In Files

  • drb/acl.rb

ACL

Simple Access Control Lists.

Access control lists are composed of “allow” and “deny” halves to control access. Use “all” or “*” to match any address. To match a specific address use any address or address mask that IPAddr can understand.

Example:

list = %w[
  deny all
  allow 192.168.1.1
  allow ::ffff:192.168.1.2
  allow 192.168.1.3
]

# From Socket#peeraddr, see also ACL#allow_socket?
addr = ["AF_INET", 10, "lc630", "192.168.1.3"]

acl = ACL.new
p acl.allow_addr?(addr) # => true

acl = ACL.new(list, ACL::DENY_ALLOW)
p acl.allow_addr?(addr) # => true

Constants

ALLOW_DENY

Default to allow

DENY_ALLOW

Default to deny

VERSION

The current version of ACL

Public Class Methods

new(list=nil, order = DENY_ALLOW) click to toggle source

Creates a new ACL from list with an evaluation order of DENY_ALLOW or ALLOW_DENY.

An ACL list is an Array of “allow” or “deny” and an address or address mask or “all” or “*” to match any address:

%w[
  deny all
  allow 192.0.2.2
  allow 192.0.2.128/26
]
 
               # File drb/acl.rb, line 172
def initialize(list=nil, order = DENY_ALLOW)
  @order = order
  @deny = ACLList.new
  @allow = ACLList.new
  install_list(list) if list
end
            

Public Instance Methods

allow_addr?(addr) click to toggle source

Allow connections from addrinfo addr? It must be formatted like Socket#peeraddr:

["AF_INET", 10, "lc630", "192.0.2.1"]
 
               # File drb/acl.rb, line 196
def allow_addr?(addr)
  case @order
  when DENY_ALLOW
    return true if @allow.match(addr)
    return false if @deny.match(addr)
    return true
  when ALLOW_DENY
    return false if @deny.match(addr)
    return true if @allow.match(addr)
    return false
  else
    false
  end
end
            
allow_socket?(soc) click to toggle source

Allow connections from Socket soc?

 
               # File drb/acl.rb, line 184
def allow_socket?(soc)
  allow_addr?(soc.peeraddr)
end
            
install_list(list) click to toggle source

Adds list of ACL entries to this ACL.

 
               # File drb/acl.rb, line 216
def install_list(list)
  i = 0
  while i < list.size
    permission, domain = list.slice(i,2)
    case permission.downcase
    when 'allow'
      @allow.add(domain)
    when 'deny'
      @deny.add(domain)
    else
      raise "Invalid ACL entry #{list.to_s}"
    end
    i += 2
  end
end
            

Commenting is here to help enhance the documentation. For example, code samples, or clarification of the documentation.

If you have questions about Ruby or the documentation, please post to one of the Ruby mailing lists. You will get better, faster, help that way.

If you wish to post a correction of the docs, please do so, but also file bug report so that it can be corrected for the next release. Thank you.

If you want to help improve the Ruby documentation, please visit Documenting-ruby.org.

blog comments powered by Disqus