Exception: IPAccessDenied

Inherits:

SecurityError

• Object
• SecurityError
• IPAccessDenied

Defined in:

lib/ipaccess/ip_access_errors.rb

Overview

This class handles IP access denied exceptions.

Example

require 'ipaccess/sockets'

begin

  IPAccess::Set::Global.input.blacklist :local, :private
  s = IPAccess::TCPServer.new(31337)
  s.opened_on_deny = true

  puts "\nnow use terminal and issue: telnet 127.0.0.1 31337\n"
  n  = s.accept

rescue IPAccessDenied => e

  puts "Message:\t#{e.message}"
  puts
  puts "ACL:\t\t#{e.acl}"
  puts "Exception:\t#{e.inspect}"
  puts "Remote IP:\t#{e.peer_ip} (#{e.peer_ip_short})"
  puts "Rule:\t\t#{e.rule} (#{e.rule_short})"
  puts "Originator:\t#{e.originator}"
  puts "CIDR's Origin:\t#{e.peer_ip.tag[:Originator]}\n\n"

  unless e.originator.closed?
    e.originator.write("Access denied!!!\n\r\n\r")
    e.originator.close
  end
end

Direct Known Subclasses

Input, Output

Defined Under Namespace

Classes: Aggregate, Input, Output

Instance Attribute Summary

• #acl ⇒ Object readonly

  Access set that was used to check access.

• #originator ⇒ Object

  Object passed during raising an exception.

• #peer_ip ⇒ Object readonly

  Remote address that caused an exceotion to happend as an NetAddr::CIDR object.

• #rule ⇒ Object readonly

  Access list’s rule that matched as an NetAddr::CIDR object.

• #socket ⇒ Object readonly

  Socket object associated with an exception.

Instance Method Summary

• #access_set ⇒ Object

  Returns string representation of access set name rule.

• #access_set_desc ⇒ Object protected

  Returns string representation of access set name rule.

• #initialize(addr, rule = nil, acl = nil, obj = nil, socket = nil) ⇒ IPAccessDenied constructor

  Creates new object.

• #message ⇒ Object

  Returns an error message.

• #peer_ip_short ⇒ Object

  Returns string representation of an IP address in short version.

• #reason ⇒ Object

  Returns a string representing a reason of adding to a black list or nil if there was no reason given.

• #reason_desc ⇒ Object protected

  This returns reason but will return an empty string instead of nil if something will go wrong.

• #rule_desc ⇒ Object protected

  Returns string representation of a rule with prefix.

• #rule_short ⇒ Object

  Returns string representation of a rule in short version.

• #show ⇒ Object

  This method returns a string containing all important attributes of an exception.

• #to_s ⇒ Object

  Returns the result of calling peer_ip_short.

Constructor Details

#initialize(addr, rule = nil, acl = nil, obj = nil, socket = nil) ⇒ IPAccessDenied

Creates new object. First argument should be a NetAddr::CIDR object containing address of denied connection. Second argument should be a CIDR rule that matched. Third argument should be an IPAccess::Set object. Last argument should be an object that will be passed to exception as object member – usualy it should be set to object that caused the exception to happend.

# File 'lib/ipaccess/ip_access_errors.rb', line 96

def initialize(addr, rule=nil, acl=nil, obj=nil, socket=nil)
  @peer_ip    = addr
  @rule       = rule
  @acl        = acl
  @originator = obj
  @socket     = socket
end

Instance Attribute Details

#acl ⇒ Object (readonly)

Access set that was used to check access.

# File 'lib/ipaccess/ip_access_errors.rb', line 84

def acl
  @acl
end

#originator ⇒ Object

Object passed during raising an exception. Usually a network object that is used to communicate with a prohibited peer.

# File 'lib/ipaccess/ip_access_errors.rb', line 63

def originator
  @originator
end

#peer_ip ⇒ Object (readonly)

Remote address that caused an exceotion to happend as an NetAddr::CIDR object

# File 'lib/ipaccess/ip_access_errors.rb', line 74

def peer_ip
  @peer_ip
end

#rule ⇒ Object (readonly)

Access list’s rule that matched as an NetAddr::CIDR object.

# File 'lib/ipaccess/ip_access_errors.rb', line 68

def rule
  @rule
end

#socket ⇒ Object (readonly)

Socket object associated with an exception. Only few checks sets it.

# File 'lib/ipaccess/ip_access_errors.rb', line 80

def socket
  @socket
end

Instance Method Details

#access_set ⇒ Object

Returns string representation of access set name rule.

# File 'lib/ipaccess/ip_access_errors.rb', line 106

def access_set
  if (@acl.is_a?(IPAccess::Set) && !@acl.name.to_s.empty?)
    @acl.name.to_s
  elsif @acl.is_a?(String)
    @acl
  else
    ""
  end
end

#access_set_desc ⇒ Object (protected)

Returns string representation of access set name rule.

# File 'lib/ipaccess/ip_access_errors.rb', line 118

def access_set_desc
  as = self.access_set
  as.empty? ? "" : as + " "
end

#message ⇒ Object

Returns an error message.

# File 'lib/ipaccess/ip_access_errors.rb', line 200

def message
  return "connection with #{peer_ip_short} "  +
          "denied by #{access_set_desc}#{rule_desc}" +
          "#{reason_desc}"
end

#peer_ip_short ⇒ Object

Returns string representation of an IP address in short version.

# File 'lib/ipaccess/ip_access_errors.rb', line 156

def peer_ip_short
  if @peer_ip.is_a?(NetAddr::CIDR)
    if @peer_ip.version == 6
      pip = @peer_ip.to_s(:Short => true)
      pip = "::#{pip}" if pip =~ /^\//
      pip = ":#{pip}" if pip =~ /^:[^:]/
      pip = pip.split('/').first if pip =~ /\/128$/
      return pip
    else
      if @peer_ip.to_i(:netmask) == 4294967295
        return @peer_ip.ip
      else
        return @peer_ip.to_s
      end
    end
  elsif @peer_ip.is_a?(String)
    return @peer_ip
  else
    return @peer_ip.to_s
  end
end

#reason ⇒ Object

Returns a string representing a reason of adding to a black list or nil if there was no reason given.

# File 'lib/ipaccess/ip_access_errors.rb', line 182

def reason
  return nil unless (rule.respond_to?(:tag) && rule.tag.respond_to?(:has_key?))
  r = rule.tag[:Reason_black]
  return r.nil? ? r : r.to_s
end

#reason_desc ⇒ Object (protected)

This returns reason but will return an empty string instead of nil if something will go wrong. It will wrap the text in braces.

# File 'lib/ipaccess/ip_access_errors.rb', line 193

def reason_desc
  reason.nil? ? "" : " (#{reason})"
end

#rule_desc ⇒ Object (protected)

Returns string representation of a rule with prefix.

# File 'lib/ipaccess/ip_access_errors.rb', line 147

def rule_desc
  rs = self.rule_short
  rs.empty? ? "rule" : "rule: #{rs}"
end

#rule_short ⇒ Object

Returns string representation of a rule in short version.

# File 'lib/ipaccess/ip_access_errors.rb', line 127

def rule_short
  if @rule.is_a?(NetAddr::CIDR)
    if @rule.version == 6
      rule = @rule.to_s(:Short => true)
      rule = "::#{rule}" if rule =~ /^\//
      rule = ":#{rule}" if rule =~ /^:[^:]/
    else
      rule = @rule.to_s
    end
    return rule
  elsif @rule.is_a?(String)
    return @rule
  else
    return ""
  end
end

#show ⇒ Object

This method returns a string containing all important attributes of an exception.

# File 'lib/ipaccess/ip_access_errors.rb', line 209

def show
  "Message:\t#{self.message}\n\n"                           +
  "ACL:\t\t#{self.acl}\n"                                   +
  "Exception:\t#{self.inspect}\n"                           +
  "Remote IP:\t#{self.peer_ip} (#{self.peer_ip_short})\n"   +
  "Rule:\t\t#{self.rule} (#{self.rule_short})\n"            +
  "Originator:\t#{self.originator}\n"                       +
  "CIDR's Origin:\t#{self.peer_ip.tag[:Originator]}\n\n"
end

#to_s ⇒ Object

Returns the result of calling peer_ip_short.

# File 'lib/ipaccess/ip_access_errors.rb', line 221

def to_s
  peer_ip_short
end