Module: IPAccess::Patches::ACL
- Included in:
- Net::FTP, Net::HTTP, Net::IMAP, Net::POP3, Net::SMTP, Net::Telnet, SOCKSocket, Socket, TCPServer, TCPSocket, UDPSocket
- Defined in:
- lib/ipaccess/patches/generic.rb,
lib/ipaccess/patches/sockets.rb
Overview
Helper methods for easy checking and arming sockets.
Instance Attribute Summary collapse
-
#acl ⇒ Object
(also: #access)
Returns the value of attribute acl.
-
#opened_on_deny ⇒ Object
Setting it to
false
disables closing connection when raising access denied exception.
Instance Method Summary collapse
-
#__ipa_wrap_socket_call(*args, &block) ⇒ Object
protected
This method is used to safely pass an eventual exception and fill its useables field with a current object.
-
#acl_recheck ⇒ Object
This method should be called each time the access set related to an object is changed and there is a need to validate remote peer again, since it might be blacklisted.
-
#blacklist(*addresses) ⇒ Object
(also: #add_black, #deny, #block)
This method blacklists IP address(-es) in the input or output access list selected by the list argument (
:input
or:output
). -
#blacklist!(*addresses) ⇒ Object
(also: #add_black!, #deny!, #block!)
This method blacklists IP address(-es) in the input or output access list selected by the list argument (
:input
or:output
). -
#blacklist_reasonable(reason, *addresses) ⇒ Object
This method works like blacklist but allows to set reason.
-
#blacklist_reasonable!(reason, *addresses) ⇒ Object
This method works like blacklist! but allows to set reason.
- #close_on_deny ⇒ Object
-
#close_on_deny=(x) ⇒ Object
Setting it to
true
disables closing connection when raising access denied exception. -
#default_list ⇒ Object
This method returns default access list indicator used by protected object; usually
:input
or:output
. -
#terminate ⇒ Object
This method is universal wrapper for closing connection.
-
#unblacklist(*addresses) ⇒ Object
(also: #unblack, #undeny, #unblock, #del_black)
This method removes blacklisted IP address(-es) from the input or output access list selected by the list argument (
:input
or:output
). -
#unblacklist!(*addresses) ⇒ Object
(also: #unblack!, #undeny!, #unblock!, #del_black!)
This method removes blacklisted IP address(-es) from the input or output access list selected by the list argument (
:input
or:output
). -
#unwhitelist(*addresses) ⇒ Object
(also: #unwhite, #del_white, #unallow, #unpermit)
This method removes whitelisted IP address(-es) from the input or output access list selected by the list argument (
:input
or:output
). -
#unwhitelist!(*addresses) ⇒ Object
(also: #unwhite!, #del_white!, #unallow!, #unpermit!)
This method removes whitelisted IP address(-es) from the input or output access list selected by the list argument (
:input
or:output
). -
#valid_acl?(obj) ⇒ Boolean
This method returns
true
if the given object can be used to initialize ACL. -
#whitelist(*addresses) ⇒ Object
(also: #add_white, #allow, #permit)
This method whitelists IP address(-es) in the input or output access list selected by the list argument (
:input
or:output
). -
#whitelist!(*addresses) ⇒ Object
(also: #add_white!, #allow!, #permit!)
This method whitelists IP address(-es) in the input or output access list selected by the list argument (
:input
or:output
). -
#whitelist_reasonable(reason, *addresses) ⇒ Object
This method works like whitelist but allows to set reason.
-
#whitelist_reasonable!(*addresses) ⇒ Object
This method works like whitelist! but allows to set reason.
Instance Attribute Details
#acl ⇒ Object Also known as: access
Returns the value of attribute acl.
327 328 329 |
# File 'lib/ipaccess/patches/generic.rb', line 327 def acl @acl end |
#opened_on_deny ⇒ Object
Setting it to false
disables closing connection when raising access denied exception
720 721 722 |
# File 'lib/ipaccess/patches/generic.rb', line 720 def opened_on_deny @opened_on_deny end |
Instance Method Details
#__ipa_wrap_socket_call(*args, &block) ⇒ Object (protected)
This method is used to safely pass an eventual exception and fill its useables field with a current object.
244 245 246 |
# File 'lib/ipaccess/patches/generic.rb', line 244 def __ipa_wrap_socket_call(*args, &block) IPAccess.take_care(self, *args, &block) end |
#acl_recheck ⇒ Object
This method should be called each time the access set related to an object is changed and there is a need to validate remote peer again, since it might be blacklisted.
Each class that patches Ruby’s network class should redefine this method and call it in a proper place (e.g. from hook executed when singleton methods are added to network object).
310 311 312 |
# File 'lib/ipaccess/patches/generic.rb', line 310 def acl_recheck ; end |
#blacklist(*addresses) ⇒ Object #blacklist(list, *addresses) ⇒ Object Also known as: add_black, deny, block
This method blacklists IP address(-es) in the input or output access list selected by the list argument (:input
or :output
). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any whitelisted item.
It will return the result of calling IPAccess::List#blacklist on the list.
This method won’t allow you to modify the list if the global access set is associated with an object. You may operate on IPAccess::Set.Global or use blacklist! instead.
Revalidation
After modyfing access set current connection is validated again to avoid access leaks.
DNS Warning
You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.
559 560 561 562 563 564 |
# File 'lib/ipaccess/patches/generic.rb', line 559 def blacklist(*addresses) aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list r = @acl.send(aclist).blacklist(*addresses) self.acl_recheck return r end |
#blacklist!(*addresses) ⇒ Object #blacklist!(list, *addresses) ⇒ Object Also known as: add_black!, deny!, block!
This method blacklists IP address(-es) in the input or output access list selected by the list argument (:input
or :output
). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any whitelisted item.
It will return the result of calling IPAccess::List#blacklist on the list.
This method will allow you to modify the list even if the global access set is used by object.
Revalidation
After modyfing access set current connection is validated again to avoid access leaks.
DNS Warning
You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.
610 611 612 613 614 615 |
# File 'lib/ipaccess/patches/generic.rb', line 610 def blacklist!(*addresses) aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list r = real_acl.send(aclist).blacklist(*addresses) self.acl_recheck return r end |
#blacklist_reasonable(reason, *addresses) ⇒ Object
This method works like blacklist but allows to set reason.
573 574 575 576 577 578 |
# File 'lib/ipaccess/patches/generic.rb', line 573 def blacklist_reasonable(reason, *addresses) aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list r = @acl.send(aclist).blacklist_reasonable(reason, *addresses) self.acl_recheck return r end |
#blacklist_reasonable!(reason, *addresses) ⇒ Object
This method works like blacklist! but allows to set reason.
624 625 626 627 628 629 |
# File 'lib/ipaccess/patches/generic.rb', line 624 def blacklist_reasonable!(reason, *addresses) aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list r = real_acl.send(aclist).blacklist(reason, *addresses) self.acl_recheck return r end |
#close_on_deny ⇒ Object
729 730 731 |
# File 'lib/ipaccess/patches/generic.rb', line 729 def close_on_deny not self.open_on_deny end |
#close_on_deny=(x) ⇒ Object
Setting it to true
disables closing connection when raising access denied exception
725 726 727 |
# File 'lib/ipaccess/patches/generic.rb', line 725 def close_on_deny=(x) self.open_on_deny = !x end |
#default_list ⇒ Object
This method returns default access list indicator used by protected object; usually :input
or :output
.
335 |
# File 'lib/ipaccess/patches/generic.rb', line 335 def default_list; :output end |
#terminate ⇒ Object
This method is universal wrapper for closing connection. Classes should override it.
737 738 739 |
# File 'lib/ipaccess/patches/generic.rb', line 737 def terminate self.close unless self.closed? end |
#unblacklist(*addresses) ⇒ Object #unblacklist(list, *addresses) ⇒ Object Also known as: unblack, undeny, unblock, del_black
This method removes blacklisted IP address(-es) from the input or output access list selected by the list argument (:input
or :output
). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any whitelisted item.
It will return the result of calling IPAccess::List#unblacklist on the list.
This method won’t allow you to modify the list if the global access set is associated with an object. You may operate on IPAccess::Set.Global or use unwhitelist! instead.
Revalidation
After modyfing access set current connection is validated again to avoid access leaks.
DNS Warning
You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.
663 664 665 666 667 668 |
# File 'lib/ipaccess/patches/generic.rb', line 663 def unblacklist(*addresses) aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list r = @acl.send(aclist).unblacklist(*addresses) self.acl_recheck return r end |
#unblacklist!(*addresses) ⇒ Object #unblacklist!(list, *addresses) ⇒ Object Also known as: unblack!, undeny!, unblock!, del_black!
This method removes blacklisted IP address(-es) from the input or output access list selected by the list argument (:input
or :output
). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any whitelisted item.
It will return the result of calling IPAccess::List#unblacklist on the list.
This method will allow you to modify the list even if the global access set is used by object.
Revalidation
After modyfing access set current connection is validated again to avoid access leaks.
DNS Warning
You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.
705 706 707 708 709 710 |
# File 'lib/ipaccess/patches/generic.rb', line 705 def unblacklist!(*addresses) aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list r = real_acl.send(aclist).unblacklist(*addresses) self.acl_recheck return r end |
#unwhitelist(*addresses) ⇒ Object #unwhitelist(list, *addresses) ⇒ Object Also known as: unwhite, del_white, unallow, unpermit
This method removes whitelisted IP address(-es) from the input or output access list selected by the list argument (:input
or :output
). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any blacklisted item.
It will return the result of calling IPAccess::List#unwhitelist on the list.
This method won’t allow you to modify the list if the global access set is associated with an object. You may operate on IPAccess::Set.Global or use unwhitelist! instead.
Revalidation
After modyfing access set current connection is validated again to avoid access leaks.
DNS Warning
You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.
473 474 475 476 477 478 |
# File 'lib/ipaccess/patches/generic.rb', line 473 def unwhitelist(*addresses) aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list r = @acl.send(aclist).unwhitelist(*addresses) self.acl_recheck return r end |
#unwhitelist!(*addresses) ⇒ Object #unwhitelist!(list, *addresses) ⇒ Object Also known as: unwhite!, del_white!, unallow!, unpermit!
This method removes whitelisted IP address(-es) from the input or output access list selected by the list argument (:input
or :output
). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any blacklisted item.
It will return the result of calling IPAccess::List#unwhitelist on the list.
This method will allow you to modify the list even if the global access set is used by object.
Revalidation
After modyfing access set current connection is validated again to avoid access leaks.
DNS Warning
You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.
515 516 517 518 519 520 |
# File 'lib/ipaccess/patches/generic.rb', line 515 def unwhitelist!(*addresses) aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list r = real_acl.send(aclist).unwhitelist(*addresses) self.acl_recheck return r end |
#valid_acl?(obj) ⇒ Boolean
This method returns true
if the given object can be used to initialize ACL. Otherwise it returns false
.
298 299 300 |
# File 'lib/ipaccess/patches/generic.rb', line 298 def valid_acl?(obj) IPAccess.valid_acl?(obj) end |
#whitelist(*addresses) ⇒ Object #whitelist(list, *addresses) ⇒ Object Also known as: add_white, allow, permit
This method whitelists IP address(-es) in the input or output access list selected by the list argument (:input
or :output
). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any blacklisted item.
It will return the result of calling IPAccess::List#whitelist on the list.
This method won’t allow you to modify the list if the global access set is associated with an object. You may operate on IPAccess::Set.Global or use whitelist! instead.
Revalidation
After modyfing access set current connection is validated again to avoid access leaks.
DNS Warning
You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.
369 370 371 372 373 374 |
# File 'lib/ipaccess/patches/generic.rb', line 369 def whitelist(*addresses) aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list r = @acl.send(aclist).whitelist(*addresses) self.acl_recheck return r end |
#whitelist!(*addresses) ⇒ Object #whitelist!(list, *addresses) ⇒ Object Also known as: add_white!, allow!, permit!
This method whitelists IP address(-es) in the input or output access list selected by the list argument (:input
or :output
). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any blacklisted item.
It will return the result of calling IPAccess::List#whitelist on the list.
This method will allow you to modify the list even if the global access set is used by object.
Revalidation
After modyfing access set current connection is validated again to avoid access leaks.
DNS Warning
You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.
420 421 422 423 424 425 |
# File 'lib/ipaccess/patches/generic.rb', line 420 def whitelist!(*addresses) aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list r = real_acl.send(aclist).whitelist(*addresses) self.acl_recheck return r end |
#whitelist_reasonable(reason, *addresses) ⇒ Object
This method works like whitelist but allows to set reason.
383 384 385 386 387 388 |
# File 'lib/ipaccess/patches/generic.rb', line 383 def whitelist_reasonable(reason, *addresses) aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list r = @acl.send(aclist).whitelist_reasonable(reason, *addresses) self.acl_recheck return r end |
#whitelist_reasonable!(*addresses) ⇒ Object
This method works like whitelist! but allows to set reason.
434 435 436 437 438 439 |
# File 'lib/ipaccess/patches/generic.rb', line 434 def whitelist_reasonable!(*addresses) aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list r = real_acl.send(aclist).whitelist_reasonable(reason, *addresses) self.acl_recheck return r end |