ipaccess 1.2.0 → 1.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -13
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.yardopts +2 -0
- data/ChangeLog +66 -0
- data/Manifest.txt +5 -10
- data/README.md +2 -2
- data/Rakefile +1 -1
- data/docs/HISTORY +11 -0
- data/docs/TODO +1 -1
- data/docs/yard-tpl/default/fulldoc/html/css/common.css +5 -0
- data/examples/open-uri.rb +14 -0
- data/examples/telnet.rb +1 -1
- data/ipaccess.gemspec +62 -0
- data/lib/ipaccess.rb +2 -566
- data/lib/ipaccess/arm_sockets.rb +0 -1
- data/lib/ipaccess/core.rb +523 -0
- data/lib/ipaccess/ghost_doc/ghost_doc.rb +1 -1
- data/lib/ipaccess/ghost_doc/ghost_doc_acl.rdoc +54 -0
- data/lib/ipaccess/ghost_doc/ghost_doc_net_ftp.rb +35 -19
- data/lib/ipaccess/ghost_doc/ghost_doc_net_http.rb +34 -18
- data/lib/ipaccess/ghost_doc/ghost_doc_net_smtp.rb +35 -19
- data/lib/ipaccess/ghost_doc/ghost_doc_net_telnet.rb +35 -19
- data/lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rdoc +65 -0
- data/lib/ipaccess/ghost_doc/ghost_doc_sockets.rb +353 -125
- data/lib/ipaccess/ip_access_check.rb +2 -2
- data/lib/ipaccess/ip_access_errors.rb +2 -2
- data/lib/ipaccess/ip_access_list.rb +3 -3
- data/lib/ipaccess/patches/generic.rb +150 -183
- data/lib/ipaccess/patches/net_ftp.rb +1 -2
- data/lib/ipaccess/patches/net_http.rb +10 -14
- data/lib/ipaccess/patches/net_imap.rb +1 -2
- data/lib/ipaccess/patches/net_pop.rb +2 -4
- data/lib/ipaccess/patches/net_smtp.rb +2 -4
- data/lib/ipaccess/patches/net_telnet.rb +1 -2
- data/lib/ipaccess/patches/sockets.rb +67 -69
- data/lib/ipaccess/socket.rb +0 -17
- metadata +70 -100
- metadata.gz.sig +0 -0
- data/lib/ipaccess/ghost_doc/ghost_doc_acl.rb +0 -54
- data/lib/ipaccess/ghost_doc/ghost_doc_p_blacklist.rb +0 -36
- data/lib/ipaccess/ghost_doc/ghost_doc_p_blacklist_e.rb +0 -7
- data/lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist.rb +0 -36
- data/lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist_e.rb +0 -7
- data/lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist.rb +0 -36
- data/lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist_e.rb +0 -7
- data/lib/ipaccess/ghost_doc/ghost_doc_p_whitelist.rb +0 -36
- data/lib/ipaccess/ghost_doc/ghost_doc_p_whitelist_e.rb +0 -7
- data/lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rb +0 -64
checksums.yaml
CHANGED
@@ -1,15 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
|
5
|
-
data.tar.gz: !binary |-
|
6
|
-
ODAzZDA5NzNjOWIxOGQ5Mzk4OGM4NWYzZDliZmFlYmExYmZmYWU4OQ==
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: b6d8d6f3a6fb60cff951294e480196549e9da563
|
4
|
+
data.tar.gz: 38c2a1f94f3dc943e06f0d9ceb796e4742aefccf
|
7
5
|
SHA512:
|
8
|
-
metadata.gz:
|
9
|
-
|
10
|
-
NjdkNzMzNDgxY2YxNzExZDNhMDIzZmFjYTA4NTZiNmM0NDRmOGViODkzMzA0
|
11
|
-
ZTgwNzNkNmQxODA4NGMyMTg4NGU4MDFjNzM2ZjhhM2U5MmRhNWI=
|
12
|
-
data.tar.gz: !binary |-
|
13
|
-
MjcwOWI3ZWFiOTY2NmI2MmZiNjYxNDU1NWEzNDYxOWFmZWZjM2E0MWVlNjg2
|
14
|
-
NzFhMTExYTUyNDliYzg4ODJjNzM5Mjg4Y2Q5NWEwMzIyOTY3YmVhOGFiYzg1
|
15
|
-
ZjhiNGE4MTQ3OWIyNWM4NWU0ODA5YjA3MWJjOWQwOTZkNzI4YTE=
|
6
|
+
metadata.gz: 3f21cba65126bc0b99359b626cf271687f371bb63694af255c29af018be75c39f51078c1347e416c6be9aa80069e6a8e1ab4291e688427b766430d4214867de8
|
7
|
+
data.tar.gz: a01d3fcdc90cc583e4af458da0ceb85f3a9241cb411ef7f9eddc3a4fe45123c2755627c0456e2731a5284dfcb3e5a162bc0b3b8db894ffcd988beeef4b24883e
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
data/.yardopts
CHANGED
data/ChangeLog
CHANGED
@@ -1,3 +1,69 @@
|
|
1
|
+
commit 1583d574540f53806e2e77ae0e6d336307b3fc60
|
2
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
3
|
+
Date: Tue Dec 24 14:43:08 2013 +0100
|
4
|
+
|
5
|
+
Release 1.2.2
|
6
|
+
|
7
|
+
commit 0455565763981f2b130bf21c741f829d19a576a0
|
8
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
9
|
+
Date: Tue Dec 24 14:37:37 2013 +0100
|
10
|
+
|
11
|
+
Added open-uri example
|
12
|
+
|
13
|
+
commit 1217456efe2d3265cbd19646342afef0619722dd
|
14
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
15
|
+
Date: Tue Dec 24 14:37:18 2013 +0100
|
16
|
+
|
17
|
+
Strict constant checks during arming
|
18
|
+
|
19
|
+
commit 80735314da159427ab4aa46504600af7bf1f8961
|
20
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
21
|
+
Date: Tue Dec 24 14:36:34 2013 +0100
|
22
|
+
|
23
|
+
Cosmetics
|
24
|
+
|
25
|
+
commit 3124c5884e51a270f19550efd55be5dde1ec5652
|
26
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
27
|
+
Date: Tue Dec 24 11:56:18 2013 +0100
|
28
|
+
|
29
|
+
Fixed bug that caused global sets to be ignored when arming some singletons
|
30
|
+
|
31
|
+
commit 00881459874a15d2c92fb372a325cf1a5aed154e
|
32
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
33
|
+
Date: Tue Dec 24 11:55:32 2013 +0100
|
34
|
+
|
35
|
+
Cosmetics
|
36
|
+
|
37
|
+
commit 408f9c1d21be1a4471cb4177ea55d9e20ccc6a33
|
38
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
39
|
+
Date: Tue Dec 24 11:53:13 2013 +0100
|
40
|
+
|
41
|
+
Version bump
|
42
|
+
|
43
|
+
commit 5246b7f48cb1ac0bdecd2cf76b13e823806cd577
|
44
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
45
|
+
Date: Mon Dec 23 22:48:21 2013 +0100
|
46
|
+
|
47
|
+
Documentation fixes
|
48
|
+
|
49
|
+
commit 4f91169decac556abef26bf373f7b69bb2855e5f
|
50
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
51
|
+
Date: Mon Dec 23 22:34:40 2013 +0100
|
52
|
+
|
53
|
+
Manifest.txt regenerated
|
54
|
+
|
55
|
+
commit c338d3600b23442f961eda0cee528f57770291c0
|
56
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
57
|
+
Date: Mon Dec 23 22:33:57 2013 +0100
|
58
|
+
|
59
|
+
Moved main module from lib/ipaccess.rb to lib/ipaccess/core.rb
|
60
|
+
|
61
|
+
commit 197d9b13036990763a1b3d51c9ec76c0870cf91c
|
62
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
63
|
+
Date: Mon Dec 23 22:33:31 2013 +0100
|
64
|
+
|
65
|
+
Documentation updated
|
66
|
+
|
1
67
|
commit 1abc7037ac85d2bf56dd5f8fa22450ef158fefd7
|
2
68
|
Author: Paweł Wilk <siefca@gnu.org>
|
3
69
|
Date: Mon Dec 23 13:02:16 2013 +0100
|
data/Manifest.txt
CHANGED
@@ -20,9 +20,11 @@ docs/images/ipaccess_setup_origin.png
|
|
20
20
|
docs/images/ipaccess_setup_origin_tab.png
|
21
21
|
docs/images/ipaccess_view.png
|
22
22
|
docs/rdoc.css
|
23
|
+
docs/yard-tpl/default/fulldoc/html/css/common.css
|
23
24
|
examples/ftp.rb
|
24
25
|
examples/http.rb
|
25
26
|
examples/imap.rb
|
27
|
+
examples/open-uri.rb
|
26
28
|
examples/pop.rb
|
27
29
|
examples/smtp.rb
|
28
30
|
examples/tcp_server.rb
|
@@ -32,21 +34,14 @@ examples/text_message.rb
|
|
32
34
|
ipaccess.gemspec
|
33
35
|
lib/ipaccess.rb
|
34
36
|
lib/ipaccess/arm_sockets.rb
|
37
|
+
lib/ipaccess/core.rb
|
35
38
|
lib/ipaccess/ghost_doc/ghost_doc.rb
|
36
|
-
lib/ipaccess/ghost_doc/ghost_doc_acl.
|
39
|
+
lib/ipaccess/ghost_doc/ghost_doc_acl.rdoc
|
37
40
|
lib/ipaccess/ghost_doc/ghost_doc_net_ftp.rb
|
38
41
|
lib/ipaccess/ghost_doc/ghost_doc_net_http.rb
|
39
42
|
lib/ipaccess/ghost_doc/ghost_doc_net_smtp.rb
|
40
43
|
lib/ipaccess/ghost_doc/ghost_doc_net_telnet.rb
|
41
|
-
lib/ipaccess/ghost_doc/
|
42
|
-
lib/ipaccess/ghost_doc/ghost_doc_p_blacklist_e.rb
|
43
|
-
lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist.rb
|
44
|
-
lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist_e.rb
|
45
|
-
lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist.rb
|
46
|
-
lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist_e.rb
|
47
|
-
lib/ipaccess/ghost_doc/ghost_doc_p_whitelist.rb
|
48
|
-
lib/ipaccess/ghost_doc/ghost_doc_p_whitelist_e.rb
|
49
|
-
lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rb
|
44
|
+
lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rdoc
|
50
45
|
lib/ipaccess/ghost_doc/ghost_doc_sockets.rb
|
51
46
|
lib/ipaccess/ip_access_check.rb
|
52
47
|
lib/ipaccess/ip_access_errors.rb
|
data/README.md
CHANGED
@@ -3,7 +3,7 @@
|
|
3
3
|
**ipaccess version `1.2`** (`Mortal Compat`)
|
4
4
|
|
5
5
|
* https://rubygems.org/gems/ipaccess
|
6
|
-
* https://github.com/siefca/ipaccess
|
6
|
+
* https://github.com/siefca/ipaccess
|
7
7
|
* pw@gnu.org
|
8
8
|
|
9
9
|
## Description
|
@@ -65,7 +65,7 @@ classes that use IPAccess::Set instances to control access of the real TCP/IP tr
|
|
65
65
|
|
66
66
|
## Source code
|
67
67
|
|
68
|
-
* https://github.com/siefca/IPAccess
|
68
|
+
* https://github.com/siefca/IPAccess
|
69
69
|
* <tt>git clone git://github.com/siefca/IPAccess.git</tt>
|
70
70
|
|
71
71
|
## Gem
|
data/Rakefile
CHANGED
@@ -30,7 +30,7 @@ Hoe.plugin :gemspec
|
|
30
30
|
|
31
31
|
Hoe.spec 'ipaccess' do
|
32
32
|
developer "Paweł Wilk", "pw@gnu.org"
|
33
|
-
self.version = "1.2.
|
33
|
+
self.version = "1.2.2"
|
34
34
|
self.rubyforge_name = 'ipaccess'
|
35
35
|
self.summary = 'IP Access Control for Ruby'
|
36
36
|
self.description = 'This library allows you to control IP access for sockets and other objects'
|
data/docs/HISTORY
CHANGED
@@ -1,3 +1,14 @@
|
|
1
|
+
=== 1.2.2 / 2013-12-24 (Mortal Compat)
|
2
|
+
|
3
|
+
* 1 major enhancement
|
4
|
+
|
5
|
+
* Ruby 2.0 compatible release with bugfixes
|
6
|
+
|
7
|
+
* 2 bugfixes
|
8
|
+
|
9
|
+
* documentation format changed to YARD
|
10
|
+
* fixed ACL initialization bugs
|
11
|
+
|
1
12
|
=== 1.0.1 / 2009-06-07 (Mother in Law)
|
2
13
|
|
3
14
|
* 1 major enhancement
|
data/docs/TODO
CHANGED
@@ -0,0 +1,14 @@
|
|
1
|
+
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
|
2
|
+
|
3
|
+
require 'ipaccess/net/http'
|
4
|
+
require 'open-uri'
|
5
|
+
require 'uri'
|
6
|
+
|
7
|
+
# Add host's IP by to black list of global output access set
|
8
|
+
IPAccess::Set::Global.output.blacklist 'example.org'
|
9
|
+
|
10
|
+
# Arm sockets
|
11
|
+
IPAccess.arm Net::HTTP
|
12
|
+
|
13
|
+
# Open URI
|
14
|
+
open 'http://example.org/'
|
data/examples/telnet.rb
CHANGED
data/ipaccess.gemspec
ADDED
@@ -0,0 +1,62 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
# stub: ipaccess 1.2.0.20131223130056 ruby lib
|
3
|
+
|
4
|
+
Gem::Specification.new do |s|
|
5
|
+
s.name = "ipaccess"
|
6
|
+
s.version = "1.2.0.20131223130056"
|
7
|
+
|
8
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
9
|
+
s.authors = ["Pawe\u{142} Wilk"]
|
10
|
+
s.cert_chain = ["/Users/siefca/.gem/gem-public_cert.pem"]
|
11
|
+
s.date = "2013-12-23"
|
12
|
+
s.description = "This library allows you to control IP access for sockets and other objects"
|
13
|
+
s.email = ["pw@gnu.org"]
|
14
|
+
s.extra_rdoc_files = ["Manifest.txt"]
|
15
|
+
s.files = [".rspec", ".yardopts", "ChangeLog", "LGPL-LICENSE", "Manifest.txt", "README.md", "Rakefile", "docs/COPYING", "docs/FAQ", "docs/HISTORY", "docs/LEGAL", "docs/LGPL", "docs/TODO", "docs/images/ipaccess.png", "docs/images/ipaccess_ac_for_args.png", "docs/images/ipaccess_ac_for_socket.png", "docs/images/ipaccess_logo.png", "docs/images/ipaccess_relations.png", "docs/images/ipaccess_setup_origin.png", "docs/images/ipaccess_setup_origin_tab.png", "docs/images/ipaccess_view.png", "docs/rdoc.css", "examples/ftp.rb", "examples/http.rb", "examples/imap.rb", "examples/pop.rb", "examples/smtp.rb", "examples/tcp_server.rb", "examples/tcp_socket.rb", "examples/telnet.rb", "examples/text_message.rb", "lib/ipaccess.rb", "lib/ipaccess/arm_sockets.rb", "lib/ipaccess/ghost_doc/ghost_doc.rb", "lib/ipaccess/ghost_doc/ghost_doc_acl.rdoc", "lib/ipaccess/ghost_doc/ghost_doc_net_ftp.rb", "lib/ipaccess/ghost_doc/ghost_doc_net_http.rb", "lib/ipaccess/ghost_doc/ghost_doc_net_smtp.rb", "lib/ipaccess/ghost_doc/ghost_doc_net_telnet.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_blacklist.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_blacklist_e.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist_e.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist_e.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_whitelist.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_whitelist_e.rb", "lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rb", "lib/ipaccess/ghost_doc/ghost_doc_sockets.rb", "lib/ipaccess/ip_access_check.rb", "lib/ipaccess/ip_access_errors.rb", "lib/ipaccess/ip_access_list.rb", "lib/ipaccess/ip_access_set.rb", "lib/ipaccess/net/ftp.rb", "lib/ipaccess/net/http.rb", "lib/ipaccess/net/https.rb", "lib/ipaccess/net/imap.rb", "lib/ipaccess/net/pop.rb", "lib/ipaccess/net/smtp.rb", "lib/ipaccess/net/telnet.rb", "lib/ipaccess/patches/generic.rb", "lib/ipaccess/patches/net_ftp.rb", "lib/ipaccess/patches/net_http.rb", "lib/ipaccess/patches/net_https.rb", "lib/ipaccess/patches/net_imap.rb", "lib/ipaccess/patches/net_pop.rb", "lib/ipaccess/patches/net_smtp.rb", "lib/ipaccess/patches/net_telnet.rb", "lib/ipaccess/patches/netaddr.rb", "lib/ipaccess/patches/sockets.rb", "lib/ipaccess/socket.rb", "lib/ipaccess/sockets.rb", "spec/ip_access_list_spec.rb", "spec/rcov.opts", "spec/spec.opts", ".gemtest"]
|
16
|
+
s.homepage = "https://rubygems.org/gems/ipaccess"
|
17
|
+
s.rdoc_options = ["--title", "Ipaccess Documentation", "--quiet"]
|
18
|
+
s.require_paths = ["lib"]
|
19
|
+
s.rubyforge_project = "ipaccess"
|
20
|
+
s.rubygems_version = "2.1.11"
|
21
|
+
s.signing_key = "/Users/siefca/.gem/gem-private_key.pem"
|
22
|
+
s.summary = "IP Access Control for Ruby"
|
23
|
+
|
24
|
+
if s.respond_to? :specification_version then
|
25
|
+
s.specification_version = 4
|
26
|
+
|
27
|
+
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
28
|
+
s.add_runtime_dependency(%q<netaddr>, [">= 1.5.0"])
|
29
|
+
s.add_development_dependency(%q<hoe-yard>, [">= 0.1.2"])
|
30
|
+
s.add_development_dependency(%q<rspec>, [">= 2.6.0"])
|
31
|
+
s.add_development_dependency(%q<yard>, [">= 0.8.2"])
|
32
|
+
s.add_development_dependency(%q<rdoc>, [">= 3.8.0"])
|
33
|
+
s.add_development_dependency(%q<redcarpet>, [">= 2.1.0"])
|
34
|
+
s.add_development_dependency(%q<bundler>, [">= 1.0.10"])
|
35
|
+
s.add_development_dependency(%q<hoe-bundler>, [">= 1.1.0"])
|
36
|
+
s.add_development_dependency(%q<hoe-gemspec>, [">= 1.0.0"])
|
37
|
+
s.add_development_dependency(%q<hoe>, ["~> 2.16"])
|
38
|
+
else
|
39
|
+
s.add_dependency(%q<netaddr>, [">= 1.5.0"])
|
40
|
+
s.add_dependency(%q<hoe-yard>, [">= 0.1.2"])
|
41
|
+
s.add_dependency(%q<rspec>, [">= 2.6.0"])
|
42
|
+
s.add_dependency(%q<yard>, [">= 0.8.2"])
|
43
|
+
s.add_dependency(%q<rdoc>, [">= 3.8.0"])
|
44
|
+
s.add_dependency(%q<redcarpet>, [">= 2.1.0"])
|
45
|
+
s.add_dependency(%q<bundler>, [">= 1.0.10"])
|
46
|
+
s.add_dependency(%q<hoe-bundler>, [">= 1.1.0"])
|
47
|
+
s.add_dependency(%q<hoe-gemspec>, [">= 1.0.0"])
|
48
|
+
s.add_dependency(%q<hoe>, ["~> 2.16"])
|
49
|
+
end
|
50
|
+
else
|
51
|
+
s.add_dependency(%q<netaddr>, [">= 1.5.0"])
|
52
|
+
s.add_dependency(%q<hoe-yard>, [">= 0.1.2"])
|
53
|
+
s.add_dependency(%q<rspec>, [">= 2.6.0"])
|
54
|
+
s.add_dependency(%q<yard>, [">= 0.8.2"])
|
55
|
+
s.add_dependency(%q<rdoc>, [">= 3.8.0"])
|
56
|
+
s.add_dependency(%q<redcarpet>, [">= 2.1.0"])
|
57
|
+
s.add_dependency(%q<bundler>, [">= 1.0.10"])
|
58
|
+
s.add_dependency(%q<hoe-bundler>, [">= 1.1.0"])
|
59
|
+
s.add_dependency(%q<hoe-gemspec>, [">= 1.0.0"])
|
60
|
+
s.add_dependency(%q<hoe>, ["~> 2.16"])
|
61
|
+
end
|
62
|
+
end
|
data/lib/ipaccess.rb
CHANGED
@@ -9,577 +9,13 @@
|
|
9
9
|
# IPAccess::Set class to maintain inpu/output traffic control.
|
10
10
|
# You also may use IPAccess::List class directly to build
|
11
11
|
# your own access sets based on black lists and white lists.
|
12
|
-
#
|
13
|
-
#--
|
14
|
-
#
|
15
|
-
# Copyright (C) 2009 by Paweł Wilk. All Rights Reserved.
|
16
|
-
#
|
17
|
-
# This program is free software; you can redistribute it and/or modify
|
18
|
-
# it under the terms of either: 1) the GNU Lesser General Public License
|
19
|
-
# as published by the Free Software Foundation; either version 3 of the
|
20
|
-
# License, or (at your option) any later version; or 2) Ruby's License.
|
21
|
-
#
|
22
|
-
# See the file COPYING for complete licensing information.
|
23
|
-
#
|
24
|
-
#++
|
25
12
|
|
26
13
|
require 'rubygems'
|
27
14
|
require 'socket'
|
28
15
|
require 'resolv'
|
29
16
|
require 'netaddr'
|
30
17
|
|
31
|
-
require 'ipaccess/
|
32
|
-
|
33
|
-
require 'ipaccess/ip_access_set'
|
18
|
+
require 'ipaccess/core'
|
19
|
+
|
34
20
|
|
35
|
-
# This module contains classes that are
|
36
|
-
# used to control IP access. There are
|
37
|
-
# three major components you may need:
|
38
|
-
#
|
39
|
-
# === IPAccess::List class
|
40
|
-
#
|
41
|
-
# This class lets you create IP
|
42
|
-
# access list with blacklisted
|
43
|
-
# and whitelisted elements. It
|
44
|
-
# also has methods for checking
|
45
|
-
# whether given IP matches the
|
46
|
-
# list.
|
47
|
-
#
|
48
|
-
# === IPAccess::Set class
|
49
|
-
#
|
50
|
-
# This class contains two
|
51
|
-
# objects that are instances
|
52
|
-
# of IPAccess::List class.
|
53
|
-
# It allows you to create so
|
54
|
-
# called access set. The access
|
55
|
-
# set contains members named
|
56
|
-
# +input+ and +output+. All methods
|
57
|
-
# that validate IP access do it
|
58
|
-
# against one of the lists. Input
|
59
|
-
# access list is for incomming
|
60
|
-
# and output for outgoing IP traffic.
|
61
|
-
# In case of connection-oriented
|
62
|
-
# sockets and other network objects
|
63
|
-
# the convention is to use output access
|
64
|
-
# list to validate connections that
|
65
|
-
# we initiate. The incomming traffic
|
66
|
-
# in that model means the connections
|
67
|
-
# initiated by a remote peer.
|
68
|
-
#
|
69
|
-
# === Patching engine
|
70
|
-
#
|
71
|
-
# IPAccess was initialy considered as a
|
72
|
-
# set of classes that you may use
|
73
|
-
# in your own programs to control
|
74
|
-
# IP access. That means your own classes
|
75
|
-
# used for communication should use
|
76
|
-
# access lists or sets before making any
|
77
|
-
# real connections or sending any datagrams.
|
78
|
-
#
|
79
|
-
# Fortunately there are many network classes,
|
80
|
-
# including sockets, that Ruby ships with.
|
81
|
-
# It would be waste of resources to not modify
|
82
|
-
# them to support IP access control and automagically
|
83
|
-
# throw exceptions when access should be denied.
|
84
|
-
#
|
85
|
-
# And here the special module method called +IPAccess.arm+
|
86
|
-
# comes in. It lets you patch most of Ruby's
|
87
|
-
# networking classes and objects. Besides
|
88
|
-
# equipping them in IPAccess::Set instance
|
89
|
-
# it also adds some methods for doing quick
|
90
|
-
# checks and changes in access lists.
|
91
|
-
#
|
92
|
-
# The patching engine can arm network classes and
|
93
|
-
# single network objects. It is not loaded by default
|
94
|
-
# since you may not want extra code attached to a
|
95
|
-
# program that uses access lists or sets with
|
96
|
-
# own access checking code.
|
97
|
-
#
|
98
|
-
# === Variants of popular classes
|
99
|
-
#
|
100
|
-
# Sometimes you want to write a code that
|
101
|
-
# uses standard Ruby's network objects
|
102
|
-
# but you find it dirty to alter classes or objects.
|
103
|
-
# In that case you may want to use static variants
|
104
|
-
# of Ruby's network classes that are not patches
|
105
|
-
# but derived classes.
|
106
|
-
#
|
107
|
-
# === Exceptions
|
108
|
-
#
|
109
|
-
# When you are dealing with patched (armed) versions
|
110
|
-
# of classes and objects or when you are using
|
111
|
-
# special variants of popular network classes, you have
|
112
|
-
# to rely on exceptions as the only way for
|
113
|
-
# access checking methods to tell your program
|
114
|
-
# that an event (like access denied) happened.
|
115
|
-
#
|
116
|
-
# Note that when exception is thrown
|
117
|
-
# the communication session is closed in case
|
118
|
-
# of connection-oriented network objects.
|
119
|
-
# You may change it by switching +opened_on_deny+
|
120
|
-
# attribute to +true+.
|
121
|
-
#
|
122
|
-
# See IPAccess::Set#check_in to know more
|
123
|
-
# about tracking original network object
|
124
|
-
# that caused exception to happend. Note
|
125
|
-
# that in case of armed versions of network
|
126
|
-
# classes (or access-contolled variants)
|
127
|
-
# an information about original network
|
128
|
-
# object stored within an exception will be set to
|
129
|
-
# +nil+ if access had been denied before
|
130
|
-
# object was initialized. This shouldn't
|
131
|
-
# happend often, since access checks are lazy
|
132
|
-
# (they are performed only when connection
|
133
|
-
# is going to be made).
|
134
|
-
#
|
135
|
-
# See IPAccessDenied for more information
|
136
|
-
# about what you can do with exceptions.
|
137
|
-
#
|
138
|
-
# === Sockets in armed network objects
|
139
|
-
#
|
140
|
-
# Specialized Ruby's network classes,
|
141
|
-
# such as Net::HTTP or Net::Telnet
|
142
|
-
# and their variants created by this library,
|
143
|
-
# make use of socket objects. For example
|
144
|
-
# Net::HTTP class uses TCPSocket instance to
|
145
|
-
# create TCP connection. When versions
|
146
|
-
# of these <tt>Net::</tt> objects with
|
147
|
-
# enabled access control are used then
|
148
|
-
# the internal routines of IPAccess
|
149
|
-
# will also try to patch underlying sockets and assign
|
150
|
-
# to them the same access set that is used by main
|
151
|
-
# object. It is done to avoid access leaks.
|
152
|
-
# However, such armed internal sockets will have
|
153
|
-
# +opened_on_deny+ flag switched on since
|
154
|
-
# closing session (and an eventual connection)
|
155
|
-
# should be settled by main object.
|
156
|
-
#
|
157
|
-
# === Ordination of elements
|
158
|
-
#
|
159
|
-
# To properly understand what are the most important
|
160
|
-
# structures mentioned above it's worth
|
161
|
-
# to look at the diagram:
|
162
|
-
#
|
163
|
-
# link:images/ipaccess_view.png
|
164
|
-
#
|
165
|
-
# == Usage
|
166
|
-
#
|
167
|
-
# === Handling access sets and access lists
|
168
|
-
#
|
169
|
-
# If you need just IP access lists that you will handle in your own way
|
170
|
-
# you may want to use two classes:
|
171
|
-
#
|
172
|
-
# * IPAccess::Set to maintain access sets (containing input and output access lists),
|
173
|
-
# * IPAccess::List to maintain single access list.
|
174
|
-
#
|
175
|
-
# === Using socket classes
|
176
|
-
#
|
177
|
-
# If you want standard sockets to have access control enabled
|
178
|
-
# you may want to use:
|
179
|
-
#
|
180
|
-
# * IPAccess::Socket (or issue <tt>IPAccess.arm Socket</tt>)
|
181
|
-
# * IPAccess::TCPSocket (or issue <tt>IPAccess.arm TCPSocket</tt>)
|
182
|
-
# * IPAccess::UDPSocket (or issue <tt>IPAccess.arm UDPSocket</tt>)
|
183
|
-
# * IPAccess::SOCKSocket (or issue <tt>IPAccess.arm SOCKSocket</tt>)
|
184
|
-
# * IPAccess::TCPServer (or issue <tt>IPAccess.arm TCPServer</tt>)
|
185
|
-
#
|
186
|
-
# Before using any of them you must issue:
|
187
|
-
#
|
188
|
-
# * <tt>require 'ipaccess/socket'</tt>
|
189
|
-
#
|
190
|
-
# Using the IPAccess.arm causes standard socket class to be altered,
|
191
|
-
# while \IPAccess:: classes are just new variants of socket
|
192
|
-
# handling classes.
|
193
|
-
#
|
194
|
-
# ==== Using other supported network classes
|
195
|
-
#
|
196
|
-
# If you want some working objects to have access control enabled
|
197
|
-
# you may want to use:
|
198
|
-
#
|
199
|
-
# * IPAccess::Net::Telnet (or issue <tt>IPAccess.arm Net::Telnet</tt>)
|
200
|
-
# * IPAccess::Net::HTTP (or issue <tt>IPAccess.arm Net::HTTP</tt>)
|
201
|
-
# * IPAccess::Net::FTP (or issue <tt>IPAccess.arm Net::FTP</tt>)
|
202
|
-
# * IPAccess::Net::POP3 (or issue <tt>IPAccess.arm Net::POP3</tt>)
|
203
|
-
# * IPAccess::Net::IMAP (or issue <tt>IPAccess.arm Net::IMAP</tt>)
|
204
|
-
# * IPAccess::Net::SMTP (or issue <tt>IPAccess.arm Net::SMTP</tt>)
|
205
|
-
#
|
206
|
-
# ==== Using single network objects
|
207
|
-
#
|
208
|
-
# If you want to enable access control for single network
|
209
|
-
# object from the list shown above you may issue:
|
210
|
-
#
|
211
|
-
# require 'ipaccess/net/http'
|
212
|
-
# obj = Net::HTTP.new(host, port)
|
213
|
-
# IPAccess.arm obj
|
214
|
-
#
|
215
|
-
# or
|
216
|
-
#
|
217
|
-
# require 'ipaccess/socket'
|
218
|
-
# socket = IPAccess::TCPServer.new(31337)
|
219
|
-
# IPAccess.arm socket
|
220
|
-
#
|
221
|
-
# ..and so on.
|
222
|
-
#
|
223
|
-
# === Structures
|
224
|
-
#
|
225
|
-
# IP addresses used by the classes are internaly and interfacialy
|
226
|
-
# represented by NetAddr::CIDR[http://netaddr.rubyforge.org/classes/NetAddr/CIDR.html]
|
227
|
-
# objects (NetAddr::CIDRv4[http://netaddr.rubyforge.org/classes/NetAddr/CIDRv4.html] and
|
228
|
-
# NetAddr::CIDRv6[http://netaddr.rubyforge.org/classes/NetAddr/CIDRv6.html]). Due to
|
229
|
-
# performance reasons any access list internally is represented as a tree
|
230
|
-
# (slightly modified NetAddr::Tree[http://netaddr.rubyforge.org/classes/NetAddr/Tree.html])
|
231
|
-
# with special tags assigning rules to virtual lists.
|
232
|
-
#
|
233
|
-
# === Relations
|
234
|
-
#
|
235
|
-
# Here is a diagram which shows relations
|
236
|
-
# between the IPAccess::TCPSocket class
|
237
|
-
# and other classes from this module:
|
238
|
-
#
|
239
|
-
# link:images/ipaccess_relations.png
|
240
21
|
|
241
|
-
module IPAccess
|
242
|
-
|
243
|
-
# This method converts names to NetAddr::CIDR objects. It returns an array of CIDR objects.
|
244
|
-
#
|
245
|
-
# Allowed input are strings (DNS names or IP addresses optionally with masks), numbers (IP addresses representation),
|
246
|
-
# IPSocket objects, URI objects, IPAddr objects, Net::HTTP objects, IPAddrList objects, NetAddr::CIDR objects,
|
247
|
-
# NetAddr::Tree objects, IPAccess::List objects, symbols, objects that contain file descriptors bound to sockets
|
248
|
-
# (including OpenSSL sockets) and arrays of these.
|
249
|
-
#
|
250
|
-
# In case of resolving the IPv6 link-local addresses
|
251
|
-
# zone index is removed. In case of DNS names there may
|
252
|
-
# occur Resolv::ResolvError exception. If there is an
|
253
|
-
# object that cannot be converted the ArgumentError
|
254
|
-
# exception is raised.
|
255
|
-
#
|
256
|
-
# When an argument called +:include_origins+ is present then the method will attach
|
257
|
-
# original converted objects to results as the +:Origin+ tag of CIDR objects (<tt>tag[:Origin]</tt>).
|
258
|
-
# This rule applies only to single objects or objects inside of arrays or sets.
|
259
|
-
# Objects that are kind of NetAddr::CIDR, IPAccess::Set, NetAddr::Tree and arrays will
|
260
|
-
# never be set as originators.
|
261
|
-
#
|
262
|
-
# ==== Examples
|
263
|
-
#
|
264
|
-
# to_cidrs("127.0.0.1") # uses the IP address
|
265
|
-
# to_cidrs(2130706433) # uses numeric representation of 127.0.0.1
|
266
|
-
# to_cidrs(:private, "localhost") # uses special symbol and DNS hostname
|
267
|
-
# to_cidrs(:private, :localhost) # uses special symbols
|
268
|
-
# to_cidrs [:private, :auto] # other way to write the above
|
269
|
-
# to_cidrs "10.0.0.0/8" # uses masked IP address
|
270
|
-
# to_cidrs "10.0.0.0/255.0.0.0" # uses masked IP address
|
271
|
-
# to_cidrs IPSocket.new("www.pl", 80) # uses the socket
|
272
|
-
# to_cidrs IPAddr("10.0.0.1") # uses IPAddr object
|
273
|
-
# to_cidrs NetAddr::CIDR.create("10.0.0.1") # uses NetAddr object
|
274
|
-
# to_cidrs URI('http://www.pl/') # uses URI
|
275
|
-
# to_cidrs 'http://www.pl/' # uses the extracted host string
|
276
|
-
# to_cidrs 'somehost.xx' # uses the host string (fetches ALL addresses from DNS)
|
277
|
-
# to_cidrs 'somehost.xx/16' # uses the host string and a netmask
|
278
|
-
#
|
279
|
-
# ==== Special symbols
|
280
|
-
#
|
281
|
-
# When symbol is passed to this method it tries to find out if it has special meaning.
|
282
|
-
# That allows you to create access rules in an easy way. For most of them you may
|
283
|
-
# also specify IP protocol version using +ipv4_+ or +ipv6_+ prefix.
|
284
|
-
#
|
285
|
-
# Known symbols are:
|
286
|
-
#
|
287
|
-
# <b>+:all+</b> (+:any+, +:anyone+, +:world+, +:internet+, +:net+, +:everything+, +:everyone+, +:everybody+, +:anybody+)
|
288
|
-
#
|
289
|
-
# variants: +:ipv4_+ and +:ipv6_+
|
290
|
-
#
|
291
|
-
# Creates masked IP address that matches all networks:
|
292
|
-
# – 0.0.0.0/0
|
293
|
-
# – ::/0
|
294
|
-
#
|
295
|
-
# <b>+:broadcast+</b> (+:brd+)
|
296
|
-
#
|
297
|
-
# variants: +:ipv4_+ and +:ipv6_+
|
298
|
-
#
|
299
|
-
# Creates masked IP address that matches generic broadcast address:
|
300
|
-
# – 255.255.255.255/32
|
301
|
-
# – ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
|
302
|
-
#
|
303
|
-
# <b>+:local+</b> (+:localhost+, +:localdomain+, +:loopback+, +:lo+)
|
304
|
-
#
|
305
|
-
# variants: +:ipv4_+ and +:ipv6_+
|
306
|
-
#
|
307
|
-
# Creates masked IP addresses that match localhost:
|
308
|
-
# – 127.0.0.1/8
|
309
|
-
# – ::1/128
|
310
|
-
#
|
311
|
-
# <b>+:auto+</b> (+:automatic+, +:linklocal+)
|
312
|
-
#
|
313
|
-
# variants: +:ipv4_+ and +:ipv6_+
|
314
|
-
#
|
315
|
-
# Creates masked IP addresses that match automatically assigned address ranges:
|
316
|
-
# – 169.254.0.0/16
|
317
|
-
# – fe80::/10
|
318
|
-
#
|
319
|
-
# <b>+:private+</b> (+:intra+, +:intranet+, +:internal+)
|
320
|
-
#
|
321
|
-
# variants: +:ipv4_+ and +:ipv6_+
|
322
|
-
#
|
323
|
-
# Creates masked IP addresses that match private ranges:
|
324
|
-
# – 10.0.0.0/8
|
325
|
-
# – 172.16.0.0/12
|
326
|
-
# – 192.168.0.0/16
|
327
|
-
# – 2001:10::/28
|
328
|
-
# – 2001:db8::/32
|
329
|
-
# – fc00::/7
|
330
|
-
# – fdde:9e1a:dc85:7374::/64
|
331
|
-
#
|
332
|
-
# <b>+:multicast+</b> (+:multi+, +:multiemission+)
|
333
|
-
#
|
334
|
-
# variants: +:ipv4_+ and +:ipv6_+
|
335
|
-
#
|
336
|
-
# Creates masked IP addresses that match multicast addresses ranges:
|
337
|
-
# – 224.0.0.0/4
|
338
|
-
# – ff00::/8
|
339
|
-
# – ff02::1:ff00:0/104
|
340
|
-
#
|
341
|
-
# <b>+:reserved+</b> (+:example+)
|
342
|
-
#
|
343
|
-
# variants: +:ipv4_+
|
344
|
-
#
|
345
|
-
# Creates masked IP addresses that match reserved addresses ranges:
|
346
|
-
# – 192.0.2.0/24
|
347
|
-
# – 128.0.0.0/16
|
348
|
-
# – 191.255.0.0/16
|
349
|
-
# – 192.0.0.0/24
|
350
|
-
# – 198.18.0.0/15
|
351
|
-
# – 223.255.255.0/24
|
352
|
-
# – 240.0.0.0/4
|
353
|
-
#
|
354
|
-
# <b>+:strange+</b> (+:unusual+, +:nonpublic+, +:unpublic+)
|
355
|
-
#
|
356
|
-
# Creates masked IP addressess that match the following sets (both IPv4 and IPv6):
|
357
|
-
# – :local
|
358
|
-
# – :auto
|
359
|
-
# – :private
|
360
|
-
# – :reserved
|
361
|
-
# – :multicast
|
362
|
-
|
363
|
-
def self.to_cidrs(*addresses)
|
364
|
-
obj = addresses.flatten
|
365
|
-
include_origins = false
|
366
|
-
obj.delete_if { |x| include_origins = true if (x.is_a?(Symbol) && x == :include_origins) }
|
367
|
-
|
368
|
-
if obj.size == 1
|
369
|
-
obj = obj.first
|
370
|
-
else
|
371
|
-
ary = []
|
372
|
-
obj.each do |o|
|
373
|
-
ary += include_origins ? to_cidrs(o, :include_origins) : to_cidrs(o)
|
374
|
-
end
|
375
|
-
ary.flatten!
|
376
|
-
return ary
|
377
|
-
end
|
378
|
-
|
379
|
-
ori_obj = obj
|
380
|
-
|
381
|
-
# NetAddr::CIDR - immediate generation
|
382
|
-
if obj.is_a?(NetAddr::CIDR)
|
383
|
-
r = obj.dup
|
384
|
-
r.tag[:Originator] = ori_obj if include_origins
|
385
|
-
return [r]
|
386
|
-
end
|
387
|
-
|
388
|
-
# IPAccess::List - immediate generation
|
389
|
-
return obj.to_a if obj.is_a?(IPAccess::List)
|
390
|
-
|
391
|
-
# NetAddr::Tree - immediate generation
|
392
|
-
return obj.dump.map { |addr| addr[:CIDR] } if obj.is_a?(NetAddr::Tree)
|
393
|
-
|
394
|
-
# number or nil - immediate generation or exception
|
395
|
-
if (obj.is_a?(Numeric) || obj.nil?)
|
396
|
-
r = NetAddr::CIDR.create(obj)
|
397
|
-
r.tag[:Originator] = ori_obj if include_origins
|
398
|
-
return [r]
|
399
|
-
end
|
400
|
-
|
401
|
-
# object containing socket member (e.g. Net::HTTP) - fetch socket
|
402
|
-
if obj.respond_to?(:socket)
|
403
|
-
obj = obj.socket
|
404
|
-
elsif obj.respond_to?(:sock)
|
405
|
-
obj = obj.sock
|
406
|
-
elsif obj.respond_to?(:client_socket)
|
407
|
-
obj = obj.client_socket
|
408
|
-
elsif obj.instance_variable_defined?(:@socket)
|
409
|
-
obj = obj.instance_variable_get(:@socket)
|
410
|
-
elsif obj.instance_variable_defined?(:@client_socket)
|
411
|
-
obj = obj.instance_variable_get(:@client_socket)
|
412
|
-
elsif obj.instance_variable_defined?(:@sock)
|
413
|
-
obj = obj.instance_variable_get(:@sock)
|
414
|
-
end
|
415
|
-
obj = obj.io if (obj.respond_to?(:io) && obj.io.respond_to?(:getpeername))
|
416
|
-
|
417
|
-
# some file descriptor but not socket - fetch socket
|
418
|
-
obj = ::Socket.for_fd(obj.fileno) if (!obj.respond_to?(:getpeername) && obj.respond_to?(:fileno))
|
419
|
-
|
420
|
-
# Socket - immediate generation
|
421
|
-
if obj.respond_to?(:getpeername)
|
422
|
-
peeraddr = ::Socket.unpack_sockaddr_in(obj.getpeername).last.split('%').first
|
423
|
-
r = NetAddr::CIDR.create(peeraddr)
|
424
|
-
r.tag[:Originator] = ori_obj if include_origins
|
425
|
-
return [r]
|
426
|
-
end
|
427
|
-
|
428
|
-
# symbol - immediate generation
|
429
|
-
r_args = nil
|
430
|
-
if obj.is_a?(Symbol)
|
431
|
-
case obj
|
432
|
-
when :ipv4_all, :ipv4_any, :ipv4_anyone, :ipv4_world, :ipv4_internet, :ipv4_net, :ipv4_everything, :ipv4_everyone, :ipv4_everybody, :ipv4_anybody
|
433
|
-
obj = [ "0.0.0.0/0" ]
|
434
|
-
when :ipv6_all, :ipv6_any, :ipv6_anyone, :ipv6_world, :ipv6_internet, :ipv6_net, :ipv6_everything, :ipv6_everyone, :ipv6_everybody, :ipv6_anybody
|
435
|
-
obj = [ "0.0.0.0/0", "::/0" ]
|
436
|
-
when :ipv4_broadcast, :ipv4_brd
|
437
|
-
obj = [ "255.255.255.255/32" ]
|
438
|
-
when :ipv6_broadcast, :ipv6_brd
|
439
|
-
obj = [ "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128" ]
|
440
|
-
when :ipv4_local, :ipv4_localhost, :ipv4_loopback, :ipv4_lo
|
441
|
-
obj = [ "127.0.0.1/8" ]
|
442
|
-
when :ipv6_local, :ipv6_localhost, :ipv6_loopback, :ipv6_lo
|
443
|
-
obj = [ "::1/128" ]
|
444
|
-
when :ipv4_auto, :ipv4_automatic, :ipv4_linklocal
|
445
|
-
obj = [ "169.254.0.0/16" ]
|
446
|
-
when :ipv6_auto, :ipv6_automatic, :ipv6_linklocal
|
447
|
-
obj = [ "fe80::/10" ]
|
448
|
-
when :ipv4_private, :ipv4_intra, :ipv4_intranet, :ipv4_internal
|
449
|
-
obj = [ "10.0.0.0/8",
|
450
|
-
"172.16.0.0/12",
|
451
|
-
"192.168.0.0/16" ]
|
452
|
-
when :ipv6_private, :ipv6_intra, :ipv6_intranet, :ipv6_internal, :ipv6_ula, :ipv6_unique
|
453
|
-
obj = [ "2001:10::/28",
|
454
|
-
"2001:db8::/32",
|
455
|
-
"fc00::/7",
|
456
|
-
"fdde:9e1a:dc85:7374::/64" ]
|
457
|
-
when :ipv4_multicast, :ipv4_multi, :ipv4_multiemission
|
458
|
-
obj = [ "224.0.0.0/4" ]
|
459
|
-
when :ipv6_multicast, :ipv6_multi, :ipv6_multiemission
|
460
|
-
obj = [ "ff00::/8",
|
461
|
-
"ff02::1:ff00:0/104" ]
|
462
|
-
when :ipv4_example, :ipv4_reserved
|
463
|
-
obj = [ "192.0.2.0/24",
|
464
|
-
"128.0.0.0/16",
|
465
|
-
"191.255.0.0/16",
|
466
|
-
"192.0.0.0/24",
|
467
|
-
"198.18.0.0/15",
|
468
|
-
"223.255.255.0/24",
|
469
|
-
"240.0.0.0/4" ]
|
470
|
-
when :all, :any, :anyone, :world, :internet, :net, :everything, :everyone, :everybody, :anybody
|
471
|
-
r_args = [ :ipv4_all,
|
472
|
-
:ipv6_all ]
|
473
|
-
when :broadcast, :brd
|
474
|
-
r_args = [ :ipv4_broadcast,
|
475
|
-
:ipv6_broadcast ]
|
476
|
-
when :local, :localhost, :localdomain, :loopback, :lo
|
477
|
-
r_args = [ :ipv4_local,
|
478
|
-
:ipv6_local ]
|
479
|
-
when :auto, :automatic, :linklocal
|
480
|
-
r_args = [ :ipv4_auto,
|
481
|
-
:ipv6_auto ]
|
482
|
-
when :private, :intra, :intranet, :internal
|
483
|
-
r_args = [ :ipv4_private,
|
484
|
-
:ipv6_private ]
|
485
|
-
when :multicast, :multi, :multiemission
|
486
|
-
r_args = [ :ipv4_multicast,
|
487
|
-
:ipv6_multicast ]
|
488
|
-
when :reserved, :example
|
489
|
-
r_args = [ :ipv4_example ]
|
490
|
-
when :strange, :unusual, :nonpublic, :unpublic
|
491
|
-
r_args = [ :local,
|
492
|
-
:auto,
|
493
|
-
:private,
|
494
|
-
:reserved,
|
495
|
-
:multicast ]
|
496
|
-
else
|
497
|
-
raise ArgumentError, "provided symbol is unknown: #{obj.to_s}"
|
498
|
-
end
|
499
|
-
|
500
|
-
unless r_args.nil?
|
501
|
-
r_args.push :include_origins if include_origins
|
502
|
-
return to_cidrs(*r_args)
|
503
|
-
end
|
504
|
-
|
505
|
-
# strange types here
|
506
|
-
if obj.is_a?(Array)
|
507
|
-
return obj.map do |addr|
|
508
|
-
r = NetAddr::CIDR.create(addr)
|
509
|
-
r.tag[:Originator] = addr if include_origins
|
510
|
-
r
|
511
|
-
end
|
512
|
-
end
|
513
|
-
end
|
514
|
-
|
515
|
-
# URI or something that responds to host method - fetch string
|
516
|
-
obj = obj.host if obj.respond_to?(:host)
|
517
|
-
|
518
|
-
# objects of external classes
|
519
|
-
case obj.class.name.to_sym
|
520
|
-
when :IPAddr # IPAddr - fetch IP/mask string
|
521
|
-
obj = obj.native.inspect.split[1].chomp('>')[5..-1]
|
522
|
-
when :IPAddrList # IPAddrList - pass array to parse
|
523
|
-
return include_origins ? to_cidrs(obj.to_a, :include_origins) : to_cidrs(obj.to_a)
|
524
|
-
end
|
525
|
-
|
526
|
-
# string or similar - immediate generation
|
527
|
-
if obj.respond_to?(:to_s)
|
528
|
-
hostmask = ""
|
529
|
-
obj = obj.to_s
|
530
|
-
# URI
|
531
|
-
if obj =~ /^[^:]+:\/\/(.*)/
|
532
|
-
obj = $1.split('/').first
|
533
|
-
# IP in URI
|
534
|
-
if obj =~ /^\[([^\]]+)\]/
|
535
|
-
obj = $1
|
536
|
-
else
|
537
|
-
obj = obj.split(':').first
|
538
|
-
end
|
539
|
-
# host(s) and a mask
|
540
|
-
elsif obj =~ /^([^\/]+)(\/((\d{1,2}$)|(\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b$)))/
|
541
|
-
obj = $1
|
542
|
-
hostmask = $2
|
543
|
-
end
|
544
|
-
begin
|
545
|
-
ipa = obj.split('%').first.to_s
|
546
|
-
r = NetAddr::CIDR.create(ipa + hostmask)
|
547
|
-
rescue NetAddr::ValidationError
|
548
|
-
begin
|
549
|
-
addresses = Resolv::getaddresses(obj)
|
550
|
-
rescue NoMethodError # unhandled error
|
551
|
-
raise Resolv::ResolvError, "not connected or network error"
|
552
|
-
end
|
553
|
-
addresses.map! do |addr|
|
554
|
-
begin
|
555
|
-
r = NetAddr::CIDR.create(addr.split('%').first + hostmask)
|
556
|
-
r.tag[:Originator] = ori_obj
|
557
|
-
r
|
558
|
-
rescue ArgumentError
|
559
|
-
nil
|
560
|
-
end
|
561
|
-
end
|
562
|
-
addresses.flatten!
|
563
|
-
addresses.compact!
|
564
|
-
return addresses
|
565
|
-
end
|
566
|
-
r.tag[:Originator] = ori_obj
|
567
|
-
return [r]
|
568
|
-
end
|
569
|
-
|
570
|
-
# should never happend
|
571
|
-
r = obj.is_a?(NetAddr::CIDR) ? obj.dup : NetAddr::CIDR.create(obj.to_s)
|
572
|
-
r.tag[:Originator] = ori_obj
|
573
|
-
return [r]
|
574
|
-
end
|
575
|
-
|
576
|
-
# This method calls IPAccess.to_cidrs
|
577
|
-
# and returns first obtained entry containing
|
578
|
-
# single IP address with mask (NetAddr::CIDR).
|
579
|
-
|
580
|
-
def self.to_cidr(*addresses)
|
581
|
-
r = self.to_cidrs(*addresses)
|
582
|
-
return r.respond_to?(:first) ? first : r
|
583
|
-
end
|
584
|
-
|
585
|
-
end
|