
351
|
+
|
355
352
|
# block passing wrapper for Ruby 1.8
|
356
353
|
def initialize(*args, &block)
|
357
354
|
__ipacall__initialize(block, *args)
|
358
355
|
end
|
359
|
-
|
356
|
+
|
360
357
|
# this hook will be called each time @acl is reassigned
|
361
358
|
define_method :acl_recheck do
|
362
359
|
return nil if self.closed?
|
363
360
|
real_acl.output.check_socket(self, self) { try_terminate }
|
364
361
|
return nil
|
365
362
|
end
|
366
|
-
|
363
|
+
|
367
364
|
# This method returns default access list indicator
|
368
365
|
# used by protected object; in this case it's +:output+.
|
369
366
|
define_method :default_list do
|
370
367
|
:output
|
371
368
|
end
|
372
|
-
|
369
|
+
|
373
370
|
end # base.class_eval
|
374
371
|
|
375
372
|
end # self.included
|
376
373
|
|
377
374
|
end # module TCPSocket
|
378
|
-
|
375
|
+
|
379
376
|
###################################################################
|
380
377
|
# TCPServer class with IP access control.
|
381
378
|
# It uses input access lists.
|
382
|
-
|
379
|
+
|
383
380
|
module TCPServer
|
384
381
|
|
385
382
|
include IPAccess::Patches::ACL
|
386
383
|
|
387
384
|
def self.included(base)
|
388
|
-
|
385
|
+
|
389
386
|
marker = (base.name =~ /IPAccess/) ? base.superclass : base
|
390
387
|
return if marker.instance_variable_defined?(:@uses_ipaccess)
|
391
388
|
base.instance_variable_set(:@uses_ipaccess, true)
|
392
|
-
|
389
|
+
|
393
390
|
base.class_eval do
|
394
|
-
|
391
|
+
|
395
392
|
orig_initialize = self.instance_method :initialize
|
396
393
|
orig_accept = self.instance_method :accept
|
397
394
|
orig_accept_nonblock = self.instance_method :accept_nonblock
|
398
395
|
orig_sysaccept = self.instance_method :sysaccept
|
399
|
-
|
396
|
+
|
400
397
|
# initialize on steroids.
|
401
398
|
define_method :__ipacall__initialize do |block, *args|
|
402
|
-
@opened_on_deny =
|
403
|
-
args.delete_if { |x| @opened_on_deny = true if (x.is_a?(Symbol) && x == :opened_on_deny) }
|
399
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
404
400
|
args.pop if args.last.nil?
|
405
401
|
self.acl = valid_acl?(args.last) ? args.pop : :global
|
406
402
|
return orig_initialize.bind(self).call(*args, &block)
|
407
403
|
end
|
408
|
-
|
404
|
+
|
409
405
|
# block passing wrapper for Ruby 1.8
|
410
406
|
def initialize(*args, &block)
|
411
407
|
__ipacall__initialize(block, *args)
|
412
408
|
end
|
413
|
-
|
409
|
+
|
414
410
|
# accept on steroids.
|
415
411
|
define_method :accept do |*args|
|
416
412
|
r = orig_accept.bind(self).call(*args)
|
@@ -424,33 +420,33 @@ module IPAccess::Patches
|
|
424
420
|
real_acl.input.check_socket(r, r) { try_terminate_subsocket(r) }
|
425
421
|
return r
|
426
422
|
end
|
427
|
-
|
423
|
+
|
428
424
|
# sysaccept on steroids.
|
429
425
|
define_method :sysaccept do |*args|
|
430
426
|
r = orig_sysaccept.bind(self).call(*args)
|
431
427
|
real_acl.input.check_fd(r, r) { try_terminate_subsocket(::Socket.for_fd(r)) }
|
432
428
|
return r
|
433
429
|
end
|
434
|
-
|
430
|
+
|
435
431
|
# this hook will be called each time @acl is reassigned
|
436
432
|
define_method :acl_recheck do
|
437
433
|
return nil if self.closed?
|
438
434
|
real_acl.output.check_socket(self, self) { try_terminate }
|
439
435
|
return nil
|
440
436
|
end
|
441
|
-
|
437
|
+
|
442
438
|
# This method returns default access list indicator
|
443
439
|
# used by protected object; in this case it's +:input+.
|
444
440
|
define_method :default_list do
|
445
441
|
:input
|
446
442
|
end
|
447
|
-
|
443
|
+
|
448
444
|
end # base.class_eval
|
449
445
|
|
450
446
|
end # self.included
|
451
447
|
|
452
448
|
end # module TCPServer
|
453
|
-
|
449
|
+
|
454
450
|
###################################################################
|
455
451
|
# Helper methods for easy checking and arming sockets.
|
456
452
|
|
@@ -472,7 +468,7 @@ module IPAccess::Patches
|
|
472
468
|
end
|
473
469
|
end
|
474
470
|
private :real_socket
|
475
|
-
|
471
|
+
|
476
472
|
# This method is used to safely
|
477
473
|
# re-raise an eventual exception
|
478
474
|
# and add current object's reference
|
@@ -503,13 +499,13 @@ module IPAccess::Patches
|
|
503
499
|
end
|
504
500
|
end
|
505
501
|
private :take_care
|
506
|
-
|
502
|
+
|
507
503
|
# This method tries to arm socket object.
|
508
504
|
# If a wanted access set and an object's access
|
509
505
|
# set is no different then acl_recheck is called
|
510
506
|
# by force. It sets armed socket's +opened_on_deny+
|
511
507
|
# flag to +true+.
|
512
|
-
|
508
|
+
|
513
509
|
def try_arm_socket(obj, initial_acl=nil)
|
514
510
|
late_sock = real_socket(obj)
|
515
511
|
unless late_sock.nil?
|
@@ -523,7 +519,7 @@ module IPAccess::Patches
|
|
523
519
|
return obj
|
524
520
|
end
|
525
521
|
private :try_arm_socket
|
526
|
-
|
522
|
+
|
527
523
|
# This method tries to arm socket object and then
|
528
524
|
# tries to set up correct ACL for it. If the ACL
|
529
525
|
# had changed then it assumes that underlying routines
|
@@ -547,7 +543,9 @@ module IPAccess::Patches
|
|
547
543
|
initial_acl = real_acl if initial_acl.nil?
|
548
544
|
IPAccess.arm(late_sock, acl, :opened_on_deny) unless late_sock.respond_to?(:acl)
|
549
545
|
if late_sock.acl != initial_acl
|
546
|
+
p "dla #{initial_acl}"
|
550
547
|
late_sock.acl = initial_acl
|
548
|
+
p late_sock.acl
|
551
549
|
else
|
552
550
|
late_sock.acl_recheck
|
553
551
|
end
|
@@ -579,7 +577,7 @@ module IPAccess::Patches
|
|
579
577
|
private :try_check_in_socket_acl
|
580
578
|
|
581
579
|
end # module ACL
|
582
|
-
|
580
|
+
|
583
581
|
end # module IPAccess::Patches
|
584
582
|
|
585
583
|
# :startdoc:
|