Class: ACL
- Inherits:
-
Object
- Object
- ACL
- Defined in:
- lib/drb/acl.rb
Overview
Simple Access Control Lists.
Access control lists are composed of “allow” and “deny” halves to control access. Use “all” or “*” to match any address. To match a specific address use any address or address mask that IPAddr can understand.
Example:
list = %w[
deny all
allow 192.168.1.1
allow ::ffff:192.168.1.2
allow 192.168.1.3
]
# From Socket#peeraddr, see also ACL#allow_socket?
addr = ["AF_INET", 10, "lc630", "192.168.1.3"]
acl = ACL.new
p acl.allow_addr?(addr) # => true
acl = ACL.new(list, ACL::DENY_ALLOW)
p acl.allow_addr?(addr) # => true
Defined Under Namespace
Constant Summary collapse
- VERSION =
The current version of ACL
["2.0.0"]
- DENY_ALLOW =
Default to deny
0
- ALLOW_DENY =
Default to allow
1
Instance Method Summary collapse
-
#allow_addr?(addr) ⇒ Boolean
Allow connections from addrinfo
addr
? It must be formatted like Socket#peeraddr:. -
#allow_socket?(soc) ⇒ Boolean
Allow connections from Socket
soc
?. -
#initialize(list = nil, order = DENY_ALLOW) ⇒ ACL
constructor
Creates a new ACL from
list
with an evaluationorder
of DENY_ALLOW or ALLOW_DENY. -
#install_list(list) ⇒ Object
Adds
list
of ACL entries to this ACL.
Constructor Details
#initialize(list = nil, order = DENY_ALLOW) ⇒ ACL
Creates a new ACL from list
with an evaluation order
of DENY_ALLOW or ALLOW_DENY.
An ACL list
is an Array of “allow” or “deny” and an address or address mask or “all” or “*” to match any address:
%w[
deny all
allow 192.0.2.2
allow 192.0.2.128/26
]
173 174 175 176 177 178 |
# File 'lib/drb/acl.rb', line 173 def initialize(list=nil, order = DENY_ALLOW) @order = order @deny = ACLList.new @allow = ACLList.new install_list(list) if list end |
Instance Method Details
#allow_addr?(addr) ⇒ Boolean
Allow connections from addrinfo addr
? It must be formatted like Socket#peeraddr:
["AF_INET", 10, "lc630", "192.0.2.1"]
197 198 199 200 201 202 203 204 205 206 207 208 209 210 |
# File 'lib/drb/acl.rb', line 197 def allow_addr?(addr) case @order when DENY_ALLOW return true if @allow.match(addr) return false if @deny.match(addr) return true when ALLOW_DENY return false if @deny.match(addr) return true if @allow.match(addr) return false else false end end |
#allow_socket?(soc) ⇒ Boolean
Allow connections from Socket soc
?
185 186 187 |
# File 'lib/drb/acl.rb', line 185 def allow_socket?(soc) allow_addr?(soc.peeraddr) end |
#install_list(list) ⇒ Object
Adds list
of ACL entries to this ACL.
217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 |
# File 'lib/drb/acl.rb', line 217 def install_list(list) i = 0 while i < list.size , domain = list.slice(i,2) case .downcase when 'allow' @allow.add(domain) when 'deny' @deny.add(domain) else raise "Invalid ACL entry #{list}" end i += 2 end end |