Module: Rex::Proto::Ssh::AccessControlList

Included in:
Connection
Defined in:
lib/rex/proto/ssh/connection.rb

Overview

Whitelist-based access control scaffold

Instance Method Summary collapse

Instance Method Details

#deny=(host, port, bind = false) ⇒ Object

Delete permitted access control entry from access control list

Parameters:

  • host (String)

    Host/hostname for which to grant access

  • port (Integer)

    Port for which to grant access

  • bind (TrueClass, FalseClass) (defaults to: false)

    Whether this ACE is for servers



35
36
37
38
39
 
# File 'lib/rex/proto/ssh/connection.rb', line 35

def deny=(host, port, bind = false)
  @acl[ bind ? :bind : :connect ].select! do |ent|
    ent != "#{host}:#{port}"
  end if @acl
end

#permit=(host, port, bind = false) ⇒ Object

Add permitted access control entry to access control list Create ACL if it does not yet exist

Parameters:

  • host (String)

    Host/hostname for which to grant access

  • port (Integer)

    Port for which to grant access

  • bind (TrueClass, FalseClass) (defaults to: false)

    Whether this ACE is for servers



21
22
23
24
25
26
 
# File 'lib/rex/proto/ssh/connection.rb', line 21

def permit=(host, port, bind = false)
  @acl ||= { bind:[], connect:[] }
  unless permit?(host, port, bind)
    @acl[ bind ? :bind : :connect ] << "#{host}:#{port}"
  end
end

#permit?(host, port, bind = false) ⇒ TrueClass, FalseClass

Check if access control entry exists in access control list

Parameters:

  • host (String)

    Host/hostname for which to check access

  • port (Integer)

    Port for which to check access

  • bind (TrueClass, FalseClass) (defaults to: false)

    Whether this ACE is for servers

Returns:

  • (TrueClass, FalseClass)

    Permission boolean for access



49
50
51
52
53
 
# File 'lib/rex/proto/ssh/connection.rb', line 49

def permit?(host, port, bind = false)
  @acl and ["#{host}:#{port}", "*:*", "#{host}:*", "*:#{port}"].any? do |m|
    @acl[ bind ? :bind : :connect ].include?(m)
  end
end