ipaccess 1.2.2 → 1.2.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/ChangeLog +60 -0
- data/README.md +38 -15
- data/Rakefile +3 -1
- data/examples/open-uri.rb +12 -3
- data/ipaccess.gemspec +6 -5
- data/lib/ipaccess/core.rb +2 -2
- data/lib/ipaccess/ghost_doc/ghost_doc_net_http.rb +15 -8
- data/lib/ipaccess/ip_access_check.rb +4 -4
- data/lib/ipaccess/patches/net_http.rb +72 -29
- metadata +3 -3
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5c067da1cc87d038d6403e92656123c4423ccf83
|
4
|
+
data.tar.gz: de98f452bb6a6e9b316a7f6bed1844419ea171ce
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6b2c28324a897856ebbc67bb807d716f65e6d8e0a49ff3715b05635948c75699d29e0b797a60c4e40eed8912f23820a73c1a858720107cd5483cb2b932e5a080
|
7
|
+
data.tar.gz: 5d78bfe1b8491064c952bfb04f9fc566c62549c5370ab7c6d91a06a25913b71a7dec474b07640ae8d45cf232df5a8b765844b1cacd730b8e8eebb49a9ff3daf6
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
data/ChangeLog
CHANGED
@@ -1,3 +1,63 @@
|
|
1
|
+
commit 32b176f52c9a7aa3caf2375215c4ffa6030d5c45
|
2
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
3
|
+
Date: Thu Dec 26 03:35:07 2013 +0100
|
4
|
+
|
5
|
+
Gemspec regenerated
|
6
|
+
|
7
|
+
commit bfe69f65bb505335b02cc6362096e10c263d3a8b
|
8
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
9
|
+
Date: Thu Dec 26 03:34:34 2013 +0100
|
10
|
+
|
11
|
+
Image links in documentation changed to remote GitHub assets
|
12
|
+
|
13
|
+
commit 8f6b9754d2a95558cc2a32f4c2dd0b4d82be7a8a
|
14
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
15
|
+
Date: Thu Dec 26 03:28:53 2013 +0100
|
16
|
+
|
17
|
+
Version bump
|
18
|
+
|
19
|
+
commit f349435979ef92105fd559ca4f40078bb1919c67
|
20
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
21
|
+
Date: Thu Dec 26 03:28:40 2013 +0100
|
22
|
+
|
23
|
+
Open-uri example updated
|
24
|
+
|
25
|
+
commit 46e0836b6dc9a7dc12095ada8be7856352b88cba
|
26
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
27
|
+
Date: Thu Dec 26 03:28:29 2013 +0100
|
28
|
+
|
29
|
+
Net::HTTP#connect wrapped in IPAccess::Patches::Net::HTTP
|
30
|
+
|
31
|
+
commit 27b0545884c616d141220c5817837fb3359911f5
|
32
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
33
|
+
Date: Thu Dec 26 03:02:20 2013 +0100
|
34
|
+
|
35
|
+
Open-uri example simplified
|
36
|
+
|
37
|
+
commit abcfd75caed6c0768b9ed01803633577855f9400
|
38
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
39
|
+
Date: Thu Dec 26 02:58:34 2013 +0100
|
40
|
+
|
41
|
+
Required Ruby version is now 1.9.2
|
42
|
+
|
43
|
+
commit cb4774148d7e1e16f9162589c39525bc13113708
|
44
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
45
|
+
Date: Tue Dec 24 15:00:44 2013 +0100
|
46
|
+
|
47
|
+
Readme updated
|
48
|
+
|
49
|
+
commit d026e34e862153c93e69562e72ef6bd2ab6434b9
|
50
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
51
|
+
Date: Tue Dec 24 14:50:20 2013 +0100
|
52
|
+
|
53
|
+
Added Badge to Readme
|
54
|
+
|
55
|
+
commit 7f969e0bd5c6170d356f74427377c0f0254d389f
|
56
|
+
Author: Paweł Wilk <siefca@gnu.org>
|
57
|
+
Date: Tue Dec 24 14:46:28 2013 +0100
|
58
|
+
|
59
|
+
Readme updated
|
60
|
+
|
1
61
|
commit 1583d574540f53806e2e77ae0e6d336307b3fc60
|
2
62
|
Author: Paweł Wilk <siefca@gnu.org>
|
3
63
|
Date: Tue Dec 24 14:43:08 2013 +0100
|
data/README.md
CHANGED
@@ -1,9 +1,12 @@
|
|
1
1
|
# IP Access Control for Ruby
|
2
2
|
|
3
|
+
[![Gem Version](https://badge.fury.io/rb/ipaccess.png)](http://badge.fury.io/rb/ipaccess)
|
4
|
+
|
3
5
|
**ipaccess version `1.2`** (`Mortal Compat`)
|
4
6
|
|
5
7
|
* https://rubygems.org/gems/ipaccess
|
6
8
|
* https://github.com/siefca/ipaccess
|
9
|
+
* http://rubydoc.info/gems/ipaccess/
|
7
10
|
* pw@gnu.org
|
8
11
|
|
9
12
|
## Description
|
@@ -17,8 +20,8 @@ shipped with this library.
|
|
17
20
|
## Features
|
18
21
|
|
19
22
|
* Maintaining IP access lists based on rules; see [IPAccess::List](http://rubydoc.info/gems/ipaccess/IPAccess/List).
|
20
|
-
* Grouping input/output access lists into sets; [IPAccess::Set](http://rubydoc.info/gems/ipaccess/IPAccess/Set).
|
21
|
-
* Automating access checks and raising exceptions; [IPAccess::Set](http://rubydoc.info/gems/ipaccess/IPAccess/Set#check_in).
|
23
|
+
* Grouping input/output access lists into sets; see [IPAccess::Set](http://rubydoc.info/gems/ipaccess/IPAccess/Set).
|
24
|
+
* Automating access checks and raising exceptions; see [IPAccess::Set](http://rubydoc.info/gems/ipaccess/IPAccess/Set#check_in).
|
22
25
|
* Many formats of IP addresses accepted; see [IPAccess.to_cidrs](http://rubydoc.info/gems/ipaccess/IPAccess#to_cidrs-class_method).
|
23
26
|
* Variants of socket handling classes with IP access control; see [IPAccess::Socket](http://rubydoc.info/gems/ipaccess/IPAccess/Socket) and [IPAccess::Net](http://rubydoc.info/gems/ipaccess/IPAccess/Net).
|
24
27
|
* Methods for patching native socket handling classes; see [IPAccess.arm](http://rubydoc.info/gems/ipaccess/IPAccess#arm-class_method).
|
@@ -40,20 +43,40 @@ classes that use IPAccess::Set instances to control access of the real TCP/IP tr
|
|
40
43
|
|
41
44
|
## Synopsis
|
42
45
|
|
43
|
-
|
44
|
-
|
46
|
+
Total control:
|
47
|
+
|
48
|
+
```ruby
|
49
|
+
require 'ipaccess/net/http'
|
50
|
+
require 'open-uri'
|
51
|
+
|
52
|
+
# Add host's IP by to black list of global output access set
|
53
|
+
IPAccess::Set::Global.output.blacklist 'example.org'
|
54
|
+
|
55
|
+
# Arm all future sockets used by Net::HTTP
|
56
|
+
IPAccess.arm Net::HTTP
|
57
|
+
|
58
|
+
# Open URI
|
59
|
+
open 'http://example.org/'
|
60
|
+
```
|
61
|
+
|
62
|
+
Access management for specific socket objects:
|
63
|
+
|
64
|
+
```ruby
|
65
|
+
# load patched sockets
|
66
|
+
require 'ipaccess/socket'
|
67
|
+
|
68
|
+
# assume IP given by untrusted user
|
69
|
+
ip_from_user = '192.168.5.5'
|
70
|
+
|
71
|
+
# create new access set
|
72
|
+
acl = IPAccess::Set.new
|
45
73
|
|
46
|
-
|
47
|
-
|
74
|
+
# blacklist private and local subnets
|
75
|
+
acl.output.block :private, :local
|
48
76
|
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
# blacklist private and local subnets
|
53
|
-
acl.output.block :private, :local
|
54
|
-
|
55
|
-
# create TCP socket with IP access control
|
56
|
-
socket = IPAccess::TCPSocket(ip_from_user, 80, acl)
|
77
|
+
# create TCP socket with IP access control
|
78
|
+
socket = IPAccess::TCPSocket(ip_from_user, 80, acl)
|
79
|
+
```
|
57
80
|
|
58
81
|
## Requirements
|
59
82
|
|
@@ -78,7 +101,7 @@ classes that use IPAccess::Set instances to control access of the real TCP/IP tr
|
|
78
101
|
|
79
102
|
## More information
|
80
103
|
|
81
|
-
See IPAccess module's documentation for more information.
|
104
|
+
See IPAccess module's [documentation](http://rubydoc.info/gems/ipaccess/) for more information.
|
82
105
|
|
83
106
|
## License
|
84
107
|
|
data/Rakefile
CHANGED
@@ -30,7 +30,7 @@ Hoe.plugin :gemspec
|
|
30
30
|
|
31
31
|
Hoe.spec 'ipaccess' do
|
32
32
|
developer "Paweł Wilk", "pw@gnu.org"
|
33
|
-
self.version = "1.2.
|
33
|
+
self.version = "1.2.3"
|
34
34
|
self.rubyforge_name = 'ipaccess'
|
35
35
|
self.summary = 'IP Access Control for Ruby'
|
36
36
|
self.description = 'This library allows you to control IP access for sockets and other objects'
|
@@ -41,6 +41,8 @@ Hoe.spec 'ipaccess' do
|
|
41
41
|
self.readme_file = 'README.md'
|
42
42
|
self.history_file = 'docs/HISTORY'
|
43
43
|
|
44
|
+
require_ruby_version '>= 1.9.2'
|
45
|
+
|
44
46
|
extra_deps << ["netaddr",">= 1.5.0"]
|
45
47
|
extra_dev_deps << ['rspec', '>= 2.6.0'] <<
|
46
48
|
['yard', '>= 0.8.2'] <<
|
data/examples/open-uri.rb
CHANGED
@@ -1,14 +1,23 @@
|
|
1
1
|
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
|
2
2
|
|
3
|
+
require 'net/http'
|
3
4
|
require 'ipaccess/net/http'
|
4
5
|
require 'open-uri'
|
5
|
-
require 'uri'
|
6
6
|
|
7
7
|
# Add host's IP by to black list of global output access set
|
8
|
-
IPAccess::Set::Global.output.blacklist
|
8
|
+
IPAccess::Set::Global.output.blacklist :unusual
|
9
9
|
|
10
10
|
# Arm sockets
|
11
11
|
IPAccess.arm Net::HTTP
|
12
12
|
|
13
|
+
# Set some defaults
|
14
|
+
Net::HTTP.ipaccess_defaults = {
|
15
|
+
:check_only_real => true,
|
16
|
+
:opened_on_deny => true
|
17
|
+
}
|
18
|
+
|
19
|
+
# Show blacklisted IP addresses
|
20
|
+
puts IPAccess::Set::Global.output.show
|
21
|
+
|
13
22
|
# Open URI
|
14
|
-
open 'http://
|
23
|
+
open 'http://localhost/'
|
data/ipaccess.gemspec
CHANGED
@@ -1,21 +1,22 @@
|
|
1
1
|
# -*- encoding: utf-8 -*-
|
2
|
-
# stub: ipaccess 1.2.
|
2
|
+
# stub: ipaccess 1.2.3.20131226033445 ruby lib
|
3
3
|
|
4
4
|
Gem::Specification.new do |s|
|
5
5
|
s.name = "ipaccess"
|
6
|
-
s.version = "1.2.
|
6
|
+
s.version = "1.2.3.20131226033445"
|
7
7
|
|
8
8
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
9
9
|
s.authors = ["Pawe\u{142} Wilk"]
|
10
10
|
s.cert_chain = ["/Users/siefca/.gem/gem-public_cert.pem"]
|
11
|
-
s.date = "2013-12-
|
11
|
+
s.date = "2013-12-26"
|
12
12
|
s.description = "This library allows you to control IP access for sockets and other objects"
|
13
13
|
s.email = ["pw@gnu.org"]
|
14
|
-
s.extra_rdoc_files = ["Manifest.txt"]
|
15
|
-
s.files = [".rspec", ".yardopts", "ChangeLog", "LGPL-LICENSE", "Manifest.txt", "README.md", "Rakefile", "docs/COPYING", "docs/FAQ", "docs/HISTORY", "docs/LEGAL", "docs/LGPL", "docs/TODO", "docs/images/ipaccess.png", "docs/images/ipaccess_ac_for_args.png", "docs/images/ipaccess_ac_for_socket.png", "docs/images/ipaccess_logo.png", "docs/images/ipaccess_relations.png", "docs/images/ipaccess_setup_origin.png", "docs/images/ipaccess_setup_origin_tab.png", "docs/images/ipaccess_view.png", "docs/rdoc.css", "
|
14
|
+
s.extra_rdoc_files = ["Manifest.txt", "lib/ipaccess/ghost_doc/ghost_doc_acl.rdoc", "lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rdoc"]
|
15
|
+
s.files = [".rspec", ".yardopts", "ChangeLog", "LGPL-LICENSE", "Manifest.txt", "README.md", "Rakefile", "docs/COPYING", "docs/FAQ", "docs/HISTORY", "docs/LEGAL", "docs/LGPL", "docs/TODO", "docs/images/ipaccess.png", "docs/images/ipaccess_ac_for_args.png", "docs/images/ipaccess_ac_for_socket.png", "docs/images/ipaccess_logo.png", "docs/images/ipaccess_relations.png", "docs/images/ipaccess_setup_origin.png", "docs/images/ipaccess_setup_origin_tab.png", "docs/images/ipaccess_view.png", "docs/rdoc.css", "docs/yard-tpl/default/fulldoc/html/css/common.css", "examples/ftp.rb", "examples/http.rb", "examples/imap.rb", "examples/open-uri.rb", "examples/pop.rb", "examples/smtp.rb", "examples/tcp_server.rb", "examples/tcp_socket.rb", "examples/telnet.rb", "examples/text_message.rb", "ipaccess.gemspec", "lib/ipaccess.rb", "lib/ipaccess/arm_sockets.rb", "lib/ipaccess/core.rb", "lib/ipaccess/ghost_doc/ghost_doc.rb", "lib/ipaccess/ghost_doc/ghost_doc_acl.rdoc", "lib/ipaccess/ghost_doc/ghost_doc_net_ftp.rb", "lib/ipaccess/ghost_doc/ghost_doc_net_http.rb", "lib/ipaccess/ghost_doc/ghost_doc_net_smtp.rb", "lib/ipaccess/ghost_doc/ghost_doc_net_telnet.rb", "lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rdoc", "lib/ipaccess/ghost_doc/ghost_doc_sockets.rb", "lib/ipaccess/ip_access_check.rb", "lib/ipaccess/ip_access_errors.rb", "lib/ipaccess/ip_access_list.rb", "lib/ipaccess/ip_access_set.rb", "lib/ipaccess/net/ftp.rb", "lib/ipaccess/net/http.rb", "lib/ipaccess/net/https.rb", "lib/ipaccess/net/imap.rb", "lib/ipaccess/net/pop.rb", "lib/ipaccess/net/smtp.rb", "lib/ipaccess/net/telnet.rb", "lib/ipaccess/patches/generic.rb", "lib/ipaccess/patches/net_ftp.rb", "lib/ipaccess/patches/net_http.rb", "lib/ipaccess/patches/net_https.rb", "lib/ipaccess/patches/net_imap.rb", "lib/ipaccess/patches/net_pop.rb", "lib/ipaccess/patches/net_smtp.rb", "lib/ipaccess/patches/net_telnet.rb", "lib/ipaccess/patches/netaddr.rb", "lib/ipaccess/patches/sockets.rb", "lib/ipaccess/socket.rb", "lib/ipaccess/sockets.rb", "spec/ip_access_list_spec.rb", "spec/rcov.opts", "spec/spec.opts", ".gemtest"]
|
16
16
|
s.homepage = "https://rubygems.org/gems/ipaccess"
|
17
17
|
s.rdoc_options = ["--title", "Ipaccess Documentation", "--quiet"]
|
18
18
|
s.require_paths = ["lib"]
|
19
|
+
s.required_ruby_version = Gem::Requirement.new(">= 1.9.2")
|
19
20
|
s.rubyforge_project = "ipaccess"
|
20
21
|
s.rubygems_version = "2.1.11"
|
21
22
|
s.signing_key = "/Users/siefca/.gem/gem-private_key.pem"
|
data/lib/ipaccess/core.rb
CHANGED
@@ -99,7 +99,7 @@ require 'ipaccess/ip_access_set'
|
|
99
99
|
# To properly understand what are the most important structures mentioned above it's worth
|
100
100
|
# to look at the diagram:
|
101
101
|
#
|
102
|
-
# link:images/ipaccess_view.png
|
102
|
+
# link:https://raw.github.com/siefca/IPAccess/master/docs/images/ipaccess_view.png
|
103
103
|
#
|
104
104
|
# == Usage
|
105
105
|
#
|
@@ -175,7 +175,7 @@ require 'ipaccess/ip_access_set'
|
|
175
175
|
# between the IPAccess::TCPSocket class
|
176
176
|
# and other classes from this module:
|
177
177
|
#
|
178
|
-
# link:images/ipaccess_relations.png
|
178
|
+
# link:https://raw.github.com/siefca/IPAccess/master/docs/images/ipaccess_relations.png
|
179
179
|
|
180
180
|
module IPAccess
|
181
181
|
|
@@ -228,19 +228,26 @@ class IPAccess::Net::HTTP
|
|
228
228
|
def acl_recheck
|
229
229
|
# Real code hidden.
|
230
230
|
end
|
231
|
-
|
232
|
-
# :call-seq:
|
233
|
-
# new(address)<br />
|
234
|
-
# new(address, acl) <br />
|
235
|
-
# new(address, port, acl)
|
236
|
-
#
|
231
|
+
|
237
232
|
# Creates a new object for the specified address.
|
238
233
|
# This method does not open the TCP connection.
|
239
234
|
# It optionally sets an access set given as the
|
240
235
|
# last parameter. If parameter is not given it
|
241
236
|
# sets ACL to IPAccess::Set.Global.
|
242
|
-
|
243
|
-
|
237
|
+
#
|
238
|
+
# Flags are symbols that control behavior of IPAccess:
|
239
|
+
#
|
240
|
+
# * +:opened_on_deny+ causes blocking method to leave a socket open when access is denied and a socket was re-checked
|
241
|
+
# * +:check_only_proxy+ causes access checks to be applied only to a proxy server address if a proxy is in use
|
242
|
+
# * +:check_only_real+ causes access check to be applied only to a destination address (and not to proxy server) if a proxy is in use
|
243
|
+
#
|
244
|
+
# @overload new(address)
|
245
|
+
# @overload new(address, acl)
|
246
|
+
# @overload new(address, port, acl)
|
247
|
+
# @overload new(address, acl, *flags)
|
248
|
+
# @overload new(address, port, acl, *flags)
|
249
|
+
|
250
|
+
def initialize(address)
|
244
251
|
# Real code hidden.
|
245
252
|
end
|
246
253
|
|
@@ -247,13 +247,13 @@ module IPAccess
|
|
247
247
|
# how it works you may
|
248
248
|
# look at the workflow diagram:
|
249
249
|
#
|
250
|
-
# link:images/ipaccess_setup_origin.png
|
250
|
+
# link:https://raw.github.com/siefca/IPAccess/master/docs/images/ipaccess_setup_origin.png
|
251
251
|
#
|
252
252
|
# To predict the logic in an easy way
|
253
253
|
# you may also find the input/output states
|
254
254
|
# table useful:
|
255
255
|
#
|
256
|
-
# link:images/ipaccess_setup_origin_tab.png
|
256
|
+
# link:https://raw.github.com/siefca/IPAccess/master/docs/images/ipaccess_setup_origin_tab.png
|
257
257
|
#
|
258
258
|
# After calling this method you may find
|
259
259
|
# a reference to two original objects.
|
@@ -382,7 +382,7 @@ module IPAccess
|
|
382
382
|
# In order to understand this method's logic
|
383
383
|
# properly you may look at the diagram:
|
384
384
|
#
|
385
|
-
# link:images/ipaccess_ac_for_args.png
|
385
|
+
# link:https://raw.github.com/siefca/IPAccess/master/docs/images/ipaccess_ac_for_args.png
|
386
386
|
|
387
387
|
def check(*addresses) # :yields: address, rule, list, addresses, originator
|
388
388
|
return addresses if self.empty?
|
@@ -411,7 +411,7 @@ module IPAccess
|
|
411
411
|
# In order to understand this method's logic
|
412
412
|
# properly you may look at the diagram:
|
413
413
|
#
|
414
|
-
# link:images/ipaccess_ac_for_socket.png
|
414
|
+
# link:https://raw.github.com/siefca/IPAccess/master/docs/images/ipaccess_ac_for_socket.png
|
415
415
|
|
416
416
|
def check_socket(socket, originator=nil) # :yields: address, rule, list, socket, originator
|
417
417
|
if (self.empty? || !socket.respond_to?(:getpeername))
|
@@ -33,15 +33,17 @@ require 'ipaccess/patches/sockets'
|
|
33
33
|
# :stopdoc:
|
34
34
|
|
35
35
|
module IPAccess::Patches::Net
|
36
|
-
|
36
|
+
|
37
37
|
###################################################################
|
38
38
|
# Net::HTTP class with IP access control.
|
39
39
|
# It uses output access lists.
|
40
|
-
|
40
|
+
|
41
41
|
module HTTP
|
42
42
|
|
43
43
|
include IPAccess::Patches::ACL
|
44
44
|
|
45
|
+
IPAC_KNOWN_FLAGS = [:opened_on_deny, :check_only_proxy, :check_only_real].freeze
|
46
|
+
|
45
47
|
def self.included(base)
|
46
48
|
|
47
49
|
marker = (base.name =~ /IPAccess/) ? base.superclass : base
|
@@ -49,7 +51,7 @@ module IPAccess::Patches::Net
|
|
49
51
|
base.instance_variable_set(:@uses_ipaccess, true)
|
50
52
|
|
51
53
|
base.class_eval do
|
52
|
-
|
54
|
+
|
53
55
|
# CLASS METHODS
|
54
56
|
unless (base.name.nil? && base.class.name == "Class")
|
55
57
|
(class << self; self; end).class_eval do
|
@@ -58,24 +60,28 @@ module IPAccess::Patches::Net
|
|
58
60
|
|
59
61
|
# overload HTTP.new() since it's not usual.
|
60
62
|
define_method :new do |address, *args|
|
61
|
-
|
63
|
+
passed_flags = {}
|
64
|
+
args.reject! { |x| x.is_a?(Symbol) && IPAC_KNOWN_FLAGS.include?(x) && passed_flags[x] = true }
|
62
65
|
args.pop if args.last.nil?
|
63
66
|
late_acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
64
67
|
obj = __ipac__orig_new(address, *args)
|
65
68
|
obj.acl = late_acl unless obj.acl == late_acl
|
66
|
-
obj.opened_on_deny
|
69
|
+
obj.opened_on_deny = passed_flags.fetch(:opened_on_deny, ipaccess_defaults.fetch(:opened_on_deny, false) )
|
70
|
+
obj.check_only_proxy = passed_flags.fetch(:check_only_proxy, ipaccess_defaults.fetch(:check_only_proxy, false) )
|
71
|
+
obj.check_only_real = passed_flags.fetch(:check_only_real, ipaccess_defaults.fetch(:check_only_real, false) )
|
67
72
|
return obj
|
68
73
|
end
|
69
|
-
|
74
|
+
|
70
75
|
# overwrite HTTP.start()
|
71
76
|
define_method :__ipacall__start do |block, address, *args|
|
72
|
-
|
77
|
+
passed_flags = []
|
78
|
+
args.reject! { |x| x.is_a?(Symbol) && IPAC_KNOWN_FLAGS.include?(x) && passed_flags << x }
|
73
79
|
args.pop if args.last.nil?
|
74
80
|
acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
75
81
|
port, p_addr, p_port, p_user, p_pass = *args
|
76
|
-
new(address, port, p_addr, p_port, p_user, p_pass, acl,
|
82
|
+
new(address, port, p_addr, p_port, p_user, p_pass, acl, *passed_flags).start(&block)
|
77
83
|
end
|
78
|
-
|
84
|
+
|
79
85
|
# block passing wrapper for Ruby 1.8
|
80
86
|
def start(*args, &block)
|
81
87
|
__ipacall__start(block, *args)
|
@@ -83,56 +89,81 @@ module IPAccess::Patches::Net
|
|
83
89
|
|
84
90
|
# overwrite HTTP.get_response()
|
85
91
|
define_method :__ipacall__get_response do |block, uri_or_host, *args|
|
86
|
-
|
92
|
+
passed_flags = []
|
93
|
+
args.reject! { |x| x.is_a?(Symbol) && IPAC_KNOWN_FLAGS.include?(x) && passed_flags << x }
|
87
94
|
args.pop if args.last.nil?
|
88
95
|
late_acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
89
96
|
path, port = *args
|
90
97
|
if path
|
91
98
|
host = uri_or_host
|
92
|
-
new(host, (port || Net::HTTP.default_port), late_acl,
|
99
|
+
new(host, (port || Net::HTTP.default_port), late_acl, *passed_flags).start { |http|
|
93
100
|
return http.request_get(path, &block)
|
94
101
|
}
|
95
102
|
else
|
96
103
|
uri = uri_or_host
|
97
|
-
new(uri.host, uri.port, late_acl,
|
104
|
+
new(uri.host, uri.port, late_acl, *passed_flags).start { |http|
|
98
105
|
return http.request_get(uri.request_uri, &block)
|
99
106
|
}
|
100
107
|
end
|
101
108
|
end
|
102
|
-
|
109
|
+
|
103
110
|
# block passing wrapper for Ruby 1.8
|
104
111
|
def get_response(*args, &block)
|
105
112
|
__ipacall__get_response(block, *args)
|
106
113
|
end
|
107
|
-
|
114
|
+
|
115
|
+
# this allows to initialize defaults
|
116
|
+
def ipaccess_defaults
|
117
|
+
@ipaccess_defaults ||= {
|
118
|
+
:opened_on_deny => false,
|
119
|
+
:check_only_proxy => false,
|
120
|
+
:check_only_real => false
|
121
|
+
}
|
122
|
+
end
|
123
|
+
|
124
|
+
# this allows to set defaults
|
125
|
+
def ipaccess_defaults=(vals)
|
126
|
+
ipaccess_defaults.merge!(vals)
|
127
|
+
end
|
128
|
+
|
108
129
|
end
|
109
|
-
|
130
|
+
|
110
131
|
end # class methods
|
111
|
-
|
132
|
+
|
133
|
+
attr_accessor :check_only_proxy, :check_only_real
|
134
|
+
|
112
135
|
orig_initialize = self.instance_method :initialize
|
113
136
|
orig_conn_address = self.instance_method :conn_address
|
114
137
|
orig_on_connect = self.instance_method :on_connect
|
115
|
-
|
138
|
+
orig_connect = self.instance_method :connect
|
139
|
+
|
116
140
|
# initialize on steroids.
|
117
141
|
define_method :__ipacall__initialize do |block, *args|
|
118
|
-
@opened_on_deny
|
142
|
+
@opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
|
143
|
+
@check_only_proxy = !!args.reject! { |x| x.is_a?(Symbol) && x == :check_only_proxy }
|
144
|
+
@check_only_real = !!args.reject! { |x| x.is_a?(Symbol) && x == :check_only_real }
|
145
|
+
if self.class.respond_to?(:ipaccess_defaults)
|
146
|
+
@opened_on_deny ||= self.class.ipaccess_defaults.fetch(:opened_on_deny, false)
|
147
|
+
@check_only_proxy ||= self.class.ipaccess_defaults.fetch(:check_only_proxy, false)
|
148
|
+
@check_only_real ||= self.class.ipaccess_defaults.fetch(:check_only_real, false)
|
149
|
+
end
|
119
150
|
args.pop if args.last.nil?
|
120
151
|
self.acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
|
121
152
|
orig_initialize.bind(self).call(*args, &block)
|
122
153
|
end
|
123
|
-
|
154
|
+
|
124
155
|
# block passing wrapper for Ruby 1.8
|
125
156
|
def initialize(*args, &block)
|
126
157
|
__ipacall__initialize(block, *args)
|
127
158
|
end
|
128
|
-
|
159
|
+
|
129
160
|
# on_connect on steroids.
|
130
161
|
define_method :on_connect do
|
131
|
-
acl_recheck # check address
|
162
|
+
acl_recheck # check address from socket to be sure
|
132
163
|
orig_on_connect.bind(self).call
|
133
164
|
end
|
134
165
|
private :on_connect
|
135
|
-
|
166
|
+
|
136
167
|
# conn_address on steroids.
|
137
168
|
define_method :conn_address do
|
138
169
|
addr = orig_conn_address.bind(self).call
|
@@ -141,31 +172,43 @@ module IPAccess::Patches::Net
|
|
141
172
|
return ipaddr
|
142
173
|
end
|
143
174
|
private :conn_address
|
144
|
-
|
175
|
+
|
176
|
+
# connect on steroids.
|
177
|
+
define_method :connect do
|
178
|
+
if proxy? && !check_only_real
|
179
|
+
ipaddr = ::TCPSocket.getaddress(proxy_address)
|
180
|
+
real_acl.output.check_ipstring(ipaddr, self)
|
181
|
+
return orig_connect.bind(self).call if check_only_proxy
|
182
|
+
end
|
183
|
+
ipaddr = ::TCPSocket.getaddress(address)
|
184
|
+
real_acl.output.check_ipstring(ipaddr, self)
|
185
|
+
orig_connect.bind(self).call
|
186
|
+
end
|
187
|
+
private :connect
|
188
|
+
|
145
189
|
# This method returns default access list indicator
|
146
190
|
# used by protected object; in this case it's +:output+.
|
147
191
|
define_method :default_list do
|
148
192
|
:output
|
149
193
|
end
|
150
|
-
|
194
|
+
|
151
195
|
# this hook will be called each time @acl is reassigned
|
152
196
|
define_method :acl_recheck do
|
153
197
|
try_arm_and_check_socket @socket
|
154
198
|
nil
|
155
199
|
end
|
156
|
-
|
200
|
+
|
157
201
|
# this hook terminates connection
|
158
202
|
define_method :terminate do
|
159
203
|
self.finish if self.started?
|
160
204
|
end
|
161
|
-
|
205
|
+
|
162
206
|
end # base.class_eval
|
163
207
|
|
164
208
|
end # self.included
|
165
|
-
|
209
|
+
|
166
210
|
end # module HTTP
|
167
|
-
|
211
|
+
|
168
212
|
end # module IPAccess::Patches
|
169
213
|
|
170
214
|
# :startdoc:
|
171
|
-
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ipaccess
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.2.
|
4
|
+
version: 1.2.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Paweł Wilk
|
@@ -28,7 +28,7 @@ cert_chain:
|
|
28
28
|
rNombKmtHC0ASsAPzFZnw/+W2b73UATwnH0dZKm2TTZT5HeSqXnFUu9gH6MtI/S+
|
29
29
|
VfsAlLTm8uSWA3CjR1dJYgRUp8tYQxwNwMv5IV1Fky9p8NKSU233lhBSOUJcrA==
|
30
30
|
-----END CERTIFICATE-----
|
31
|
-
date: 2013-12-
|
31
|
+
date: 2013-12-26 00:00:00.000000000 Z
|
32
32
|
dependencies:
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: netaddr
|
@@ -266,7 +266,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
266
266
|
requirements:
|
267
267
|
- - '>='
|
268
268
|
- !ruby/object:Gem::Version
|
269
|
-
version:
|
269
|
+
version: 1.9.2
|
270
270
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
271
271
|
requirements:
|
272
272
|
- - '>='
|
metadata.gz.sig
CHANGED
Binary file
|