Module: IPAccess::Patches::ACL

Included in:

Net::FTP, Net::HTTP, Net::IMAP, Net::POP3, Net::SMTP, Net::Telnet, SOCKSocket, Socket, TCPServer, TCPSocket, UDPSocket

Defined in:

lib/ipaccess/patches/generic.rb,
lib/ipaccess/patches/sockets.rb

Overview

Helper methods for easy checking and arming sockets.

Instance Attribute Summary

• #acl ⇒ Object (also: #access)

  Returns the value of attribute acl.

• #opened_on_deny ⇒ Object

  Setting it to false disables closing connection when raising access denied exception.

Instance Method Summary

• #__ipa_wrap_socket_call(*args, &block) ⇒ Object protected

  This method is used to safely pass an eventual exception and fill its useables field with a current object.

• #acl_recheck ⇒ Object

  This method should be called each time the access set related to an object is changed and there is a need to validate remote peer again, since it might be blacklisted.

• #blacklist(*addresses) ⇒ Object (also: #add_black, #deny, #block)

  This method blacklists IP address(-es) in the input or output access list selected by the list argument (:input or :output).

• #blacklist!(*addresses) ⇒ Object (also: #add_black!, #deny!, #block!)

  This method blacklists IP address(-es) in the input or output access list selected by the list argument (:input or :output).

• #blacklist_reasonable(reason, *addresses) ⇒ Object

  This method works like blacklist but allows to set reason.

• #blacklist_reasonable!(reason, *addresses) ⇒ Object

  This method works like blacklist! but allows to set reason.

• #close_on_deny ⇒ Object
• #close_on_deny=(x) ⇒ Object

  Setting it to true disables closing connection when raising access denied exception.

• #default_list ⇒ Object

  This method returns default access list indicator used by protected object; usually :input or :output.

• #terminate ⇒ Object

  This method is universal wrapper for closing connection.

• #unblacklist(*addresses) ⇒ Object (also: #unblack, #undeny, #unblock, #del_black)

  This method removes blacklisted IP address(-es) from the input or output access list selected by the list argument (:input or :output).

• #unblacklist!(*addresses) ⇒ Object (also: #unblack!, #undeny!, #unblock!, #del_black!)

  This method removes blacklisted IP address(-es) from the input or output access list selected by the list argument (:input or :output).

• #unwhitelist(*addresses) ⇒ Object (also: #unwhite, #del_white, #unallow, #unpermit)

  This method removes whitelisted IP address(-es) from the input or output access list selected by the list argument (:input or :output).

• #unwhitelist!(*addresses) ⇒ Object (also: #unwhite!, #del_white!, #unallow!, #unpermit!)

  This method removes whitelisted IP address(-es) from the input or output access list selected by the list argument (:input or :output).

• #valid_acl?(obj) ⇒ Boolean

  This method returns true if the given object can be used to initialize ACL.

• #whitelist(*addresses) ⇒ Object (also: #add_white, #allow, #permit)

  This method whitelists IP address(-es) in the input or output access list selected by the list argument (:input or :output).

• #whitelist!(*addresses) ⇒ Object (also: #add_white!, #allow!, #permit!)

  This method whitelists IP address(-es) in the input or output access list selected by the list argument (:input or :output).

• #whitelist_reasonable(reason, *addresses) ⇒ Object

  This method works like whitelist but allows to set reason.

• #whitelist_reasonable!(*addresses) ⇒ Object

  This method works like whitelist! but allows to set reason.

Instance Attribute Details

#acl ⇒ Object Also known as: access

Returns the value of attribute acl.

# File 'lib/ipaccess/patches/generic.rb', line 327

def acl
  @acl
end

#opened_on_deny ⇒ Object

Setting it to false disables closing connection when raising access denied exception

# File 'lib/ipaccess/patches/generic.rb', line 720

def opened_on_deny
  @opened_on_deny
end

Instance Method Details

#__ipa_wrap_socket_call(*args, &block) ⇒ Object (protected)

This method is used to safely pass an eventual exception and fill its useables field with a current object.

# File 'lib/ipaccess/patches/generic.rb', line 244

def __ipa_wrap_socket_call(*args, &block)
  IPAccess.take_care(self, *args, &block)
end

#acl_recheck ⇒ Object

This method should be called each time the access set related to an object is changed and there is a need to validate remote peer again, since it might be blacklisted.

Each class that patches Ruby’s network class should redefine this method and call it in a proper place (e.g. from hook executed when singleton methods are added to network object).

# File 'lib/ipaccess/patches/generic.rb', line 310

def acl_recheck
  ;
end

#blacklist(*addresses) ⇒ Object #blacklist(list, *addresses) ⇒ Object Also known as: add_black, deny, block

This method blacklists IP address(-es) in the input or output access list selected by the list argument (:input or :output). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any whitelisted item.

It will return the result of calling IPAccess::List#blacklist on the list.

This method won’t allow you to modify the list if the global access set is associated with an object. You may operate on IPAccess::Set.Global or use blacklist! instead.

Revalidation

After modyfing access set current connection is validated again to avoid access leaks.

DNS Warning

You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.

# File 'lib/ipaccess/patches/generic.rb', line 559

def blacklist(*addresses)
  aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
  r = @acl.send(aclist).blacklist(*addresses)
  self.acl_recheck
  return r
end

#blacklist!(*addresses) ⇒ Object #blacklist!(list, *addresses) ⇒ Object Also known as: add_black!, deny!, block!

This method blacklists IP address(-es) in the input or output access list selected by the list argument (:input or :output). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any whitelisted item.

It will return the result of calling IPAccess::List#blacklist on the list.

This method will allow you to modify the list even if the global access set is used by object.

Revalidation

After modyfing access set current connection is validated again to avoid access leaks.

DNS Warning

You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.

# File 'lib/ipaccess/patches/generic.rb', line 610

def blacklist!(*addresses)
  aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
  r = real_acl.send(aclist).blacklist(*addresses)
  self.acl_recheck
  return r
end

#blacklist_reasonable(reason, *addresses) ⇒ Object

This method works like blacklist but allows to set reason.

# File 'lib/ipaccess/patches/generic.rb', line 573

def blacklist_reasonable(reason, *addresses)
  aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
  r = @acl.send(aclist).blacklist_reasonable(reason, *addresses)
  self.acl_recheck
  return r
end

#blacklist_reasonable!(reason, *addresses) ⇒ Object

This method works like blacklist! but allows to set reason.

# File 'lib/ipaccess/patches/generic.rb', line 624

def blacklist_reasonable!(reason, *addresses)
  aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
  r = real_acl.send(aclist).blacklist(reason, *addresses)
  self.acl_recheck
  return r
end

#close_on_deny ⇒ Object

# File 'lib/ipaccess/patches/generic.rb', line 729

def close_on_deny
  not self.open_on_deny
end

#close_on_deny=(x) ⇒ Object

Setting it to true disables closing connection when raising access denied exception

# File 'lib/ipaccess/patches/generic.rb', line 725

def close_on_deny=(x)
  self.open_on_deny = !x
end

#default_list ⇒ Object

This method returns default access list indicator used by protected object; usually :input or :output.

# File 'lib/ipaccess/patches/generic.rb', line 335

def default_list; :output end

#terminate ⇒ Object

This method is universal wrapper for closing connection. Classes should override it.

# File 'lib/ipaccess/patches/generic.rb', line 737

def terminate
  self.close unless self.closed?
end

#unblacklist(*addresses) ⇒ Object #unblacklist(list, *addresses) ⇒ Object Also known as: unblack, undeny, unblock, del_black

This method removes blacklisted IP address(-es) from the input or output access list selected by the list argument (:input or :output). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any whitelisted item.

It will return the result of calling IPAccess::List#unblacklist on the list.

This method won’t allow you to modify the list if the global access set is associated with an object. You may operate on IPAccess::Set.Global or use unwhitelist! instead.

Revalidation

After modyfing access set current connection is validated again to avoid access leaks.

DNS Warning

You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.

# File 'lib/ipaccess/patches/generic.rb', line 663

def unblacklist(*addresses)
  aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
  r = @acl.send(aclist).unblacklist(*addresses)
  self.acl_recheck
  return r
end

#unblacklist!(*addresses) ⇒ Object #unblacklist!(list, *addresses) ⇒ Object Also known as: unblack!, undeny!, unblock!, del_black!

This method removes blacklisted IP address(-es) from the input or output access list selected by the list argument (:input or :output). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any whitelisted item.

It will return the result of calling IPAccess::List#unblacklist on the list.

This method will allow you to modify the list even if the global access set is used by object.

Revalidation

After modyfing access set current connection is validated again to avoid access leaks.

DNS Warning

You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.

# File 'lib/ipaccess/patches/generic.rb', line 705

def unblacklist!(*addresses)
  aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
  r = real_acl.send(aclist).unblacklist(*addresses)
  self.acl_recheck
  return r
end

#unwhitelist(*addresses) ⇒ Object #unwhitelist(list, *addresses) ⇒ Object Also known as: unwhite, del_white, unallow, unpermit

This method removes whitelisted IP address(-es) from the input or output access list selected by the list argument (:input or :output). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any blacklisted item.

It will return the result of calling IPAccess::List#unwhitelist on the list.

This method won’t allow you to modify the list if the global access set is associated with an object. You may operate on IPAccess::Set.Global or use unwhitelist! instead.

Revalidation

After modyfing access set current connection is validated again to avoid access leaks.

DNS Warning

You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.

# File 'lib/ipaccess/patches/generic.rb', line 473

def unwhitelist(*addresses)
  aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
  r = @acl.send(aclist).unwhitelist(*addresses)
  self.acl_recheck
  return r
end

#unwhitelist!(*addresses) ⇒ Object #unwhitelist!(list, *addresses) ⇒ Object Also known as: unwhite!, del_white!, unallow!, unpermit!

This method removes whitelisted IP address(-es) from the input or output access list selected by the list argument (:input or :output). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any blacklisted item.

It will return the result of calling IPAccess::List#unwhitelist on the list.

This method will allow you to modify the list even if the global access set is used by object.

Revalidation

After modyfing access set current connection is validated again to avoid access leaks.

DNS Warning

You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.

# File 'lib/ipaccess/patches/generic.rb', line 515

def unwhitelist!(*addresses)
  aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
  r = real_acl.send(aclist).unwhitelist(*addresses)
  self.acl_recheck
  return r
end

#valid_acl?(obj) ⇒ Boolean

This method returns true if the given object can be used to initialize ACL. Otherwise it returns false.

Returns:

• (Boolean)

# File 'lib/ipaccess/patches/generic.rb', line 298

def valid_acl?(obj)
  IPAccess.valid_acl?(obj)
end

#whitelist(*addresses) ⇒ Object #whitelist(list, *addresses) ⇒ Object Also known as: add_white, allow, permit

This method whitelists IP address(-es) in the input or output access list selected by the list argument (:input or :output). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any blacklisted item.

It will return the result of calling IPAccess::List#whitelist on the list.

This method won’t allow you to modify the list if the global access set is associated with an object. You may operate on IPAccess::Set.Global or use whitelist! instead.

Revalidation

After modyfing access set current connection is validated again to avoid access leaks.

DNS Warning

You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.

# File 'lib/ipaccess/patches/generic.rb', line 369

def whitelist(*addresses)
  aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
  r = @acl.send(aclist).whitelist(*addresses)
  self.acl_recheck
  return r
end

#whitelist!(*addresses) ⇒ Object #whitelist!(list, *addresses) ⇒ Object Also known as: add_white!, allow!, permit!

This method whitelists IP address(-es) in the input or output access list selected by the list argument (:input or :output). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any blacklisted item.

It will return the result of calling IPAccess::List#whitelist on the list.

This method will allow you to modify the list even if the global access set is used by object.

Revalidation

After modyfing access set current connection is validated again to avoid access leaks.

DNS Warning

You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.

# File 'lib/ipaccess/patches/generic.rb', line 420

def whitelist!(*addresses)
  aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
  r = real_acl.send(aclist).whitelist(*addresses)
  self.acl_recheck
  return r
end

#whitelist_reasonable(reason, *addresses) ⇒ Object

This method works like whitelist but allows to set reason.

# File 'lib/ipaccess/patches/generic.rb', line 383

def whitelist_reasonable(reason, *addresses)
  aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
  r = @acl.send(aclist).whitelist_reasonable(reason, *addresses)
  self.acl_recheck
  return r
end

#whitelist_reasonable!(*addresses) ⇒ Object

This method works like whitelist! but allows to set reason.

# File 'lib/ipaccess/patches/generic.rb', line 434

def whitelist_reasonable!(*addresses)
  aclist = ( addresses.first.is_a?(Symbol) && [:input,:output].include?(addresses.first) ) ? addresses.shift : self.default_list
  r = real_acl.send(aclist).whitelist_reasonable(reason, *addresses)
  self.acl_recheck
  return r
end