Exception: IPAccessDenied
- Inherits:
-
SecurityError
- Object
- SecurityError
- IPAccessDenied
- Defined in:
- lib/ipaccess/ip_access_errors.rb
Overview
This class handles IP access denied exceptions.
Example
require 'ipaccess/sockets'
begin
IPAccess::Set::Global.input.blacklist :local, :private
s = IPAccess::TCPServer.new(31337)
s.opened_on_deny = true
puts "\nnow use terminal and issue: telnet 127.0.0.1 31337\n"
n = s.accept
rescue IPAccessDenied => e
puts "Message:\t#{e.}"
puts
puts "ACL:\t\t#{e.acl}"
puts "Exception:\t#{e.inspect}"
puts "Remote IP:\t#{e.peer_ip} (#{e.peer_ip_short})"
puts "Rule:\t\t#{e.rule} (#{e.rule_short})"
puts "Originator:\t#{e.originator}"
puts "CIDR's Origin:\t#{e.peer_ip.tag[:Originator]}\n\n"
unless e.originator.closed?
e.originator.write("Access denied!!!\n\r\n\r")
e.originator.close
end
end
Defined Under Namespace
Classes: Aggregate, Input, Output
Instance Attribute Summary collapse
-
#acl ⇒ Object
readonly
Access set that was used to check access.
-
#originator ⇒ Object
Object passed during raising an exception.
-
#peer_ip ⇒ Object
readonly
Remote address that caused an exceotion to happend as an NetAddr::CIDR object.
-
#rule ⇒ Object
readonly
Access list’s rule that matched as an NetAddr::CIDR object.
-
#socket ⇒ Object
readonly
Socket object associated with an exception.
Instance Method Summary collapse
-
#access_set ⇒ Object
Returns string representation of access set name rule.
-
#access_set_desc ⇒ Object
protected
Returns string representation of access set name rule.
-
#initialize(addr, rule = nil, acl = nil, obj = nil, socket = nil) ⇒ IPAccessDenied
constructor
Creates new object.
-
#message ⇒ Object
Returns an error message.
-
#peer_ip_short ⇒ Object
Returns string representation of an IP address in short version.
-
#reason ⇒ Object
Returns a string representing a reason of adding to a black list or
nil
if there was no reason given. -
#reason_desc ⇒ Object
protected
This returns reason but will return an empty string instead of
nil
if something will go wrong. -
#rule_desc ⇒ Object
protected
Returns string representation of a rule with prefix.
-
#rule_short ⇒ Object
Returns string representation of a rule in short version.
-
#show ⇒ Object
This method returns a string containing all important attributes of an exception.
-
#to_s ⇒ Object
Returns the result of calling peer_ip_short.
Constructor Details
#initialize(addr, rule = nil, acl = nil, obj = nil, socket = nil) ⇒ IPAccessDenied
Creates new object. First argument should be a NetAddr::CIDR object containing address of denied connection. Second argument should be a CIDR rule that matched. Third argument should be an IPAccess::Set object. Last argument should be an object that will be passed to exception as object
member – usualy it should be set to object that caused the exception to happend.
96 97 98 99 100 101 102 |
# File 'lib/ipaccess/ip_access_errors.rb', line 96 def initialize(addr, rule=nil, acl=nil, obj=nil, socket=nil) @peer_ip = addr @rule = rule @acl = acl @originator = obj @socket = socket end |
Instance Attribute Details
#acl ⇒ Object (readonly)
Access set that was used to check access.
84 85 86 |
# File 'lib/ipaccess/ip_access_errors.rb', line 84 def acl @acl end |
#originator ⇒ Object
Object passed during raising an exception. Usually a network object that is used to communicate with a prohibited peer.
63 64 65 |
# File 'lib/ipaccess/ip_access_errors.rb', line 63 def originator @originator end |
#peer_ip ⇒ Object (readonly)
Remote address that caused an exceotion to happend as an NetAddr::CIDR object
74 75 76 |
# File 'lib/ipaccess/ip_access_errors.rb', line 74 def peer_ip @peer_ip end |
#rule ⇒ Object (readonly)
Access list’s rule that matched as an NetAddr::CIDR object.
68 69 70 |
# File 'lib/ipaccess/ip_access_errors.rb', line 68 def rule @rule end |
#socket ⇒ Object (readonly)
Socket object associated with an exception. Only few checks sets it.
80 81 82 |
# File 'lib/ipaccess/ip_access_errors.rb', line 80 def socket @socket end |
Instance Method Details
#access_set ⇒ Object
Returns string representation of access set name rule.
106 107 108 109 110 111 112 113 114 |
# File 'lib/ipaccess/ip_access_errors.rb', line 106 def access_set if (@acl.is_a?(IPAccess::Set) && !@acl.name.to_s.empty?) @acl.name.to_s elsif @acl.is_a?(String) @acl else "" end end |
#access_set_desc ⇒ Object (protected)
Returns string representation of access set name rule.
118 119 120 121 |
# File 'lib/ipaccess/ip_access_errors.rb', line 118 def access_set_desc as = self.access_set as.empty? ? "" : as + " " end |
#message ⇒ Object
Returns an error message.
200 201 202 203 204 |
# File 'lib/ipaccess/ip_access_errors.rb', line 200 def return "connection with #{peer_ip_short} " + "denied by #{access_set_desc}#{rule_desc}" + "#{reason_desc}" end |
#peer_ip_short ⇒ Object
Returns string representation of an IP address in short version.
156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 |
# File 'lib/ipaccess/ip_access_errors.rb', line 156 def peer_ip_short if @peer_ip.is_a?(NetAddr::CIDR) if @peer_ip.version == 6 pip = @peer_ip.to_s(:Short => true) pip = "::#{pip}" if pip =~ /^\// pip = ":#{pip}" if pip =~ /^:[^:]/ pip = pip.split('/').first if pip =~ /\/128$/ return pip else if @peer_ip.to_i(:netmask) == 4294967295 return @peer_ip.ip else return @peer_ip.to_s end end elsif @peer_ip.is_a?(String) return @peer_ip else return @peer_ip.to_s end end |
#reason ⇒ Object
Returns a string representing a reason of adding to a black list or nil
if there was no reason given.
182 183 184 185 186 |
# File 'lib/ipaccess/ip_access_errors.rb', line 182 def reason return nil unless (rule.respond_to?(:tag) && rule.tag.respond_to?(:has_key?)) r = rule.tag[:Reason_black] return r.nil? ? r : r.to_s end |
#reason_desc ⇒ Object (protected)
This returns reason but will return an empty string instead of nil
if something will go wrong. It will wrap the text in braces.
193 194 195 |
# File 'lib/ipaccess/ip_access_errors.rb', line 193 def reason_desc reason.nil? ? "" : " (#{reason})" end |
#rule_desc ⇒ Object (protected)
Returns string representation of a rule with prefix.
147 148 149 150 |
# File 'lib/ipaccess/ip_access_errors.rb', line 147 def rule_desc rs = self.rule_short rs.empty? ? "rule" : "rule: #{rs}" end |
#rule_short ⇒ Object
Returns string representation of a rule in short version.
127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 |
# File 'lib/ipaccess/ip_access_errors.rb', line 127 def rule_short if @rule.is_a?(NetAddr::CIDR) if @rule.version == 6 rule = @rule.to_s(:Short => true) rule = "::#{rule}" if rule =~ /^\// rule = ":#{rule}" if rule =~ /^:[^:]/ else rule = @rule.to_s end return rule elsif @rule.is_a?(String) return @rule else return "" end end |
#show ⇒ Object
This method returns a string containing all important attributes of an exception.
209 210 211 212 213 214 215 216 217 |
# File 'lib/ipaccess/ip_access_errors.rb', line 209 def show "Message:\t#{self.}\n\n" + "ACL:\t\t#{self.acl}\n" + "Exception:\t#{self.inspect}\n" + "Remote IP:\t#{self.peer_ip} (#{self.peer_ip_short})\n" + "Rule:\t\t#{self.rule} (#{self.rule_short})\n" + "Originator:\t#{self.originator}\n" + "CIDR's Origin:\t#{self.peer_ip.tag[:Originator]}\n\n" end |
#to_s ⇒ Object
Returns the result of calling peer_ip_short.
221 222 223 |
# File 'lib/ipaccess/ip_access_errors.rb', line 221 def to_s peer_ip_short end |